prism
Latest
UK reportedly set up fake internet cafes, hacked diplomats' BlackBerrys during 2009 G20 summit
If you're antsy at the idea of PRISM reading your Facebook messages, be thankful you're not a foreign diplomat. The Guardian is reporting that GCHQ, the UK's communications surveillance unit, hacked delegates' BlackBerry handsets during 2009's G20 summit in London. According to leaked documents, spies were able to relay private messages to analysts in "near real-time," and pass that information along to top politicians as they were negotiating deals. The organization is also said to have set up fake internet cafés around the conference area, which used key-logging software to steal dignitaries' passwords for long-term surveillance. If you'll excuse us, we're just off to, you know, change all of our login details.
Apple issues 'Commitment to Customer Privacy' statement
Earlier this month a top-secret PowerPoint presentation was released that leaked the existence of the US government's PRISM program. The program is a surveillance program that gives the US government a backdoor into user accounts at major technology companies such as Microsoft, Facebook, Google and Apple, among others. All of the companies involved have strenuously denied any knowledge of PRISM's existence and have been in damage control mode assuring users that their privacy is upheld. Early today Apple issued a statement called Apple's Commitment to Customer Privacy in which it aims to clarify to users the steps it goes through to protect their privacy and also to state how many requests for user data it received from the government. Below is the statement in full. Apple's Commitment to Customer Privacy Two weeks ago, when technology companies were accused of indiscriminately sharing customer data with government agencies, Apple issued a clear response: We first heard of the government's "Prism" program when news organizations asked us about it on June 6. We do not provide any government agency with direct access to our servers, and any government agency requesting customer content must get a court order. Like several other companies, we have asked the U.S. government for permission to report how many requests we receive related to national security and how we handle them. We have been authorized to share some of that data, and we are providing it here in the interest of transparency. From December 1, 2012 to May 31, 2013, Apple received between 4,000 and 5,000 requests from U.S. law enforcement for customer data. Between 9,000 and 10,000 accounts or devices were specified in those requests, which came from federal, state and local authorities and included both criminal investigations and national security matters. The most common form of request comes from police investigating robberies and other crimes, searching for missing children, trying to locate a patient with Alzheimer's disease, or hoping to prevent a suicide. Regardless of the circumstances, our Legal team conducts an evaluation of each request and, only if appropriate, we retrieve and deliver the narrowest possible set of information to the authorities. In fact, from time to time when we see inconsistencies or inaccuracies in a request, we will refuse to fulfill it. Apple has always placed a priority on protecting our customers' personal data, and we don't collect or maintain a mountain of personal details about our customers in the first place. There are certain categories of information which we do not provide to law enforcement or any other group because we choose not to retain it. For example, conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them. Apple cannot decrypt that data. Similarly, we do not store data related to customers' location, Map searches or Siri requests in any identifiable form. We will continue to work hard to strike the right balance between fulfilling our legal responsibilities and protecting our customers' privacy as they expect and deserve.
Apple releases statement on customer privacy, received over 4,000 government information requests in six months
Following the likes of Microsoft and Facebook, Apple has publicly responded to the explosion of interest in the NSA's PRISM program, and has been authorized to reveal some of the data on what it's shared with the US government in the past. It apparently first heard of the program when the media started to ask about it earlier this month and has reiterated that it provides no government agency with direct access to its servers. It does, however, get its fair share of requests for customer data from US law enforcement, receiving between 4,000 and 5,000 of them between December 1 2012 and May 31 2013. These requests covered over 9,000 accounts or devices, and come from federal, state and local authorities. Apple elaborated a little on these information requests too, saying that the majority of these requests have involved searching for missing children, preventing suicides and robberies. The company says it has "always placed a priority on protecting our customers' personal data," and its legal team evaluates each request. Apparently, Apple can't decrypt (and thus share) iMessage and FaceTime data, which is encrypted end-to-end. We've added its full statement after the break.
