Archives June 2015

Shhh… WikiLeaks: US Also Had a Decade-long Policy of Economic Espionage Against French Companies

(Above) photo credit: Focus

Assume this is no surprise to many? Following the recent WikiLeaks’ Espionnage Élysée exposé about the NSA spying on 3 French presidents, new WikiLeaks documents revealed how “the US has had a decade- long policy of economic espionage against France, including the interception of all French corporate contracts and negotiations valued at more than $200 million”.

“That covers not only all of France’s major companies, from BNP Paribas, AXA and Credit Agricole to Peugeot and Renault, Total and Orange, but it also affects the major French farming associations,” according to WikiLeaks founder Julian Assange.

“Central within the cache of documents are two long-term spying orders (“collection requirements”) which define the kinds of intelligence the NSA is tasked with collecting in its surveillance operations against France. The documents make clear that the NSA has been tasked with obtaining intelligence on all aspects of the French economy, from government policy, diplomacy, banking and participation in international bodies to infrastructural development, business practices and trade activities,” according to WikiLeaks.

Here’s a related story from Techcrunch:

New WikiLeaks Documents Reveal NSA Spied On Top French Companies

by Romain Dillet (@romaindillet)

Following last week’s eavesdropping reports, WikiLeaks shared new documents with Libération and Mediapart. This time, the new documents reveal that the NSA was spying on France’s best performing companies for economic intelligence purposes.

In addition to eavesdropping French Economy Ministers François Baroin and Pierre Moscovici between 2004 and 2012, the NSA gathered as much data as possible on big French companies. In particular, the agency wanted to know more about the companies that signed expensive export contracts for industrial goods, such as nuclear power plants, planes, high speed trains, etc.

According to an economic espionage order, the NSA intercepted all French corporate contracts and negotiations valued at more than $200 million in many different industries, such as telecommunications, electrical generation, gas, oil, nuclear and renewable energy, and environmental and healthcare technologies.

A second economic espionage order called “France: Economic Developments” shows that information was then shared with other U.S. agencies and secretaries, including the Secretary of Energy, the Secretary of Commerce, the Federal Reserve and the Secretary of Treasury. Eventually, this data could have been used to help sign export deals.

According to France’s IT security agency Anssi, the NSA could have spied on at least a hundred French companies, including most public CAC40 companies. Airbus filed a complaint for intelligence gathering earlier today.

The second document also states that the NSA could share this information with its closest allies — the U.K., Canada, New Zealand and Australia. It’s unclear whether the NSA is still actively spying on French companies. Today’s news is particularly interesting as it proves that the NSA is not only a geopolitical intelligence agency. It also plays an important role when it comes to economic intelligence.

Shhh… French Asylum Offer to Snowden & Assange as Ultimate US Contempt

(Above) Photo credit: The Intercept

No surprise, that’s the ultimate official French reaction to the WikiLeaks’ Espionnage Élysée exposé on the NSA “unspeakable practice” earlier this week – check out The Intercept article below.

French Justice Minister Says Snowden and Assange Could Be Offered Asylum

By Jenna McLaughlin @JennaMC_Laugh

French Justice Minister Christiane Taubira thinks National Security Agency whistleblower Edward Snowden and WikiLeaks founder Julian Assange might be allowed to settle in France.

If France decides to offer them asylum, she would “absolutely not be surprised,” she told French news channel BFMTV on Thursday (translated from the French). She said it would be a “symbolic gesture.”

Taubira was asked about the NSA’s sweeping surveillance of three French presidents, disclosed by WikiLeaks this week, and called it an “unspeakable practice.”

Her comments echoed those in an editorial in France’s leftist newspaper Libération Thursday morning, which said giving Snowden asylum would be a “single gesture” that would send “a clear and useful message to Washington,” in response to the “contempt” the U.S. showed by spying on France’s president.

Snowden, who faces criminal espionage charges in the U.S., has found himself stranded in Moscow with temporary asylum as he awaits responses from two dozen countries where he’d like to live; and Assange is trapped inside the Ecuadorian Embassy in London to avoid extradition to Sweden. (See correction below.)

