Advocatus Diaboli writes: Yet among the 38 previously undisclosed companies receiving In-Q-Tel funding, the research focus that stands out is social media mining and surveillance; the portfolio document lists several tech companies pursuing work in this area, including Dataminr, Geofeedia, PATHAR, and TransVoyant. Those four firms, which provide unique tools to mine data from platforms such as Twitter, presented at a February “CEO Summit” in San Jose sponsored by the fund, along with other In-Q-Tel portfolio companies. The investments appear to reflect the CIA’s increasing focus on monitoring social media. Last September, David Cohen, the CIA’s second-highest ranking official, spoke at length at Cornell University about a litany of challenges stemming from the new media landscape. The Islamic State’s “sophisticated use of Twitter and other social media platforms is a perfect example of the malign use of these technologies,” he said.
Advocatus Diaboli writes: Skincential Sciences, a company with an innovative line of cosmetic products marketed as a way to erase blemishes and soften skin, has caught the attention of beauty bloggers on YouTube, Oprah’s lifestyle magazine, and celebrity skin care professionals. Documents obtained by The Intercept reveal that the firm has also attracted interest and funding from In-Q-Tel, the venture capital arm of the Central Intelligence Agency. The previously undisclosed relationship with the CIA might come as some surprise to a visitor to the website of Clearista, the main product line of Skincential Sciences, which boasts of a “formula so you can feel confident and beautiful in your skin’s most natural state.
The article, which is no longer available on the fund’s website but is preserved by a cache hosted by the Internet Archive, argues that advances in medical research into biomarkers can be leveraged by intelligence agencies for a variety of uses, from airport security to next-generation identification tools. A diagram in the article calls human skin the body’s largest organ and a “unique, underutilized source for sample collection.” The author, Dr. Kevin O’Connell, then a “senior solutions architect” with In-Q-Tel, notes, “The DNA contained in microorganisms in a person’s gut or on a person’s skin may contain sequences that indicate a particular geographical origin.” Link to Original Source
Advocatus Diaboli writes: In 2009, Sadequee was tried, convicted, and sentenced to a 17-year federal sentence. But even after receiving that harsh sentence, the irksome fact remained that Sadequee had never actually committed an act of terrorism. The allegations against him amounted to statements and translations he had made online as a teenager. At his trial, Sadequee said that these online activities were “just talk,” and were never intended to manifest in an act of violence. “Shifa was never accused of making any specific threat or plot. The government didn’t even have to prove that he did anything, just that he had the intent, which they did using his online chats and translation activities,” says Khurrum Wahid, who served as Sadequee’s stand-by counsel during the trial and who also appears in Homegrown. “It goes down to the issue of what you do when you come across a teenager making provocative statements online. As a society, is it our responsibility to string them along and send them to jail?”
Advocatus Diaboli writes: The reference to “the two leading encryption chips” provides some hints, but no definitive proof, as to which ones were successfully targeted. Matthew Green, a cryptography expert at Johns Hopkins, declined to speculate on which companies this might reference. But he said that “the damage has already been done. From what I’ve heard, many foreign purchasers have already begun to look at all U.S.-manufactured encryption technology with a much more skeptical eye as a result of what the NSA has done. That’s too bad, because I suspect only a minority of products have been compromised this way.”
Advocatus Diaboli writes: The Wall Street Journal reported yesterday that the NSA under President Obama targeted Israeli Prime Minister Benjamin Netanyahu and his top aides for surveillance. In the process, the agency ended up eavesdropping on “the contents of some of their private conversations with U.S. lawmakers and American-Jewish groups” about how to sabotage the Iran Deal. All sorts of people who spent many years cheering for and defending the NSA and its programs of mass surveillance are suddenly indignant now that they know the eavesdropping included them and their American and Israeli friends rather than just ordinary people. The long-time GOP chairman of the House Intelligence Committee and unyielding NSA defender Pete Hoekstra last night was truly indignant to learn of this surveillance.
In January 2014, I debated Rep. Hoekstra about NSA spying and he could not have been more mocking and dismissive of the privacy concerns I was invoking. “Spying is a matter of fact,” he scoffed. As Andrew Krietz, the journalist who covered that debate, reported, Hoekstra “laughs at foreign governments who are shocked they’ve been spied on because they, too, gather information” — referring to anger from German and Brazilian leaders. As TechDirt noted, “Hoekstra attacked a bill called the RESTORE Act, that would have granted a tiny bit more oversight over situations where (you guessed it) the NSA was collecting information on Americans.” But all that, of course, was before Hoekstra knew that he and his Israeli friends were swept up in the spying of which he was so fond.
