PRISM
Latest
NSA violated privacy protections from 2006 to 2009, pins blame on confusion
By now, it's no secret that the NSA has courted privacy violations, but new documents divulge just how long such incidents have occurred. Director of National Intelligence James Clapper released approximately 1,800 pages of declassified files, which reveal that the NSA's phone record program violations happened between 2006 (when it first came under court supervision) and 2009, when the Foreign Intelligence Surveillance Court ordered changes to the operation. During that period, a total of 17,835 phone numbers were listed for checking against Uncle Sam's database, and only about 1,800 were based on the standard of reasonable suspicion. According to Clapper, congress received the papers we're seeing now at the time of the incidents, and corrective measures have been put in place. Among the preventative actions are a complete "end-to-end" review of telephony metadata handling, the creation of the Director of Compliance position and a fourfold increase of the compliance department's personnel. As it turns out, the missteps are (again) said to have been accidents. "There was nobody at the NSA who had a full understanding of how the program worked," an intelligence official claims. Sure, the increased transparency is certainly welcome, but a recently-leaked NSA audit from May of 2012 suggests that collection of protected data is still occurring from a combination of human error and technical limits. To pore through the National Security Agency's fresh load of documents, hit the second source link below.
Google, Facebook and Yahoo petition court to disclose government data requests
It's not every day you see Google, Facebook and Yahoo aligned on a issue, but a push toward increased governmental transparency is just the sort of cause that'll put competing web companies on the same outraged page. All three noted today through their respective channels that they've filed petitions with the Foreign Intelligence Surveillance Court (FISC) to disclose the number of requests the government has issued for user data under national security statutes. Says Yahoo general counsel Ron Bell: We believe that the U.S. Government's important responsibility to protect public safety can be carried out without precluding Internet companies from sharing the number of national security requests they may receive.
Yahoo issues first transparency report, replete with governmental data requests
Following in the footsteps of Facebook -- which revealed its first Global Government Requests Report just a few weeks ago -- Yahoo is finishing out the week by publishing data of its own. The firm's first "global law enforcement transparency report" covers governmental requests for user data from January 1st through June 30th of this year, and the outfit plans to put out subsequent reports every six months. Of note, Yahoo claims that it's including "national security requests within the scope of [its] aggregate statistics," and for the paranoid in attendance, you may be relieved to know that said requests comprise "less than one one-hundredth of one percent (<.01%)" of Yahoo's global userbase. Feel free to dig in at the links below, but sadly, you won't find anything other than high-level macro figures. (As an aside, that logo.)
American and British spy agencies can thwart internet security and encryption
As reporters at the New York Times, the Guardian and ProPublica dig deeper into the documents leaked by Edward Snowden, new and disturbing revelations continue to be made. Two programs, dubbed Bullrun (NSA) and Edgehill (GCHQ), have just come to light, that focus on circumventing or breaking the security and encryption tools used across the internet. The effort dwarfs the $20 million Prism program that simply gobbled up data. Under the auspices of "Sigint (signals intelligence) enabling" in a recent budget request, the NSA was allocated roughly $255 million dollars this year alone to fund its anti-encryption program. The agencies' efforts are multi-tiered, and start with a strong cracking tool. Not much detail about the methods or software are known, but a leaked memo indicates that the NSA successfully unlocked "vast amounts" of data in 2010. By then it was already collecting massive quantities of data from taps on internet pipelines, but much of it was safely protected by industry standard encryption protocols. Once that wall fell, what was once simply a torrent of scrambled ones and zeros, became a font of "exploitable" information. HTTPS, VoIP and SSL are all confirmed to have been compromised through Bullrun, though, it appears that some solutions to the NSA's "problem" are less elegant than others. In some cases a super computer and simple brute force are necessary to peel back the layers of encryption.