US officials say less than 300 phone numbers were investigated in 2012, data thwarted terrorist plots
With all the coverage of PRSIM and the NSA's data collection have been getting recently, it's no surprise that the US government is eager to rationalize its actions. The crux of the latest defense seems to be that the government isn't using its treasure trove of data very often: according to recently declassified documents, the NSA used the database to investigate less than 300 phone numbers last year. These efforts reportedly prevented terrorist actions in more than 20 countries. It's a small assurance, but a vague one, and the NSA knows it -- according to the Associated Press, the organization is trying to get the records of these thwarted plots declassified to demonstrate the program's value to concerned citizens. The reveal of such data might be a convincing argument, but disquieting revelations continue to roll out: members of congress are now reporting that the NSA has acknowledged that it does not need court authorization to listen to domestic phone calls. Either way, we're certainly open to more government transparency.
Google, Twitter push to reveal number of national security related requests separately
While Microsoft and Facebook have both published information tonight about how many requests for customer info the government made over a six month period, Google and Twitter are apparently hoping to take a different route. As Google told AllThingsD and Twitter legal director Benjamin Lee tweeted, "it's important to be able to publish numbers of national security requests-including FISA disclosures-separately." Google went further, claiming that lumping the number of National Security Letters together with criminal requests would be a "step backwards." Clearly this post-PRISM revelations battle for more transparency on just what the government is doing behind the scenes isn't over, we'll let you know if any of the parties involved have more information to share.
Facebook reveals government data request numbers, is first to include national security stats
Facebook lawyer Ted Ullyot revealed in a post tonight precisely how many user-data requests it receives from government entities, and that it's negotiated the ability to include national security-related (FISA and National Security Letters) inquiries in the report. Until now, the companies that receive such requests, whether through the recently uncovered PRISM program or not, have not been able to say anything about them, or report how many there are. Still, the stats it's able to release aren't specific, and include all requests from the last six months in a range, said to be between 9,000 and 10,000, covering between 18,000 and 19,000 accounts. We still have no official reports on what those inquiries cover, how wide reaching a single one can be or what information has been passed along. Facebook however, is quick to point out that these cover "only a tiny fraction of one percent" of its 1.1 billion active user accounts. Along with Microsoft and Google, Facebook has publicly petitioned the government to let it be more transparent about the size and scope of the requests it receives, and Reuters reports tonight that "several" internet companies have struck an agreement to do so. Expect more reports to arrive soon in similar formats, however Ullyot states Facebook will continue to push the government to be "as transparent as possible." For the six months ending December 31, 2012, the total number of user-data requests Facebook received from any and all government entities in the U.S. (including local, state, and federal, and including criminal and national security-related requests) – was between 9,000 and 10,000. These requests run the gamut – from things like a local sheriff trying to find a missing child, to a federal marshal tracking a fugitive, to a police department investigating an assault, to a national security official investigating a terrorist threat. The total number of Facebook user accounts for which data was requested pursuant to the entirety of those 9-10 thousand requests was between 18,000 and 19,000 accounts.
Google asks US government to let it publish more national security requests for data, including FISA disclosures (update: Microsoft, Facebook too)
Google CEO Larry Page and Chief Legal Officer David Drummond made a general call for more transparency in their response to the PRISM revelations last week, and Drummond has gotten quite a bit more specific with that request today. In a post on the company's Public Policy blog, he says that he's sent a letter to offices of the Attorney General and the Federal Bureau of Investigation asking that Google be allowed to publish aggregate numbers of the national security requests for data it receives, including FISA disclosures, "in terms of both the number we receive and their scope." Those numbers, he says, "would clearly show that our compliance with these requests falls far short of the claims being made," adding, "Google has nothing to hide." You can find the full letter at the source link below. Update: Reuters is reporting that Microsoft also wants Uncle Sam to loosen up and let it be more transparent with the "volume and scope" of national security requests and FISA orders. "Our recent report went as far as we legally could and the government should take action to allow companies to provide additional transparency," Ballmer and Co. added. Update 2: Hot off the heels of Redmond's call to the US government, Facebook is voicing similar sentiments regarding increased transparency. "We urge the United States government to help make that possible by allowing companies to include information about the size and scope of national security requests we receive," read a statement released by the social network.
