However, the original bulletin does not seem to contain such language, judging from the auto translation.

From the article:

It is queried for phone numbers of interest mainly using what are called “administrative subpoenas,” those issued not by a grand jury or a judge but by a federal agency, in this case the D.E.A.

In other words, no, there's no oversight. The DEA issues its own legal requests. The AT&T "contractors" who issue the queries sit next to the agents and are paid for by the DEA (in other words, they're employees of the government). Elsewhere the presentation makes a reference to routing requests via Washington state which somehow converts them into court orders, not sure what that's about.

Also, the presentation tells agents to cover up the fact that it exists and how to do so, so we're back into "parallel reconstruction" terroritory.

That said, I actually care less about this sort of thing than what the NSA is doing, as it's (a) not classified and apparently can be learned about via the regular channels despite their requests for secrecy and (b) it's being used to catch more ordinary, every day criminals like people who rob jewellery shops or make bomb threats. The almost total blurring between corporation and state is very concerning because it implies there's nothing stopping it from stepping over the line and becoming used for petty political activism or worse, but at least they try to actually justify the programs existence with examples (unlike nearly all NSA training material, it seems).

Not only that, but actually current cell-site data for any phone is publicly available for a small fee (1 cent). The GSM Home Location Register is a worldwide database which all carriers need access to for roaming to work, the fact that somehow some companies are able to sell access to it perhaps should not really surprise anyone. What you get back are cell tower IDs, not co-ordinates, but I guess it may be possible to build a map of tower IDs to physical locations (or obtain one) if you're determined enough. For many uses it's not even that hard, as you don't need all of them but just the small set of locations where you expect your target is likely to be.

I guess the next step for drug dealers and other people who don't want to carry a portable tracking device would be to use VoIP via VPNs or other proxy services. I anticipate that over time proxying traffic will become illegal ("packet laundering" anyone?). No way are governments going to give up this wonderful gift society gave them in the form of knowing everyones location, all the time.

What Reuters revealed is that their involvement doesn't come out in open court, because the police make up some alternative explanation of how they got the evidence. So they wouldn't have to reveal anything.

Also, the hack was somewhat sophisticated. If not the NSA then who?

Good question - what good is Tor?

Well, one interesting thing we learned lately is that some element of what can only be US law enforcement felt the need to exploit a Firefox bug in order to deanonymize some Tor users. Given that we know (thanks to Reuters) that the NSA works with other LE agencies, it therefore stands to reason that they are at this time NOT capable of entirely deanonymizing Tor via network traffic analysis, either because they don't have a global view of traffic, or their tools aren't capable of it, or the problem is a lot harder than it sounds (it's all encrypted so you have to rely on correlation attacks).

So for now at least it's the best that is available.

Ah yes. They claim he had the password on him, which directly contradicts statements by Greenwald that Miranda didn't have any passwords. They also claim that out of tens of thousands of documents they so far recovered less than 100, which implies to me that there may have been many passwords and they don't know the important ones. Also, these people have a track record of lying, constantly, whereas the journalists don't. So we'll see. Regardless, the assumption that intelligence agencies have better security than the Guardian seems unwarranted. The files were down successfully without the owners noticing, and the journalists have been reading them on clean machines that were never connected to the internet. Sounds to me like they have better procedures than the spies do.

Yep. You got it.

A few years ago I developed a state of the art obfuscation system for JavaScript. It goes far beyond what you might normally see (renaming variables, etc) and is used for anti-spam purposes. I expected the obfuscation to get cracked by spammers eventually as anyone who had succeeded could have directly profited off that success, but in fact although there were many attempts over the years none were successful. When done well, software obfuscation is a powerful tool. It has a bad rap because so many people do it badly - there is precious little information out there about how to build really good obfuscations, so you get a lot of wheel reinvention.

And how valuable is that, really? Valuable enough to enrage and piss off all kinds of countries who could be allies? See the mess that resulted after it came out GCHQ had been spying on foreign delegations to banking reform talks of all things. Who gives a shit about that? It's much more important that other countries diplomats feel secure and professionally treated when on British soil.

GCHQ is a relic, a holdover from the cold war that was never wound up properly. The vast majority of its spying is just cynical perversion of public infrastructure to give Britain an unfair legup over countries that don't do it. It's right there in the article - the spying is anything that enhances "British interests". That's gotta suck if you're founding a company in Turkey or the Ukraine that's trying to compete with a big company in the 5-eyes governments domains.

So we have a case of sour grapes, then? Unless one of the NSA requests was "we want a backdoor" then this by itself doesn't mean much because the NSA is a weird creation that not only spies on everyone, but has an "information assurance" department that tries to design secure systems for US usage. They're behind the creation of SELinux which is both highly sophisticated and well reviewed by independent third parties. It does not have back doors. Also, many important constructions in cryptography were designed by the NSA. For example SHA2 was designed by the NSA and it is extensively studied. It has never been found to contain even a hint of a back door.

This crap about how the TPM allows Microsoft to remotely control computers for DRM purposes came up over a decade ago when trusted computing extensions were first designed. It was FUD back then with no connection to reality, and it's certainly FUD today too. If you want to learn about the actual next-gen TC technologies, go and read up on Intel SGX. Then go and read this post on bcflick, a use of the TPM and trusted computing designed to make Bitcoin wallets more secure. That's the kind of thing the tech is designed for. The TPM isn't even electrically capable of controlling the CPU.

And who is going to prosecute him? Doesn't that kind of thing usually require a firebrand government prosecutor who doesn't give a shit about the fallout? Does America have such a thing?

There is/was a Google Update Service on old versions of Windows to, I think, work around bugs in the Windows task scheduler. The latest Windows versions have those bugs fixed and on those versions it uses the task scheduler to do update checks.

The cold war has been over for more than 20 years?

But why exclude the military from those figures?

Hmm? I'm pretty sure the Milgram experiment was exactly an investigation into the limits to the power of authority. The fact that if joe random tells people to administer a high voltage to someone, they don't do it - well that's not really a surprise. The surprising thing and the reason the experiment is famous is that simply dressing the guy in a lab coat and changing how the instructions are given resulted in people do it at way higher rates than anyone would have expected.