Category Security – computer and devices

Anyone keen in owning a non-fungible token (NFT) of a private & signed collection of Edward Snowden photos with the Canadian lawyer Robert Tibbo who helped him escape Hong Kong and the NSA back in 2013?

These photos will be auctioned at 1400 hr New York time TODAY, 28 October 2021. Check these out:

https://nationalpost.com/news/canada/canadian-lawyer-auctioning-nft-of-previously-unpublished-edward-snowden-photos

https://tibbonft.com/

https://zora.co/collections/zora/5918

https://mobile.twitter.com/tibbosnowdenNFT

Unpublished and Signed NFT photos of Edward Snowden up for auction today

Many thanks again to the Faculty of Law at the University of Hong Kong for hosting my presentation on “Whistleblowing & Internal Monitoring/Investigations” yesterday. It was a really interactive and responsive class. The scheduled three hours was barely enough to cover what I estimated to be an hour plus presentation thanks to all the interesting questions and my sincere apologies to the class for rushing through the latter parts of the slides.

One question at the end of the session, what’s the take-away on the topic.

With and without a poison-pen letter from a whistleblower, a pre-transaction reputation/investigative due diligence should always be conducted ahead of all other types of due diligence. This is not a biased opinion but one proven by real life experience from many past cases whereby some serious and damaging red flags on reputation issues/risks could potentially kill a transaction no matter how good the counterparties emerged in the legal, financial and other due diligence – although in some situations clients took advantage of the negative findings to re-negotiate terms for the pending transaction. Information is power!

In a post-transaction external/internal investigation especially one potentially heading to the courts, with and without a poison-pen letter, it is critical to conduct public records research first as the findings could be documented evidence legally admissible in courts that can help the lawyers and clients win the case. If the public records search turns out futile (a likely scenario in non-transparent and opaque jurisdictions), the findings from intelligence becomes pivotal.

I shared with the class an example of a typical court case whereby the client wins if we can prove two people A & B collaborated on a fraud scheme. No surprise they denied even knowing each other. A barrister once told me how he often receives surveillance photos of A & B say having coffee together as evidence – and how he can easily lose the case with such weak evidence. The best evidence is to prove the two have a long history of relationship – they attended the same school (public records), they were past business partners (public records), their companies were sued (public records), they commented on each other’s FaceBook (could be public records), etc. In the absence of any/sufficient public records evidence, findings from intelligence gathering can potentially turn into public records and important evidence. Consider:

– They not only attended the same school but same class, same computer club and even went on a school camping trip to Nepal when they were 10. The latter are findings from intelligence gathering
as they may be difficult to find in public records but the sources could provide photos as proof.

– They were in the same WhatsApp & WeChat groups? A source from the group could provide a screenshot of group members as proof.

– They were neighbors when they were young? This could be difficult to prove in public records because they don’t own the properties then but if there’s a lead they were neighbors, a search on their parents names could lead to documented proof.

Hence the importance of intelligence gathering. And thinking out of the box.

Shhhcretly is pleased to have the exclusive rights to release the English version of this coverage on Edward Snowden.

This original article was first published 1 December 2018 in German in the Austrian newspaper Der Standard, which reserves the publishing rights.

Shhhcretly would like to thank Der Standard and Steffen Arora for their kind permission to share the translated piece exclusively on this blog.

(Above) Photo credit: Lindsay Mills 2018.

Edward Snowden’s warning cry
By Steffen Arora
Der Standard, 1st December 2018

Former CIA contractor Edward Snowden’s revelations shone a light on the western world’s surveillance practices. But he, and those who helped him, are paying a high price. He talks to Der Standard about the need to fight on.

“This is retaliation.” In an interview with Der Standard, Edward Snowden spoke in no uncertain terms about the authorities’ treatment of the people who saved his life. In June 2013, the former US intelligence services contractor became a hounded whistleblower after he exposed the extent to which the US and its allies carry out global surveillance of the internet and digital communications, regardless of suspicious activity. He made these revelations from Hong Kong, never expecting that the moment they were published, he would become the world’s most wanted man.

It was the same moment that Robert Tibbo’s telephone rang. The Canadian had made a name for himself in the city as a dedicated human rights lawyer. He fought for the rights of asylum seekers living a pariah existence in Hong Kong – with next to no chance of their status being recognized and leading a decent life there. Tibbo saw Snowden as another refugee who needed help. To hide him from his pursuers, Tibbo found shelter for Snowden with some of his other clients; asylum seekers from Sri Lanka and the Philippines.

“They were warm, welcoming and kind. When I had fallen to the bottom of the world, they helped me up without giving a damn about who I was,” Snowden says. In the current political climate, loaded with the fear of outsiders, Snowden holds the refugees’ actions in even higher regard. “Their example, their humanity, it gave me a reason to keep fighting.”

Refugees and their lawyer under pressure

Not only Snowden, but also those who helped him, are now paying a high price for their actions. The US continues to accuse Snowden of spying and demand his extradition – and President Donald Trump would like to see him executed. Meanwhile, the seven refugees and their lawyer Mr. Tibbo are under pressure from the Hong Kong authorities.

In 2018, it is no longer an exception that human rights lawyers like Tibbo become the object of persecution themselves, says Manfred Nowak, Austrian human rights lawyer and former United Nations Special Rapporteur on Torture. Not only lawyers, but also journalists and activists from NGOs are being increasingly targeted, he says, even murdered, as records such as Russia’s show. “Human rights have not been in a crisis like this since the end of the Second World War,” Nowak says.