Taubira, the chief of France’s Ministry of Justice, holds the equivalent position of the attorney general in the United States. She has been described in the press as a “maverick,” targeting issues such as poverty and same-sex marriage, often inspiring anger among French right-wingers.

Taubira doesn’t actually have the power to offer asylum herself, however. She said in the interview that such a decision would be up to the French president, prime minister and foreign minister. And Taubira just last week threatened to quit her job unless French President François Hollande implemented her juvenile justice reforms.

Correction: Due to an editing error, an earlier version of this article improperly described the state of Assange’s case in Sweden and his reason for avoiding extradition. He has refused to go to Sweden, where he faces accusations of sexual assault, because he fears he could then be extradited to the United States.

(This post is from our blog: Unofficial Sources.)

Shhh… Snowden Supports Apple’s Public Stance On Privacy

Edward Snowden Supports Apple’s Public Stance On Privacy

by Josh Constine (@joshconstine)

Edward Snowden says we should support Apple’s newly emphasized commitment to privacy rather than a business model driven by personal data collection, whether or not Tim Cook is being genuine. Snowden spoke over video conference during the Challenge.rs conference in Barcelona today.

I asked Snowden his thoughts on Cook’s recent acceptance speech for an Electronic Privacy Information Center award, saying:

CEO Tim Cook recently took a stand on privacy and Apple’s business, saying “some of the most prominent and successful companies have built their businesses by lulling their customers into complacency about their personal information. They’re gobbling up everything they can learn about you and trying to monetize it. We think that’s wrong. And it’s not the kind of company that Apple wants to be.”

Do you think Cook’s perspective genuine and honest, and how do you think it will play out long-term with regards to it hurting or helping Apple’s business, or whether Apple will keep this promise to privacy?

Snowden responded:

I think in the current situation, it doesn’t matter if he’s being honest or dishonest. What really matters is that he’s obviously got a commercial incentive to differentiate himself from competitors like Google. But if he does that, if he directs Apple’s business model to be different, to say “we’re not in the business of collecting and selling information. We’re in the business of creating and selling devices that are superior”, then that’s a good thing for privacy. That’s a good thing for customers.

And we should support vendors who are willing to innovate. Who are willing to take positions like that, and go “You know, just because it’s popular to collect everybody’s information and resell it..to advertisers and whatever, it’s going to serve our reputation, it’s going to serve our relationship with our customers, and it’s going to serve society better. If instead we just align ourselves with our customers and what they really want, if we can outcompete people on the value of our products without needing to subsidize that by information that we’ve basically stolen from our customers, that’s absolutely something that should be supported. And regardless of whether it’s honest or dishonest, for the moment, now, that’s something we should support, that’s something we should incentivize, and it’s actually something we should emulate.

And if that position comes to be reversed in the future, I think that should be a much bigger hammer that comes against Apple because then that’s a betrayal of trust, that’s a betrayal of a promise to its customers. But I would like to think that based on the leadership that Tim Cook has shown on this position so far, he’s spoken very passionately about private issues, that we’re going to see that continue and he’ll keep those promises.

It’s reasonable to wonder how much of Cook’s chest-beating on privacy is philosophy and how much is marketing. Since the iCloud celebrity photo hack last year, we’ve written about how Apple needs to be more transparent about security and privacy. Snowden seems to agree it could benefit the company as well as society.

Apple’s steps in that direction through press releases and public appearances by Cook have been positively received. They resonate especially well with the public in contrast to other tech giants like Google and Facebook that are aggressively collecting private personal data, and the widespread security breaches of big brands.

Yet while people frequently say privacy is important to them, their unwillingness to stray from products that rely on mining their data seems to suggest otherwise. We’re just at the start of the age of personalized computing, and those that embrace it may get an advantage in the market.

Apple is experimenting with ways to personalize with privacy in mind. Its new Proactive update to Siri scans your email to remind you about events, but only does this on your device rather than copying your data to its servers for processing. To keep up while remaining true to its ideals, Apple will need more creative solutions like this to deliver convenience without being creepy.

