Add Hyperlinks to TextExpander Snippets
You can include a clickable link in a TextExpander snippet. Here's how:
- Create a new snippet.
- From the Content menu (just above the snippet body), choose Content: Formatted Text, Picture.
- Put a full URL in the snippet body, such as http://www.smilesoftware.com/
- Control-click the link text and choose Make Link from the pop-up menu.
After you've made the link, you can replace the visible URL with other text. Just put your cursor in the active link text and make changes as you would with any other text.
Series: Keeping Up with the Snoops
In this sporadic series, Josh Centers rounds up news surrounding NSA mass surveillance programs revealed by former NSA contractor Edward Snowden.
Article 1 of 8 in series
by Josh Centers
New revelations about the NSA continue to appear. Josh Centers summarizes all of the latest developments to keep you up to speed on just how far things have gone.Show full article
Even months after Edward Snowden’s initial revelations about the U.S. National Security Agency’s data collection programs, it seems like we learn something new every day. The details can be overwhelming, but it’s an issue about which we feel everyone should be well informed. With that in mind, here’s a collection of the latest developments.
First, if you need to catch up on the story so far, the New Yorker’s Ryan Lizza has done a heroic job of telling the story of the NSA’s data collection programs since the 9/11 attacks. It’s a long, long article, so I recommend saving it to a read-later service like Instapaper or Pocket, or even printing the whole thing out. Lizza tells the story of how former Vice President Dick Cheney helped create the current situation, how President Obama helped codify it, even after campaigning against President Bush’s warrantless wiretapping programs, and how intelligence officials lied to Congress and the secret FISA courts to protect the programs. Everyone should read and share this article.
What Lizza’s article doesn’t mention is the just-revealed intelligence operations occurring in online game services like World of Warcraft, Second Life, and Xbox Live. Agents with the NSA and its British counterpart, the GCHQ, have used online games since at least 2007 to monitor communications, friend networks, behaviors, biometric data, and to recruit potential informants. Blizzard Entertainment, maker of World of Warcraft, said that if any surveillance was taking place, it was without its knowledge or consent. Microsoft, maker of Xbox Live, and Linden Labs, producer of Second Life, refused to comment.
It’s disturbing enough that the NSA is monitoring games played (at least in part) by children, but the agency is also seeking to recruit, or “convert” them, as the NSA is fond of saying. NSA college internship programs target journalism students with a 3.0 or above GPA, which is a tempting prospect in an increasingly difficult field. It’s not just college — the NSA’s High School Work Study Program seeks kids as young as 15 years old for entry-level positions. It sounds like a pretty good first job, with 20–32 hours of work per week, paid federal holidays, and sick leave. And, over the last three years, 100 percent of high school participants who wished to “convert” were hired.
Even more disturbing is the recent revelation from a former FBI assistant director that the FBI is able to activate your webcam without your knowledge in order to spy on you. Covering your webcam with a piece of tape, once largely limited to paranoid tinfoil hatters, now seems like a sensible precaution. Christopher Poole, the founder of the infamous 4chan image board, has teamed up with General Electric to create a 3D-printed bit of plastic to block webcams. Politics makes strange bedfellows.
Meanwhile, the outcry over pervasive NSA surveillance is growing. A group of well-known authors, including several Nobel laureates, has signed a statement protesting mass surveillance and calling for an international bill of digital rights. If you wish, you can join them in signing the pledge at Change.org. And it’s not just writers. Former President Bill Clinton has condemned the collection of economic data under the guise of security.
But perhaps most importantly, Apple, Google, Facebook, Microsoft, Twitter, Yahoo, LinkedIn, and AOL have signed a joint statement asking for the following surveillance reforms:
Limits on governmental authority to collect user information
Increased oversight and accountability
The ability to publish government demands promptly
The free flow of information between borders and for countries to not require service providers to operate locally
A treaty to unify these processes between governments
The potential economic consequences are dire for the tech industry (particularly with regard to item 4 above), as our own Geoff Duncan pointed out in “Are We Ready for the Post-Snowden Internet?” (6 December 2013). The tech sector in the United States has been built in large part on a worldwide trust in the American Internet, and now with that trust vanishing, the future of our healthy tech sector is in jeopardy.
But even with potentially devastating consequences for the U.S. economy, Senator Ron Wyden, an outspoken critic of NSA surveillance who was featured in Lizza’s article, doesn’t have much hope for true reform, since Congress is largely in favor of surveillance. And Wyden’s friend-turned-rival, Senator Diane Feinstein, is pushing for “reform” that in fact would legitimize NSA data collection with only a minimum of additional oversight.
That’s it for this week’s depressing headlines — apart from the sensible precautions suggested in Joe Kissell’s “Take Control of Your Online Privacy,” the best thing you can do if you’re concerned about the NSA’s spying on U.S. citizens (and you’re a U.S. voter) is express that concern to your elected representatives in Congress. You can also support the nonprofit Electronic Frontier Foundation, which is actively fighting the NSA in court. Change won’t be easy or come quickly, but it’s clear that transparency and accountability must be codified in law if they are to happen.
Article 2 of 8 in series
by Josh Centers
The repercussions of Edward Snowden’s NSA revelations continue to build every day. Josh Centers sums up the developments since his last roundup.Show full article
The revelations from former NSA contractor Edward Snowden keep snowballing so quickly that my last roundup (“Keeping up with the Snoops,” 10 December 2013) seemed obsolete within hours after it was published. But as the NSA drama hits the courts, keeping up with the latest is more important than ever.
