nsa
Latest
Google, Twitter push to reveal number of national security related requests separately
While Microsoft and Facebook have both published information tonight about how many requests for customer info the government made over a six month period, Google and Twitter are apparently hoping to take a different route. As Google told AllThingsD and Twitter legal director Benjamin Lee tweeted, "it's important to be able to publish numbers of national security requests-including FISA disclosures-separately." Google went further, claiming that lumping the number of National Security Letters together with criminal requests would be a "step backwards." Clearly this post-PRISM revelations battle for more transparency on just what the government is doing behind the scenes isn't over, we'll let you know if any of the parties involved have more information to share.
Facebook reveals government data request numbers, is first to include national security stats
Facebook lawyer Ted Ullyot revealed in a post tonight precisely how many user-data requests it receives from government entities, and that it's negotiated the ability to include national security-related (FISA and National Security Letters) inquiries in the report. Until now, the companies that receive such requests, whether through the recently uncovered PRISM program or not, have not been able to say anything about them, or report how many there are. Still, the stats it's able to release aren't specific, and include all requests from the last six months in a range, said to be between 9,000 and 10,000, covering between 18,000 and 19,000 accounts. We still have no official reports on what those inquiries cover, how wide reaching a single one can be or what information has been passed along. Facebook however, is quick to point out that these cover "only a tiny fraction of one percent" of its 1.1 billion active user accounts. Along with Microsoft and Google, Facebook has publicly petitioned the government to let it be more transparent about the size and scope of the requests it receives, and Reuters reports tonight that "several" internet companies have struck an agreement to do so. Expect more reports to arrive soon in similar formats, however Ullyot states Facebook will continue to push the government to be "as transparent as possible." For the six months ending December 31, 2012, the total number of user-data requests Facebook received from any and all government entities in the U.S. (including local, state, and federal, and including criminal and national security-related requests) – was between 9,000 and 10,000. These requests run the gamut – from things like a local sheriff trying to find a missing child, to a federal marshal tracking a fugitive, to a police department investigating an assault, to a national security official investigating a terrorist threat. The total number of Facebook user accounts for which data was requested pursuant to the entirety of those 9-10 thousand requests was between 18,000 and 19,000 accounts.
WSJ: T-Mobile, VZW don't directly share call data to NSA, but that might not matter
Providing another wrinkle to the recently exploding privacy debate, a Wall Street Journal report indicates which wireless companies are providing call information to the government. According to the infamous people familiar with the matter, foreign ownership of Verizon and T-Mobile presents several obstacles including them in the program. Chief among them is that the requests are top secret and might prohibit some of the owners from being aware. Meanwhile, Sprint and AT&T are said to have "long cooperated with the government," although it may not really matter which provider you're using when it comes to popping up in NSA-requested files. Last week's leaked court order requested call logs and metadata from Verizon Business Network Services, which, along with AT&T provides the backbone most calls go through. No matter which carrier you're on, if your call is routed along that backbone, the information about it is recorded and could be passed along.
ACLU sues over NSA's surveillance program, challenging its constitutionality
If you're already overwhelmed by the sheer amount of activity surrounding the ongoing NSA fallout, we're guessing that now would be an excellent time to go on vacation. Predictably, lawsuits are already being filed against the National Security Agency, the second of which is coming from the American Civil Liberties Union. Essentially, it's challenging the constitutionality of the surveillance program in a New York federal court, deeming the initiative "one of the largest surveillance efforts ever launched by a democratic government." The suit claims that the program infringes upon (at least) the First Amendment and the Fourth Amendment of the United States constitution. As The Verge points out, the ACLU's prior NSA lawsuit (in 2008) was dismissed in a 5-4 outcome "on the grounds that it did not have legal standing to sue, since there was no way to prove it had been targeted." Given the leaked documents involved now, however, the outcome could be much different this go 'round. Of course, one has to wonder: if all of this leads to the public shutdown of the program, are we capable of trusting the same government that started it to not actually operate it in secret?
