Latest
Vodafone admits some governments have free rein to eavesdrop on calls
Gone are the days when we thought governments could only access our phone calls through official, naive-sounding procedures like "warrants." Nevertheless, it's only now, after the whole Snowden / NSA blow-up, that companies like Vodafone are trying to be more transparent. In a 40,000-word "disclosure report," the multinational carrier says that "a small number" out of the 29 countries in which it operates demand to have "direct access to a phone operator's network," thus "bypassing" any control the operator might otherwise have had over the privacy of its customers. Needless to say, Vodafone doesn't call out any of the culprit nations by name, since doing so would breach the same laws that it agreed to uphold in order to business with them in the first place.
Sharif Sakr06.06.2014
NYT: NSA embeds radio transmitters to access offline computers from miles away
Tonight's fun NSA revelation comes courtesy of the New York Times, reporting on an agency program to access and alter data on computers that aren't connected to the internet. Cherry picked from the NSA's tool kit of developments -- often used to bug equipment before it reaches the intended destination -- the technology described relies on a circuit board or USB device (called Cottonmouth I) installed on a PC that communicates wirelessly with a base station nearby. The base station itself has already been described by security expert Jacob Appelbaum; codenamed Nightstand, it's capable of hacking WiFi networks from up to eight miles away and retrieving or inserting data as necessary. The programs described are not exactly up to date, and the NYT's experts suggest recent developments are focused on making the US less dependent on physical access to do its hacking. Like the Dropoutjeep software created to attack iPhones, we're told these techniques are designed for use in places like Iran and China. Still, with an estimated 100,000 or so installations it probably wouldn't hurt to give your USB ports and internal expansion slots a once-over just in case.
Richard Lawler01.14.2014
Edward Snowden looks back at NSA leaks, considers his personal mission accomplished
2013 is almost over, but revelations delivered this year about the amount of communications data the NSA has access to, and how it has acquired that data, will reverberate for much longer. The man at the center of the leaks, Edward Snowden, has spoken once again to The Washington Post in an interview stretching over 14 hours about what he did and why, saying "For me, in terms of personal satisfaction, the mission's already accomplished...I already won." The meaning behind his mission was, in his words, to give the public a chance to look over what the government agency had decided -- behind the closed doors of Congress the Foreign Intelligence Surveillance Court -- is legal in order to track terrorists after 9-11. Naturally, NSA leaders disagree, and dispute assertions that he brought his concerns about the agency's work to his supervisors. According to Snowden, he asked coworkers about how they thought the public would react if information about initiatives like PRISM and Boundless Informant appeared on newspaper frontpages, confronting them with data showing the programs collected more information in the US about Americans than Russians in Russia. Now, the information has been exposed for the public. Many companies are scrambling to lock down their systems both as a practical measure and a PR move, the NSA's policies are under review, and Snowden remains in Russia where he has been granted temporary asylum, and says he's "still working for the NSA right now...they just don't realize it."
Richard Lawler12.23.2013
NSA review group tells Obama to ditch bulk phone surveillance
2013 has been a hard year for the White House. It's been working overtime to try and manage the PR nightmare sparked by Edward Snowden's NSA whistleblowing -- fighting the outcry of angry citizens, CEOs and major tech firms. President Barack Obama eventually created a panel to review the government's surveillance programs and propose changes that will help restore public's trust. Today, the group's recommendations are in, and in summary, they aren't too surprising: don't spy on your citizens.The report's most public facing suggestion mandates ending the NSA's habit of collecting US phone call metadata. The agency would still be allowed to collect some records, of course, but the panel suggests that this data be maintained by a private third party, or the phone companies themselves. More importantly, this data would only be accessible with an order from the Foreign Intelligence Surveillance Court. That's hardly the panel's only critique, either: the 308 page document actually makes a total of 46 recommendations. It suggests putting international spy operations under heavier scrutiny, for instance, and says that decisions to monitor such communications need to be made by the Commander in Chief -- not the nation's intelligence agencies. It even suggests major tweak to the NSA's structure, asking the president to consider making the next Director of the NSA a civilian.
Sean Buckley12.18.2013
Microsoft's immediate plans against NSA 'threat': court challenges, encryption and transparency
The NSA / PRISM / MUSCULAR scandal sparked by Edward Snowden's leaks stained many tech companies, and tonight Microsoft has laid out several plans it hopes will convince customers (particularly non-US businesses and foreign governments) they're safe using its products and services. In a blog post, general counsel and executive VP Brad Smith lays out a three pronged approach of "immediate and coordinated action" against the threat of government snooping. It's expanding the use of encryption to cover any content moving between it and its customers, any transmissions between its data centers, and data stored on its servers -- all of this is said to be in place by the end of 2014. In terms of court orders that may push it to reveal data, Microsoft is committing to notify "business and government" customers of any legal orders, and if it is prevented from doing so by a gag order, says it will challenge those in court. Finally, it's expanding the existing program giving governments access to its source code so they can make sure it doesn't contain any back doors. According to Reuters, this will put Microsoft on par with other Internet companies like Amazon Web Services, Yahoo and Google for how it treats data. Still, while that may help foreign diplomats feel better about logging into Outlook or Skype, there are probably a few individuals who will keep their tin foil hats on, Kinect cameras covered and cellphones off.