Following my last roundup, 60 Minutes aired a piece on the NSA. In reality, it was little more than a puff piece by a reporter who wasn’t a 60 Minutes regular, but instead a former Associate Deputy Director of National Intelligence who has since been hired as a Deputy Commissioner of the New York City Police Department. The reporter, John Miller, even said in the story that “General Alexander [head of the NSA] agreed to talk to us because he believes the NSA has not told its story well.”
Over the course of the show, Miller failed to challenge the NSA’s story — that it was the victim of the villainous Edward Snowden, who permanently damaged the NSA’s ability to protect freedom-loving Americans from terrorism. Needless to say, the 60 Minutes piece was eviscerated in the press, including The New York Times and The Verge.
It turns out that the NSA needed all the public relations help it could get. The next day, U.S. District Court Judge Richard Leon found that the NSA’s warrantless data collection programs are likely unconstitutional. Leon, an appointee of former president George W. Bush — whose administration is credited with the current state of NSA affairs — went so far as to call the programs “almost Orwellian,” adding that James Madison, architect of the U.S. Constitution, would be “aghast.”
The next day, President Obama invited tech leaders, including Apple’s Tim Cook, Google’s Eric Schmidt, and Yahoo’s Marissa Mayer to the White House to discuss the Healthcare.gov Web site, but what the president got instead was an earful. “That is not going to happen,” one executive reportedly said in response to a call to focus the meeting on healthcare, “We are here to talk about the NSA.” At one point, Zynga founder Marc Pincus reportedly called for a pardon of Edward Snowden, something President Obama claims he can’t do. (Since pardons are a constitutionally enumerated presidential power, is it can’t or won’t?)
The week grew even rougher for the Obama administration and the NSA when a presidential panel dedicated to investigating the NSA revelations, stacked with former intelligence officials, recommended sweeping restrictions to the programs. A New York Times op-ed suggests that President Obama seems to be dragging his feet on implementing his own panel’s recommendations.
Things were starting to look up for privacy advocates, and Edward Snowden temporarily came out of hiding in Russia to deliver a video Christmas message, saying, “A child born today will grow up with no conception of privacy at all. They’ll never know what it means to have a private moment.”
But perhaps the celebrations were too soon. Two days after Christmas, federal Judge William Pauley ruled NSA mass data collection of phone records to be constitutional.
Even with that setback, pressure continues to mount on the government, with the New York Times Op-Ed page now calling for amnesty for Snowden. “Considering the enormous value of the information he has revealed, and the abuses he has exposed, Mr. Snowden deserves better than a life of permanent exile, fear and flight,” the editorial board said.
Meanwhile, as the battle over Snowden and his revelations continues to ramp up, there’s no closing the lid on his Pandora’s box. Security researcher Jacob Applebaum worked with German magazine Der Spiegel to expose the NSA’s Tailored Access Operations (TAO) unit, which is composed of young hackers. Of TAO’s many capabilities, it has tapped into the error-reporting feature of Microsoft Windows to gain remote access to PCs.
Applebaum also revealed another NSA program of particular interest to iPhone users: DROPOUTJEEP, a form of malware that reportedly has a 100 percent success rate against the iPhone. Fortunately, it appears that DROPOUTJEEP requires physical access to the iPhone, and Apple has denied working with the NSA to enable backdoors in its software.
As the revelations continue to snowball, things took a turn toward science fiction, with the NSA apparently racing European powers to develop a quantum computer that could theoretically break all existing encryption.
As the NSA drama unfolds in the courts and in Congress, the only thing we as citizens can do is to get the word out and keep the conversation going. Which is what Vermont Senator Bernie Sanders has done — by bluntly asking the NSA if it’s spying on Congress. The response was interesting, with the NSA refusing to deny spying on Congress, saying, “Members of Congress have the same privacy protections as all U.S. persons.” The NSA spying on Congress wouldn’t be a surprise, as previous security whistleblower Russ Tice has claimed that the NSA was spying on then-senatorial candidate Barack Obama all the way back in 2004.
The response to Sanders’s letter could have a huge effect on the bipartisan USA Freedom Act, which could curtail NSA mass data collection. Sad as it is, Congress might be the best avenue to address NSA abuses, as the FISA court, overseen by Supreme Court Chief Justice John Roberts, has since reauthorized the NSA’s phone metadata collection programs, despite their questionable constitutionality. On the other side of the equation, security expert Richard Clarke, who has served in multiple administrations and who was a member of the presidential panel recommending sweeping restrictions, told Brooke Gladstone of “On the Media” that the FISA court was doing a good job.
Until our next update then, stay private out there.
Article 3 of 8 in series
by Josh Centers
As the Obama administration attempts to quell concerns over mass data collection, the U.S. intelligence community is drawing more fire from governments, including its own.Show full article
Several weeks ago, President Obama announced a number of modest reforms for the NSA (see “Grading Obama’s Proposed NSA Reforms,” 17 January 2014), in response to Edward Snowden’s revelations about mass surveillance practices, but did they go far enough? Perhaps not, as the furor over NSA activities continues to grow.
On 22 January 2014, the Privacy and Civil Liberties Oversight Board (PCLOB), a part of the executive branch established by Congress in 2004, released a damning report on the NSA’s program to collect metadata on Americans’ phone calls, saying in no uncertain terms that it is illegal and must stop.
The report said, “We have not identified a single instance involving a threat to the United States in which the telephone records program made a concrete difference in the outcome of a counterterrorism investigation. Moreover, we are aware of no instance in which the program directly contributed to the discovery of a previously unknown terrorist plot or the disruption of a terrorist attack.”
