nsa
Latest
The Daily Show touches on the NSA in WoW
Last night Jon Stewart of The Daily Show weighed in, as he does, on the topic of the NSA/WoW news that hit yesterday regarding information released by former National Security Agency contractor Edward Snowden. In rare form, Stewart ran a segment entitled That Thing They Said They're Not Doing? They're Totally Doing, in which he lambasted government efforts to downplay the NSA's role in gathering and stockpiling information via phone, internet, and now video games like Second Life and WoW. Being a comedian, Stewart took the opportunity to take several ridiculously funny, tongue-in-cheek shots at gamers in the process. And if that weren't enough, self-proclaimed "proud dwarf paladin" Greychalk of Dun Morogh arrived on the scene to add even more comic relief. Of course, Greychalk seems to be more than a little confused about both the nebulous identities of people on the internet, and the class he plays -- his spell bar is chock full of priest spells. Oh, Greychalk. Silly Greychalk. That's not Holy Wrath you're casting, it's Smite. You can watch the segment above -- and you can catch the full episode on The Daily Show's website.
Daily Roundup: Home theater holiday gift guide, Ubisoft's Snowdrop engine, NSA Xbox Live spying and more!
You might say the day is never really done in consumer technology news. Your workday, however, hopefully draws to a close at some point. This is the Daily Roundup on Engadget, a quick peek back at the top headlines for the past 24 hours -- all handpicked by the editors here at the site. Click on through the break, and enjoy.
The NSA is still in your WoW, watching you kill internet dragons
Edward Snowden, the former National Security Agency contractor, has released information saying that world governments are spying on people in World of Warcraft, Second Life, and Xbox Live. The governments believe the games and communication systems can be used for terrorism. Blizzard responded to ProPublica about the leak, saying that they "are unaware of any surveillance taking place. If it was, it would have been done without our knowledge or permission." Obviously no one likes to hear about being under unnecessary surveillance, and while we won't get into the debate over a government's right to monitor various groups, it's important to remember that this surveillance is nothing new. We've known for years that the U.S. government believes WoW and games like it can be used for nefarious purposes, including those related to terrorism. In 2009 we learned that the FBI even went as far as to hold virtual exercises in what terrorism conversations in the game might look like. In 2008 a public report to congress detailed the plans of the Director of National Intelligence to data mine conversations in WoW. PBS' Bill Moyers even did a report on it. Keep this in mind today as the news spreads around the internet. We've known for a long time, it's just being made a deal now due to the Snowden leaks.
Apple, others call for government surveillance reform
Apple, along with AOL, Facebook, Google, LinkedIn, Microsoft, Twitter and Yahoo have published an open letter calling for US government surveillance reform. The letter is addressed to President Barack Obama and the US Congress and comes in response to the NSA's PRISM surveillance program that came to light earlier this year. Revelations about that program revealed that the government had backdoors into several of the technology companies' servers. All those technology companies have denied giving the US government access. Dear Mr. President and Members of Congress, We understand that governments have a duty to protect their citizens. But this summer's revelations highlighted the urgent need to reform government surveillance practices worldwide. The balance in many countries has tipped too far in favor of the state and away from the rights of the individual - rights that are enshrined in our Constitution. This undermines the freedoms we all cherish. It's time for a change. For our part, we are focused on keeping user's data secure - deploying the latest encryption technology to prevent unauthorized surveillance on our networks and by pushing back on government requests to ensure that they are legal and reasonable in scope. We urge the US to take the lead and make reforms that ensure that government surveillance efforts are clearly restricted by law, proportionate to the risks, transparent and subject to independent oversight. To see the full set of principles we support, visit ReformGovernmentSurveillance.com Sincerely, AOL, Apple, Facebook, Google, LinkedIn, Microsoft, Twitter, Yahoo This letter will be published in several of the national papers including The Washington Post and The New York Times. It has also been published on a website created by the technology companies that authored the letter, ReformGovernmentSurveillance.com. On that website, the technology companies have also published a set of principles they believe governments should adhere to in regards to the collection and processing of citizens' data.