Shhh… French Ultimatum Clicking on Google Over "Right to be Forgotten" Ruling

Please check out my two previous columns on this topic – and the latest on the situation from the Bloomberg article below:

Google Faces French Ultimatum Over Right to Be Forgotten

by Stephanie Bodoni
June 12, 2015 — 5:22 PM HKT
Updated on June 12, 2015 — 11:24 PM HKT

Google Inc. risks French fines after being handed a 15-day ultimatum to extend the so-called right to be forgotten to all its websites, including those outside the European Union.

France’s data protection regulator, CNIL, ordered the world’s most-used search engine to proceed with delistings of links across its network, irrespective of the domain name, according to a statement on Friday. CNIL said it received “hundreds of complaints following Google’s refusals.”

The order comes more than a year after a ruling by the EU’s highest court created a right to be forgotten, allowing people to seek the deletion of links on search engines if the information was outdated or irrelevant. The ruling created a furor, with Mountain View, California-based Google appointing a special panel to advise it on implementing the law. The panel opposed applying the ruling beyond EU domains.

If Google “doesn’t comply with the formal notice within the 15 days,” Isabelle Falque-Pierrotin, the president of CNIL “will be in position to nominate a rapporteur to draft a report recommending to the CNIL Select Committee to impose a sanction to the company,” the watchdog said.

“We’ve been working hard to strike the right balance in implementing the European court’s ruling, cooperating closely with data protection authorities,” Al Verney, a spokesman for Google in Brussels, said in an e-mailed statement. “The ruling focused on services directed to European users, and that’s the approach we are taking in complying with it.”

Links Removal

EU data protection chiefs, currently headed by Falque-Pierrotin, last year already urged Google to also remove links, when needed, from .com sites.

Google Chairman Eric Schmidt has argued that the EU court’s ruling in May 2014 — in which it ordered search links tied to individuals cut when those people contend the material is irrelevant or outdated — didn’t need to be extended to the U.S. site.

“It is easy circumventing the right to be forgotten by using the domain Google.com,” said Johannes Caspar, the Hamburg data protection commissioner. “Google should be compliant with the decision and fill the protection gap quickly.”

Google has removed 342,161, or 41.3 percent, of links that it has “fully processed,” according to a report on its website.

‘Right Balance’

The U.K.’s Information Commissioner’s Office said in a statement that its experience with removal requests “suggests that, for the most part, Google are getting the balance right between the protection of the individual’s privacy and the interest of internet users.”

The right-to-be-forgotten rules add to separate demands for curbs on Google’s market power being considered by lawmakers this week. EU antitrust regulators in April escalated their four-year-old probe into Google, sending the company a statement of objections accusing the Internet giant of abusing its dominance of the search-engine market.

The same day, the EU also started a new investigation into Google’s Android mobile-phone software.

Shhh… Conspiracy Theories on Latest Snowden Claims?

The latest news on Snowden’s encrypted files being decoded by Russian and Chinese spies would surely do no good for the former NSA contractor but conspiracy theorists would certainly question not just the validity of these claims but the timing – consider recent attempts to restore NSA surveillance and let’s not forget how closely the the NSA works with its British counterparts GCHQ, or MI6 for that matter.

Shhh… Hackers Target Database of Chinese with Ties to US Government

Check out the NYT article below.

Hackers May Have Obtained Names of Chinese With Ties to U.S. Government

By DAVID E. SANGER and JULIE HIRSCHFELD DAVISJUNE 10, 2015

WASHINGTON — Investigators say that the Chinese hackers who attacked the databases of the Office of Personnel Management may have obtained the names of Chinese relatives, friends and frequent associates of American diplomats and other government officials, information that Beijing could use for blackmail or retaliation.

Federal employees who handle national security information are required to list some or all of their foreign contacts, depending on the agency, to receive high-level clearances. Investigators say that the hackers obtained many of the lists, and they are trying to determine how many of those thousands of names were compromised.