The NSA isn’t catching fire just from within the U.S. government, but also from the European Union as well. An EU parliamentary inquiry has declared that mass surveillance programs in both the U.S. and Britain appear to be illegal, and like the PCLOB, are calling for their immediate termination.
Nor are the latest Snowden documents helping the NSA’s argument that it collects data only to protect us. Recently released documents show that the NSA and GHCQ targeted “leaky” iPhone apps like Angry Birds to gather personal data such as age, gender, and location, and, in the case of some apps, even such details as sexual orientation. Other documents have revealed that the NSA spied on the 2009 Copenhagen climate summit in order to gain an advantage in negotiations — adding weight to claims that NSA spying serves an economic function.
While pressure mounts, the Obama administration is trying to open the release valve ever so slightly before the situation explodes. For example, the administration has cut a deal with large tech firms like Apple, Google, and Facebook to allow them to release more information about national security requests. The deal effectively settles a lawsuit the companies had filed against the government, and Apple updated its public letter on national security and law enforcement orders almost immediately with the new information.
While the agreement may be a step in the right direction for privacy advocates, it comes with several caveats. The companies are still not allowed to publish specific numbers, only vague ranges, and they still cannot deny any requests they find egregious. Worse, the agreement applies only to established communication services, not to those that have existed for less than two years. So while Apple may be able to disclose national security requests, Snapchat could not. Likewise, if Microsoft were to release a new chat platform tomorrow, it would be two years before it could disclose information.
Not only that, but the agreement applies only to “customer selectors.” It does not reflect anything regarding mass data collection, like PRISM. In some ways, the agreement is like a burglar throwing a steak to a guard dog. The dog is happy, but the burglar still gets to poke around your house.
Despite the administration placating the tech giants, the intelligence community is still in hot water with Congress. In a Senate hearing on 29 January 2014, Director of National Intelligence James Clapper was grilled by Senator Ron Wyden, who was promised answers within 30 days on whether American intelligence agencies have ever searched for information on American citizens. Likewise, CIA director John Brennan has a week to answer whether the Computer Fraud and Abuse Act applies to his agency, and FBI director James Comey must explain the burden of proof FBI agents must establish before tracking cellphone locations. However, in that same hearing, Clapper seemed to imply that any journalist who reports on Snowden’s revelations is an accomplice to a crime. Finally, for the first time, the NSA has a privacy officer to advise on civil liberty issues.
As for Edward Snowden, the whistleblower behind it all, he has been nominated for a Nobel Peace Prize. If he wins, will fellow Nobel winner Barack Obama congratulate him? Snowden gave an extensive interview to Germany’s Norddeutscher Rundfunk, with a number of interesting claims. However, it’s important to remember that individual revelations come not from Snowden himself, but from the documents that he provided to journalists, giving them and their publishers the responsibility to choose what to publish and verify the information before doing so.
Article 4 of 8 in series
by Josh Centers
It’s time once again to catch up on the flood of news coming from the intelligence community. Josh Centers takes you on a journey involving UFOs, an advice columnist for spies, an epic battle between the CIA and the Senate, and a preview of his upcoming Macworld/iWorld panel.Show full article
Things are getting weird in Spyville as we once again keep up with the snoops. How weird? In a word: UFOs. No, I’m not kidding.
As reported by The Intercept, the new media partnership between reporter Glenn Greenwald and billionaire eBay founder Pierre Omidyar, the GCHQ (the British counterpart to the NSA) has been actively falsifying information to discredit targets who haven’t even been charged with a crime. The techniques, called Online Covert Action (OCA), involve writing fake blog posts claiming to be victims of the target, emailing and texting those close to the target, changing the target’s photos on social media sites, and ruining business relationships. OCA is based around the four D’s: Deny, Disrupt, Degrade, Deceive. While it’s not known if the NSA engages in these tactics, these GCHQ slides were presented to the NSA.
The presentation, called “The Art of Deception,” features something even stranger: several pictures of UFOs, with no explanatory text. Nigel Watson, author of the Haynes UFO Investigations Manual, told Yahoo News that the images are likely not proof of alien visitations, but rather evidence that spy agencies use fear of UFOs to scare the public. (Of course, it’s more likely these slides were just illustrating something the speaker was saying, perhaps about how people grasp for meaning when faced with inexplicable facts. After all, another slide is a photo of a Whole Foods sale poster; no one is suggesting that Whole Foods is a GHCQ front.)
But things get even stranger. Did you know that the NSA has its own advice columnist? The column, called “Ask Zelda!” has been distributed on the agency’s intranet since 2010. In a twist of bizarre irony, one of the letters to Zelda is from an NSA employee concerned about his boss spying on him and his coworkers. Zelda advises “Silenced in SID” that such snooping is inappropriate, and that he should confront his boss about it.
Those in charge of U.S. intelligence agencies apparently don’t read Zelda’s column, as the Associated Press reports that they are planning a system to implement continuous monitoring of employees with security clearances. The computerized system would scan “private credit agencies, law enforcement databases and threat lists, military and other government records, licenses, data services, and public record repositories” for “unusual behavior patterns.”
On the legal front, the New York Times explains how the secret rulings of the FISA court paved the way for mass surveillance. The key is the so-called “Raw Take” order from 2002, which loosened restrictions on sharing “unfiltered personal information” with interior agencies and foreign governments.
Meanwhile, The Intercept broke another major story about how the NSA is planning to infect millions of computers with malware, codenamed TURBINE, to enable “industrial-scale exploitation.” Apart from the obvious concerns here (Industrial-scale malware? Really? Like that could never get out of control.), Mikko Hypponen of Finnish security firm F-Secure warns that TURBINE could inadvertently undermine the security of the Internet by potentially creating new vulnerabilities on affected systems, thus making them more susceptible to attack by third parties.