For Snowden’s helpers, the situation has deteriorated to the extent that this week, Tibbo turned for help to a selection of media outlets including the New York Times, Paris Match and Der Standard. He himself was forced to leave Hong Kong under diplomatic protection. He had to leave the seven refugees behind.

Effectively in exile, he continues working for his clients, who are living in constant fear of deportation. No country wants to take them in. Even Canada, which showed willingness to do so back in 2016, appears to have retreated in the face of pressure from abroad.

“Death by delay” is how lawyers such as Pascal Paradis from the NGO Lawyers Without Borders, which has been working on the case, describes this process. Snowden himself, fleeing US authorities, was left stranded in Moscow. Since then he has faced accusations that he is a Russian spy.

In fact he was aiming for Latin America, he says. “The Department of State failed to cancel my passport in time to keep me from leaving Hong Kong. But once they realized I was in the air en route to Latin America, they made public announcements to put every government around the world on notice that they intended to block my freedom of movement.”

No asylum in Austria

When he landed in Moscow for a stopover, he was stuck and could not travel further. All of his asylum applications in Europe were rejected, including by Austria. “This more than anything else is what prevents me from leaving Russia,” Snowden says in response to his critics. “If major powers of Europe can be induced by this or that secret promise to be violators of the asylum right rather than its guarantor, you can’t help but question the whole system. If you can’t count on a right now, can you count on a law?”

Manfred Nowak also sees this danger. “Democracy as a form of government is increasingly coming under pressure, as we can see in the US, Great Britain, Hungary, Poland or Italy. These countries are governed by populists, who came to power through democratic channels, but are now attacking democracy.” Nowak sees Brazil’s new president, Jair Bolsonaro, as a particularly stark example of a fascist being voted in to lead a democracy.

Nowak stresses the importance of learning from history: Free elections have destroyed democracies time and time again. “Strident democracies” urgently need to defend themselves against “pseudo- democracies,” he says, pointing to leaders such as Trump, Viktor Orban and Bolsonaro.

The western world is currently experiencing a backlash, meaning human rights defenders must go on the offensive, Nowak says. “Everyone must do their bit,” he warns emphatically. “Otherwise it could be too late.”

Nowak sees this backlash in Austria too, where the center-right and far-right are governing in coalition. “Measures are being taken which are being seen, and therefore criticized, as restrictions on the constitutional state, democracy and human rights.”

“There’s a machine behind it”

Snowden sees the refugees’ treatment and his own as telling. “You can’t look at something like this without getting a sense that the mask has dropped, and behind all the pretense of civility and process we like to believe governs our little day to day, there’s a machine behind it that would burn everything we love to the ground without a tear if it meant making a problem go away.”

Snowden is convinced it’s no coincidence that those who helped him are now being targeted. “They’re worried about the example of these families, the symbol their moral choice represents. Anybody can look at this situation and see at a glance who is right and who is wrong.”

But if the “big governments” manage to rewrite this story with an unhappy ending for those involved, they will also succeed in changing the positive message of his work with a single blow, Snowden warns. He says he does not know how far state institutions would go to achieve this, “but they’ve already gone too far.”

Human rights lawyer Nowak has first-hand experience of the conditions in Hong Kong, where the seven migrants are currently stuck. He trained lawyers there; Tibbo was one of his students.

Nowak says he knew the Hong Kong Bar Association, which is putting the Canadian lawyer under pressure and sabotaging his mandate for the refugees, as an “independent institution.” He can only assume the bar’s current treatment of Tibbo is a result of “enormous pressure from outside.”

Snowden has called on his supporters not to give up on the fight for a free world. And above all the fight for those who helped him. “Take a look at the world. Before long, we’ll all feel like refugees.”

NOTE: Documents evidencing the Hong Kong Bar Association egregious treatment of Mr Tibbo can be found in the Der Standard article as embedded PDFs: https://www.derstandard.at/story/2000092725390/pressure-mounts-on-edward-snowdens-lawyer-robert-tibbo?ref=article

The year 2019 has been setting the scene on the cyber-geopolitical scene for the 2020s. Here’s a nice sum up.

And on the personal front the best defense is to keep yourself informed – Watch out for fake news and facts-check everything you read especially anything that seems too perfectly outrageous.

I am proud to share with you a presentation by my fellow alumnus Robert Tibbo, best known as the lawyer for American whistleblower Edward Snowden, on 29 December 2019 in Messe Leipzig, Germany, an update on the situation with Snowden and the Snowden Refugees.

The lecture covers the current global erosion and dismantling of international refugees and constitutional law by increasingly authoritarian democracies and loss of international protection for whistleblowers and the brave people who protect whistleblowers, like the Snowden Refugees.

“The Snowden Refugees still in limbo in Hong Kong are at heightened risk and need public support and donations to survive. The two children in Hong Kong need to be brought to the safety of Canada at the earliest time to remove them from the dangers in Hong Kong and to have all three children reunited in Montreal,” said Tibbo.

Snowden will make an appearance in the 35th minute of the lecture.

“The choices that we made, and the things that you do, they have power. And doing nothing, that’s a choice. Now lots of us would like to think that’s a willing choice. We like to think that we are the sole captain of our own destiny. And that’s the way it’s supposed to be, that’s the way it’s intended, that’s the way we designed the system,” according to Snowden.

“And yet the system today, somehow the actors within it spend an enormous amount of energy trying to make you forget that the things you do affect the outcomes. They’ll tell you not to worry about it, that it’s not so bad. After all it ‘could be worse’. But I say to you it could be better.

