edwardsnowden
Latest
Lavabit was under FBI pressure to decrypt Snowden connections, court reveals
When Lavabit shut down in the wake of Edward Snowden's leaks, it left a big question unanswered: just what did the US government want that was supposedly so egregious? Thanks to newly unsealed court documents obtained by Wired, we now know much more of the story. The FBI had served Lavabit an order requiring that it hand over Snowden's encryption keys, helping the agency install a device that would collect metadata from its suspect's email connections. Lavabit repeatedly turned down the requests since it could have given access to data from every user of the service -- at one point it did serve up the SSL keys, but printed out on 11 pages in 4pt type -- which led to threats of criminal contempt charges and fines. We all know what happened afterward -- company founder Ladar Levison chose to shutter Lavabit rather than comply with the FBI's demands. While the new details aren't shocking given the government's desire to catch Snowden, they help explain Levison's past statements; he felt that it was better to defend Lavabit in court than risk violating the privacy of his customers.
NYT: NSA monitors, graphs some US Citizens' social activity with collected metadata
Just how does the NSA piece together all that metadata it collects? Thanks to "newly disclosed documents and interviews with officials," The New York Times today shed light on how the agency plots out the social activity and connections of those it's spying on. Up until 2010, the NSA only traced and analyzed the metadata of emails and phone calls from foreigners, so anything from US citizens in the chains created stopgaps. Snowden-provided documents note the policy shifted later in that year to allow for the inclusion of Americans' metadata in such analysis. An NSA representative explained to the NYT that, "all data queries must include a foreign intelligence justification, period." During "large-scale graph analysis," collected metadata is cross-referenced with commercial, public and "enrichment data" (some examples included GPS locations, social media accounts and banking info) to create a contact chain tied to any foreigner under review and scope out its activity. The highlighted ingestion tool in this instance goes by the name Mainway. The NYT article also highlights a secret report, dubbed "Better Person Centric Analysis," which details how data is sorted into 164 searchable "relationship types" and 94 "entity types" (email and IP addresses, along with phone numbers). Other documents highlight that during 2011 the NSA took in over 700 million phone records daily on its own, along with an "unnamed American service provider" that began funneling in an additional 1.1 billion cellphone records that August. In addition to that, Snowden's leak of the NSA's classified 2013 budget cites it as hoping to capture "20 billion 'record events' daily" that would be available for review by the agency's analysts in an hour's time. As you might expect, the number of US citizens that've had their info bunched up into all of this currently remains a secret -- national security, of course. Extended details are available at the source links.
Snowden leak suggests UK was spying on Belgian telecom
When Belgian prosecutors suggested that Belgacom was the target of foreign espionage, many blamed the NSA -- it has a history of snooping on other countries, after all. Those accusations may have been off the mark, however. Der Spiegel has revealed documents leaked by Edward Snowden which hint that the UK's Government Communications Headquarters (GCHQ) was responsible. The intelligence agency reportedly tricked key Belgacom staff into visiting a malware-loaded website that hijacked their PCs. GCHQ could then spy on smartphones, map the network and investigate secure VPN connections. Neither Belgacom nor Belgium has responded to this latest Snowden leak, but we wouldn't be surprised if the apparent evidence speeds up their investigation.
American and British spy agencies can thwart internet security and encryption
As reporters at the New York Times, the Guardian and ProPublica dig deeper into the documents leaked by Edward Snowden, new and disturbing revelations continue to be made. Two programs, dubbed Bullrun (NSA) and Edgehill (GCHQ), have just come to light, that focus on circumventing or breaking the security and encryption tools used across the internet. The effort dwarfs the $20 million Prism program that simply gobbled up data. Under the auspices of "Sigint (signals intelligence) enabling" in a recent budget request, the NSA was allocated roughly $255 million dollars this year alone to fund its anti-encryption program. The agencies' efforts are multi-tiered, and start with a strong cracking tool. Not much detail about the methods or software are known, but a leaked memo indicates that the NSA successfully unlocked "vast amounts" of data in 2010. By then it was already collecting massive quantities of data from taps on internet pipelines, but much of it was safely protected by industry standard encryption protocols. Once that wall fell, what was once simply a torrent of scrambled ones and zeros, became a font of "exploitable" information. HTTPS, VoIP and SSL are all confirmed to have been compromised through Bullrun, though, it appears that some solutions to the NSA's "problem" are less elegant than others. In some cases a super computer and simple brute force are necessary to peel back the layers of encryption.