NSA spies infiltrate MMOs to weed out terrorism
News of our government spying on us is not actually news at this point, but recent reports suggest that governments are also spying on us in our online games. The reason? Suspected terrorism, of course! Former National Security Agency contractor Edward J. Snowden, ProPublica, The Guardian, and The New York Times report today that American and British intelligence agencies have infiltrated Second Life, World of Warcraft, and Xbox Live to weed out militants that may use the games to communicate, move money, or plot attacks under fake identities. So that noob in your PUG last night who just wouldn't heal the tank may have been a CIA agent getting paid ungodly amounts of money to level his Priest at the taxpayers' expense. Most interestingly, Blizzard denies any knowledge of such activities: "We are unaware of any surveillance taking place," said a spokesman for Blizzard Entertainment. "If it was, it would have been done without our knowledge or permission." [Source: ProPublica press release]
NSA reportedly infiltrated Xbox Live and World of Warcraft in hunt for terrorists
According to documents leaked by Edward Snowden and brought to light today by The Guardian, the NSA has been monitoring online gaming communities since 2008 and has even been sending real-life agents into online RPGs posing as players. Xbox Live was apparently one of the biggest services to be targeted, while World of Warcraft and Second Life also came under some degree of scrutiny. It's not totally clear why the NSA, along with its UK equivalent the GCHQ, thought such operations were necessary, but there seems to have been a general sense that online games could be used as communication hubs by evil-doers, as well as some evidence that Hezbollah had developed its own game for the purpose of recruitment. None of the leaked files suggest that the agent-avatars caught any terrorists, even though undercover operations were apparently so numerous that, at one point, an NSA analyst called for a "deconfliction group" to be set up to prevent the agency's personnel from inadvertently spying on each other. Meanwhile, Microsoft and Linden Labs have refused to comment, but Blizzard Entertainment has said it was unaware of any surveillance taking place in World of Warcraft and certainly has never granted any permission for its players to be observed. The Guardian says it'll publish the relevant files later today, in partnership with the New York Times and ProPublica. Update: We asked Microsoft how this happened, and a spokesperson told us that Redmond wasn't aware of any surveillance activity. "If it occurred as has been reported, it certainly wasn't done with our consent."
NSA cites executive order to defend its collection of cellphone location data
The 5 billion cellphone location records the NSA's reportedly collecting daily? Don't expect an apology. While it's hard to sustain shock and disbelief when we've been hearing new details about the government's information collecting for months now, the National Security Agency saw fit to address concerns about the so-called Co-Traveler program in a statement today. The gist: The collection of massive amounts of location data is incidental in the agency's effort to "collect foreign intelligence information that is relevant to national security." Interestingly, the statement references a Reagan-era executive order (12333, if you want to dig deep) to vindicate the agency's data-collection practices. That executive order, authorized in 1981, authorizes the collection of foreign intelligence information relevant to the nation's safety through means "consistent with applicable United States law." Additionally, the statement asserts that these surveillance activities don't violate FISA. The bottom line, though, is that the NSA won't be doubling back on its data collecting any time soon.
Microsoft's immediate plans against NSA 'threat': court challenges, encryption and transparency
The NSA / PRISM / MUSCULAR scandal sparked by Edward Snowden's leaks stained many tech companies, and tonight Microsoft has laid out several plans it hopes will convince customers (particularly non-US businesses and foreign governments) they're safe using its products and services. In a blog post, general counsel and executive VP Brad Smith lays out a three pronged approach of "immediate and coordinated action" against the threat of government snooping. It's expanding the use of encryption to cover any content moving between it and its customers, any transmissions between its data centers, and data stored on its servers -- all of this is said to be in place by the end of 2014. In terms of court orders that may push it to reveal data, Microsoft is committing to notify "business and government" customers of any legal orders, and if it is prevented from doing so by a gag order, says it will challenge those in court. Finally, it's expanding the existing program giving governments access to its source code so they can make sure it doesn't contain any back doors. According to Reuters, this will put Microsoft on par with other Internet companies like Amazon Web Services, Yahoo and Google for how it treats data. Still, while that may help foreign diplomats feel better about logging into Outlook or Skype, there are probably a few individuals who will keep their tin foil hats on, Kinect cameras covered and cellphones off.
NSA collecting 5 billion cellphone location records per day
Hey everyone, the government's tracking you. Quelle surprise. In what has to be one of the least shocking pieces of news to come from the Edward Snowden leaks, The Washington Post is reporting that the National Security Agency has been gathering surveillance data on foreign cellphone users' whereabouts globally, with some Americans potentially caught in the net. The database, which collects about 5 billion records per day, is so vast that not even the NSA has the proper tools to sift through it all. That's not to say the agency hasn't been able to make "good" use of it with analytics programs, though. One such program, ominously labeled Co-Traveler, allows the NSA to determine "behaviorally relevant relationships" based on data from signals intelligence activity designators (or sigads for short) located around the world, including one codenamed "Stormbrew." That's a lot of jargon for what are essentially data hubs that collect geolocation information down to the cell tower level. Co-Traveler can locate targets of interest based on cellphone users moving in tandem, even if they're unknown threats -- frequent meetups with an existing suspect could reveal a close associate, for instance. As we've come to expect by now, both the NSA and the Office of the Director for National Intelligence argue that this location-based surveillance is legal. Agency representatives tell the Post that the collection system doesn't purposefully track Americans. However, the NSA also says it can't determine how many US residents get swept up in these location scans; there are concerns that it's following targets protected by Fourth Amendment search rights. Jon Fingas contributed to this report.
