prism
Latest
FISA court reauthorizes NSA to collect call metadata (again)
Need another sign that the NSA's phone surveillance program is considered legal? The Foreign Intelligence Surveillance Court is happy to oblige. This week FISA renewed the agencies' authority to collect call metadata, echoing an October approval from the same court. That's actually standard -- the program needs to be reassessed every 90 days, but typically the authorizations fly under the radar. This time around, the Director of National Intelligence declassified the action "in order to provide the public with a more thorough and balanced understanding of the program."Even so, its not giving detractors any ground: the announcement also reasserts the program's legality, citing the "holdings of the United States District Courts of the Southern District of New York and Southern District of California, as well as the findings of 15 judges of the Foreign Intelligence Surveillance Court on 36 separate occasions over the last seven years." The statement at least closes on an amicable note, promising to be open to tweaking the program in ways that "achieve our counterterrorism mission in a manner that gives the American people greater confidence." Check out the full statement at the source link below.
Tech's biggest misfires of 2013
You can't win 'em all. The adage certainly holds in the fast-paced world of technology, where one small slip can put a damper on your entire year. Every year, among all of the celebrations of top gadgets and big news stories, we like to take a moment to acknowledge the other side of things. This time out, it's a pretty diverse list, from flubbed Kickstarter launches to massive governmental privacy breaches and yet another really lousy year for one smartphone manufacturer. But don't worry everyone; the year 2013 is nearly over.
Edward Snowden looks back at NSA leaks, considers his personal mission accomplished
2013 is almost over, but revelations delivered this year about the amount of communications data the NSA has access to, and how it has acquired that data, will reverberate for much longer. The man at the center of the leaks, Edward Snowden, has spoken once again to The Washington Post in an interview stretching over 14 hours about what he did and why, saying "For me, in terms of personal satisfaction, the mission's already accomplished...I already won." The meaning behind his mission was, in his words, to give the public a chance to look over what the government agency had decided -- behind the closed doors of Congress the Foreign Intelligence Surveillance Court -- is legal in order to track terrorists after 9-11. Naturally, NSA leaders disagree, and dispute assertions that he brought his concerns about the agency's work to his supervisors. According to Snowden, he asked coworkers about how they thought the public would react if information about initiatives like PRISM and Boundless Informant appeared on newspaper frontpages, confronting them with data showing the programs collected more information in the US about Americans than Russians in Russia. Now, the information has been exposed for the public. Many companies are scrambling to lock down their systems both as a practical measure and a PR move, the NSA's policies are under review, and Snowden remains in Russia where he has been granted temporary asylum, and says he's "still working for the NSA right now...they just don't realize it."
NSA review group tells Obama to ditch bulk phone surveillance
2013 has been a hard year for the White House. It's been working overtime to try and manage the PR nightmare sparked by Edward Snowden's NSA whistleblowing -- fighting the outcry of angry citizens, CEOs and major tech firms. President Barack Obama eventually created a panel to review the government's surveillance programs and propose changes that will help restore public's trust. Today, the group's recommendations are in, and in summary, they aren't too surprising: don't spy on your citizens.The report's most public facing suggestion mandates ending the NSA's habit of collecting US phone call metadata. The agency would still be allowed to collect some records, of course, but the panel suggests that this data be maintained by a private third party, or the phone companies themselves. More importantly, this data would only be accessible with an order from the Foreign Intelligence Surveillance Court. That's hardly the panel's only critique, either: the 308 page document actually makes a total of 46 recommendations. It suggests putting international spy operations under heavier scrutiny, for instance, and says that decisions to monitor such communications need to be made by the Commander in Chief -- not the nation's intelligence agencies. It even suggests major tweak to the NSA's structure, asking the president to consider making the next Director of the NSA a civilian.
NSA overhaul could see an end to PRISM-style surveillance
Edward Snowden might have missed out on becoming Person of the Year, but that's not to say he's not been a big influence on America's government this year. According to deep-throated persons familiar with the matter, the presidential task force is proposing a huge overhaul to the NSA in the wake of the PRISM scandal. Proposed changes include giving bulk collection duties to phone companies or an independent third party, imposing tighter standards before NSA staffers can access your personal data and appointing a civilian head, rather than recruiting from the military. The report is due in full on Sunday, but there's no word on when the White House will make the proposals public -- unless, you know, someone else feels compelled to "do a Snowden."