“And every time we hear those words, that’s what we need to say – Every system in history, even the most powerful, has been subject to change. And every hack that is performed against us can face a patch.”

This is really terrific news for the privacy conscious and open source community – Mozilla is joining the Matrix, the new protocol for open, decentralized, encrypted communication.

The Matrix protocol aims to create a global decentralized encrypted real-time communications network that provides an open platform similar to the Web.

One general (and major) appeal of Matrix is that it works seamlessly between different service providers by supporting what is known as “bridging messages” from different chat applications into the “Matrix rooms”. These bridges currently include popular communications apps like WhatsApp, WeChat, Telegram, Signal, Skype, Facebook Messenger, etc. In laymen’s terms, you can add your favorite communications apps to Matrix for better (and ultimate) privacy protection.

The Matrix community, admittedly still in its infancy but with huge potential, is understandably thrilled in welcoming onboard Mozilla, the “champions of the open web, open standards, not to mention open source”. The Matrix protocol is currently using the “riot.im” interface, which is hindering its appeal to the masses. Hence the introduction of Mozilla will be crucial for its development.

If anyone asks what is the safest way to communicate, or which is the safest communications apps these days – like “Is Telegram still safe?” – the Matrix protocol is probably the answer going forward.

(Above) Photo credit: HuffingtonPost.co.uk

(Above) Photo credit: WikiLeaks

See WikiLeaks for more details on Target Tokyo.

(Above) Photo Credit: The Intercept

Above photo: From left to right Duncan Campbell, Crispin Aubrey and John Berry in the ‘ABC’ case (Source: The Intercept – ANL/Re/REX Shutterstock)

The Register: Special Report Duncan Campbell has spent decades unmasking Britain’s super-secretive GCHQ, its spying programmes, and its cosy relationship with America’s NSA. Today, he retells his life’s work exposing the government’s over-reaching surveillance, and reveals documents from the leaked Snowden files confirming the history of the fearsome ECHELON intercept project. This story is also published simultaneously today by The Intercept, as is – at long last – Duncan’s Register Christmas Lecture from last year.

Find out more on this insightful article printed by The Intercept and The Register.

(Above) Photo credit: Max Whittaker for The New York Times.

Below is a New York Times article on a China matter widely quoted by the Chinese media.

And here are some additional background coverage on the case:

China Seeks Businessman Said to Have Fled to U.S., Further Straining Ties
By MICHAEL FORSYTHE and MARK MAZZETTIAUG. 3, 2015

LOOMIS, Calif. — China is demanding that the Obama administration return a wealthy and politically connected businessman who fled to the United States, according to several American officials familiar with the case. Should he seek political asylum, he could become one of the most damaging defectors in the history of the People’s Republic.

The case of the businessman, Ling Wancheng, has strained relations between two nations already at odds over numerous issues before President Xi Jinping’s first state visit to the United States in September, including an extensive cybertheft of American government data and China’s aggressive territorial claims.

Mr. Ling is the youngest brother of Ling Jihua, who for years held a post equivalent to that of the White House chief of staff, overseeing the Communist Party’s inner sanctum as director of its General Office. Ling Jihua is one of the highest-profile casualties of an anticorruption campaign that Mr. Xi has made a centerpiece of his government.

The Obama administration has thus far refused to accede to Beijing’s demands for Ling Wancheng, and his possible defection could be an intelligence coup at China’s expense after it was revealed last month that computer hackers had stolen the personnel files of millions of American government workers and contractors. American officials have said that they are nearly certain the Chinese government carried out the data theft.

Mr. Ling’s wealth and his family’s status have allowed him to move freely in elite circles in China, and he may be in possession of embarrassing information about current and former officials loyal to Mr. Xi.

Mr. Ling appears to have evaded the Chinese authorities. He is now in the United States, according to several American officials and his next-door neighbor here in the foothills of the Sierra Nevada, where property records show Mr. Ling owns a 7,800-square-foot home, which he bought from a professional basketball player for $2.5 million.

The Chinese government in recent months has been raising pressure on the Obama administration to return Mr. Ling, according to the American officials. The officials spoke on the condition of anonymity in order to discuss a delicate diplomatic matter that has already complicated an arrangement made in April between the Department of Homeland Security and China’s Ministry of Public Security.

Under that arrangement, signed during a visit to Beijing by Jeh Johnson, the secretary of Homeland Security, the United States would be able to repatriate many of the tens of thousands of Chinese currently in the United States awaiting deportation, some in American detention facilities. In return, the United States would help the Chinese track down wealthy fugitives from China living in the United States who might also be breaking American laws.

Several American officials confirmed that Mr. Ling is in the United States, but they would not say publicly whether Mr. Ling had applied for asylum or give information about his whereabouts. The Department of Homeland Security, which handles asylum cases, does not comment about specific cases because of privacy laws.

China’s Foreign Ministry did not comment after being sent a faxed request for information on Mr. Ling’s case. Press officers for the White House, State Department and Department of Homeland Security declined to comment.

Three telephone numbers that people in California used to contact Mr. Ling all had Dallas area codes. Mr. Ling, whose English is said to be poor, did not respond to text messages in Chinese requesting an interview. Two of the three numbers are no longer in service, and no one answered the third number.

Christopher K. Johnson, a former C.I.A. analyst focusing on China, said the Chinese leadership might want Mr. Ling’s assistance in prosecuting his older brother. And, Mr. Johnson said, it would want to prevent the “treasure trove” of knowledge he has about Chinese politics from passing to United States officials.