Marissa Mayer: Yahoo will encrypt all user data by early 2014
Yahoo recently announced that it will encrypt webmail by default, and today Marissa Mayer shared that the security measure will be applied across all Yahoo products "by the end of Q1 2014." In a post on the company Tumblr, CEO Mayer outlined three specific measures to protect user data: Encrypt all information that moves between our data centers by the end of Q1 2014; Offer users an option to encrypt all data flow to/from Yahoo by the end of Q1 2014; Work closely with our international Mail partners to ensure that Yahoo co-branded Mail accounts are https-enabled. This news is no doubt a response to persisting questions -- and court cases -- about the scope of the NSA's information-tapping policies as they relate to internet giants such as Facebook, Google and Yahoo. As the company has previously asserted, Mayer emphasized that Yahoo has "never given access to... data centers to the NSA or to any other government agency. Ever."
NSA reportedly cracks down on staff who thought it was okay to share their logins with Edward Snowden
In a slightly ironic twist for the National Security Agency, Reuters reports that as many as 25 members of its staff have been "removed from their assignments" because they shared their private passwords with Edward Snowden while he worked there. A number of government offices are currently trying to find out just how Snowden got hold of so much confidential data, and sources close to those investigations now claim that the PRISM whistleblower used his position as a systems admin to dupe colleagues into handing over their passwords. It's not clear whether the NSA staff involved in the breach have been fired or re-assigned, but if the allegations are true then there are likely to be some red faces at the agency once the various investigations reach their conclusions, because such a large-scale failure by supposedly highly-trained staff would implicate the NSA's systems and practices, rather than just a few naive individuals.
Google's Eric Schmidt slams NSA over 'outrageous' data center snooping and privacy invasion
Google's Executive Chairman and former CEO Eric Schmidt isn't a huge fan of the NSA or its surveillance methods, it seems. Speaking to The Wall Street Journal, Schmidt declared: "It's really outrageous that the National Security Agency was looking between the Google data centers, if true." His comment follows recent reports of a nefarious tool crafted by the agency and the UK's GCHQ that accessed Google and Yahoo data lairs without permission. Schmidt also said that to "potentially violate people's privacy, it's not OK," and that the broad public scrutiny months of leaks has uncovered is unnecessary to find a few bad eggs. Referring to claims that the NSA amassed phone records of 320 million people to actually investigate more like 300, the Google exec commented: "That's just bad public policy... and perhaps illegal." Not that the search giant has any personal experience with illegal data collection, of course.
Recommended Reading: AI pioneer Douglas Hofstadter profiled, the NSA files decoded and more
Recommended Reading highlights the best long-form writing on technology in print and on the web. Some weeks, you'll also find short reviews of books dealing with the subject of technology that we think are worth your time. We hope you enjoy the read. The Man Who Would Teach Machines to Think by James Somers, The Atlantic Artificial intelligence has been in the public consciousness for decades now, due in no small part to fictional incarnations like 2001's HAL 9000, but it's been getting more attention than ever due to IBM's Watson, Apple's Siri and other recent developments. One constant figure throughout much of that time is AI pioneer Douglas Hofstadter, who's profiled at length in this piece by James Somers for The Atlantic. In it, Somers talks to Hofstadter and other key figures from the likes of IBM and Google, while examining his approach to the field, which is as much about studying the human mind as replicating it. [Image credit: null0/Flickr]
Tech giants ensnared by NSA spying petition Congress for surveillance reform
In the months since information about the NSA's bulk surveillance efforts began to leak, many of the tech companies named in documents have been unable to even discuss their involvement. Those blinds have been pried back a little with the release of a few transparency reports, but today Google, Microsoft, Facebook, Yahoo, Apple and AOL (the corporate parent of Engadget) sent a letter to Congress encouraging it to do more. Mashable posted a copy of the letter (embedded after the break), which is addressed to members of the Senate Judiciary Committee and specifically references the recently-introduced USA Freedom Act as an "important contribution" to the discussion. That particular bill seeks to end the NSA's "dragnet" security programs while "requiring greater oversight, transparency, and accountability with respect to domestic surveillance authorities." According to the companies, greater transparency would clear up "erroneous reports that we permit intelligence agencies "direct access" to our companies' servers or that we are participants in a bulk Internet records collection program." As the Washington Post points out, the companies listed may take issue with other bills circulating like the FISA Improvement Act because they don't address surveillance of non-US citizens, creating suspicion and problems for said companies setting up services for users internationally.
Need tech support in Russia? Give Edward Snowden a call
So, what happens after you've become an international pariah? The PRISM revelations may rattle along, but the figure who started it all is trying to return to something approaching a normal life. Edward Snowden's lawyer has revealed that, after settling at an undisclosed location in Russia, the NSA whistleblower has found a job. He'll be offering technical support for a domestic website, which isn't being named for the obvious reasons. Is this the last that we'll hear from the former intelligence analyst? Only time will tell.