Advocatus Diaboli writes: The intercept has obtained a secret, internal U.S. government catalogue of dozens of cellphone surveillance devices used by the military and by intelligence agencies. The document, thick with previously undisclosed information, also offers rare insight into the spying capabilities of federal law enforcement and local police inside the United States. The catalogue includes details on the Stingray, a well-known brand of surveillance gear, as well as Boeing “dirt boxes” and dozens of more obscure devices that can be mounted on vehicles, drones, and piloted aircraft. Some are designed to be used at static locations, while others can be discreetly carried by an individual. They have names like Cyberhawk, Yellowstone, Blackfin, Maximus, Cyclone, and Spartacus. Within the catalogue, the NSA is listed as the vendor of one device, while another was developed for use by the CIA, and another was developed for a special forces requirement. Nearly a third of the entries focus on equipment that seems to have never been described in public before.
Advocatus Diaboli writes: One of the most striking revelations, Merrill said during a press teleconference, was that the FBI was requesting detailed cell site location information — cellphone tracking records — under the heading of “radius log” information. Traditionally, radius log refers to a user’s attempts to connect to a server or a DSL line — a sort of anachronism given the progress of technology. “The notion that the government can collect cellphone location information — to turn your cellphone into a tracking device, just by signing a letter — is extremely troubling,” Merrill said. The court ruling noted that the FBI is no longer requesting this type of information using NSLs, but wants to maintain the possibility of doing so in the future.
In the newly unredacted ruling, U.S. District Court Judge Victor Marrero wrote that the case “implicates serious issues, both with respect to the First Amendment and accountability of the government to the people.” According to the Electronic Frontier Foundation, around 300,000 NSLs have been issued since 2001. By 2008, the Justice Department concluded that the FBI had been abusing its powers with NSLs, even after changing policies in 2006. “I feel vindicated today,” said Merrill. “But there’s a lot more work to be done.”
Advocatus Diaboli writes: "An enormous cache of phone records obtained by The Intercept reveals a major breach of security at Securus Technologies, a leading provider of phone services inside the nation’s prisons and jails. The materials — leaked via SecureDrop by an anonymous hacker who believes that Securus is violating the constitutional rights of inmates — comprise over 70 million records of phone calls, placed by prisoners to at least 37 states, in addition to links to downloadable recordings of the calls. The calls span a nearly two-and-a-half year period, beginning in December 2011 and ending in the spring of 2014."
"Particularly notable within the vast trove of phone records are what appear to be at least 14,000 recorded conversations between inmates and attorneys, a strong indication that at least some of the recordings are likely confidential and privileged legal communications — calls that never should have been recorded in the first place. The recording of legally protected attorney-client communications — and the storage of those recordings — potentially offends constitutional protections, including the right to effective assistance of counsel and of access to the courts."
Advocatus Diaboli writes: To hear FBI Director James Comey tell it, strong encryption stops law enforcement dead in its tracks by letting terrorists, kidnappers and rapists communicate in complete secrecy. But that’s just not true. In the rare cases in which an investigation may initially appear to be blocked by encryption — and so far, the FBI has yet to identify a single one — the government has a Plan B: it’s called hacking.
Hacking — just like kicking down a door and looking through someone’s stuff — is a perfectly legal tactic for law enforcement officers, provided they have a warrant. And law enforcement officials have, over the years, learned many ways to install viruses, Trojan horses, and other forms of malicious code onto suspects’ devices. Doing so gives them the same access the suspects have to communications — before they’ve been encrypted, or after they’ve been unencrypted.
Advocatus Diaboli writes: "There was a simple aim at the heart of the top-secret program: Record the website browsing habits of “every visible user on the Internet.” Before long, billions of digital records about ordinary people’s online activities were being stored every day. Among them were details cataloging visits to porn, social media and news websites, search engines, chat forums, and blogs. The mass surveillance operation — code-named KARMA POLICE — was launched by British spies about seven years ago without any public debate or scrutiny. It was just one part of a giant global Internet spying apparatus built by the United Kingdom’s electronic eavesdropping agency, Government Communications Headquarters, or GCHQ."
"One system builds profiles showing people’s web browsing histories. Another analyzes instant messenger communications, emails, Skype calls, text messages, cell phone locations, and social media interactions. Separate programs were built to keep tabs on “suspicious” Google searches and usage of Google Maps. The surveillance is underpinned by an opaque legal regime that has authorized GCHQ to sift through huge archives of metadata about the private phone calls, emails and Internet browsing logs of Brits, Americans, and any other citizens — all without a court order or judicial warrant. Metadata reveals information about a communication — such as the sender and recipient of an email, or the phone numbers someone called and at what time — but not the written content of the message or the audio of the call."
