MFingS writes: According to an article at Motherboard, shortly after 9/11, NSA director Michael Hayden requested extra computing power and Carly Fiorina, then CEO of HP, responded by re-routing truckloads of servers to the agency. Fiorina acknowledged providing the servers to the NSA during an interview with Michael Isikoff in which she defended warrantless surveillance (as well as waterboarding) and framed her collaboration with the NSA in patriotic terms. Fiorina's compliance with Hayden's request for HP servers is but one episode in a long-running and close relationship between the GOP presidential hopeful and U.S. intelligence agencies.
wiredmikey writes: Edward Snowden joined Twitter Tuesday, picking up more than a quarter of a million followers on the social network in just over two hours. Snowden followed a single Twitter account: the U.S. National Security Agency, from which he stole electronic documents revealing the agency's secret surveillance programs. "Can you hear me now?" he asked in his first tweet, which was quickly resent by Twitter users tens of thousands of times. In his second, Snowden noted the recent news about the planet Mars and then quipped about the difficulty he had finding asylum after the U.S. government fingered him as the source of the NSA leaks. "And now we have water on Mars!" he wrote. "Do you think they check passports at the border? Asking for a friend."
Patrick O'Neill writes: The FBI and DEA were among the agencies fed information from an NSA surveillance program described as "staggering" by one judge who helped strike the program down. Now the two agencies are under review by the Justice Department for the use of parallel construction as well as looking into the specifics and results of cases originating from NSA tips. (Here's some more on the practice of parallel construction in this context.)
An anonymous reader writes: As the Snowden revelations have shown, personal data stored in the United States of America is not protected from the US government, be it through warrantless eavesdropping or national security letters. In light of this, the general attorney for the Court of Justice of the European Union has just issued an opinion requiring the US to be removed from the list of "safe harbors", where the transfer of personal data of European citizens is permitted. If the court follows his opinion, the change will have deep impact in the operations of large transnational Internet companies, between a US government that wants to keep on spying, and European authorities that will punish them if they let it happen.
circletimessquare writes: New details have emerged about the 2004 conflict between George W. Bush and his Attorney General, John Ashcroft, who was hospitalized when he forcefully disagreed with the president's authorization of the NSA's sweeping new collection powers after 9/11. The New York Times has discovered that the conflict was about a retroactive alteration of the President's wording on the legal theory by which the NSA is allowed to siphon up metadata on all Americans, not just certain targets or classes of targets, such as suspected terrorists. 'Mr. Bush, for the first time, explicitly said that his authorizations were "displacing" specific federal statutes, including the Foreign Intelligence Surveillance Act and criminal wiretapping laws... the president had "made an interpretation of law concerning his authorities" and that the Justice Department could not act in contradiction of Mr. Bush's determinations.' The president faced a severe backlash from the Justice Department, including a threat of mass resignation.
Mark Wilson writes: Privacy International has created a platform through which individuals and organizations can file complaints with GCHQ about surveillance of phone calls and internet usage. The charity has long concerned itself with government surveillance, particularly the sharing of data between the NSA and GCHQ. The legality of mass surveillance has been questioned by many, and it has already been determined that human rights organization Amnesty International was illegally spied on. Edward Snowden's NSA revelations have led to a huge increase in awareness of privacy issues, and now Privacy International is making it easier to find out if you were spied on, and to lodge an official complaint.
simpz writes: Which country is best to choose for hosting Internet services and locating VMs to avoid government surveillance (both NSA and local)? It should be a country with good connectivity to the US and Europe, but have strong legal protections from mass surveillance. People talk about Switzerland, Norway and Iceland (even Spain). Anyone worked through the pros and cons of each of these? I'm not concerned about legitimate (with court order) surveillance, just the un-targeted mass surveillance most governments seem to do. I don't believe this bad behavior should be rewarded or made easy.
New submitter autonomous_reader writes: Ars Technica has a story on this week's Intelligence & National Security Summit, where CIA Director John Brennan and FBI Director James Comey had a lot to say about the resistance of the American public to government cyber spying and anti-encryption efforts. Blaming resistance on "people who are trying to undermine" the intelligence mission of the NSA, CIA, and FBI, John Brennan explained it was all a "misunderstanding." Comey explained that "venom and deep cynicism" prevented rational debate of his campaign for cryptographic backdoors.
itwbennett writes: The push for greater cooperation with tech companies has been a big theme for the DOD in the last year, but many big tech companies so far have been wary of the government's overtures following NSA spying revelations. Now, the government is taking a more 'if you can't join them, build your own' approach. The U.S. Department of Defense is considering offering rapid seed funding to private companies as a way to encourage more work on technology projects with the commercial sector, Secretary of Defense Ashton Carter said Wednesday. 'The DOD has to tap into all the streams of innovation and emerging technology and it has to do so much more quickly,' Carter told DARPA's Wait, What? conference in St. Louis, Missouri.