PRISM got you worried? Seecrypt app promises secure calls and texts
Want to hide your data from the prying eyes of the US government and its information-gathering program PRISM? A team of South African developers may have an encrypted-communications solution for iOS that'll let you call and text in complete privacy. As noticed by the Daily Caller, the Seecrypt group recently updated the Seecrypt app which lets you "make and receive unlimited, secure voice calls and text messages between Seecrypt Mobile-enabled devices, anywhere in the world." It works over any carrier's data network and uses end-to-end, military-grade encryption to protect all your VoIP calls and text messages. Because all the calls and texts are transmitted as an encrypted data stream, any snooping programs will only know that you sent some data and cannot detect when or how long you made a call or exchanged messages. The service is available for US$3 per month and comes with a free three-month account trial. The Seecrypt app is available for free from the iOS App Store. It's also available for Android. [Via The Daily Caller]
The Weekly Roundup for 06.03.2013
You might say the week is never really done in consumer technology news. Your workweek, however, hopefully draws to a close at some point. This is the Weekly Roundup on Engadget, a quick peek back at the top headlines for the past seven days -- all handpicked by the editors here at the site. Click on through the break, and enjoy.
PRISM whistleblower Edward Snowden reveals himself, reasons for leaking surveillance program (updated)
Only days after the initial leaks and explanations by the US government about the National Security Agency's data surveillance program PRISM, Edward Snowden has revealed himself as the whistleblower. He's employed by defense contractor Booz Allen Hamilton and also worked at the NSA as a "technical assistant" for the CIA. In speaking to The Guardian, he explained his reasons for disclosing the intelligence program: he wanted to "to inform the public as to that which is done in their name and that which is done against them," hoping that they'll use the information to debate the issue. While the NSA's data-mining tool is reportedly known as Boundless Informant, Snowden has been keeping himself bound to a hotel in Hong Kong during this whole drama. Major internet companies have insisted that the government doesn't receive direct access to their servers and President Obama has stated that "nobody is listening to your phone calls, but the issue remains far from black and white. Snowden claims a "massive surveillance machine" is in the making under the radar -- at this point he's now waiting to see what happens next, assured he's made the the decision that feels right to him. Catch the full interview at the source link. Update: In case there was any doubt that Snowden has ever been employed by Booz Allen Hamilton, the company just released the following statement: Booz Allen can confirm that Edward Snowden, 29, has been an employee of our firm for less than 3 months, assigned to a team in Hawaii. News reports that this individual has claimed to have leaked classified information are shocking, and if accurate, this action represents a grave violation of the code of conduct and core values of our firm. We will work closely with our clients and authorities in their investigation of this matter.
The NSA's Boundless Informant: a data mining tool that maps collected intelligence
Leaks, denials and declassifications aside, one thing has been clear recently: the National Security Agency takes in a lot of data -- allegedly collecting call logs, internet records and even Facebook photos from folks all over the world. So, how does the outfit handle all this data? With custom software, of course. According to documents obtained by The Guardian, the NSA sorts through its treasure-trove of intelligence with a tool called Boundless Informant, data mining software that helps the NSA sort out how closely they're monitoring a given part of the world. According to the documents, Boundless Informant reportedly "allows users to select a country on a map and view the metadata volume and select details about the collections against that country." A screenshot found by The Guardian shows this in action, highlighting over two billion reports in the United States alone. According to the outlet, the screenshot also outs the program's heaviest hitters: in March of 2013, Boundless Informant boasted 14 billion reports from Iran, 13.5 billion from Pakistan and 12.7 billion from Jordan. We've got to hand it to the NSA -- we may not like what it's up to, but at least it's organized.