Google asks US government to let it publish more national security requests for data, including FISA disclosures (update: Microsoft, Facebook too)
Google CEO Larry Page and Chief Legal Officer David Drummond made a general call for more transparency in their response to the PRISM revelations last week, and Drummond has gotten quite a bit more specific with that request today. In a post on the company's Public Policy blog, he says that he's sent a letter to offices of the Attorney General and the Federal Bureau of Investigation asking that Google be allowed to publish aggregate numbers of the national security requests for data it receives, including FISA disclosures, "in terms of both the number we receive and their scope." Those numbers, he says, "would clearly show that our compliance with these requests falls far short of the claims being made," adding, "Google has nothing to hide." You can find the full letter at the source link below. Update: Reuters is reporting that Microsoft also wants Uncle Sam to loosen up and let it be more transparent with the "volume and scope" of national security requests and FISA orders. "Our recent report went as far as we legally could and the government should take action to allow companies to provide additional transparency," Ballmer and Co. added. Update 2: Hot off the heels of Redmond's call to the US government, Facebook is voicing similar sentiments regarding increased transparency. "We urge the United States government to help make that possible by allowing companies to include information about the size and scope of national security requests we receive," read a statement released by the social network.
PRISM got you worried? Seecrypt app promises secure calls and texts
Want to hide your data from the prying eyes of the US government and its information-gathering program PRISM? A team of South African developers may have an encrypted-communications solution for iOS that'll let you call and text in complete privacy. As noticed by the Daily Caller, the Seecrypt group recently updated the Seecrypt app which lets you "make and receive unlimited, secure voice calls and text messages between Seecrypt Mobile-enabled devices, anywhere in the world." It works over any carrier's data network and uses end-to-end, military-grade encryption to protect all your VoIP calls and text messages. Because all the calls and texts are transmitted as an encrypted data stream, any snooping programs will only know that you sent some data and cannot detect when or how long you made a call or exchanged messages. The service is available for US$3 per month and comes with a free three-month account trial. The Seecrypt app is available for free from the iOS App Store. It's also available for Android. [Via The Daily Caller]
The Weekly Roundup for 06.03.2013
You might say the week is never really done in consumer technology news. Your workweek, however, hopefully draws to a close at some point. This is the Weekly Roundup on Engadget, a quick peek back at the top headlines for the past seven days -- all handpicked by the editors here at the site. Click on through the break, and enjoy.
PRISM whistleblower Edward Snowden reveals himself, reasons for leaking surveillance program (updated)
Only days after the initial leaks and explanations by the US government about the National Security Agency's data surveillance program PRISM, Edward Snowden has revealed himself as the whistleblower. He's employed by defense contractor Booz Allen Hamilton and also worked at the NSA as a "technical assistant" for the CIA. In speaking to The Guardian, he explained his reasons for disclosing the intelligence program: he wanted to "to inform the public as to that which is done in their name and that which is done against them," hoping that they'll use the information to debate the issue. While the NSA's data-mining tool is reportedly known as Boundless Informant, Snowden has been keeping himself bound to a hotel in Hong Kong during this whole drama. Major internet companies have insisted that the government doesn't receive direct access to their servers and President Obama has stated that "nobody is listening to your phone calls, but the issue remains far from black and white. Snowden claims a "massive surveillance machine" is in the making under the radar -- at this point he's now waiting to see what happens next, assured he's made the the decision that feels right to him. Catch the full interview at the source link. Update: In case there was any doubt that Snowden has ever been employed by Booz Allen Hamilton, the company just released the following statement: Booz Allen can confirm that Edward Snowden, 29, has been an employee of our firm for less than 3 months, assigned to a team in Hawaii. News reports that this individual has claimed to have leaked classified information are shocking, and if accurate, this action represents a grave violation of the code of conduct and core values of our firm. We will work closely with our clients and authorities in their investigation of this matter.