Tokolosh writes: An article in Scientific American discusses the actions needed to address the looming advent of quantum computing and its ability to crack current encryption schemes. Interesting tidbits from the article: "'I'm genuinely worried we're not going to be ready in time,' says Michele Mosca, co-founder of the Institute for Quantum Computing (IQC) at the University of Waterloo..." and "Intelligence agencies have also taken notice. On August 11, the US National Security Agency (NSA) revealed its intention to transition to quantum-resistant protocols when it released security recommendations to its vendors and clients." Another concern is "intercept now, decrypt later", which presumably refers to the giant facility in Utah.In related news, an anonymous reader points out that the NSA has updated a page on its website, announcing plans to shift the encryption of government and military data from current cryptographic schemes to new ones that can resist an attack by quantum computers.
An anonymous reader points out comments from NSA whistleblower Edward Snowden in a new interview with Al Jazeera about Hillary Clinton's use of a private email server while she was the U.S. Secretary of State. Snowden said, "Anyone who has the clearances that the Secretary of State has or the director of any top level agency has knows how classified information should be handled. When the unclassified systems of the United States government — which has a full time information security staff — regularly get hacked, the idea that someone keeping a private server ... is completely ridiculous." While Snowden didn't feel he had enough information to say Clinton's actions were a threat to national security, he did say that less prominent government employees would have probably been prosecuted for doing the same thing. For her part, Clinton said she used the private server out of convenience: "I was not thinking a lot when I got in. There was so much work to be done. We had so many problems around the world. I didn't really stop and think what kind of email system will there be."
itwbennett writes: Security researchers from Symantec have identified 49 more modules (bringing the total number found so far to 75) of the sophisticated Regin cyberespionage platform that many believe is used by the U.S. National Security Agency and its close allies. Some of the modules implement basic malware functions, while other modules are much more specialized and built with specific targets in mind. 'One module was designed to monitor network traffic to Microsoft Internet Information Services (IIS) web servers, another was observed collecting administration traffic for mobile telephony base station controllers, while another was created specifically for parsing mail from Exchange databases,' the Symantec researchers said in an updated version of their white paper (PDF) published Thursday.
New submitter captnjohnny1618 writes: NPR is reporting that an appeals court has overturned the decision that found the NSA's bulk data collection to be illegal. "Judges for the District of Columbia court of appeals found that the man who brought the case, conservative lawyer Larry Klayman, could not prove that his particular cellphone records had been swept up in NSA dragnets." The article clarifies that due to the recent passage of new laws governing how metadata is collected, this is of less significance than it would have otherwise been: "If you remember, after a fierce battle, both houses of Congress voted in favor of a law that lets phone companies keep that database, but still allows the government to query it for specific data. The three-judge panel of the United States Court of Appeals for the District of Columbia still decided to take on the case, because that new program doesn't begin until 180 days after the date that law was enacted (June 2, 2015.)" On top of that, the injunction from the earlier ruling never actually went into effect. Still, it seems like an important ruling to me: a government agency was willfully and directly violating the rights of the Americans (and international citizens as well) and now it's just going to get shrugged off?
An anonymous reader sends news that Germany's domestic intelligence agency, the BfV, was so impressed with the NSA's surveillance software that they were willing to "share all data relevant to the NSA's mission" in order to get it. "The data in question is regularly part of the approved surveillance measures carried out by the BfV. In contrast, for example, to the Bundesnachrichtendienst (BND), Germany’s foreign intelligence agency, the BfV does not use a dragnet to collect huge volumes of data from the Internet. Rather, it is only allowed to monitor individual suspects in Germany -- and only after a special parliamentary commission has granted approval. ... Targeted surveillance measures are primarily intended to turn up the content of specific conversations, in the form of emails, telephone exchanges or faxes. But along the way, essentially as a side effect, the BfV also collects mass quantities of so-called metadata. Whether the collection of this data is consistent with the restrictions outlined in Germany's surveillance laws is a question that divides legal experts."
netbuzz writes: Slashdot on Saturday highlighted a story by Pro Publica and the New York Times that used Snowden documents to reveal previously unknown details of the "highly collaborative" relationship between AT&T and the NSA that enabled the latter's controversial Internet surveillance program. An aspect of the story that received only passing mention was how the reporters connected an acronym for an obscure proprietary network configuration – SNRC — to AT&T and the NSA in part through a 1996 story in the now-defunct print version of Network World. In essence, that acronym proved to be a fingerprint confirming the connection — and its match was found thanks to Google Books.