Report: NSA used taxpayer dollars to cover PRISM compliance costs for tech companies
The mounting national debt? Yeah, you're probably better off just ignoring why exactly it's mounting. The Guardian is continuing the blow the lid off of the whole NSA / PRISM saga, today revealing new documents that detail how the NSA paid out "millions" of dollars to cover PRISM compliance costs for a multitude of monolithic tech outfits. As the story goes, the National Security Agency (hence, tax dollars from American taxpayers) coughed up millions "to cover the costs of major internet companies involved in the PRISM surveillance program after a court ruled that some of the agency's activities were unconstitutional." The likes of Yahoo, Google, Microsoft and Facebook are expressly named, and while Google is still angling for permission to reveal more about its side of the story, other firms have conflicting tales. For whatever it's worth, a Yahoo spokesperson seemed a-okay with the whole ordeal, casually noting that this type of behavior is perfectly legal: "Federal law requires the US government to reimburse providers for costs incurred to respond to compulsory legal process imposed by the government. We have requested reimbursement consistent with this law." Meanwhile, Facebook stated that it had "never received any compensation in connection with responding to a government data request." Microsoft, as you might imagine, declined to comment, though we heard that Steve Ballmer could be seen in the distance throwing up a peace sign. At any rate, it's fairly safe to assume that your worst nightmares are indeed a reality, and you may have a far more enjoyable weekend if you just accept the fact that The Man knows everything. Better, right?
Lavabit founder chafes under NSA scrutiny, speaks out against govermental privacy violations
Lavabit shut down its email services a couple weeks ago in response to governmental pressure regarding NSA whistleblower Edward Snowden's account. At the time, founder Ladar Levison stated he was shutting down Lavabit because he didn't want to "become complicit in crimes against the American people," but didn't expound upon what that statement meant due to a governmental gag order. The Guardian spoke with Levison recently, however, and while he still didn't deliver details about his legal dealings with Uncle Sam, he did share some thoughts about governmental surveillance in general. As you might expect, Levison is against ubiquitous governmental surveillance of communications between citizens. To that end, he's calling for a change to be made in US law so that private and secure communications services can operate without being used as "listening posts for an American surveillance network." He's not wholly against the feds tapping phone lines, though, as he recognizes the role such surveillance plays in law enforcement. However, he thinks the methods that are being used to conduct that surveillance should be made public -- not an unreasonable request, by any means. You can read Levison's full take on the matter, along with a recounting of reasons behind Lavabit's creation at the source below.
Leaked NSA audit shows privacy violations in cellular and fiber optic surveillance
The NSA insists that it respects American privacy, but documents leaked by Edward Snowden to the Washington Post suggest that the agency has trouble maintaining that respect. A May 2012 audit, buried in the documents, 2,776 incidents where the NSA's Washington-area facilities inadvertently obtained protected American data through a mix of human errors and technical limits. Among its larger gaffes, the NSA regularly had problems determining when foreign cellphones were roaming in the US, leading to unintentional snooping on domestic calls. The agency also spent months tapping and temporarily storing a mix of international and domestic data from US fiber lines until the Foreign Intelligence Surveilliance Court ruled that the technique was unconstitutional. NSA officials responding to the leak say that their agency corrects and mitigates incidents where possible, and argue that it's difficult for the organization to avoid errors altogether. However, the audit also reveals that the NSA doesn't always report violations to overseers -- the division may be interested in fixing mistakes, but it's not eager to mention them.
Lavabit, reportedly Edward Snowden's email service of choice, shuts down
It looks like Edward Snowden is going to have to find a new email service as the one he supposedly used -- Lavabit -- has abruptly closed its doors. The company's owner, Ladar Levison, posted an open letter on the site today, saying, "I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit." Levison also claimed to be unable to speak to the specifics surrounding the situation, stating that a Congressionally approved gag order prevented him from doing so. While Lavabit's situation seems pretty dire, it might not be curtains just yet. In his message, Levison stated that he would take his fight to reinstate Lavabit to the Fourth Circuit Court of Appeals. To read the missive in full, head on over to the source link below.