The NSA's Boundless Informant: a data mining tool that maps collected intelligence
Leaks, denials and declassifications aside, one thing has been clear recently: the National Security Agency takes in a lot of data -- allegedly collecting call logs, internet records and even Facebook photos from folks all over the world. So, how does the outfit handle all this data? With custom software, of course. According to documents obtained by The Guardian, the NSA sorts through its treasure-trove of intelligence with a tool called Boundless Informant, data mining software that helps the NSA sort out how closely they're monitoring a given part of the world. According to the documents, Boundless Informant reportedly "allows users to select a country on a map and view the metadata volume and select details about the collections against that country." A screenshot found by The Guardian shows this in action, highlighting over two billion reports in the United States alone. According to the outlet, the screenshot also outs the program's heaviest hitters: in March of 2013, Boundless Informant boasted 14 billion reports from Iran, 13.5 billion from Pakistan and 12.7 billion from Jordan. We've got to hand it to the NSA -- we may not like what it's up to, but at least it's organized.
Director of National Intelligence declassifies PRISM info to clear up 'inaccuracies'
After details of a government program called PRISM with alleged hooks into the servers of major internet companies became public this week, Director of National Intelligence James Clapper decided it was necessary to reveal even more information. According to his statement, clearing up the "significant misimpressions" and "inaccuracies" requires the release of further classified info, included in a fact sheet listed after the break. So what is PRISM, according to the "Facts on Collection of Information Pursuant to Section 702"? It is an internal government computer system used to facilitate the government's statutorily authorized collection of foreign intelligence information from electronic communication service providers under court supervision...This authority was created by the Congress and has been widely known and publicly discussed since its inception in 2008. In short, Section 702 facilitates the targeted acquisition of foreign intelligence information concerning foreign targets located outside the United States under court oversight. Service providers supply information to the Government when they are lawfully required to do so. The document claims PRISM is not an "undisclosed collection or data mining program." The above passages seemingly align with statements (including one today from Yahoo) from the companies listed claiming that they only respond to inquiries when required to by law. It goes on to offer some details on the process used to identify foreign targets ("Section 702 cannot be used to intentionally target any U.S. citizen, or any other U.S. person, or to intentionally target any person known to be in the United States") and the oversight involved. Specifically mentioned is the involvement of the Executive, Legislative and Judicial branches of the federal government. Additionally, another report from The Guardian exposes more internal documents that contradict the theory that PRISM involves access to "cable intercepts," although that can occur under a different process.
NYT explains how tech companies allow PRISM, yet deny 'direct server access' happened (update)
Yesterday a series of leaked PowerPoint slides in the Washington Post revealed a program codenamed PRISM that allowed government investigators access to data from a number of top internet companies. That leak has been followed up in the last 24 hours by a series of blanket denials as tech companies (and their CEOs, including Google's Larry Page and Facebook's Mark Zuckerberg) claimed they do not give "backdoor access," only generally acknowledging that they do respond to individual court orders. Meanwhile government officials including President Obama responded to the claims mostly by claiming whatever is going on -- including the bulk collection of call logs by the NSA -- is legal and has been "repeatedly authorized by Congress." Tonight, a New York Times article may be able to explain the difference between the statements, citing information from people briefed on the program and lawyers that handle the requests. Their report is that the companies discussed ways to "efficiently and securely" share data about foreign users in response to requests made under the Foreign Intelligence Surveillance Act. In contrast to the initial reports of direct server access, this report claims when a government request is made under an individual FISA request, it's reviewed by company lawyers and then sent over, sometimes electronically using company servers. That can include an investigation into a specific person, logs of certain search terms, and in some cases "real-time transmission of data." One specific instance cited involved an NSA agent going on-site at a company's HQ, installing government software on its server and remaining there for several weeks to offload data to a laptop. So why the quick denials about something the companies listed (including AOL, parent company of Engadget) may actually have ties to? Because FISA requests are by their nature secret, the report claims employees that deal with the requests can't discuss the details, even with their fellow employees. Notably, although companies must by law respond to the requests, they're not legally obligated to make it easy, and the article points out Twitter as a company that has declined to participate. Because of that, even if PRISM is more a streamlining of bureaucratic processes than a government backdoor into your Candy Crush Saga level, the semantic differences of company denials may not sit well with users, much less citizens voting for the officials who oversee the programs. Update: Google Chief Legal Officer David Drummond has chimed in once again via a post on Google+, denying (again) that the government has any access to Google servers. That includes directly, through a back door, or any kind of "drop box" as the Times report mentions had been discussed. Meanwhile, CNET has an alternate source who corroborates the company's claims of no direct access, describing the system as a "formalized legal process."