Director of National Intelligence declassifies PRISM info to clear up 'inaccuracies'
After details of a government program called PRISM with alleged hooks into the servers of major internet companies became public this week, Director of National Intelligence James Clapper decided it was necessary to reveal even more information. According to his statement, clearing up the "significant misimpressions" and "inaccuracies" requires the release of further classified info, included in a fact sheet listed after the break. So what is PRISM, according to the "Facts on Collection of Information Pursuant to Section 702"? It is an internal government computer system used to facilitate the government's statutorily authorized collection of foreign intelligence information from electronic communication service providers under court supervision...This authority was created by the Congress and has been widely known and publicly discussed since its inception in 2008. In short, Section 702 facilitates the targeted acquisition of foreign intelligence information concerning foreign targets located outside the United States under court oversight. Service providers supply information to the Government when they are lawfully required to do so. The document claims PRISM is not an "undisclosed collection or data mining program." The above passages seemingly align with statements (including one today from Yahoo) from the companies listed claiming that they only respond to inquiries when required to by law. It goes on to offer some details on the process used to identify foreign targets ("Section 702 cannot be used to intentionally target any U.S. citizen, or any other U.S. person, or to intentionally target any person known to be in the United States") and the oversight involved. Specifically mentioned is the involvement of the Executive, Legislative and Judicial branches of the federal government. Additionally, another report from The Guardian exposes more internal documents that contradict the theory that PRISM involves access to "cable intercepts," although that can occur under a different process.
DevJuice: Is your app watching you?
The PRISM project is hitting the news just now, with the Director of National Intelligence issuing statements, and people talking about what privacy means in a free society. This morning, our backchannel discussion about PRISM drifted to the topic of user privacy in apps. Specifically, we've noticed a recent trend -- our apps are starting to contact us by email. Here's an example of a real email generated by an iOS app: Hello, Thank you for trying [redacted] out! I noticed that you've used the app a couple of times over the past few weeks but are no longer using it. We trying to make the calendar a better experience and in doing so I'd really appreciate if you could take a moment and tell me why [redacted] isn't working for you. If you have any other thoughts you'd like to share with the team, please feel free to send it our way! That's a pretty startling email to receive, especially when we never contacted the company in question or opted into monitoring. In fact, the app in question offers a lengthly privacy statement, which states, "we may use other Anonymous Information to analyze usage patterns". Clearly that data is not so anonymous that it wasn't able to hijack the Gmail credentials used within the app. There's a saying that basically goes, "if the app is free, then you are the product." It's become commonplace to reap device and usage statistics for analytics. Developers may forget that there remains a real privacy line between a user's personal data and how they use the app. With Apple's support of developer- and app-specific tracking identifiers, you shouldn't lose sight of how that data is supposed to be used. In February, the FTC issued recommendations for mobile privacy disclosure. Among these, the FTC suggested that apps offer affirmative express consent for access to sensitive information, along with an access "dashboard" that would allow users to review in-app privacy settings. At the time, Verne Kopytoff wrote at Bloomberg Businessweek about the motivation behind app privacy policies, "Privacy advocates like to call mobile phones by a more menacing name: tracking devices. Mobile apps log the pages people browse, the products they buy, and the videos they watch. Many apps also note their users' locations and, over time, glean their daily routines." As mild as email feedback outreach efforts are, they cross a critical line when leveraging account information meant for in-app use only. A user who buys an app intending to manage his calendar, isn't expressly trying to build a product feedback relationship with the developer. Repurposing Gmail account credentials for further contact breaks an important trust.