Snowden leaves neutral confines of Moscow airport, enters Russia
Edward Snowden has finally escaped his month-long Moscow airport purgatory and arrived in Russian territory, according to the Associated Press. The NSA whistleblower had already been granted temporary asylum by the Putin-led government after Bolivia and Venezuela also offered to take the fugitive, and was awaiting paperwork in order to leave Sheremetyevo Airport. The NSA's arch-enemy will be granted a year's stay, according to his Russian lawyer, and will be able to re-apply to remain after that. Now that his Russian residency has been established, most press outlets expect a strong reaction from the US government after it assured Moscow that Snowden wouldn't face the death penalty if deported. For its part, Russia said it has no intention of handing over the man who blew the lid off the pervasive PRISM monitoring program.
The Guardian: NSA's XKeyscore tool is its 'widest reaching' system for collecting online data
Edward Snowden has said that he still has more information about the NSA than what he's already leaked, and we're now getting a look at another big piece of that. According to a new set of documents provided to The Guardian, the NSA is using a tool called XKeyscore that is said to be its "widest reaching" system for collecting information from the internet -- one that lets it examine "nearly everything a typical user does on the internet," as one presentation slide explains. That apparently includes both metadata and the contents of emails, as well as social media activity, which can reportedly be accessed by NSA analysts without prior authorization; as The Guardian notes, a FISA warrant is required if the target of the surveillance is a US citizen, but not if a foreign target is communicating with an American. According to The Guardian, the amount of data collected is so large that content is only able to stored in the system for three to five days, or as little as 24 hours in some cases, while metadata is stored for 30 days. That's reportedly led the NSA to develop a multi-tiered system that lets it move what's described as "interesting" content to other databases where it can be stored for as much as five years. In a statement provided to The Guardian, the NSA says that "XKeyscore is used as a part of NSA's lawful foreign signals intelligence collection system," and that "allegations of widespread, unchecked analyst access to NSA collection data are simply not true. Access to XKeyscore, as well as all of NSA's analytic tools, is limited to only those personnel who require access for their assigned tasks." The agency further adds that "every search by an NSA analyst is fully auditable, to ensure that they are proper and within the law."
Washington Post: Russia may grant NSA leaker Edward Snowden formal entry
According to the Washington Post, Russia has decided to grant Edward Snowden permission to leave the Moscow airport. Though the NSA whistleblower has been offered asylum in Bolivia and Venezuela, he reportedly requested temporary asylum in the Eastern European country last week. While the Putin government didn't approve Snowden's application immediately, it's refused to hand him over to the U.S. since he arrived in Shremetyevo airport from Hong Kong on June 23rd. It's unclear if and when the country will approve the request, but Snowden's Russian lawyer said his client's unique legal situation would keep him in the transit zone for at least one more day. Stay tuned -- we'll be updating as more information becomes available.
Microsoft reportedly eased NSA access to Outlook.com, SkyDrive and Skype
Tech firms say they aren't giving the NSA direct access to their servers, but that might not even be necessary. The Guardian reports that Microsoft, at least, is making it easy to snoop on services from the outside. Documents provided by Edward Snowden claim that Microsoft helped the NSA bypass Outlook.com chat encryption, even before the product launched; reportedly, it also simplified PRISM access to both SkyDrive and Skype conversations. The company denies offering any kind of carte blanche access, however, and insists that it only complies with specific, legal requests. Whether or not that's true, we can only know so much when Microsoft is limited in what it can say on the subject.
NSA whistleblower Edward Snowden offered asylum in Venezuela (update: Bolivia too)
Now that PRISM leaker Edward Snowden has spent a few days in Russia with a US extradition request looming over him, WikiLeaks legal advisor Sarah Harrison has submitted asylum applications and requests for asylum assistance to a raft of countries on his behalf. The first to step up to the plate is apparently Venezuela, as its president Nicolas Maduro stated during a parade that it has rejected US requests for extradition and will offer him political and humanitarian asylum. Nicaraguan president Daniel Ortega previously said his country would offer Snowden asylum "if circumstances permit." Update: Reports are out that Bolivia's president, Evo Morales, has joined in offering Snowden asylum. As USA Today notes, this comes hot on the heels of when his plane was barred from flying over European airspace for hours, over concerns Snowden hitched a ride from Russia under the radar.