The Daily Roundup for 06.07.2013
You might say the day is never really done in consumer technology news. Your workday, however, hopefully draws to a close at some point. This is the Daily Roundup on Engadget, a quick peek back at the top headlines for the past 24 hours -- all handpicked by the editors here at the site. Click on through the break, and enjoy.
President Obama responds to PRISM concerns, clarifies scope of snooping
If you've missed the news on PRISM and the hugely disconcerting allegations that the NSA is basically tracking everything you do on the internet and every call you make on your cellphone, we're guessing that's because you're stuck in a cave that has access to neither technology. The allegations are incredibly troubling to say the least, and President Obama this afternoon took the time to address them -- albeit briefly. For one thing, he clarified that "nobody is listening to your phone calls," indicating that people are looking at metadata about those calls (destinations, length, etc.) rather than the calls themselves. Additionally, he clarified the internet side of the program thusly: "Internet monitoring is only for those outside United States; we have to balance keeping America safe with privacy concerns." That's great for Americans, but perhaps a bit troubling for everyone else. This more or less echoes the statements made yesterday by James Clapper, Director of National Intelligence. President Obama also reminded that this program predates his taking office, and that he himself was skeptical but has come around to the program, stating that this is something "Americans should feel comfortable about." Well, then, how comfortable do you feel? Let us know in comments. Update: The Wall Street Journal has a full transcript of President Obama's comments.
WSJ: NSA snooping extends to AT&T, Sprint and other ISPs
Just in case you thought not being a Verizon customer meant you weren't covered by yesterday's report of widespread NSA logging, the Wall Street Journal says the program extends much wider. Citing "people familiar with the NSA's operations," it stated phone call metadata is also being collected from AT&T and Sprint, along with data from other ISPs and even credit card purchase info. Members of Congress have come out today stating that the program -- an evolution of warrantless wiretapping that began after the Patriot Act was enacted -- has been ongoing for several years and must be renewed every three months by Congress.
The Daily Roundup for 06.06.2013
You might say the day is never really done in consumer technology news. Your workday, however, hopefully draws to a close at some point. This is the Daily Roundup on Engadget, a quick peek back at the top headlines for the past 24 hours -- all handpicked by the editors here at the site. Click on through the break, and enjoy.
Washington Post: NSA, FBI tapping directly into servers of 9 leading internet companies (update)
On the heels of yesterday's revelation that the NSA is bulk collecting call logs from Verizon Business customers, the Washington Post is reporting tonight on another initiative, code named PRISM. According to the report, it gives the FBI and NSA access to "audio, video, photographs, e-mails, documents and connection logs" from the central servers of Microsoft, Yahoo, Google, Facebook, PalTalk, AOL (parent company of Engadget), Skype, YouTube and Apple. Another program called BLARNEY sniffs up metadata as it streams past "choke points" on the internet, continuing the theme of bulk scooping of data most would think is private. The Post's knowledge of these programs comes from PowerPoint slides (like the one shown above) provided by a "career intelligence officer" driven to expose how deep it goes. So what can the project allegedly see? Analysts based at Fort Meade use search terms to determine at least 51 percent confidence in a subject's "foreignness" before pulling data, which can include that of people found in a suspect's inbox. On Facebook, they can utilize the service's built in search and surveillance capabilities, monitor audio, video, chat and file transfers or access activity on Google's mail, storage, photo and search services. So... are you still logged in? Update 4: Now we've come full circle, as the original Washington Post article has been expanded to include the various company's responses and denials (listed after the break). Another element that has changed is the mention of another classified report that suggests these companies may not be knowingly participating, and the NSA's access may not be as direct as originally claimed. Claiming the difference may be the result of "imprecision" by the NSA author, the arrangement is now described as "collection managers [to send] content tasking instructions directly to equipment installed at company-controlled locations." Update (June 7th): Google has now issued a longer statement, signed by CEO Larry Page and Chief Legal Officer David Drummond, which reiterates its earlier comments and also calls for a "more transparent approach" from both other companies and governments alike. Update 2 (June 7th): Facebook CEO Mark Zuckerberg has denied involvement on his personal page, stating "Facebook is not and has never been part of any program to give the US or any other government direct access to our servers...We hadn't even heard of PRISM before yesterday." Like the others, he claimed Facebook only provides information "if it is required by law" and mirrored Page's call for more transparency regarding government programs.