Microsoft's immediate plans against NSA 'threat': court challenges, encryption and transparency
The NSA / PRISM / MUSCULAR scandal sparked by Edward Snowden's leaks stained many tech companies, and tonight Microsoft has laid out several plans it hopes will convince customers (particularly non-US businesses and foreign governments) they're safe using its products and services. In a blog post, general counsel and executive VP Brad Smith lays out a three pronged approach of "immediate and coordinated action" against the threat of government snooping. It's expanding the use of encryption to cover any content moving between it and its customers, any transmissions between its data centers, and data stored on its servers -- all of this is said to be in place by the end of 2014. In terms of court orders that may push it to reveal data, Microsoft is committing to notify "business and government" customers of any legal orders, and if it is prevented from doing so by a gag order, says it will challenge those in court. Finally, it's expanding the existing program giving governments access to its source code so they can make sure it doesn't contain any back doors. According to Reuters, this will put Microsoft on par with other Internet companies like Amazon Web Services, Yahoo and Google for how it treats data. Still, while that may help foreign diplomats feel better about logging into Outlook or Skype, there are probably a few individuals who will keep their tin foil hats on, Kinect cameras covered and cellphones off.
NSA reportedly cracks down on staff who thought it was okay to share their logins with Edward Snowden
In a slightly ironic twist for the National Security Agency, Reuters reports that as many as 25 members of its staff have been "removed from their assignments" because they shared their private passwords with Edward Snowden while he worked there. A number of government offices are currently trying to find out just how Snowden got hold of so much confidential data, and sources close to those investigations now claim that the PRISM whistleblower used his position as a systems admin to dupe colleagues into handing over their passwords. It's not clear whether the NSA staff involved in the breach have been fired or re-assigned, but if the allegations are true then there are likely to be some red faces at the agency once the various investigations reach their conclusions, because such a large-scale failure by supposedly highly-trained staff would implicate the NSA's systems and practices, rather than just a few naive individuals.
Google's Eric Schmidt slams NSA over 'outrageous' data center snooping and privacy invasion
Google's Executive Chairman and former CEO Eric Schmidt isn't a huge fan of the NSA or its surveillance methods, it seems. Speaking to The Wall Street Journal, Schmidt declared: "It's really outrageous that the National Security Agency was looking between the Google data centers, if true." His comment follows recent reports of a nefarious tool crafted by the agency and the UK's GCHQ that accessed Google and Yahoo data lairs without permission. Schmidt also said that to "potentially violate people's privacy, it's not OK," and that the broad public scrutiny months of leaks has uncovered is unnecessary to find a few bad eggs. Referring to claims that the NSA amassed phone records of 320 million people to actually investigate more like 300, the Google exec commented: "That's just bad public policy... and perhaps illegal." Not that the search giant has any personal experience with illegal data collection, of course.
Tech giants ensnared by NSA spying petition Congress for surveillance reform
In the months since information about the NSA's bulk surveillance efforts began to leak, many of the tech companies named in documents have been unable to even discuss their involvement. Those blinds have been pried back a little with the release of a few transparency reports, but today Google, Microsoft, Facebook, Yahoo, Apple and AOL (the corporate parent of Engadget) sent a letter to Congress encouraging it to do more. Mashable posted a copy of the letter (embedded after the break), which is addressed to members of the Senate Judiciary Committee and specifically references the recently-introduced USA Freedom Act as an "important contribution" to the discussion. That particular bill seeks to end the NSA's "dragnet" security programs while "requiring greater oversight, transparency, and accountability with respect to domestic surveillance authorities." According to the companies, greater transparency would clear up "erroneous reports that we permit intelligence agencies "direct access" to our companies' servers or that we are participants in a bulk Internet records collection program." As the Washington Post points out, the companies listed may take issue with other bills circulating like the FISA Improvement Act because they don't address surveillance of non-US citizens, creating suspicion and problems for said companies setting up services for users internationally.
Need tech support in Russia? Give Edward Snowden a call
So, what happens after you've become an international pariah? The PRISM revelations may rattle along, but the figure who started it all is trying to return to something approaching a normal life. Edward Snowden's lawyer has revealed that, after settling at an undisclosed location in Russia, the NSA whistleblower has found a job. He'll be offering technical support for a domestic website, which isn't being named for the obvious reasons. Is this the last that we'll hear from the former intelligence analyst? Only time will tell.