Richard Lawler12.05.2013
Need tech support in Russia? Give Edward Snowden a call
So, what happens after you've become an international pariah? The PRISM revelations may rattle along, but the figure who started it all is trying to return to something approaching a normal life. Edward Snowden's lawyer has revealed that, after settling at an undisclosed location in Russia, the NSA whistleblower has found a job. He'll be offering technical support for a domestic website, which isn't being named for the obvious reasons. Is this the last that we'll hear from the former intelligence analyst? Only time will tell.
Daniel Cooper10.31.2013
Dark Mail Alliance develops surveillance-proof email technology
We wouldn't be surprised if you're looking for a more secure email provider after the whole government surveillance debacle. That's why Lavabit and Silent Circle have joined forces as the Dark Mail Alliance to develop a new snoop-proof email technology. Dark Mail's "Email 3.0" tech applies peer-to-peer encryption not only to the body of the digital missive, but also to its metadata (To:, From: and Subject fields) that third parties are most likely to collect. One downside is that encryption only works between Dark Mail accounts -- messages sent using the tech to Gmail or a Hotmail addresses won't be protected from prying eyes. If the two firms sound familiar, that's because they used to offer secure email services of their own, which shuttered earlier this year. However, they're determined to rise from the ashes and make the tech available to the public via mobile and desktop apps by 2014. [Image credit: g4ll4is, Flickr]
Mariella Moon10.31.2013
Lavabit reinstates service briefly so users can download emails, change passwords
Email provider Lavabit shut down in August due to government pressure in the wake the Edward Snowden leaks, but it is apparently re-opening -- for a little while. A press release issued by Lavabit indicates that there's a two-step process, with step one giving users a chance to change their password (which started at 8PM ET tonight). Step two kicks in on October 17th or 18th and will let users download an archive of their stored messages and personal account data. The password change is in response to information that the company's SSL certificates have been compromised by the investigation. User's accounts should be secure under a new key after their passwords are reset, not to mention the bonus of having access to their data again. If you had an account, it's accessible at Liberty.Lavabit.com, those interested in founder Ladar Levison's legal battle can provide support at Rally.org.
Richard Lawler10.14.2013
FISA court renews NSA permission to collect call metadata
News that the NSA collects bulk phone call metadata (phone numbers, call times and duration) from Verizon and other backbone providers initially leaked out in June. Since then PRISM, Edward Snowden and any number of other national security related topics have been in the spotlight, and the new focus has spurred at least one change in the process. On Friday, the Office of the Director of National Intelligence publicly announced the request -- following other declassified documents about the program -- and that it has been renewed (again) by the Foreign Intelligence Surveillance Court. As The Hill mentions, the NSA claims its analysts are only able to search through the collected data if there is "reasonable, articulable suspicion" a phone number is connected to terrorist activity. With analysts still able to paw through tons of our data this doesn't quite feel like the transparency promised, but even this small admission that it's happening highlights how things have changed.
Richard Lawler10.12.2013
Yahoo issues first transparency report, replete with governmental data requests
Following in the footsteps of Facebook -- which revealed its first Global Government Requests Report just a few weeks ago -- Yahoo is finishing out the week by publishing data of its own. The firm's first "global law enforcement transparency report" covers governmental requests for user data from January 1st through June 30th of this year, and the outfit plans to put out subsequent reports every six months. Of note, Yahoo claims that it's including "national security requests within the scope of [its] aggregate statistics," and for the paranoid in attendance, you may be relieved to know that said requests comprise "less than one one-hundredth of one percent (<.01%)" of Yahoo's global userbase. Feel free to dig in at the links below, but sadly, you won't find anything other than high-level macro figures. (As an aside, that logo.)