Advocatus Diaboli writes: Windows' network activity continues to be scrutinized amid privacy concerns. Windows 10 was first put under the microscope with both new and old features causing concern. With its Cortana digital personal assistant, Windows 10 represents a new breed of operating system that incorporates extensive online services as an integral part of the platform. But its older predecessors haven't escaped attention, and questions are now being asked of Windows 7 and 8's online connectivity.
Windows 8 included many of the same online features as are now raising hackles around the Internet. While it had no Cortana, it nonetheless integrated Web and local search, supported logging in and syncing settings with Microsoft Account, included online storage of encryption keys, and so on and so forth. While a few privacy advocates expressed concern at these features when the operating system was first released, the response was far more muted than the one we see today about Windows 10. But a new addition has led to accusations that Windows 8 now mimics one of Windows 10's more problematic features: it reports information to Microsoft even when told not to.
Advocatus Diaboli writes: The plan is described in internal emails from the Italian company Hacking Team, which makes off-the-shelf software that can remotely infect a suspect’s computer or smartphone, accessing files and recording calls, chats, emails and more. A hacker attacked the Milan-based firm earlier this month and released hundreds of gigabytes of company information online. Among the emails is a recap of a meeting in June of this year, which gives a “roadmap” of projects that Hacking Team’s engineers have underway. On the list: Develop a way to infect computers via drone. One engineer is assigned the task of developing a “mini” infection device, which could be “ruggedized” and “transportable by drone (!)” the write-up notes enthusiastically in Italian. The request appears to have originated with a query from the Washington-based Insitu, which makes a range of unmanned systems, including the small ScanEagle surveillance drone, which has long been used by the militaries of the U.S. and other countries. Insitu also markets its drones for law enforcement.
Advocatus Diaboli writes: The Senate Intelligence Committee secretly voted on June 24 in favor of legislation requiring e-mail providers and social media sites to report suspected terrorist activities. The legislation, approved 15-0 in a closed-door hearing, remains "classified." The relevant text is contained in the 2016 intelligence authorization, a committee aide told Ars by telephone early Monday. Its veil of secrecy would be lifted in the coming days as the package heads to the Senate floor, the aide added.
The legislation is modeled after a 2008 law, the Protect Our Children Act. That measure requires Internet companies to report images of child porn, and information identifying who trades it, to the National Center for Missing and Exploited Children. That quasi-government agency then alerts either the FBI or local law enforcement about the identities of online child pornographers. The bill, which does not demand that online companies remove content, requires Internet firms that obtain actual knowledge of any terrorist activity to "provide to the appropriate authorities the facts or circumstances of the alleged terrorist activity," wrote The Washington Post, which was able to obtain a few lines of the bill text. The terrorist activity could be a tweet, a YouTube video, an account, or a communication.
Also see this link (https://www.washingtonpost.com/world/national-security/lawmakers-want-internet-sites-to-flag-terrorist-activity-to-law-enforcement/2015/07/04/534a0bca-20e9-11e5-84d5-eb37ee8eaa61_story.html)
Advocatus Diaboli writes: Some of the most prominent parts of the social media site Reddit are going dark in defiance of the removal of an admin who organized the site’s popular “IAmA” interviews with celebrities, politicians, and other people of note. The subreddit/r/IAmA was the first to go dark following the departure of administrator Victoria Taylor, a Reddit employee who was let go, according to the forum moderators. Taylor scheduled and ran many of the forum’s Q&As.
Advocatus Diaboli writes: "The NSA’s ability to piggyback off of private companies’ tracking of their own users is a vital instrument that allows the agency to trace the data it collects to individual users. It makes no difference if visitors switch to public Wi-Fi networks or connect to VPNs to change their IP addresses: the tracking cookie will follow them around as long as they are using the same web browser and fail to clear their cookies. Apps that run on tablets and smartphones also use analytics services that uniquely track users. Almost every time a user sees an advertisement (in an app or in a web browser), the ad network is tracking users in the same way. A secret GCHQ and CSE program called BADASS, which is similar to XKEYSCORE but with a much narrower scope, mines as much valuable information from leaky smartphone apps as possible, including unique tracking identifiers that app developers use to track their own users."
"Other information gained via XKEYSCORE facilitates the remote exploitation of target computers. By extracting browser fingerprint and operating system versions from Internet traffic, the system allows analysts to quickly assess the exploitability of a target. Brossard, the security researcher, said that “NSA has built an impressively complete set of automated hacking tools for their analysts to use.” Given the breadth of information collected by XKEYSCORE, accessing and exploiting a target’s online activity is a matter of a few mouse clicks. Brossard explains: “The amount of work an analyst has to perform to actually break into remote computers over the Internet seems ridiculously reduced — we are talking minutes, if not seconds. Simple. As easy as typing a few words in Google.”