Washington Post report details how often security agencies break into other networks
The latest national security related revelation to come from the documents leaked by Edward Snowden is an account of how offensive computer operations work, and how many there are. The Washington Post reports that in 2011, 231 took place with about three quarters of them against "top-priority" targets, which its sources indicate include Iran, Russia, China and North Korea. Also interesting are details of software and hardware implants designed to infiltrate network hardware, persist through upgrades and access other connected devices or networks. The effort to break into networks is codenamed Genie, while the "Tailored Access Operations" group custom-builds tools to execute the attacks. One document references a new system "Turbine" that automates control of "potentially millions of implants" to gather data or execute an attack. All of this access isn't possible for free however, with a total cyber operations budget of $1.02 billion which includes $25.1 million spent this year to purchase software vulnerabilities from malware vendors. Get your fill of codenames and cloak-and-dagger from the article posted tonight, or check out the "Black Budget" breakdown of overall intelligence spending.
Report: NSA used taxpayer dollars to cover PRISM compliance costs for tech companies
The mounting national debt? Yeah, you're probably better off just ignoring why exactly it's mounting. The Guardian is continuing the blow the lid off of the whole NSA / PRISM saga, today revealing new documents that detail how the NSA paid out "millions" of dollars to cover PRISM compliance costs for a multitude of monolithic tech outfits. As the story goes, the National Security Agency (hence, tax dollars from American taxpayers) coughed up millions "to cover the costs of major internet companies involved in the PRISM surveillance program after a court ruled that some of the agency's activities were unconstitutional." The likes of Yahoo, Google, Microsoft and Facebook are expressly named, and while Google is still angling for permission to reveal more about its side of the story, other firms have conflicting tales. For whatever it's worth, a Yahoo spokesperson seemed a-okay with the whole ordeal, casually noting that this type of behavior is perfectly legal: "Federal law requires the US government to reimburse providers for costs incurred to respond to compulsory legal process imposed by the government. We have requested reimbursement consistent with this law." Meanwhile, Facebook stated that it had "never received any compensation in connection with responding to a government data request." Microsoft, as you might imagine, declined to comment, though we heard that Steve Ballmer could be seen in the distance throwing up a peace sign. At any rate, it's fairly safe to assume that your worst nightmares are indeed a reality, and you may have a far more enjoyable weekend if you just accept the fact that The Man knows everything. Better, right?
Lavabit founder chafes under NSA scrutiny, speaks out against govermental privacy violations
Lavabit shut down its email services a couple weeks ago in response to governmental pressure regarding NSA whistleblower Edward Snowden's account. At the time, founder Ladar Levison stated he was shutting down Lavabit because he didn't want to "become complicit in crimes against the American people," but didn't expound upon what that statement meant due to a governmental gag order. The Guardian spoke with Levison recently, however, and while he still didn't deliver details about his legal dealings with Uncle Sam, he did share some thoughts about governmental surveillance in general. As you might expect, Levison is against ubiquitous governmental surveillance of communications between citizens. To that end, he's calling for a change to be made in US law so that private and secure communications services can operate without being used as "listening posts for an American surveillance network." He's not wholly against the feds tapping phone lines, though, as he recognizes the role such surveillance plays in law enforcement. However, he thinks the methods that are being used to conduct that surveillance should be made public -- not an unreasonable request, by any means. You can read Levison's full take on the matter, along with a recounting of reasons behind Lavabit's creation at the source below.
Daily Roundup: Gaming buyer's guide, PS4 launch games, Xbox One dashboard, and more!
You might say the day is never really done in consumer technology news. Your workday, however, hopefully draws to a close at some point. This is the Daily Roundup on Engadget, a quick peek back at the top headlines for the past 24 hours -- all handpicked by the editors here at the site. Click on through the break, and enjoy.