Darren Murph09.06.2013
Report: NSA used taxpayer dollars to cover PRISM compliance costs for tech companies
The mounting national debt? Yeah, you're probably better off just ignoring why exactly it's mounting. The Guardian is continuing the blow the lid off of the whole NSA / PRISM saga, today revealing new documents that detail how the NSA paid out "millions" of dollars to cover PRISM compliance costs for a multitude of monolithic tech outfits. As the story goes, the National Security Agency (hence, tax dollars from American taxpayers) coughed up millions "to cover the costs of major internet companies involved in the PRISM surveillance program after a court ruled that some of the agency's activities were unconstitutional." The likes of Yahoo, Google, Microsoft and Facebook are expressly named, and while Google is still angling for permission to reveal more about its side of the story, other firms have conflicting tales. For whatever it's worth, a Yahoo spokesperson seemed a-okay with the whole ordeal, casually noting that this type of behavior is perfectly legal: "Federal law requires the US government to reimburse providers for costs incurred to respond to compulsory legal process imposed by the government. We have requested reimbursement consistent with this law." Meanwhile, Facebook stated that it had "never received any compensation in connection with responding to a government data request." Microsoft, as you might imagine, declined to comment, though we heard that Steve Ballmer could be seen in the distance throwing up a peace sign. At any rate, it's fairly safe to assume that your worst nightmares are indeed a reality, and you may have a far more enjoyable weekend if you just accept the fact that The Man knows everything. Better, right?
Darren Murph08.23.2013Lavabit founder chafes under NSA scrutiny, speaks out against govermental privacy violations
Lavabit shut down its email services a couple weeks ago in response to governmental pressure regarding NSA whistleblower Edward Snowden's account. At the time, founder Ladar Levison stated he was shutting down Lavabit because he didn't want to "become complicit in crimes against the American people," but didn't expound upon what that statement meant due to a governmental gag order. The Guardian spoke with Levison recently, however, and while he still didn't deliver details about his legal dealings with Uncle Sam, he did share some thoughts about governmental surveillance in general. As you might expect, Levison is against ubiquitous governmental surveillance of communications between citizens. To that end, he's calling for a change to be made in US law so that private and secure communications services can operate without being used as "listening posts for an American surveillance network." He's not wholly against the feds tapping phone lines, though, as he recognizes the role such surveillance plays in law enforcement. However, he thinks the methods that are being used to conduct that surveillance should be made public -- not an unreasonable request, by any means. You can read Levison's full take on the matter, along with a recounting of reasons behind Lavabit's creation at the source below.
Michael Gorman08.22.2013NSA collected up to 56,000 emails not connected to terrorism a year, blames error
We can't say as though we're particularly surprised to see such numbers, but, well, at least they're finally coming to light. According to The Washington Post, newly declassified court documents highlight how the NSA collected up to 56,000 e-mails per year, over a three year period. The docs detail why the collection of such "wholly domestic" information was ruled unconstitutional by a judge in the Foreign Intelligence Surveillance Court, though the NSA stated that the surveillance was unintentional, adding that it reported said information to the court. As part of the ruling, the intelligence agency was required to investigate limits to its data collection -- the NSA claims to have since addressed the problem. The newly available information was made public thanks to a recently field EFF lawsuit. Update: Want to crawl through some of that information? The White House has begun posting key docs to Tumblr, of all places.
Brian Heater08.21.2013WSJ reports NSA spying capabilities cover up to 75 percent of US internet traffic
The question of how much contact the NSA has with internet traffic throughout the US is being raised again, this time by the Wall Street Journal. Yesterday The Atlantic took issue with the security agency's mathematics and 1.6 percent claim, while the WSJ report looks more closely at its reach into telecommunications companies. The mishmash of codenamed programs are said to cover up to 75 percent of US internet traffic, although the amount actually stored and accessed is much smaller. The main difference between the calculations may be due to the difference between what ISPs -- handing over data under FISA orders -- carry, and what the NSA specifically requests. Its capabilities mean it can pull a lot more than just metadata, with access to the actual content of what's sent back and forth becoming even more troubling as privacy violations exposed by its own audits come to light. There's an FAQ-style breakdown of what's new and notable from the usual "current and former" officials to get those interested up to speed quickly -- keep your tinfoil hats and end-to-end encrypted communications systems close by.
Richard Lawler08.20.2013
Groklaw closing in light of NSA spying revelations
After the closures of Lavabit and Silent Circle's email service, we had wondered which online service would be next to wind down after Edward Snowden's PRISM revelations. Turns out that we're losing Groklaw, the technology and law blog, which is stopping operations from today. In an impassioned sign-off, founder Pamela Jones has said that she cannot keep running the site knowing the extent to which her private communications are subject to public scrutiny. She has also advised others to spend less time on the internet and use Kolab, a Swiss email service, which is apparently safe from the NSA -- at least for now.