NYT explains how tech companies allow PRISM, yet deny 'direct server access' happened (update)
Yesterday a series of leaked PowerPoint slides in the Washington Post revealed a program codenamed PRISM that allowed government investigators access to data from a number of top internet companies. That leak has been followed up in the last 24 hours by a series of blanket denials as tech companies (and their CEOs, including Google's Larry Page and Facebook's Mark Zuckerberg) claimed they do not give "backdoor access," only generally acknowledging that they do respond to individual court orders. Meanwhile government officials including President Obama responded to the claims mostly by claiming whatever is going on -- including the bulk collection of call logs by the NSA -- is legal and has been "repeatedly authorized by Congress." Tonight, a New York Times article may be able to explain the difference between the statements, citing information from people briefed on the program and lawyers that handle the requests. Their report is that the companies discussed ways to "efficiently and securely" share data about foreign users in response to requests made under the Foreign Intelligence Surveillance Act. In contrast to the initial reports of direct server access, this report claims when a government request is made under an individual FISA request, it's reviewed by company lawyers and then sent over, sometimes electronically using company servers. That can include an investigation into a specific person, logs of certain search terms, and in some cases "real-time transmission of data." One specific instance cited involved an NSA agent going on-site at a company's HQ, installing government software on its server and remaining there for several weeks to offload data to a laptop. So why the quick denials about something the companies listed (including AOL, parent company of Engadget) may actually have ties to? Because FISA requests are by their nature secret, the report claims employees that deal with the requests can't discuss the details, even with their fellow employees. Notably, although companies must by law respond to the requests, they're not legally obligated to make it easy, and the article points out Twitter as a company that has declined to participate. Because of that, even if PRISM is more a streamlining of bureaucratic processes than a government backdoor into your Candy Crush Saga level, the semantic differences of company denials may not sit well with users, much less citizens voting for the officials who oversee the programs. Update: Google Chief Legal Officer David Drummond has chimed in once again via a post on Google+, denying (again) that the government has any access to Google servers. That includes directly, through a back door, or any kind of "drop box" as the Times report mentions had been discussed. Meanwhile, CNET has an alternate source who corroborates the company's claims of no direct access, describing the system as a "formalized legal process."
The Daily Roundup for 06.07.2013
You might say the day is never really done in consumer technology news. Your workday, however, hopefully draws to a close at some point. This is the Daily Roundup on Engadget, a quick peek back at the top headlines for the past 24 hours -- all handpicked by the editors here at the site. Click on through the break, and enjoy.
President Obama responds to PRISM concerns, clarifies scope of snooping
If you've missed the news on PRISM and the hugely disconcerting allegations that the NSA is basically tracking everything you do on the internet and every call you make on your cellphone, we're guessing that's because you're stuck in a cave that has access to neither technology. The allegations are incredibly troubling to say the least, and President Obama this afternoon took the time to address them -- albeit briefly. For one thing, he clarified that "nobody is listening to your phone calls," indicating that people are looking at metadata about those calls (destinations, length, etc.) rather than the calls themselves. Additionally, he clarified the internet side of the program thusly: "Internet monitoring is only for those outside United States; we have to balance keeping America safe with privacy concerns." That's great for Americans, but perhaps a bit troubling for everyone else. This more or less echoes the statements made yesterday by James Clapper, Director of National Intelligence. President Obama also reminded that this program predates his taking office, and that he himself was skeptical but has come around to the program, stating that this is something "Americans should feel comfortable about." Well, then, how comfortable do you feel? Let us know in comments. Update: The Wall Street Journal has a full transcript of President Obama's comments.
Report: UK security agency also gathering secrets through PRISM
The United Kingdom's main security agency, the Government Communications Headquarters (GCHQ), is apparently working with the United States' Prism intelligence program to gather data on various internet companies, The Guardian reports. Documents given to the UK news outlet indicate that GCHQ was able to retrieve "personal material such as emails, photos and videos" from internet companies operating outside the UK, and the GCHQ employed 197 intelligence reports in 2012 alone. This allows the UK government to circumvent red tape that would otherwise tie up the process of acquiring information from companies located outside of its own region. Apparently the GCHQ's been working with the US Prism service since "at least June 2010," and it's unknown how that's impacted UK citizens in the past several years -- a GCHQ representative wouldn't comment on how long the two agencies have been working together. Though the GCHQ didn't directly confirm the collaboration, the agency issued a statement to The Guardian stating it, "takes its obligations under the law very seriously." The PRISM system is said to enable access to records held by the nine largest internet companies, from Apple and Google to Skype and even Engadget's parent company, AOL.
Apple denies involvement in US government communication surveillance
Apple has told CNBC that it does not provide the US government with direct access to its servers, contradicting a Washington Post report that the company, among others, is knowingly participating in a secret program that is allowing the government to monitor the activity of US residents. The program, codenamed PRISM, was created in 2007 and is used by the National Security Agency and the FBI to provide information on everything from emails to photo and videos and connection logs to monitor a person's online movements -- all without having a warrant issued. The companies the Washington Post say have openly complied with PRISM include Apple, Google, Microsoft, Yahoo, Facebook, PalTalk, Skype and YouTube with Dropbox appearing to jump on board soon. PRISM can "quite literally can watch your ideas form as you type," a government official told the Washington Post. Google has issued a similar denial to Apple, saying that no "back door" into Google's servers exist.