WSJ reports NSA spying capabilities cover up to 75 percent of US internet traffic
The question of how much contact the NSA has with internet traffic throughout the US is being raised again, this time by the Wall Street Journal. Yesterday The Atlantic took issue with the security agency's mathematics and 1.6 percent claim, while the WSJ report looks more closely at its reach into telecommunications companies. The mishmash of codenamed programs are said to cover up to 75 percent of US internet traffic, although the amount actually stored and accessed is much smaller. The main difference between the calculations may be due to the difference between what ISPs -- handing over data under FISA orders -- carry, and what the NSA specifically requests. Its capabilities mean it can pull a lot more than just metadata, with access to the actual content of what's sent back and forth becoming even more troubling as privacy violations exposed by its own audits come to light. There's an FAQ-style breakdown of what's new and notable from the usual "current and former" officials to get those interested up to speed quickly -- keep your tinfoil hats and end-to-end encrypted communications systems close by.
Daily Roundup: TiVo Roamio review, PS4 release date, Kinect in-depth hands-on, and more!
You might say the day is never really done in consumer technology news. Your workday, however, hopefully draws to a close at some point. This is the Daily Roundup on Engadget, a quick peek back at the top headlines for the past 24 hours -- all handpicked by the editors here at the site. Click on through the break, and enjoy.
Groklaw closing in light of NSA spying revelations
After the closures of Lavabit and Silent Circle's email service, we had wondered which online service would be next to wind down after Edward Snowden's PRISM revelations. Turns out that we're losing Groklaw, the technology and law blog, which is stopping operations from today. In an impassioned sign-off, founder Pamela Jones has said that she cannot keep running the site knowing the extent to which her private communications are subject to public scrutiny. She has also advised others to spend less time on the internet and use Kolab, a Swiss email service, which is apparently safe from the NSA -- at least for now.
Daily Update for August 13, 2013
It's the TUAW Daily Update, your source for Apple news in a convenient audio format. You'll get all the top Apple stories of the day in three to five minutes for a quick review of what's happening in the Apple world. You can listen to today's Apple stories by clicking the inline player (requires Flash) or the non-Flash link below. To subscribe to the podcast for daily listening through iTunes, click here. No Flash? Click here to listen. Subscribe via RSS
Weekly Roundup: Moto X review, LG G2 hands-on, Apple's next iPhone event, and more!
You might say the week is never really done in consumer technology news. Your workweek, however, hopefully draws to a close at some point. This is the Weekly Roundup on Engadget, a quick peek back at the top headlines for the past seven days -- all handpicked by the editors here at the site. Click on through the break, and enjoy.
NSA releases outline of security programs, says it 'only' touches 1.6 percent of internet traffic
Even as President Obama proposes a review of NSA procedures and oversight, the organization published a seven page document laying out in broad terms what it does, how it does it and why it thinks that's OK. As Ars Technica points out, the memo claims "We do not need to sacrifice civil liberties for the sake of national security; both are integral to who we are as Americans. NSA can and will continue to conduct its operations in a manner that respects both." While many would argue those points in light of the many programs recently uncovered, the NSA has a response there also: According to figures published by a major tech provider, the Internet carries 1,826 Petabytes of information per day. In its foreign intelligence mission, NSA touches about 1.6% of that. However, of the 1.6% of the data, only 0.025% is actually selected for review. The net effect is that NSA analysts look at 0.00004% of the world's traffic in conducting their mission – that's less than one part in a million. Put another way, if a standard basketball court represented the global communications environment, NSA's total collection would be represented by an area smaller than a dime on that basketball court. Other sections go on to detail how it believes American citizen's information could be picked up, and what it does to identify and minimize that data. Particularly illuminating is the six point process (listed after the break) by which it applies Executive Order 12333, considered "the foundational authority by which NSA collects, retains, analyzes, and disseminates foreign signals intelligence information" alongside the Foreign Intelligence Service Act of 1978 (FISA). It's highly doubtful that any of these points will change your level of comfort with the policies and programs revealed or feelings about their need to change, but reading the document linked below may give some insight about how and why they were created.
Daily Roundup: Obama's response to NSA scandal, Distro Issue 102, NVIDIA's second generation Surface, and more!