An anonymous reader writes: Following this weekend's news that AT&T was as friendly with the NSA as we've suspected all along, cryptographer Matthew Green takes a step back to look at the broad lessons we've learned from the NSA leaks. He puts it simply: the network is hostile — and we really understand that now. "My take from the NSA revelations is that even though this point was 'obvious' and well-known, we've always felt it more intellectually than in our hearts. Even knowing the worst was possible, we still chose to believe that direct peering connections and leased lines from reputable providers like AT&T would make us safe. If nothing else, the NSA leaks have convincingly refuted this assumption." Green also points out that the limitations on law enforcement's data collection are technical in nature — their appetite for surveillance would be even larger if they had the means to manage it. "...it's significant that someday a large portion of the world's traffic will flow through networks controlled by governments that are, at least to some extent, hostile to the core values of Western democracies."
An anonymous reader writes: From instant monitoring of leaking pipelines, to real-time worldwide collaboration, the increase in machine-to-machine communications that 5G allows will change the way we live. This TechCrunch article takes a look at the promise that 5G holds and its possibilities. From the article: "By 2030, 5G will transform and create many uses that we cannot even think of yet. We will live in a world that will have 10-100 times more Internet-connected devices than there are humans. Hundreds of billions of machines will be sensing, processing and transmitting data without direct human control and intervention."
An anonymous reader writes: Newly disclosed NSA documents show that the agency gained access to billions of emails through a "highly collaborative" relationship with AT&T. The company provided access from 2003 to 2013, including technical assistance to carry out court orders permitting wiretapping. "The company installed surveillance equipment in at least 17 of its Internet hubs on American soil, far more than its similarly sized competitor, Verizon. And its engineers were the first to try out new surveillance technologies invented by the eavesdropping agency. One document reminds NSA officials to be polite when visiting AT&T facilities, noting, 'This is a partnership, not a contractual relationship.'" The new files don't indicate whether the partnership currently exists, but the government has been doing its best to keep corporate partnerships hidden. The article also notes that "In 2011, AT&T began handing over 1.1 billion domestic cellphone calling records a day to the N.S.A. after 'a push to get this flow operational prior to the 10th anniversary of 9/11,' according to an internal agency newsletter."
An anonymous reader writes: In 2012, the NSA decided it needed an in-house ethicist to write about the philosophy of surveillance. They searched within the organization for a candidate, finally giving the job to an analyst who had abandoned a writing career that hadn't worked out. The Intercept got its hands on some of his work: "The columns answer a sociological curiosity: How does working at an intelligence agency turn a privacy hawk into a prophet of eavesdropping?" At one point, the analyst wrote, "We probably all have something we know a lot about that is being handled at a higher level in a manner we're not entirely happy about. This can cause great cognitive dissonance for us, because we may feel our work is being used to help the government follow a policy we feel is bad." The article analyzes this man in detail, including his life history and his personal blog — it's a strange coupling of invasiveness and anonymization, for they take steps to avoid revealing his identity. The article's author correctly notes (while the NSA does not) that surveilling somebody doesn't mean you really know them.
Nicola Hahn writes: The topic of key escrow encryption has once again taken center stage as former Secretary of Homeland Security Michael Chertoff has spoken out against key escrow both at this year's Aspen Security Forum and in an op-ed published recently by the Washington Post. However, the debate over cryptographic back doors has a glaring blind spot. As the trove of leaks from Hacking Team highlights, most back doors are implemented using zero-day exploits. Keep in mind that the Snowden documents reveal cooperation across the tech industry, on behalf of the NSA, to make products that were "exploitable." Hence, there are people who suggest the whole discussion over key escrow includes an element of theater. Is it, among other things, a public relations gambit, in the wake of the PRISM scandal, intended to cast Silicon Valley companies as defenders of privacy?