“The leadership would want this guy badly,” Mr. Johnson, now at the Center for Strategic and International Studies in Washington, said in a telephone interview. “There’s no question that he would have access to a lot of interesting things.”

While it is unclear how much Ling Wancheng knows, the Communist Party itself has revealed some tantalizing clues about his brother Ling Jihua’s behavior, claiming that his corruption was a family affair. Last month, the party announced that Ling Jihua — a loyalist to the previous president, Hu Jintao — had been expelled from the party and would be tried, saying that he had “accepted huge bribes personally and through his family.”

Ling Jihua, 58, rose through the Communist Party’s Youth League under Mr. Hu in the 1980s and eventually served as either deputy or chief of the Central Committee’s General Office from 1999 to 2012. He was Mr. Hu’s personal secretary and closest protégé, and his position came with great powers: the ability to control the guards who protected the senior leadership, a significant voice in top personnel appointments and a central role in carrying out policy.

“It’s really the nerve center for the entire system,” Joseph Fewsmith, a professor at the Pardee School of Global Studies at Boston University who focuses on Chinese politics, said of Ling Jihua’s former position. “This is the essence of power politics.”

Ling Jihua was expected to advance to the elite Politburo, as every person who previously held that position since 1942 had done, including former Prime Minister Wen Jiabao.

But on March 18, 2012, Ling Jihua’s son was killed when the black Ferrari he was driving crashed in Beijing. One of two women with him in the car later died.

Ling Jihua’s botched cover-up of the episode helped lead to his political downfall. He was denied a spot on the Politburo, demoted to a less important post and, in December 2014, officially put under a corruption investigation.

But the corruption inquiry into Ling Jihua goes far beyond the Ferrari crash, and his younger brother, Ling Wancheng, may have played an important role.

As a senior official, Ling Jihua had his moves monitored. But his brother, as a private citizen, was far less constrained. He built a fortune as the chief of a Beijing-based investment company, which bought well-timed stakes in companies that went on to hold successful initial public offerings, earning the firm $225 million, according to a report in Caixin, a respected Chinese news media company. A company using the same California address that he used to buy his home in Loomis also bought at least two golf courses, one near Loomis, the other in Carson City, Nev., property records show.

Ling Wancheng is one of several Chinese citizens in the United States whom Beijing has requested be returned to China. A forum has been established to discuss these cases, called the U.S.-China Joint Liaison Group on Law Enforcement Cooperation, where the Chinese regularly press their case to Obama administration officials.

However, Ling Wancheng, who is believed to be in his mid-50s and goes by the name Wang Cheng or Jason Wang, was not on the publicly disclosed list of 40 fugitives believed to be in the United States that was released by the Chinese government this year, indicating how delicate the case may be to the senior leadership.

Marc Raimondi, a spokesman for the Department of Justice, said the department “has repeatedly shown that it will vigorously pursue prosecutions in the United States where there is alleged money laundering or other criminal activity in this country by fugitives sought by China.”

But, he added, “it is not sufficient to simply provide a list of names.” The department has urged China to provide evidence, Mr. Raimondi said.

In late 2013, Mr. Ling, using the name Wang Cheng, and a person using the name Li Ping, the same name as a former presenter on state television whom the Chinese news media have identified as Mr. Ling’s wife, bought a house in a gated community in Loomis from a National Basketball Association player, Beno Udrih, real estate records show.

Ray Matteson, Mr. Ling’s neighbor in Loomis, and his wife soon became friends with the couple next door, who introduced themselves as Jason and Jane Wang. The Mattesons invited them over for dinner or drinks at least three times. Mr. Ling offered gifts, once giving them a bottle of liquor from the family’s home province, Shanxi, and on another occasion two magnums of California wine.

The Mattesons said their neighbor had given no hints about his family’s high-level political struggle, the arrest of Ling Jihua and another older brother or the death of his nephew.

“In my mind, there’s no question he was a gentleman,” said Mr. Matteson, who, along with another person who met him in Loomis, confirmed that Jason Wang was the man identified in the Chinese news media as Mr. Ling. Neither person, however, could match the woman introduced as Jane Wang with pictures of Li Ping, the former Chinese television presenter.

Mr. Ling would send text messages to his next-door neighbors. His English was poor, so he often used emoji, like a thumbs up or a happy face. He would send links to videos he found funny, and he asked for advice on where to find people to clean his windows.

Mr. Matteson said he had not seen Mr. Ling since October, when the two couples had dinner at Mr. Matteson’s home. But if Mr. Ling was in hiding in the United States, the prosaic details of maintaining a California estate kept him tethered to Loomis: There were homeowners association fees to pay, and a gardener had to keep the bushes trimmed and the lawn mowed.

Mr. Matteson’s last contact with Mr. Ling was in May, when the alarm system in Mr. Ling’s house was activated and the security company asked Mr. Matteson to contact Mr. Ling to obtain the code to enter the gate to his home.

The Mattesons said they had never seen any unusual activity in the neighborhood, except for one visit several months ago by officers from the Department of Homeland Security, who said they were trying to contact Mr. Ling.

Ling Wancheng’s visa status is unclear. Christopher Bentley, a spokesman for the United States Citizenship and Immigration Services, a division of Homeland Security, said that it usually took one to three years for an asylum case to be settled. During that period, he said, the asylum seeker is allowed to stay legally in the country.

Michael Forsythe reported from Loomis, and Mark Mazzetti from Washington.