But of all the intelligence-related developments, the brewing battle between the Senate Intelligence Committee and the Central Intelligence Agency might be both the strangest and the most consequential.
The tussle revolves around the 6,300-page, $40-million report by the Senate Intelligence Committee on the CIA’s use of torture during the Bush administration. The CIA classified the document, which reportedly lambastes the CIA’s use of torture for being ineffective, barring it from public release. Part of the reason the report cost so much was that Senate investigators had to travel to a special CIA facility to view the relevant documents on CIA-approved computers.
At some point, Senate investigators obtained a copy of the CIA’s internal review on the use of torture, which the CIA claims it did not intend for the Intelligence Committee’s eyes. In return, the CIA searched the computers provided to the Senate, along with a separate network drive containing Senate staffers’ work and internal messages. As a result, the Senate Intelligence Committee and the CIA have accused each other of wrongdoing; both cases now have been referred to the Justice Department.
Senator Dianne Feinstein, who has in the past been a staunch defender of the intelligence community, is hopping mad about the CIA’s actions. On 11 March 2014, Feinstein delivered a long, scathing speech, accusing the CIA of tampering with the Senate’s work.
The key question in the dispute revolves around who owns the computers. The CIA says it owns the computers. However, Feinstein claims that the computers are the property of the Senate, and Senator Ron Wyden has backed up her claim, even stating that the CIA has admitted as such in a recent (unspecified) court filing. The Guardian reports that a 2009 agreement between the Senate Intelligence Committee and the CIA stated that the committee staffers’ records and the provided computers would remain their own.
The broader question is why there were documents related to torture that the Senate panel wasn’t supposed to see in the first place. But more troubling is the even broader implication for U.S. government in general.
“This is kind of death of the Republic kind of stuff,” said MSNBC’s Rachel Maddow, who has often served as a cheerleader of the Obama administration. And that’s not just the media talking. “I have grave concerns that the CIA search may well have violated the separation of powers principle in the U.S. Constitution,” Senator Feinstein said in her speech.
Even more chilling is that intelligence leaders are pushing for legislation that could criminally punish journalists for publishing government leaks. “I am an optimist. I think if we make the right steps on the media leaks legislation, then cyber legislation will be a lot easier,” said outgoing NSA chief General Keith Alexander. President Obama has nominated Vice Admiral Michael Rogers to replace Alexander, but Rogers has his work cut out for him.
On the other side of the fence, Edward Snowden submitted 12 pages of testimony to the European Parliament’s Civil Liberties, Justice and Home Affairs committee. There isn’t much new there, but it’s a fascinating read, and Snowden counters critics by stating that he attempted to address issues about mass surveillance to “more than ten distinct officials,” but his superiors ignored him. Both Snowden and Julian Assange of WikiLeaks held remote panels at this year’s SXSW Interactive conference. Again, nothing new, but they make for interesting viewing.
Speaking of conference panels, yours truly has been invited to moderate one at this year’s Macworld/iWorld, titled “The NSA and You.” We have a fantastic guest lineup: Parker Higgins of the Electronic Frontier Foundation, our own Joe Kissell (author of “Take Control of Your Online Privacy”) and Rich Mogull (whose day job is as a security consultant for Securosis), Kim Zetter of Wired, and Quinn Norton — who has in the past been embedded with Occupy Wall Street and Anonymous, and who was recently invited to speak with the Office of the Director of National Intelligence. It’s sure to be a lively discussion, so swing by if you’ll be in town. And if you have questions for the panel, send them my way! In the meantime, you can watch my MacVoices interview with Chuck Joiner about the panel.
Article 5 of 8 in series
by Josh Centers
It has been over a year since the first documents were released by former NSA contractor Edward Snowden revealing the agency’s secret mass surveillance programs. Join Josh Centers as he takes you on a tour of what has happened since our last look at the ongoing situation.Show full article
We haven’t checked back in on developments in the NSA mass surveillance story in several months, and while fewer new revelations have come to light, plenty has been happening (for our last edition, see “Keeping Up with the Snoops 4: When the Going Gets Weird…,” 13 March 2014).
This month marks the one-year anniversary of the first published leaks about NSA mass surveillance, and a number of organizations, including the Electronic Frontier Foundation, Google, Twitter, Dropbox, Amnesty International, and the ACLU banded together for Reset the Net, a campaign to promote privacy tools to thwart mass surveillance. Reset the Net offers “privacy packs” — listings of privacy apps — for many platforms, including Mac OS X and iOS. The tools include ChatSecure, Cryptocat, and Adium for encrypted chats, and Tor for encrypted Web browsing. However, be wary that using Tor might cause you to be blacklisted from some media streaming sites (see “Why I Was Banned from WATCH ABC and Hulu,” 13 March 2014).
If, even after reading all of these “Keeping Up with the Snoops” columns, you’re having trouble wrapping your head around the entire situation, I recommend journalist Glenn Greenwald’s “No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State.” The book starts as a spy thriller, documenting his account of meeting Snowden in Hong Kong and how they navigated publishing the initial documents in The Guardian. Then, Greenwald summarizes the NSA’s covert surveillance programs, explains why he thinks they’re harmful (and makes a strong case that the government is indeed using them for economic gain), and in the final chapter, lambasts the mainstream media for not doing a better job of being a check on government power.
Around the same time that Greenwald’s book was published, Edward Snowden sat down with NBC’s Brian Williams for an interview about his motives and beliefs. NBC has posted the 40-minute interview on its Web site, in six parts.