Dark Mail Alliance develops surveillance-proof email technology
We wouldn't be surprised if you're looking for a more secure email provider after the whole government surveillance debacle. That's why Lavabit and Silent Circle have joined forces as the Dark Mail Alliance to develop a new snoop-proof email technology. Dark Mail's "Email 3.0" tech applies peer-to-peer encryption not only to the body of the digital missive, but also to its metadata (To:, From: and Subject fields) that third parties are most likely to collect. One downside is that encryption only works between Dark Mail accounts -- messages sent using the tech to Gmail or a Hotmail addresses won't be protected from prying eyes. If the two firms sound familiar, that's because they used to offer secure email services of their own, which shuttered earlier this year. However, they're determined to rise from the ashes and make the tech available to the public via mobile and desktop apps by 2014. [Image credit: g4ll4is, Flickr]
Apple: No, we can't read your iMessages
Just yesterday, we reported on the claims of security firm QuarksLab that Apple could read iMessage communications, despite the company's statement to the contrary back in June when the NSA Prism program first came to light. Well, Apple has jumped right on those claims -- with a vengeance. The QuarksLab research explains how since Apple controls the encryption keys for iMessage, it could theoretically perform a "man-in-the-middle attack" and read or alter the communications between two people, either for nefarious purposes or for the government. Apple spokesperson Trudy Miller sent a statement to AllThingsD about the research, saying "iMessage is not architected to allow Apple to read messages. The research discussed theoretical vulnerabilities that would require Apple to re-engineer the iMessage system to exploit it, and Apple has no plans or intentions to do so." AllThingsD's John Paczkowski sums up his story about Apple's declaration with a good comment about the state of surveillance these days, saying "perhaps in today's world iMessage's encryption is only as good as your trust in Apple." With other companies being asked by the NSA to enable methods of intercepting messages, one security researcher told AllThingsD that "it would be naive to think that Apple wasn't at least approached by the government at some point."
FISA court renews NSA permission to collect call metadata
News that the NSA collects bulk phone call metadata (phone numbers, call times and duration) from Verizon and other backbone providers initially leaked out in June. Since then PRISM, Edward Snowden and any number of other national security related topics have been in the spotlight, and the new focus has spurred at least one change in the process. On Friday, the Office of the Director of National Intelligence publicly announced the request -- following other declassified documents about the program -- and that it has been renewed (again) by the Foreign Intelligence Surveillance Court. As The Hill mentions, the NSA claims its analysts are only able to search through the collected data if there is "reasonable, articulable suspicion" a phone number is connected to terrorist activity. With analysts still able to paw through tons of our data this doesn't quite feel like the transparency promised, but even this small admission that it's happening highlights how things have changed.
NYT: NSA monitors, graphs some US Citizens' social activity with collected metadata
Just how does the NSA piece together all that metadata it collects? Thanks to "newly disclosed documents and interviews with officials," The New York Times today shed light on how the agency plots out the social activity and connections of those it's spying on. Up until 2010, the NSA only traced and analyzed the metadata of emails and phone calls from foreigners, so anything from US citizens in the chains created stopgaps. Snowden-provided documents note the policy shifted later in that year to allow for the inclusion of Americans' metadata in such analysis. An NSA representative explained to the NYT that, "all data queries must include a foreign intelligence justification, period." During "large-scale graph analysis," collected metadata is cross-referenced with commercial, public and "enrichment data" (some examples included GPS locations, social media accounts and banking info) to create a contact chain tied to any foreigner under review and scope out its activity. The highlighted ingestion tool in this instance goes by the name Mainway. The NYT article also highlights a secret report, dubbed "Better Person Centric Analysis," which details how data is sorted into 164 searchable "relationship types" and 94 "entity types" (email and IP addresses, along with phone numbers). Other documents highlight that during 2011 the NSA took in over 700 million phone records daily on its own, along with an "unnamed American service provider" that began funneling in an additional 1.1 billion cellphone records that August. In addition to that, Snowden's leak of the NSA's classified 2013 budget cites it as hoping to capture "20 billion 'record events' daily" that would be available for review by the agency's analysts in an hour's time. As you might expect, the number of US citizens that've had their info bunched up into all of this currently remains a secret -- national security, of course. Extended details are available at the source links.
NSA accused of hacking into India's nuclear systems
According to Edward Snowden's cache of documents, the NSA has been delving deeper into India's servers than many could have imagined. The Hindu is reporting that, in addition to the usual PRISM snooping, the agency also vacuumed up data on the country's nuclear, political and space programs. The newspaper says it has a document, entitled "A Week in the Life of PRISM reporting," which allegedly shows that discussions between high-ranking politicians, nuclear and space scientists were being monitored in "real-time." The revelation comes a few months after Kapil Sibal, India's IT chief, denied that any such surveillance was being undertaken. Who knows? Maybe he was spending so much time on his other projects that he missed the clues. For its part, the US has insisted that its hands are clean in India. Back in June, Secretary of State John Kerry said that the US doesn't look at individual conversations but instead "randomly surveys" data in order to discover communications that are "linked to terrorists."