And for Snowden? Hmmm…

Check out this Politico article below and my previous related columns on the same subject:

Google contests global ‘right to be forgotten’ order
Don’t make us apply European laws around the world, Google pleads.
By David Meyer
30/7/15, 5:59 PM CET
Updated 31/7/15, 5:38 PM CET

Google is appealing an order from the French data protection authority to apply the “right to be forgotten” on a global basis, the company said Thursday.

The Commission nationale de l’informatique et des libertés (CNIL) said in June that, when Google receives requests for the delisting of personal information from its search results, it should remove links to that information from all its sites around the world, including google.com.

The search giant currently only removes such results from its European domains, as the “right to be forgotten” stems from a ruling by Europe’s highest court.

Google has now formally asked CNIL to withdraw its order for global delisting.

“We’ve worked hard to implement the right to be forgotten ruling thoughtfully and comprehensively in Europe, and we’ll continue to do so,” said Peter Fleischer, Google’s global privacy chief, in a statement. “But as a matter of principle, we respectfully disagree with the idea that a national data protection authority can assert global authority to control the content that people can access around the world.”

The Court of Justice of the European Union ruled in May 2014 that EU-wide privacy legislation applies to foreign search engines operating in the region. It said search engines must take down links to information that is “inaccurate, inadequate, irrelevant or excessive” upon request, as long as there are no good reasons to keep them in its results.

Google went on to comply with the ruling, though a dispute remained between the firm and privacy regulators over the scope of the delinking.

Internet regulation is inherently complicated by the fact that the Internet does not naturally respect national borders. This leads to a tension between those who want to see national laws respected in the countries where they apply, and those who see international enforcement as the only way to make that happen.

While it is relatively easy to apply rules to country-specific versions of a website, such as those with addresses ending in Germany’s “.de” or France’s “.fr,” there is nothing to stop people visiting other versions of the site to find missing information.

The Article 29 Working Party, the umbrella group for EU data protection regulators, wrote in November that “limiting delisting to EU domains on the grounds that users tend to access search engines via their national domains cannot be considered a sufficient mean to satisfactorily guarantee the [privacy] rights of data subjects.”

This stance was the basis for CNIL’s order in June, which came with the threat of a fine of up to €150,000 for non-compliance.

However, a Google-convened panel of privacy experts said in February that the rights of EU citizens had to be balanced with those of people in other countries, who may have the right to see the offending information under their own national laws.

Americans accessing google.com, for example, live in a country whose legal system broadly prioritizes freedom of speech over the right to privacy.

Google built on this theme on Thursday, arguing that global delisting would risk a “chilling effect” on the web as many countries around the world have their own national speech restrictions.

The firm cited several national examples: Turkey criminalizes some criticisms of Kemal Ataturk; Thailand does the same for its royalty; and Russians are banned from disseminating “gay propaganda” online.

“If the CNIL’s proposed approach were to be embraced as the standard for Internet regulation, we would find ourselves in a race to the bottom,” Fleischer wrote in a blog post. “In the end, the Internet would only be as free as the world’s least free place.”

CNIL said it had received Google’s appeal and would “look at the arguments,” though it claimed those arguments were “in part political” whereas its own reasoning was “strictly legal.”

The regulator added that it would respond within two months.

Nicholas Hirst contributed to this story.

Check out the reading list by the folks at The Intercept. Surprise Glenn Greenwald’s “No Place to Hide” is not in the list.

Check out the following Guardian article:

Spies helped build Silicon Valley. Now the tables are turning

David Cameron wants US tech sector companies to do more to fight terrorism. But they’ve grown too powerful to listen

Gordon Corera
Wednesday 29 July 2015

If you want to understand how modern British and American intelligence services operate, you could do worse than visit the new exhibition that opens at Bletchley Park this week. It tells the story of code-breaking in the first world war, which paved the way not just for the better-known success story of world war two, but also GCHQ and the NSA’s modern day bulk interception.

A century ago, just as today, intelligence services and network providers used to enjoy a symbiotic relationship. Britain, for example, exploited its dominance of the telegraph system to spy after its companies had built an imperial web of cables that wrapped itself around the world. Britain’s first offensive act of the conflict was to cut Germany’s own undersea cables and install “secret censors” in British company offices around the world that looked out for enemy communications. A staggering 80m cable messages were subject to “censorship” during the war.

In recent decades the US has enjoyed a similar ability to spy on the world thanks to its role in building the internet – what the NSA called “home field advantage”. This worked via two channels. The first was fibre-optic cables passing through either American or British territory, allowing intelligence agencies to install the modern equivalent of secret censors: computerised black boxes that could filter data to look for emails based on “selectors”. The second channel was Silicon Valley – which had thrived thanks to massive Pentagon and NSA subsidies. People around the world sent their communications and stored their data with American companies, whose business model often involved collecting, analysing and monetising that data. This attracted spies like bears to honey. And so Prism was born – requiring the companies themselves to run selectors across their own data. 45,000 selectors were running in 2012. Put together with cable-tapping, this meant that nearly 90,000 people around the world were being spied on.

Building the internet allowed the US to export its values, import other countries’ information through spying and make a lot of money for American corporations along the way. But the relationships have fractured. The Snowden disclosures were one reason – exposure led tech companies to back away from quiet cooperation and make privacy a selling point (even competing with each other as seen in Apple’s CEO blast against Google recently).

At the same time, Isis’s use of social media has increased the state’s desire to get more from these companies, leading to growing tension. It was notable that David Cameron’s speech on extremism last week singled out tech companies for criticism. When their commercial models are built around tracking our likes and dislikes, why do they say it’s too difficult to help when it comes to the fight against terrorism, the prime minister asked.