Unsurprisingly, the interview sparked another clash between Snowden and the NSA. In it, Snowden claimed that he brought up his concerns about mass surveillance with NSA leadership several times before leaking classified documents. In response, the NSA released an email message from Snowden, dated 8 April 2013, asking if executive orders have the same legal footing as legislation, which the NSA claims proves that he was not raising concerns. Snowden responded that the NSA isn’t releasing everything, and that many of his complaints were made in person. We may never know the whole story of Snowden’s actions inside the NSA.
Meanwhile, Snowden has found a new life in exile as a robot, traveling the world for public appearances, thanks to telepresence robots like the $16,000 Beam Pro. In some ways, the future is even stranger than we imagined.
If you just want to catch up on the NSA revelations, the EFF has posted “65 Things We Know About NSA Surveillance That We Didn’t Know a Year Ago,” which neatly lists the revelations, with links to the original sources. WNYC has a similar list outlining what we now know the NSA can do, accompanied by a pair of interviews with Foreign Policy’s Shane Harris.
Although irrelevant in the debate over government mass surveillance, Snowden’s character is often debated between those opposed to and those in favor of the NSA’s programs. On that front, the new director of the NSA said, rather surprisingly, that Snowden is “probably not” a foreign spy. Another surprise defender of Snowden is former U.S. Vice President Al Gore, who said at the Southland conference:
He clearly violated the law (so) you can’t say OK what he did is all right. It is not.
But what he revealed in the course of violating important laws included violations of the Constitution that were way more serious than the crimes he committed. In the course of violating important laws he also provided an important service because we did need to know how far this has gone.
This is a threat to the heart of democracy. Democracy is among other things a state of mind. If any of us are put in a position where we have to self-censor, and think twice about what we write in an email, or what we click on for fear that somebody reading a record of this may misunderstand why we looked up some disease or something, some young people who might otherwise get help with a medical condition, might think oh my gosh if I put down a search for bipolar illness I will be stigmatized if my online file is hacked or accessed by my employer. That kills democracy.
The Eleventh Circuit Court of Appeals agreed, at least in part, when it declared in United States vs. Davis that it is unconstitutional for law enforcement agencies to track a person’s location without a warrant — a ruling that could influence future cases involving warrantless metadata collection. And in case you’re curious as to what can be learned from you via metadata, NPR reporter Steve Henn volunteered to be tracked with an Internet router called the Pwn Plug for a little over a week. From the information leaked from his iPhone, his monitors could deduce his identity and even the sources he was talking to for a story. (Thanks to reader John Burt for pointing out NPR’s experiment to us.)
But do most people even care? Motherboard’s Jason Koebler points to resistance from the White House and watered-down legislation from Congress, and argues that the American people are apathetic about mass surveillance. “Now, a year out, Snowden is a cheerleader, not a whistleblower. He’s a well-spoken, persistent one, but it very well may turn out that Americans, as a whole, feel like they have better things to worry about than their privacy. So far, a year later, the USS Status Quo — with the majority of America and its elected officials aboard — is barreling forward, full steam ahead,” Koebler argues.
Regardless of what most people think, the tech industry is far from apathetic. Apple CEO Tim Cook, Facebook CEO Mark Zuckerberg, and other tech CEOs have written an open letter to the U.S. Senate, asking for a stronger version of the USA Freedom Act, which seeks to “rein in the dragnet collection of data by the National Security Agency (NSA) and other government agencies, increase transparency of the Foreign Intelligence Surveillance Court (FISC), provide businesses the ability to release information regarding FISA requests, and create an independent constitutional advocate to argue cases before the FISC.” One version has passed the House of Representatives, but it contains loopholes that would still allow the mass collection of phone records.
Of course, these mass surveillance revelations stand to hurt the tech world more than any other field. That the NSA intercepted Cisco routers to install monitoring devices harms international trust in American technology, and philosophical objections aside, that affects the bottom line.
Speaking of technology, it appears that the NSA has problems of its own with storing and tracking collected information. In the long-running court case, Jewel vs. NSA, the NSA has been ignoring court orders to retain evidence. After Judge Jeffrey S. White issued an emergency restraining order to stop the NSA from destroying files, the NSA countered that retaining the evidence posed “complex technical and operational issues.” The judge later revoked the restraining order, pending further information.
The pace of surveillance-related news may have slowed down, but it’s clear that the ripples from Snowden’s actions won’t be fading away any time soon. And that’s a good thing, since it helps keep the conversations going. There may be no easy answers, but with discussion, we stand a better chance of arriving at the hard answers.
Article 6 of 8 in series
by Josh Centers
In the latest round of Snoops updates, Josh Centers brings you an update on the CIA/Senate kerfuffle we reported back in March, what Edward Snowden is up to, and why Tor isn’t as secure as you might have thought.Show full article
We reported back in “Keeping Up with the Snoops 4: When the Going Gets Weird…,” (13 March 2014) that the United States Senate had accused the CIA of spying on Senate staffers, something that CIA Director John Brennan denied at the time, saying it was “beyond the scope of reason.”
The scope of reason is apparently a bit broader than imagined, because Brennan has recently admitted to, and apologized for, the CIA illegally searching Senate computers.
So what happens now? Probably nothing of any serious consequence. The Justice Department has said it will not bring charges, and despite senators’ calls for the CIA director’s resignation, President Obama has stated that he has “full confidence” in Brennan, who has created an accountability board to investigate the situation. Oh, and “We tortured some folks,” Obama added.
Torture, or rather the CIA’s use of it in the aftermath of the 9/11 attacks, is the root of the scuffle. The Senate Intelligence Committee spent years, and millions of tax dollars, on a report investigating the CIA’s use of torture, which remains classified. The Obama administration, which bears responsibility for declassifying the report, has been accused of dragging its feet, presumably to save face.