Edward Snowden tells South China Morning Post he took Booz Allen job to collect NSA information
Edward Snowden may now be far from Hong Kong, but the South China Morning Post has just revealed more details from an interview he granted on June 12th while he was still there. According to the paper, Snowden reportedly said that he took a job with NSA-contractor Booz Allen Hamilton in order to gather additional evidence about the spy agency's activities. "My position with Booz Allen Hamilton granted me access to lists of machines all over the world the NSA hacked," he said. "That is why I accepted that position about three months ago." He reportedly further said "correct on Booz," when asked if he specifically went to Booz Allen to gather evidence of surveillance. As the paper notes, Snowden also said that he took pay cuts "in the course of pursuing specific work" in an online Q&A with The Guardian last week, and he's also indicated that he has more information he intends to leak, saying that he'd like to "make it available to journalists in each country to make their own assessment."
Edward Snowden stops off in Moscow with US extradition request snapping at his heels
Even if he anticipated the risks involved in turning whisteblower, Edward Snowden can't have imagined the rushed, convoluted journey he'd have to take to avoid the full wrath of the US government. First to Hong Kong; most recently to Moscow, and perhaps soon to Ecuador (via Cuba and Venezuela) where he has apparently made a request for asylum. Strongly worded demands for his capture have followed every step of the way, with the White House National Security Council expressing "disappointment" that Hong Kong allowed Snowden to flee and now urging Russia (which has no formal extradition treaty with America) to "expel Mr. Snowden back to the US to face justice for the crimes with which he is charged." In an effort to help the fugitive navigate the maze of diplomatic fault lines, WikiLeaks has stepped up to say that its own legal advisors are "escorting" Snowden towards his final destination, likely making use of the knowledge they gained while protecting Julian Assange, and that it sees US efforts to arrest him as an "assault against the people."
US government files criminal charges against Edward Snowden over PRISM leaks
The Washington Post reports tonight that, as expected, the US Government has filed criminal charges against Edward Snowden for leaking information about NSA surveillance programs to the Post and Guardian. The charges listed include Theft of Government Property, Unauthorized Communications on National Defense Information and "Willful Communication of Classified Information to an Unauthorized Person." The charges are filed in the US District Court for the Eastern District of Virginia, where the headquarters of Snowden's employer, Booz Allen Hamilton, are located. So what's next? According to the paper, the government has asked Hong Kong to detain Snowden on a provisional warrant, however if a fight over extradition or request for asylum could delay the process.
PRISM whistleblower Edward Snowden reveals himself, reasons for leaking surveillance program (updated)
Only days after the initial leaks and explanations by the US government about the National Security Agency's data surveillance program PRISM, Edward Snowden has revealed himself as the whistleblower. He's employed by defense contractor Booz Allen Hamilton and also worked at the NSA as a "technical assistant" for the CIA. In speaking to The Guardian, he explained his reasons for disclosing the intelligence program: he wanted to "to inform the public as to that which is done in their name and that which is done against them," hoping that they'll use the information to debate the issue. While the NSA's data-mining tool is reportedly known as Boundless Informant, Snowden has been keeping himself bound to a hotel in Hong Kong during this whole drama. Major internet companies have insisted that the government doesn't receive direct access to their servers and President Obama has stated that "nobody is listening to your phone calls, but the issue remains far from black and white. Snowden claims a "massive surveillance machine" is in the making under the radar -- at this point he's now waiting to see what happens next, assured he's made the the decision that feels right to him. Catch the full interview at the source link. Update: In case there was any doubt that Snowden has ever been employed by Booz Allen Hamilton, the company just released the following statement: Booz Allen can confirm that Edward Snowden, 29, has been an employee of our firm for less than 3 months, assigned to a team in Hawaii. News reports that this individual has claimed to have leaked classified information are shocking, and if accurate, this action represents a grave violation of the code of conduct and core values of our firm. We will work closely with our clients and authorities in their investigation of this matter.