Leaked court documents reveal NSA is collecting bulk call logs from Verizon
A court document published today by The Guardian reveals the NSA is currently collecting call records in bulk from Verizon. The request, granted by the Foreign Intelligence Surveillance Court on April 25th, extends until July 19th and mandates Verizon produce all call detail records on a daily basis to the NSA. The data collected includes the numbers of both parties to a call, how long it lasted, location data, IMEI / IMSI numbers, but not the content of the call or identifying information about the customer. As the report indicates, security officials had revealed bulk collection of call records previously, but until now there has been no indication of it happening under the Obama administration. In 2006 Verizon Wireless was one of the few to state it had not turned over call records to the NSA, but that appears to have changed. Among the many things that are still unknown however, is whether this order is a one time event or one in a series of such requests collecting vast amounts of data on unsuspecting citizens, and whether other communications providers have received orders to do the same.[Image credit: Frédéric Bisson, Flickr]
Editorial: We, the digitally naked
The iPhone 5. It is taller, and has incremental improvements under the hood, and is shiny. (I'm staying away. Typing on glass is wrong.) Of more import, the smartphone you carry is more than a communication device; it is potentially a government surveillance enabler. To whatever extent that is the case (depending on whose public pronouncements you believe), latent digital snooping was reinforced on the same day as the iPhone event. Two days after that, Google announced its intention to build a "Do Not Track" option into the Chrome browser, giving users some shielding from a different type of rampant surveillance -- the type that creepily delivers knowingly targeted ads. The two issues differ in seriousness, but are related as privacy concerns. As our mobile and desktop devices get sexier, we become increasingly naked.
Former NSA official says agency collects Americans' web data, director denies charges
The NSA director, General Keith Alexander, is coming under scrutiny after he told a crowd gathered at the Def Con hacker conference that the spy agency "absolutely" does not collect data from and maintain files on American citizens. A former official stopped just shy of calling Alexander a liar, accusing him of playing a "word game." William Binney left the department in late 2001, when it became apparent to him that it planned to use the terrorist attacks on September 11th as an "excuse" to launch a data collection program that was already in the planning stages. Alexander for his part maintains that any data, be it web searches, Twitter posts or emails, collected from American citizens is merely incidental, and associated with intelligence gathering on foreign entities. Of course, Binney rejects this claim and testimony from Qwest CEO James Nacchio regarding the NSA's wiretapping program would seem to contradict it. ACLU attorney Alex Abdo, who was on the panel with Alexander, cast further doubt on the director's denial. He noted that loopholes in the law allow the NSA collect vast amounts of information on Americans, without them being the "target" of the surveillance. Since the agency can hold on to any data collected, it can retroactively build dossiers on citizens, should they eventually become the focus of an investigation. For a few more details, hit up the source link.
NSA builds own model of Android phone, wants you to do the same
The NSA decided it wanted to have its own go at producing a secure Android smartphone that could encrypt communications to levels necessary for national security. Project "Fishbowl" constructed 100 handsets from off-the-shelf components that were secure enough that staffers could use them without speaking in code. All conversations are conducted across an IPsec VPN with a secure, real-time transport protocol for encrypting the voice at both ends, with the VoIP server being housed inside an NSA facility. It's part of a program to get handset makers to build this kit so the Information Assurance Directorate doesn't have to navigate the interoperability hurdles between each company's tech. The agency has launched a how-to for any manufacturer looking for a large Government contract to produce Fishbowl phones on a larger scale, although they'll probably have to change the name to something more threatening like MK-Ultraphone or the Phoneadelphia Experiment.