Daniel Cooper08.20.2013
Leaked NSA audit shows privacy violations in cellular and fiber optic surveillance
The NSA insists that it respects American privacy, but documents leaked by Edward Snowden to the Washington Post suggest that the agency has trouble maintaining that respect. A May 2012 audit, buried in the documents, 2,776 incidents where the NSA's Washington-area facilities inadvertently obtained protected American data through a mix of human errors and technical limits. Among its larger gaffes, the NSA regularly had problems determining when foreign cellphones were roaming in the US, leading to unintentional snooping on domestic calls. The agency also spent months tapping and temporarily storing a mix of international and domestic data from US fiber lines until the Foreign Intelligence Surveilliance Court ruled that the technique was unconstitutional. NSA officials responding to the leak say that their agency corrects and mitigates incidents where possible, and argue that it's difficult for the organization to avoid errors altogether. However, the audit also reveals that the NSA doesn't always report violations to overseers -- the division may be interested in fixing mistakes, but it's not eager to mention them.
Jon Fingas08.16.2013
NSA releases outline of security programs, says it 'only' touches 1.6 percent of internet traffic
Even as President Obama proposes a review of NSA procedures and oversight, the organization published a seven page document laying out in broad terms what it does, how it does it and why it thinks that's OK. As Ars Technica points out, the memo claims "We do not need to sacrifice civil liberties for the sake of national security; both are integral to who we are as Americans. NSA can and will continue to conduct its operations in a manner that respects both." While many would argue those points in light of the many programs recently uncovered, the NSA has a response there also: According to figures published by a major tech provider, the Internet carries 1,826 Petabytes of information per day. In its foreign intelligence mission, NSA touches about 1.6% of that. However, of the 1.6% of the data, only 0.025% is actually selected for review. The net effect is that NSA analysts look at 0.00004% of the world's traffic in conducting their mission – that's less than one part in a million. Put another way, if a standard basketball court represented the global communications environment, NSA's total collection would be represented by an area smaller than a dime on that basketball court. Other sections go on to detail how it believes American citizen's information could be picked up, and what it does to identify and minimize that data. Particularly illuminating is the six point process (listed after the break) by which it applies Executive Order 12333, considered "the foundational authority by which NSA collects, retains, analyzes, and disseminates foreign signals intelligence information" alongside the Foreign Intelligence Service Act of 1978 (FISA). It's highly doubtful that any of these points will change your level of comfort with the policies and programs revealed or feelings about their need to change, but reading the document linked below may give some insight about how and why they were created.
Richard Lawler08.09.2013
President Obama proposes review, new oversight measures in wake of NSA scandal
Revelations of government surveillance programs, including the headline-grabbing PRISM, have been nothing short of a PR nightmare for the White House. President Obama, who ran in part on a platform that included opposition to certain elements of the Patriot Act and President Bush's illegal wiretapping program, has faced tough questions about his role in the NSA data collection system. Today, he addressed reporters in the White House press room and, as part of his regular briefing, began to layout a path to increased transparency that he hopes will re-earn the trust of the citizens. After consulting with members of congress and civil liberties organizations, President Obama has come up with four initial steps to improve transparency and confidence, while working to maintain essential security apparatus. First up, is a direct dialog with congress about reforming section 215 of the Patriot Act, which is the part of the legislation regarding the collection of telephone records. Obama also took the opportunity to reiterate that the government does not have the ability to eavesdrop on phone calls without a warrant. The second step also involved congress and working to improve confidence in the Foreign Intelligence Surveillance Court (FISC). Most notably, he said the government would pursue reforms that would ensure judges would hear opposing views from independent civil liberties proponents, in addition to government representatives.
Terrence O'Brien08.09.2013
Lavabit, reportedly Edward Snowden's email service of choice, shuts down
It looks like Edward Snowden is going to have to find a new email service as the one he supposedly used -- Lavabit -- has abruptly closed its doors. The company's owner, Ladar Levison, posted an open letter on the site today, saying, "I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit." Levison also claimed to be unable to speak to the specifics surrounding the situation, stating that a Congressionally approved gag order prevented him from doing so. While Lavabit's situation seems pretty dire, it might not be curtains just yet. In his message, Levison stated that he would take his fight to reinstate Lavabit to the Fourth Circuit Court of Appeals. To read the missive in full, head on over to the source link below.
Melissa Grey08.08.2013
Snowden leaves neutral confines of Moscow airport, enters Russia
Edward Snowden has finally escaped his month-long Moscow airport purgatory and arrived in Russian territory, according to the Associated Press. The NSA whistleblower had already been granted temporary asylum by the Putin-led government after Bolivia and Venezuela also offered to take the fugitive, and was awaiting paperwork in order to leave Sheremetyevo Airport. The NSA's arch-enemy will be granted a year's stay, according to his Russian lawyer, and will be able to re-apply to remain after that. Now that his Russian residency has been established, most press outlets expect a strong reaction from the US government after it assured Moscow that Snowden wouldn't face the death penalty if deported. For its part, Russia said it has no intention of handing over the man who blew the lid off the pervasive PRISM monitoring program.
Steve Dent08.01.2013