A big problem for the spies is that during the first world war the cable companies that helped Britain knew who was boss. Today it is more complex. An angry Mark Zuckerberg of Facebook told President Obama that his administration “blew it” when it tried to defend Prism by saying it was only used to spy on foreigners. After all, most of Facebook and Silicon Valley’s customers are foreigners.

The British government criticised Facebook for not spotting private messages from one of the men who went on to kill Lee Rigby. This is the kind of thing Cameron wants the companies to do more on. But whose job is it to spy? The companies are nervous of signing up to a system in which it is their job to scan their customers’ data and proactively report suspicious content, effectively outsourcing the act of spying (and not just the collection of data) to the private sector. Such a deal, tech companies fear, could set a dangerous precedent: if you help Britain when it comes to national security, what do you do when China or Russia come knocking?

On his first day as director of GCHQ, Robert Hannigan launched a volley against Silicon Valley, accusing it of acting as “command and control” for groups like Isis. But since then, the tone has been more conciliatory. What Hannigan may have realised is that companies have the upper hand, partly because the data is with US companies that are subject to US laws. To avoid the Russia and China issue, they assert their co-operation is voluntary and there is not much the British state can do about it.

It was notable that in his speech, Cameron didn’t threaten new legislation. Why? Because he knows that power relations between governments and corporations have shifted since the first world war: modern tech firms are too big to be pushed around.

If they have a vulnerability, it’s their dependence on customers: verbal volleys from politicians and spies are a sign that the real battleground is now public opinion. Companies are gambling that focusing on privacy will win them the trust of the public, while governments in London and Washington are hoping that talking about terrorism will pressure companies to cooperate more. Who wins this tug of war may depend on events that neither party can control, including the prevalence of terrorist attacks. Whatever the case, the old alliance between Silicon Valley and the spies is no more.

Check out The Daily Dot article below:

Windows 10 can share your Wi-Fi password with your Facebook friends

By Mike Wehner
Jul 3, 2015, 12:28pm CT

If you’ve been using the internet for any considerable amount of time you already know that your password is really never absolutely secure. From hacking incidents to other security breaches, it’s impossible to know that your secret code is indeed always secret, and now Microsoft’s soon to be released Windows 10 is making one of your passwords even less secure by gifting it to your Facebook friends.

Microsoft’s Wi-Fi Sense feature—already in operation on Windows Phones and coming to Windows 10 upon its debut later this year—is aimed at making it easier to share your connection with your friends. To that end, it allows users to effortlessly use each other’s Wi-Fi connections by allowing them to use your password.

The password itself is encrypted and shared automatically once you opt-in, and the list of people who can use it includes your Outlook mail contacts, Skype contacts, and even your Facebook friends.

The idea here is that if you’re at a friends house and you both have Wi-Fi Sense, you can join their network without having to ask for their password. Ideally, such a system will save you from using your wireless data plan as much as possible, thereby saving you a few bucks.

However, there are likely plenty of people on your Facebook or email contact lists that you wouldn’t want browsing from your own internet connection, and that’s where the potential for trouble comes in. Not surprisingly, Microsoft’s own FAQ about Wi-Fi Sense is filled with warnings about connecting to unfamiliar hotspots, as well as sharing your connection with those you don’t trust.

The documentation also notes that you cannot pick and choose individual contacts with which to share your connection. Instead, you’ll only be able to toggle huge groups on or off, like everyone from your Skype list or your entire Facebook friends roster. So, if you don’t trust absolutely everyone you know on Facebook, Skype, or Outlook, it’s probably a good idea to leave this would-be handy little feature unused.

Check out this article from The Star:

Secret deal between Canada’s spies and border guards raises concerns

A memorandum of understanding between the two agencies allowed info sharing, joint operations without political oversight.

By: Alex Boutilier Ottawa Bureau Reporter, Published on Thu Jul 02 2015

OTTAWA—A secret deal between Canada’s spies and border guards proposed more information sharing and joint operations without the need for political sign-off, the Star has learned.

A 2014 deal between the Canadian Security Intelligence Service and the Canada Border Services Agency proposed the two agencies be allowed to share information and resources without the prior approval of their political masters.

“The Framework (Memorandum of Understanding) will also authorize (CSIS) to enter into more specific arrangements with CBSA, as required, without the necessity to seek your approval each time,” wrote CSIS director Michel Coulombe in a memo explaining the deal to Public Safety Minister Steven Blaney.

Blaney’s office won’t say whether or not the deal has been approved.

The deal, obtained under access to information law, would permit the two agencies to share “investigative techniques, the provision of equipment, the sharing of information, resources or personnel” to assist one another to meet shared objectives.

CSIS is allowed to enter into agreements with other departments and agencies, including foreign partners, and routinely does. But the rules governing the spy agency state that CSIS needs the express permission from the public safety minister to do so.

But Coulombe explicitly stated that, under the new deal, Blaney’s approval would not be required for further co-operation between the two agencies. Both would otherwise have to follow their respective mandates, the deal states.

The Star requested an interview with Blaney, and provided a detailed list of questions. That interview request was denied. Blaney’s office would not say if the minister approved the deal, and did not respond to the Star’s questions.

Jeremy Laurin, a spokesperson for the minister, instead provided a written statement referencing the threat of “jihadi terrorists” and the necessity for national security agencies to work together.

“In today’s global threat environment, national security is a team effort — which means that CSIS works with many domestic partners,” Laurin wrote. “CBSA is one of those partners.”