Daily Roundup: Moto X factory tour, which new iPhone to buy, Intel's Haswell Chromebooks, and more!
You might say the day is never really done in consumer technology news. Your workday, however, hopefully draws to a close at some point. This is the Daily Roundup on Engadget, a quick peek back at the top headlines for the past 24 hours -- all handpicked by the editors here at the site. Click on through the break, and enjoy.
NSA violated privacy protections from 2006 to 2009, pins blame on confusion
By now, it's no secret that the NSA has courted privacy violations, but new documents divulge just how long such incidents have occurred. Director of National Intelligence James Clapper released approximately 1,800 pages of declassified files, which reveal that the NSA's phone record program violations happened between 2006 (when it first came under court supervision) and 2009, when the Foreign Intelligence Surveillance Court ordered changes to the operation. During that period, a total of 17,835 phone numbers were listed for checking against Uncle Sam's database, and only about 1,800 were based on the standard of reasonable suspicion. According to Clapper, congress received the papers we're seeing now at the time of the incidents, and corrective measures have been put in place. Among the preventative actions are a complete "end-to-end" review of telephony metadata handling, the creation of the Director of Compliance position and a fourfold increase of the compliance department's personnel. As it turns out, the missteps are (again) said to have been accidents. "There was nobody at the NSA who had a full understanding of how the program worked," an intelligence official claims. Sure, the increased transparency is certainly welcome, but a recently-leaked NSA audit from May of 2012 suggests that collection of protected data is still occurring from a combination of human error and technical limits. To pore through the National Security Agency's fresh load of documents, hit the second source link below.
Google, Facebook and Yahoo petition court to disclose government data requests
It's not every day you see Google, Facebook and Yahoo aligned on a issue, but a push toward increased governmental transparency is just the sort of cause that'll put competing web companies on the same outraged page. All three noted today through their respective channels that they've filed petitions with the Foreign Intelligence Surveillance Court (FISC) to disclose the number of requests the government has issued for user data under national security statutes. Says Yahoo general counsel Ron Bell: We believe that the U.S. Government's important responsibility to protect public safety can be carried out without precluding Internet companies from sharing the number of national security requests they may receive.
Yahoo issues first transparency report, replete with governmental data requests
Following in the footsteps of Facebook -- which revealed its first Global Government Requests Report just a few weeks ago -- Yahoo is finishing out the week by publishing data of its own. The firm's first "global law enforcement transparency report" covers governmental requests for user data from January 1st through June 30th of this year, and the outfit plans to put out subsequent reports every six months. Of note, Yahoo claims that it's including "national security requests within the scope of [its] aggregate statistics," and for the paranoid in attendance, you may be relieved to know that said requests comprise "less than one one-hundredth of one percent (<.01%)" of Yahoo's global userbase. Feel free to dig in at the links below, but sadly, you won't find anything other than high-level macro figures. (As an aside, that logo.)
American and British spy agencies can thwart internet security and encryption
As reporters at the New York Times, the Guardian and ProPublica dig deeper into the documents leaked by Edward Snowden, new and disturbing revelations continue to be made. Two programs, dubbed Bullrun (NSA) and Edgehill (GCHQ), have just come to light, that focus on circumventing or breaking the security and encryption tools used across the internet. The effort dwarfs the $20 million Prism program that simply gobbled up data. Under the auspices of "Sigint (signals intelligence) enabling" in a recent budget request, the NSA was allocated roughly $255 million dollars this year alone to fund its anti-encryption program. The agencies' efforts are multi-tiered, and start with a strong cracking tool. Not much detail about the methods or software are known, but a leaked memo indicates that the NSA successfully unlocked "vast amounts" of data in 2010. By then it was already collecting massive quantities of data from taps on internet pipelines, but much of it was safely protected by industry standard encryption protocols. Once that wall fell, what was once simply a torrent of scrambled ones and zeros, became a font of "exploitable" information. HTTPS, VoIP and SSL are all confirmed to have been compromised through Bullrun, though, it appears that some solutions to the NSA's "problem" are less elegant than others. In some cases a super computer and simple brute force are necessary to peel back the layers of encryption.