In classified briefings to members of Congress in recent days, intelligence officials have described what appears to be a systematic Chinese effort to build databases that explain the inner workings of the United States government. The information includes friends and relatives, around the world, of diplomats, of White House officials and of officials from government agencies, like nuclear experts and trade negotiators.

“They are pumping this through their databases just as the N.S.A. pumps telephone data through their databases,” said James Lewis, a cyberexpert at the Center for Strategic and International Studies. “It gives the Chinese the ability to exploit who is listed as a foreign contact. And if you are a Chinese person who didn’t report your contacts or relationships with an American, you may have a problem.”

Officials have conceded in the briefings that most of the compromised data was not encrypted, though they have argued that the attacks were so sophisticated and well hidden that encryption might have done little good.

The first attack, which began at the end of 2013 and was disclosed in the middle of last year, was aimed at the databases used by investigators who conduct security reviews. The investigators worked for a contracting firm on behalf of the Office of Personnel Management, and the firm was fired in August.

The broader attack on the personnel office’s main databases followed in December. That attack, announced last week, involved the records of more than four million current and former federal employees, most of whom have no security clearances.

White House and personnel office officials have provided few details about the latest breach. But the Department of Homeland Security has been telling outside experts and members of Congress that it regards the detection of the attack as a success, because it made use of new “signatures” of foreign hackers, based on characteristics of computer code, to find the attack.

In a statement, the personnel office said Wednesday that “it was because of these new enhancements to our IT systems that O.P.M. was able to identify these intrusions.” But the detection happened in April, five months after the attack began.

The list of relatives and “close or continuous contacts” is a standard part of the forms and interviews required of American officials every five years for top-secret and other high-level clearances, and government officials consider the lists to be especially delicate.

In 2010, when The New York Times was preparing to publish articles based on 250,000 secret State Department cables obtained by WikiLeaks, the newspaper complied with a request by the department to redact the names of any Chinese citizens who were described in the cables as providing information to American Embassy officials. Officials cited fear of retaliation by the Chinese authorities.

Officials say they do not know how much of the compromised data was exposed to the Chinese hackers. While State Department employees, especially new ones, are required to list all their foreign friends, diplomats have so many foreign contacts that they are not expected to list them all.

But other government officials are frequently asked to do so, especially in interviews with investigators. The notes from those interviews, conducted by a spinoff of the personnel office called the United States Investigative Service, were obtained by hackers in the earlier episode last year.

Intelligence agencies use a different system, so the contacts of operatives like those in the C.I.A. were not in the databases.

But the standard form that anyone with a national security job fills out includes information about spouses, divorces and even distant foreign relatives, as well as the names of current or past foreign girlfriends and boyfriends, bankruptcies, debts and other financial information. And it appears that the hackers reached, and presumably downloaded, images of those forms.

“I can’t say whether this was more damaging than WikiLeaks; it’s different in nature,” said Representative Adam B. Schiff, a California Democrat who is a member of the House Intelligence Committee, which was briefed by intelligence officials, the Department of Homeland Security and the personnel office on Tuesday. Mr. Schiff, who declined to speak about the specifics of the briefing, added, “But it is certainly one of the most damaging losses I can think of.”

Investigators were surprised to find that the personnel office, which had already been so heavily criticized for lax security that its inspector general wanted parts of the system shut down, did not encrypt any of the most sensitive data.

The damage was not limited to information about China, though that presumably would have been of most interest to the hackers. They are likely to be particularly interested in the contacts of Energy Department officials who work on nuclear weapons or nuclear intelligence, Commerce Department or trade officials working on delicate issues like the negotiations over the Trans-Pacific Partnership, and, of course, White House officials.

In a conference call with reporters on Wednesday, Senator Angus King, an independent from Maine on both the Intelligence Committee and the Armed Services Committee, called for the United States to retaliate for these kinds of losses. “Nation-states need to know that if they attack us this way, something bad is going to happen to their cyberinfrastructure,” he said.

But Mr. King said he could not say if the attacks on the personnel office were state-sponsored, adding, “I have to be careful; I can’t confirm the identity of the entity behind the attack.” The Obama administration has not formally named China, but there has been no effort to hide the attribution in the classified hearings.