It’s not clear when the deal itself was drafted — the documents themselves are undated, but were released in a batch of briefing notes written last summer. That means the proposal would have crossed Blaney’s desk well before the Conservatives introduced controversial new terror laws that drastically expanded the agency’s mandate.

Bill C-51 allows CSIS to “disrupt” real or perceived threats to national security, rather than passing the intelligence they gather to an enforcement agency. The legislation, which recently became law, also greatly expands government agencies’ ability to share information deemed relevant to national security.

While the scope of the information sharing provisions alarmed security researchers and privacy experts, the majority Conservatives said they were necessary to ensure Canadians were kept safe. But The Canadian Press reported Wednesday that CSIS had told senior bureaucrats that improvements to their access to information could be achieved within the existing law.

Wesley Wark, a security researcher at the University of Ottawa, said it’s not uncommon for agencies to have formal agreements governing joint operations. But this deal in particular, Wark said, appears to diminish political accountability.

“It also shows a tendency on (the) part of the Harper government to allow for an erosion of ministerial accountability,” Wark wrote after reviewing the documents. “And it reminds us of one of the big holes in the fabric of accountability for security and intelligence — namely the absence of independent, external review of CBSA.”

Craig Forcese, also a University of Ottawa professor and vocal critic of Bill C-51, said the “stovepipe” nature of Canada’s intelligence review bodies is a major concern with these type of agreements.

The Security Intelligence Review Committee, for instance, can review actions taken by CSIS after the fact. But the committee has no ability to “follow the thread” of an operation when CSIS partners with another agency like CBSA, the RCMP, or Canada’s electronic spying agency, the Communications Security Establishment.

“If I had set out to intentionally design a system of accountability likely to break, it would look a lot like our current system of stovepiped review,” Forcese said.

“Add to that CBSA has no review body of its own — and, as best I know, is the only agency with a law enforcement or intelligence mandate in the country without some form of external, independent review or oversight.”

The Star requested the text of CSIS’s memorandums of understanding with other agencies. The agency declined to provide them, or to list which agencies it co-operates with, saying that the agency operates within its mandate, ministerial direction, and internal policy.

Before:

CSIS is permitted to enter into partnerships, both domestic and international, under Section 17 of the CSIS Act. The act requires the agency to get the go-ahead from the public safety minister beforehand.

After:

If the CSIS-CBSA deal was accepted, the two agencies could co-operate without bothering to get approval from politicians.

Under C-51:

The Conservatives’ controversial terror law allows for the free flow of information between 17 domestic law enforcement agencies and departments. Canada’s privacy commissioner has called the provision excessive.

Check out this Daily Mail article for more details.

(Above) Photo credit: Hacked.com

Do you still have faith in cyber-security firms – recall the recent story about the Hacking Team?

Consider this: A Cyber-security firm known as Tiversa scams potential and ex-clients into memberships by hacking into their servers as a scare tactic to increase profits for Tiversa. Tiversa was brought before the Washington D.C. courthouse in May to explain their scam.

Check out the VentureBeat article below:

Symantec: Spam falls below 50% of all email for the first time since 2003

July 17, 2015 8:20 AM
Emil Protalinski

Good news for all of us who still have to use email: spam rates are dropping! In fact, junk messages now account for just 49.7 percent of all emails.

The latest figure comes from security firm Symantec’s June 2015 Intelligence Report, which notes this is the first time in over a decade that the rate has fallen below 50 percent. The last time the company recorded a similar spam rate was back in September 2003, or almost 12 years ago.

More specifically, Symantec saw 704 billion email messages sent in June, of which 353 billion were classified as spam. At one of the peaks of the spam epidemic, in June 2009, 5.7 trillion of the 6.3 trillion messages sent were spam, according to past data from Symantec.

The report uses Symantec clients to extrapolate the figure, so the actual rate could be a bit higher or lower. That said, the spam rate appears to be dropping: Symantec’s spam number was 52.1 percent in April and 51.5 percent in May.

The decline of spam is usually attributed to legal prosecution against botnets (including by major tech companies like Microsoft), faster reaction times by network providers, improved blocking, and better filtering. The main goal is to make the business less lucrative: If you can slash profit margins for a spammer, you can slash spam itself.

This is great news for not just email users but companies that are dedicated to fighting spam. Their business isn’t going away anytime soon, but they are making progress.

Other findings in the report, which talks about not just spam but security overall, include:

– 57.6 million new malware variants were created in June, up from 44.5 million pieces of malware created in May and 29.2 million in April.

– Ransomware attack has increased for the second month in a row and crypto-ransomware has reached its highest levels since December 2014.

You can read Symantec’s full 19-page report here.

(Above) Photo credit: WikiLeaks

See WikiLeaks for more details and related media coverage.

Find out more from WikiLeaks’ latest on All The Chancellor’s Men and related media reports.

It was much worse than previously reported: more than 21 million people were “swept up in a colossal breach of government computer systems that was far more damaging than initially thought”. Find out more from the New York Times.

Find out more from The Intercept article below:

Leaked Documents Show FBI, DEA and U.S. Army Buying Italian Spyware

By Cora Currier and Morgan Marquis-Boire @coracurrier@headhntr

The FBI, Drug Enforcement Administration and U.S. Army have all bought controversial software that allows users to take remote control of suspects’ computers, recording their calls, emails, keystrokes and even activating their cameras, according to internal documents hacked from the software’s Italian manufacturer.