Just as it was looking like the report was finally to be released to the public, Senate Intelligence Committee chair Dianne Feinstein sent it back due to excessive redactions that “eliminate or obscure key facts that support the report’s findings and conclusions”.
While the report remains, and may forever remain, classified, the Los Angeles Times said, “Those who have read the report say it concludes that the agency used brutal and sometimes unauthorized interrogation techniques, misled policymakers and the public, and sought to undermine congressional oversight. It also reportedly rejects the idea that waterboarding and other ‘enhanced interrogation techniques’ (a euphemism for torture) produced information vital to preventing terrorist attacks.”
While the Senate and the CIA continue to bicker, the lot of whistleblower Edward Snowden, himself locked behind the Iron Curtain, has grown a shade brighter. After fears that his temporary asylum in Russia might expire, he was granted a three-year residence permit, with permission to travel abroad for up to three months at a time. Perhaps Snowden is feeling a bit freer to travel now, given his recent outing to the theater, his first public appearance in Russia.
But while Snowden’s eventual fate remains up in the air, one thing is certain: the United States security apparatus is no longer capable of operating in the shadows. The government has determined that there is a new leaker releasing inside information to the press.
The post-Snowden leak that prompted the government’s announcement was The Intercept’s story on the U.S. government’s terrorist watch list, which claimed that more than 40 percent of the 680,000 people on the list have “no recognized terrorist group affiliation.” (According to CNN, U.S. officials familiar with the situation say the claim is incorrect, and is based on a misreading of the documents.)
The more cautious among you may believe that using Tor will keep your Web browsing safe from prying eyes, but think again: a study has revealed that merely visiting the Tor Web site can cause you to be flagged for NSA surveillance. In retrospect, perhaps it shouldn’t be a surprise, given that Tor was developed in part by the U.S. military.
So be aware: there’s always someone watching you. But fear not, privacy lovers, since “Weird Al” Yankovic has a simple, inexpensive solution: aluminum foil (which has the side benefit of keeping your sandwich nice and fresh). OK, maybe a tinfoil hat isn’t a proper solution, but if you’ve been following along this far, you deserve a laugh — make sure to watch the video all the way through.
Article 7 of 8 in series
by Josh Centers
Josh Centers brings you up to date with all of the latest surveillance news, including a setback to NSA reform, fake cell towers in airplanes, and some unusual legal opinions.Show full article
It’s time to tie your tinfoil hat under your chin and close the door of your Faraday cage as we once again try to keep up with the snoops.
The biggest news this week is the defeat of the USA Freedom Act in the Senate. 58 senators voted for the measure, with 42 against. It needed 60 to pass. The vote went mostly along party lines, with Democrats in favor and Republicans opposed.
The bill would have curtailed many of the National Security Agency’s (NSA) mass surveillance powers. Although weaker than the original bill proposed by Senator Patrick Leahy (D-VT) and Representative Jim Sensenbrenner (R-WI) last year, it was stronger than the House of Representatives’ version, and the Electronic Frontier Foundation still endorsed the legislation.
The prime argument against the USA Freedom Act was, of course, terrorism and the threat of ISIS (or ISIL, IS, Mouse Rat, or whatever it’s called this week). “This is the worst possible time to be tying our hands behind our backs,” said Senator Mitch McConnell (R-KY), who will soon be Senate majority leader. Senator Leahy accused the GOP of fear mongering. “Fomenting fear stifles serious debate and constructive solutions,” he said. “This nation deserves more than that.”
The argument that the NSA requires broad domestic surveillance powers to track ISIS is questionable, since ISIS has rendered most of those methods ineffective. One of Edward Snowden’s arguments against mass electronic surveillance has been that U.S. intelligence has become over-reliant on it, causing it to miss things like the Boston Marathon bombings. And electronic mass surveillance looks to become even more ineffective now that many governments are considering going back to typewriters.
A surprising opponent of the USA Freedom Act was presidential hopeful Rand Paul (R-KY). Senator Paul, who inherited a libertarian streak from his father, former congressman and presidential candidate Ron Paul (R-TX), has been a vocal opponent of NSA mass surveillance. Paul’s reason for voting against the bill was that it renewed three provisions of the 2001 USA Patriot Act. However, most of the Patriot Act’s 100-plus provisions do not require renewal at all, and those three would likely be renewed at a later date anyway.
Speaking of the Senate, you may recall from earlier installments of Keeping Up with the Snoops that the Senate and the CIA have been battling over the public release of the CIA’s internal report on its use of torture (see “Keeping Up with the Snoops 6: A Game of Chairs,” 6 August 2014). That fight led to revelations of the CIA hacking into Senate computers, along with a number of delays in the release of the report.
Unfortunately, that report still hasn’t been released to the public, though Senate Intelligence Chairwoman Dianne Feinstein (D-CA) said negotiations to release the report are almost over. But that’s been said before. The report may soon get out anyway, as outgoing Senator Mark Udall (D-CO) is considering reading it into the public record on the Senate floor.
It hasn’t been a great year for CIA public relations. It was recently revealed that the CIA and FBI hired 1,000 Nazi war criminals, protecting them from prosecution as late as the 1990s.
While much of the focus on surveillance has centered on the NSA and CIA, it’s important to realize that this is an issue that affects all law enforcement. It was recently revealed that the U.S. Marshals Service (USMS) plants fake cell phone towers, called “dirtboxes,” in small aircraft to spy on criminals.