The scope of the breach is remarkable, experts say, because the personnel office apparently learned little from earlier government data breaches like the WikiLeaks case and the surveillance revelations by Edward J. Snowden, both of which involved unencrypted data.

President Obama has said he regards the threat of cyberintrusions as a persistent challenge in a world in which both state and nonstate actors “are sending everything they’ve got at trying to breach these systems.”

The problem “is going to accelerate, and that means that we have to be as nimble, as aggressive and as well resourced as those who are trying to break into these systems,” he said at a news conference this week.

The White House has stopped short of blaming Katherine Archuleta, the director of the personnel office, for the breach, emphasizing that securing government computer systems is a challenging task.

Correction: June 10, 2015

An earlier version of a photo caption with this article misstated the name of the federal office building where employees handle national security information are required to list their foreign contacts. It is the Office of Personnel Management building, not Office of Personal Management.

Matt Apuzzo contributed reporting.

Shhh… Latest Cyberattacks on US Government a Hoax – To Restore NSA Surveillance?

You may have read and heard about the latest cyberattacks on the US government (see video above) over the weekend? Reckon you can’t help wondering how coincidental this “incident” was, judging by the following Guardian article. Nice strategy, Congress??

Shhh… FBI Operate Surveillance Planes – With Fictitious Names and Video & Cellphone Technologies

Now the question is: how long has this been going on and is this a “Plan B” in the aftermath of the recent NSA Surveillance stand-down?

Find out more from the Guardian.

Shhh… What About Snowden Now with NSA Surveillance on Hold?

(Above) Photo credit: http://glenngreenwald.net/

Check out the following Guardian article:

Charges against Edward Snowden stand, despite telephone surveillance ban

The former NSA contractor revealed the banned surveillance programme, but an Obama administration spokesman says they will not review his charges

The White House refused to reconsider its legal pursuit of Edward Snowden on Monday, while it sought to take credit for outlawing the bulk telephone surveillance programme he revealed.

Obama administration spokesman Josh Earnest rejected the argument that the imminent passage of legislation banning the practice meant it was time to take a fresh look at the charges against the former National Security Agency contractor.

“The fact is that Mr Snowden committed very serious crimes, and the US government and the Department of Justice believe that he should face them,” Earnest told the Guardian at the daily White House press briefing.

“That’s why we believe that Mr Snowden should return to the United States, where he will face due process and have the opportunity to make that case in a court of law.”

Earnest refused to comment on whether Snowden could be allowed to employ a whistleblower defence if he choose to return voluntarily, something his supporters have argued is impossible under current Espionage Act charges.

“Obviously this is something that the Department of Justice would handle if they are having [those conversations],” said Earnest. “The thing I would put out is that there exists mechanisms for whistleblowers to raise concerns about sensitive national security programmes.”

“Releasing details of sensitive national security programmes on the internet for everyone, including our adversaries to see, is inconsistent with those protocols that are established for protecting whistleblowers,” he added.

But the White House placed itself firmly on the side of NSA reform, when asked if the president was “taking ownership” of the USA Freedom Act, which is expected to pass Congress later this week.

“To the extent that we’re talking about the president’s legacy, I would suspect [it] would be a logical conclusion from some historians that the president ended some of these programmes,” replied Earnest.

“This is consistent with the reforms that the president advocated a year and a half ago. And these are reforms that required the president and his team to expend significant amounts of political capital to achieve over the objection of Republicans.”

The administration also avoided four separate opportunities to warn that the temporary loss of separate Patriot Act surveillance provisions that expired alongside bulk collection on Sunday night had put the safety of Americans at risk, as some have claimed.

“All I can do is I can illustrate to you very clearly that there are tools that had previously been available to our national security professionals that are not available today because the Senate didn’t do their job,” said Earnest.

“As a result, there are programmes and tools that our national security professionals themselves say are important to their work that are not available to them right now, as we speak.”

Asked four times by reporters whether that meant Americans were markedly less safe as a result of the standoff in the Senate, the White House spokesman repeatedly said it was up to these national security staff, not him, to say.