You might say the day is never really done in consumer technology news. Your workday, however, hopefully draws to a close at some point. This is the Daily Roundup on Engadget, a quick peek back at the top headlines for the past 24 hours -- all handpicked by the editors here at the site. Click on through the break, and enjoy.
President Obama proposes review, new oversight measures in wake of NSA scandal
Revelations of government surveillance programs, including the headline-grabbing PRISM, have been nothing short of a PR nightmare for the White House. President Obama, who ran in part on a platform that included opposition to certain elements of the Patriot Act and President Bush's illegal wiretapping program, has faced tough questions about his role in the NSA data collection system. Today, he addressed reporters in the White House press room and, as part of his regular briefing, began to layout a path to increased transparency that he hopes will re-earn the trust of the citizens. After consulting with members of congress and civil liberties organizations, President Obama has come up with four initial steps to improve transparency and confidence, while working to maintain essential security apparatus. First up, is a direct dialog with congress about reforming section 215 of the Patriot Act, which is the part of the legislation regarding the collection of telephone records. Obama also took the opportunity to reiterate that the government does not have the ability to eavesdrop on phone calls without a warrant. The second step also involved congress and working to improve confidence in the Foreign Intelligence Surveillance Court (FISC). Most notably, he said the government would pursue reforms that would ensure judges would hear opposing views from independent civil liberties proponents, in addition to government representatives.
President Obama meets with Tim Cook, other tech execs to discuss surveillance
On Thursday, President Barack Obama met with Tim Cook and other tech executives from companies like Google and AT&T to discuss government surveillance, reports Politico. Civil liberties leaders were also at the closed-door meeting. The White House declined to comment about the details of the meeting, and all the attendees also declined to comment to Politico about any specifics. However, a White House aide did tell Politico: "This is one of a number of discussions the administration is having with experts and stakeholders in response to the president's directive to have a national dialogue about how to best protect privacy in a digital era, including how to respect privacy while defending our national security." These meetings are no doubt in response to the PRISM document leaks that occurred in June. These documents revealed that major tech companies may be cooperating with the US government to gather surveillance data about users.
Daily Roundup: Toshiba Excite Write review, Xbox One unboxed, Google's eventual downfall, and more!
You might say the day is never really done in consumer technology news. Your workday, however, hopefully draws to a close at some point. This is the Daily Roundup on Engadget, a quick peek back at the top headlines for the past 24 hours -- all handpicked by the editors here at the site. Click on through the break, and enjoy.
Report: Verizon, Vodafone and BT gave UK government unlimited access to undersea network cables
PRISM isn't just for US agencies -- last month it was revealed that the UK's Government Communication Headquarters (GCHQ) has been using the program to collect emails, photos and video content from an assortment of internet providers. Now, a German newspaper claims to know what companies collaborated with the security agency. According to The Gaurdian, Süddeutsche identified Verizon, Vodafone, Global Crossing, Level 3, BT, Interoute and Viatel as firms that participated in Tempora, a program that gave the GCHQ widespread access to the undersea fiber optic cables. The operation was all quite hush-hush, with documents referring to participating outfits by obscure code names: "Dacron" for Verizon, for instance, and "Little" for Level 3. Parliament has already dismissed the agency's snooping as legal, but documents seen by The Guardian suggest that some telecoms may have illegally given the GCHQ access to other companies' cables without permission. Naturally, the firms involved were quick to dismiss foul play, with representatives from Verizon, Interoute and Vodaphone each assuring The Guardian that it was merely complying with UK law. True enough, probably, but we can't help but wonder if the operators weren't coaxed into cooperation with the promise of cool code-names.
The Daily Roundup for 08.01.2013
You might say the day is never really done in consumer technology news. Your workday, however, hopefully draws to a close at some point. This is the Daily Roundup on Engadget, a quick peek back at the top headlines for the past 24 hours -- all handpicked by the editors here at the site. Click on through the break, and enjoy.