While the USMS does get court orders, these dirtboxes (more powerful versions of ground-based Stingray phone trackers) scoop up cellular data indiscriminately. The USMS says that it discards unwanted data, but the potential pitfalls worry some legal experts. From the above Ars Technica article:
Former US magistrate judge and current law professor at Indiana Tech Brian Owsley expressed a similar concern: “Regarding using planes as cell towers, that is problematic in my opinion. It strikes me as analogous to the use of Stingrays. Therefore, I think the government would need to obtain a search warrant based on probable cause consistent with the Fourth Amendment,” Owsley wrote to Ars in an e-mail.
It should also be noted that Google landed in hot water a few years ago, when its Street View vehicles were found to store more information than Google claimed that they were gathering.
The surveillance trickle-down effect doesn’t end at the federal level, either. Prosecutors in Baltimore recently withdrew evidence when asked how the police obtained it. From The Baltimore Sun:
City police Det. John L. Haley, a member of a specialized phone tracking unit, said officers did not use the controversial device known as a stingray. But when pressed on how phones are tracked, he cited what he called a “nondisclosure agreement” with the FBI.
“You don’t have a nondisclosure agreement with the court,” Baltimore Circuit Judge Barry G. Williams replied. Williams threatened to hold Haley in contempt if he did not respond. Prosecutors decided to withdraw the evidence instead.
But not all judges hold the same views as Judge Williams. More than 1,500 pages of court documents have been released from Yahoo’s once-secret fight with the U.S. government in the Foreign Intelligence Surveillance Court (FISC). Yahoo was one of the earliest opponents of the government’s secret PRISM surveillance program. The company eventually lost, and was threatened with a fine of $250,000 per day for noncompliance.
On 13 November 2014, the FISC also unsealed the oral argument transcript from that case. Some of the judges’ arguments are interesting, especially these excerpts from Morris S. “Buzz” Arnold, who left the court in 2013:
JUSTICE ARNOLD: Well, if this order is enforced and it’s secret, how can you be hurt? The people don’t know that — that they’re being monitored in some way. How can you be harmed by it? I mean what’s — what’s the — what’s your — what’s the damage to your consumer?
In other words, what you don’t know can’t hurt you. Justice Arnold also had a bewildering comment on the Fourth Amendment:
JUSTICE ARNOLD: The whole thrust of the development of Fourth Amendment law has sort of emphasized the watchdog function of the judiciary. If you just look at the Fourth Amendment, there’s nothing in it that really says that a warrant is usually required. It doesn’t say that at all, and the warrant clause is at the bottom end of the Fourth Amendment, and — but that’s the way — that’s the way it has been interpreted.
That sentence not only seems to contradict itself and the text of the Fourth Amendment (below), but over 200 years of case law.
AMENDMENT IV: The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
The negative effects of secret surveillance aren’t limited to government. Ride-sharing service Uber is in hot water over comments made by executive Emil Michael about digging up dirt on critical journalists — in particular Sarah Lacy of PandoDaily. Combine that with an investigation into revelations that Uber employees have used a special “God View” to track journalists and Uber’s good will in the tech community might be at an end.
But there may be no way to regain privacy. While Americans say they’re worried about privacy, they’re still giving up personal information to digital services willy-nilly. And that’s the source of the problem. If so many of us didn’t willingly share private information over the Internet, it wouldn’t be so attainable by governments and corporations (not to mention organized crime). Just as we accepted pollution and other societal ills as a result of the Industrial Revolution, perhaps the loss of privacy is the Faustian pact we’ve agreed to in the Internet era.
Finally, if you have an intense interest in this topic, you may wish to check out documentarian Laura Poitras’s new film, Citizenfour, which focuses on whistleblower Edward Snowden and the NSA surveillance controversy (Poitras was one of Snowden’s original contacts). I haven’t had a chance to see it yet (it’s not in wide release), but it has a solid 97 percent rating on Rotten Tomatoes. I wish I could rent it at Amazon or iTunes, but perhaps that’s missing the point.
And as for those who say Snowden should have taken proper channels instead of leaking information (he claims he did, though the NSA disputes that), it turns out that tactic had already been tried. An unnamed former top NSA official has come forward, saying that there was internal dissent about these programs that was quelled by then-NSA Director Keith Alexander and the Obama administration.
Article 8 of 8 in series
by Josh Centers
Just when he thought it was over, Josh Centers is pulled back into the spy game, giving you the latest on the Patriot Act’s renewal, hard drive malware, SIM card encryption key theft, and how to find out if you’re being watched.Show full article
To be honest, I thought “Keeping Up with the Snoops 7: Too Many Snoops” (21 November 2014), might have been the last in this series. The release of Snowden’s documents seemed to be finished, the USA Freedom Act has been defeated, and the battle between the CIA and Senate over hacking has been quietly swept aside.
But as we approach the two-year anniversary of the first Snowden revelations of government mass surveillance, it turns out that the topic still has legs. Here’s the latest in the saga.
Iron Patriot Act -- Like many “temporary” measures, the USA PATRIOT Act, signed into law quickly after the 11 September 2001 attacks, isn’t going away anytime soon.
On 25 February 2015, the Patriot Act was extended for yet another year, with all attempts at adding civil liberty protections defeated.
The Patriot Act has often been used to enable or justify NSA mass surveillance. However, its author, Representative Jim Sensenbrenner, has accused the NSA of abusing the law by attempting to collect records of all phone calls in the United States.
Have You Been Spied On? -- Since I began this series, I’ve heard a common complaint from critics: “No one is spying on YOU,” a statement that no one could prove or disprove with certainty.