Washington Post: NSA, FBI tapping directly into servers of 9 leading internet companies (update)
On the heels of yesterday's revelation that the NSA is bulk collecting call logs from Verizon Business customers, the Washington Post is reporting tonight on another initiative, code named PRISM. According to the report, it gives the FBI and NSA access to "audio, video, photographs, e-mails, documents and connection logs" from the central servers of Microsoft, Yahoo, Google, Facebook, PalTalk, AOL (parent company of Engadget), Skype, YouTube and Apple. Another program called BLARNEY sniffs up metadata as it streams past "choke points" on the internet, continuing the theme of bulk scooping of data most would think is private. The Post's knowledge of these programs comes from PowerPoint slides (like the one shown above) provided by a "career intelligence officer" driven to expose how deep it goes. So what can the project allegedly see? Analysts based at Fort Meade use search terms to determine at least 51 percent confidence in a subject's "foreignness" before pulling data, which can include that of people found in a suspect's inbox. On Facebook, they can utilize the service's built in search and surveillance capabilities, monitor audio, video, chat and file transfers or access activity on Google's mail, storage, photo and search services. So... are you still logged in? Update 4: Now we've come full circle, as the original Washington Post article has been expanded to include the various company's responses and denials (listed after the break). Another element that has changed is the mention of another classified report that suggests these companies may not be knowingly participating, and the NSA's access may not be as direct as originally claimed. Claiming the difference may be the result of "imprecision" by the NSA author, the arrangement is now described as "collection managers [to send] content tasking instructions directly to equipment installed at company-controlled locations." Update (June 7th): Google has now issued a longer statement, signed by CEO Larry Page and Chief Legal Officer David Drummond, which reiterates its earlier comments and also calls for a "more transparent approach" from both other companies and governments alike. Update 2 (June 7th): Facebook CEO Mark Zuckerberg has denied involvement on his personal page, stating "Facebook is not and has never been part of any program to give the US or any other government direct access to our servers...We hadn't even heard of PRISM before yesterday." Like the others, he claimed Facebook only provides information "if it is required by law" and mirrored Page's call for more transparency regarding government programs.
Patch 5.2's jewelcrafting changes and how to profit
There are going to be some new important recipes in 5.2 for Jewelcrafters: a "prism" style daily cooldown Serpent's Heart, and a no-cooldown recipe that allows you to craft the uncut meta gems, Primal Diamonds, out of gems and Spirits of Harmony. Kaliope reports that both recipes are world drops in Pandaria on the PTR, and shouldn't take long to farm. Serpent's Prism would have been a better name While the profession is better designed than ever (with much less waste for shufflers and far fewer items ending up at the vendor), the Serpent's Eyes that you get while prospecting Mists ore tend to pile up. They're used to make the 450 crafted jewelry, but the market for that isn't nearly as large as the supply of Serpent's Eyes. Many people end up making these into blues and disenchanting them so they're not wasted. Now that all JCs will have the option of turning three Serpent's Eyes into a prism every day, that will provide an outlet for the Eyes that may be more profitable than the 450 blues. So far, only a few Prisms have been opened, but they seem to award a random blue gem, just like prisms from expansions past. Since it's on a daily cooldown, it's unlikely to be able to push down the price of blue gems much. Is it worth using Spirits of Harmony? The new Primal Diamond recipe has no cooldown, but requires Spirits of Harmony which are their own sort of cooldown. One criticism of Jewelcrafting has been that JCs have nothing except research and extremely low-liquidity mini-pets to spend their Spirits of Harmony on. Jewelcrafters generate Spirits as quickly as any other character, and in theory, it'd be nice to have a JC option to use them on. Especially seeing as how anyone doing daily research will have almost certainly finished learning all their cuts by now.