Dark Mail Alliance develops surveillance-proof email technology
We wouldn't be surprised if you're looking for a more secure email provider after the whole government surveillance debacle. That's why Lavabit and Silent Circle have joined forces as the Dark Mail Alliance to develop a new snoop-proof email technology. Dark Mail's "Email 3.0" tech applies peer-to-peer encryption not only to the body of the digital missive, but also to its metadata (To:, From: and Subject fields) that third parties are most likely to collect. One downside is that encryption only works between Dark Mail accounts -- messages sent using the tech to Gmail or a Hotmail addresses won't be protected from prying eyes. If the two firms sound familiar, that's because they used to offer secure email services of their own, which shuttered earlier this year. However, they're determined to rise from the ashes and make the tech available to the public via mobile and desktop apps by 2014. [Image credit: g4ll4is, Flickr]
NSA reportedly tapped into Google, Yahoo data centers worldwide without telling either company
It's a top secret plan with a fittingly supervillain-esque codename: MUSCULAR. That tool, part of a partnership between the NSA and the UK's GCHQ, has been used to infiltrate Google and Yahoo data centers across the world, according to documents revealed by Edward Snowden and confirmed by sources at The Washington Post. It's a breach of privacy that could affect hundreds of millions of users, one that neither company was apparently privy to, in spite of the NSA's history of court-ordered data access with both. Google told The Post that it's, "troubled by allegations of the government intercepting traffic between our data centers, and [is] not aware of this activity." Yahoo echoed the sentiment, stating that it has, "strict controls in place to protect the security of our data centers, and [has] not given access to [its] data centers to the NSA or to any other government agency." The government, naturally, isn't commenting. Likely it's waiting to swivel around in a chair with a cat in its lap for full dramatic effect. And by the way, that above image is from a slideshow entitled "Google Cloud Exploitation," happy face and all.
Apple: No, we can't read your iMessages
Just yesterday, we reported on the claims of security firm QuarksLab that Apple could read iMessage communications, despite the company's statement to the contrary back in June when the NSA Prism program first came to light. Well, Apple has jumped right on those claims -- with a vengeance. The QuarksLab research explains how since Apple controls the encryption keys for iMessage, it could theoretically perform a "man-in-the-middle attack" and read or alter the communications between two people, either for nefarious purposes or for the government. Apple spokesperson Trudy Miller sent a statement to AllThingsD about the research, saying "iMessage is not architected to allow Apple to read messages. The research discussed theoretical vulnerabilities that would require Apple to re-engineer the iMessage system to exploit it, and Apple has no plans or intentions to do so." AllThingsD's John Paczkowski sums up his story about Apple's declaration with a good comment about the state of surveillance these days, saying "perhaps in today's world iMessage's encryption is only as good as your trust in Apple." With other companies being asked by the NSA to enable methods of intercepting messages, one security researcher told AllThingsD that "it would be naive to think that Apple wasn't at least approached by the government at some point."
NSA collecting email and messaging contacts worldwide, Yahoo moves to encrypt webmail by default
Don't think that the NSA's bulk communication data collection is focused solely on the communications themselves. The Washington Post has published more Edward Snowden documents which reveal that the agency collects large volumes of contact lists from email and instant messaging users around the world. While the NSA gathers the information on foreign soil, its method reportedly prevents it from automatically screening out any Americans in the list. The NSA and anonymous officials argue that American laws prevent analysts from accessing data unless they believe there's a foreign target hidden with, but the strategy still has the government storing contacts for "millions" of people. Yahoo customers are some of the most common targets of this surveillance, as the company doesn't normally encrypt webmail sessions. That's about to change, however. The internet firm tells the Post that its webmail service will default to using SSL encryption on January 8th, catching up with Facebook and Google. Yahoo isn't officially tightening its security in response to NSA activity, and using SSL won't necessarily stop interceptions when spies frequently have workarounds. However, the upcoming encryption will at least complicate any snooping -- whether or not it's part of an intelligence operation.
FISA court renews NSA permission to collect call metadata
News that the NSA collects bulk phone call metadata (phone numbers, call times and duration) from Verizon and other backbone providers initially leaked out in June. Since then PRISM, Edward Snowden and any number of other national security related topics have been in the spotlight, and the new focus has spurred at least one change in the process. On Friday, the Office of the Director of National Intelligence publicly announced the request -- following other declassified documents about the program -- and that it has been renewed (again) by the Foreign Intelligence Surveillance Court. As The Hill mentions, the NSA claims its analysts are only able to search through the collected data if there is "reasonable, articulable suspicion" a phone number is connected to terrorist activity. With analysts still able to paw through tons of our data this doesn't quite feel like the transparency promised, but even this small admission that it's happening highlights how things have changed.