Now, thanks to a UK court ruling, we may be able to find out. The Investigatory Powers Tribunal (IPT) found that secret intelligence sharing between America’s National Security Agency (NSA) and Britain’s Government Communications Headquarters (GCHQ) violated human rights laws. The ruling was especially interesting, given that in its 15-year history, the IPT has never before ruled against intelligence agencies.
So how does this ruling affect you if you live in the United States? Anyone whose data was shared illegally with or by the GCHQ can ask if his or her communications were included. While the IPT will not divulge details, it will give a simple “yes” or “no” determination (which is more like a maybe than a plain “no”).
To make this process easy, Privacy International, one of the plaintiffs in the suit, has set up a Web page where it’s collecting data to make the appropriate requests to the IPT, and also to request that the GCHQ destroy its illegally collected data.
Be aware that it could be a long time before action is taken. Privacy International says that nothing like this has ever happened before, especially not at this scale. It could take years before things are sorted out.
What’s Hiding in Your Hard Drive? -- According to a report from Kaspersky Lab, your hard drive might have malware hiding in its firmware.
The work of the so-called Equation Group of malware authors has been traced all the way back to 2001. One piece of the Equation Group’s malware is able to hijack the hard drive itself, preventing users from deleting data, or even enabling attackers to create hidden partitions that can be used to bypass encryption or collect data.
Some malware from the Equation Group bears several similarities to the Stuxnet worm that destroyed many of Iran’s nuclear centrifuges between 2009 and 2010. Stuxnet is largely attributed to a collaboration between the United States and Israel.
Indeed, malware linked to the Equation Group is prolific and highly sophisticated, leading many to believe that the Equation Group is linked to, or even part of, the NSA.
Should you worry about your hard drive being hijacked by government snoops? Probably not. Despite the furor this story has sparked, the victims that Kaspersky has discovered so far have been highly targeted, either individually or through Web sites linked to religious radicals.
Still, the work of the Equation Group goes to show just how inherently insecure computers can be — even down to the bare metal.
Mr. Obama Goes to Silicon Valley -- In a time of rising tensions between Silicon Valley and the U.S. federal government, President Obama held a White House Summit on Cybersecurity and Consumer Protection at Stanford University on 12 February 2015.
The president attempted to make peace with the tech community by inviting top CEOs to the summit. However, Facebook’s Mark Zuckerberg, Google’s Larry Page and Eric Schmidt, and Yahoo’s Marissa Mayer all declined.
Apple’s Tim Cook was in attendance, and he gave a speech reiterating Apple’s commitment to privacy. He also touted Apple Pay, announcing that Apple Pay will soon be available for federal government transactions. You can watch the full speech here.
The focus of the summit was an executive order, signed by President Obama at the event, that encourages greater sharing of security information between tech companies and the federal government. The order, which is advisory and not prescriptive, calls for central clearinghouses for information between the government and private enterprise.
The president also agreed to a few interviews, mostly notably with Re/code’s Kara Swisher. You can watch the entire interview here.
In the interview, Obama admitted to a strained relationship with Silicon Valley, mostly pinning the blame on Edward Snowden’s revelations of NSA spying. Indeed, revelations about mass surveillance have caused the Chinese government to drop many American technology brands, including Apple. However, the president did acknowledge that the NSA had gone too far in its intelligence gathering efforts. “There have been abuses on U.S. soil,” the president said.
One of the main tussles between the government and the tech sector has been over encryption. The NSA has been caught weakening encryption standards (see “The NSA’s Campaign to Undermine Internet Security,” 5 September 2013), and law enforcement has complained about stronger encryption measures in consumer products (see “Apple and Google Spark Civil Rights Debate,” 10 October 2014). Swisher asked the president about this, but his response was something of a waffle.
But the intelligence agencies’ biggest win over encryption had yet to be revealed…
The Great SIM Heist -- Just when the Snowden revelations seemed to be fading away, The Intercept dropped another bombshell.
Britain’s GCHQ, with help from the NSA, infiltrated Gemalto, the world’s leading producer of SIM cards. Gemalto produces 2 billion SIM cards a year for AT&T, Sprint, T-Mobile, Verizon, and others. Intelligence operatives mined the private communications of engineers to steal SIM encryption keys.
In effect, the NSA and GCHQ may have the capability to decrypt voice and data from almost any cell phone in the world. “Once you have the keys, decrypting traffic is trivial,” Christopher Soghoian of the American Civil Liberties Union told The Intercept. “The news of this key theft will send a shockwave through the security community,” he said.
In fact, the ramifications for cellular security could be significant. Matthew Green, a cryptographer at Johns Hopkins University, called it, “bad news for phone security. Really bad news.” He continued, “Gaining access to a database of keys is pretty much game over for cellular encryption.”
Gemalto has admitted that it was hacked, but has downplayed the severity of the intrusion. The company said that the infiltrators gained few, if any, SIM card keys, and that the ones that might have been stolen were outdated anyway. However, many are skeptical that Gemalto could have performed a thorough security audit in such a short amount of time.
The Gemalto story has caused even more tension between the federal government and security experts. At a New America Foundation conference on cybersecurity on 23 February 2015, things got heated when NSA Director Mike Rogers was grilled by Yahoo’s chief information security officer, Alex Stamos, about the NSA’s desire for encryption backdoors (a term Rogers rejected). Rogers dismissed concerns that foreign nations could also demand their own encryption backdoors with, “I think we can work our way through this.” (As an aside, this picture of Admiral Rogers does not inspire confidence.)
The silver lining in this cloud is that this may have finally alerted technology companies to the stark reality that many of the technologies we rely on every day are inherently insecure. Let’s hope it causes the tech world to focus more on fundamental security practices.