The company, Hacking Team, has also been aggressively marketing the software to other U.S. law enforcement and intelligence agencies, demonstrating their products to district attorneys in New York, San Bernardino, California, and Maricopa, Arizona; and multi-agency task forces like the Metropolitan Bureau of Investigation in Florida and California’s Regional Enforcement Allied Computer Team. The company was also in conversation with various other agencies, including the CIA, the Pentagon’s Criminal Investigative Service, the New York Police Department, and Immigrations and Customs Enforcement.

The revelations come from hundreds of gigabytes of company information, including emails and financial records, which were released online Sunday night and analyzed by The Intercept. Milan-based Hacking Team is one of a handful of companies that sell off-the-shelf spyware for hundreds of thousands of euros — a price point accessible to smaller countries and large police forces. Hacking Team has drawn fire from human rights and privacy activists who contend that the company’s aggressive malware, known as Remote Control System, or RCS, is being sold to countries that deploy it against activists, political opponents and journalists.

Even in the U.S., where the software would presumably be used only with a judge’s approval, the tactic is still controversial. Just last month, Sen. Chuck Grassley, R-Iowa, wrote to the director of the FBI asking for “more specific information about the FBI’s current use of spyware,” in order for the Senate Judiciary Committee to evaluate “serious privacy concerns.”

The leaked emails show that the FBI has been using Hacking Team’s software since 2011, apparently for the secretive Remote Operations Unit. It’s long been reported that the FBI has deployed malware in investigations, but details on the agency’s efforts are thin, with the tactic only surfacing rarely in court cases — such as one instance last year when the FBI spoofed an Associated Press article to get a target to click on a link. The FBI reportedly develops its own malware and also buys pre-packaged products, but the relationship with Hacking Team has not been previously confirmed.

Hacking Team’s spokesperson, Eric Rabe, said in a statement that “we do not disclose the names or locations of our clients” and “we cannot comment on the validity of documents purportedly from our company.”

The director of the Metropolitan Bureau of Investigation in Florida told The Intercept that it “does not have plans to purchase any product from Hacking Team.” The Manhattan District Attorney’s office said, “It would be an overstatement to say that our office is planning to purchase this type of software. This company is one of several in the industry whom we’ve requested meetings with in order to keep pace with rapid technological advancements in the private sector.”

The CIA declined to comment, and ICE said it “does not discuss law enforcement tools and techniques.” (The Intercept will update this story if other agencies named in the documents respond to requests for comment.)

The leaked emails show that U.S. agencies worried about the legality and perception of Hacking Team’s tools.

Hacking Team refers to its U.S. clients by code names. The FBI unit is “Phoebe” (initially “f-client,” but one employee complained “it sounds like an antivirus),” the DEA is “Katie,” and the CIA, which appears to have sampled, but not bought Remote Control System, is “Marianne.”

In 2011, a representative of the DEA’s Office of Investigative Technology told Hacking Team that its budget request for Remote Control System had been denied because it was considered “too controversial,” according to an email. “We are working on the foreign angle,” the DEA said, according to Hacking Team’s U.S. account manager.

“I imagine Katie [DEA] is referring to the fact that they as the DEA could buy RCS for other countries (Colombia) where it’s less problematic to use it,” an employee replied in Italian.

The purchase did go through in 2012, and it appears to have been used mainly in conjunction with Colombian law enforcement. As one email explained, “Katie will be administrator of the system, while the locals will be collecting the data. They are saying if this works out, they will bring it to other countries around the world. Already they are speaking of El Salvador and Chile.”

Robotec, a company that manages Hacking Team’s sales to several Latin American countries, also mentions clients in Colombia using DEA funding.

Local police in the U.S. also had their worries. Florida law enforcement told Hacking Team this year that the software could create legal problems without the ability to have “‘minimization’ of the calls and messages — (ie. deleting portions which are not relevant to the search.)”

In 2013, San Bernardino’s district attorney wanted to go to a judge to obtain a warrant targeting a “known bad guy” even for a trial run of the software. “If the systems [sic] proves itself in this live trial, and the judge is convinced of both its value and proper protection of privacy, they would then move into the purchase phase,” one of Hacking Team’s U.S. business partners, from the security giant SS8, explained.

“One of the concerns of this segment is that the HT product is ‘too powerful,’” Fred D’Alessio, who sits on the board of SS8 and is identified on LinkedIn as a senior advisor to Hacking Team, wrote about local agencies. “They have also said, their biggest challenge is ‘getting the lawyers and the District Attorneys to agree on what they can do legally.”

Hacking Team’s FBI contacts worried that the spread of Hacking Team software around the country could cause word to get out (as has happened with technology like Stingrays, the devices that police use to track cell phone location.) “If San Bernardino gets exposed, they might also expose Phoebe,” Hacking Team’s U.S. point man, Alex Velasco, wrote in September 2013.

The FBI’s use of Hacking Team’s software also informs the public debate about the growing use of encryption to protect Internet communications. FBI and other top U.S. law enforcement officials have been calling for a law that would provide for a “backdoor” into commercial encryption technologies — something privacy advocates and many cybersecurity researchers see as a undermining Internet security.

Hacking Team claims that its software offers a way around encryption, obviating the need for a backdoor. Vincenzetti regularly sends out articles about the encryption debate to his email list with a plug for Remote Control System. Last February, he wrote that law enforcement and security agencies could use “technologies to ACCESS THE DATA they need IN CLEARTEXT, BEFORE it gets encrypted by the device and sent to the network and AFTER it is received from the network and decrypted by the device itself. Actually THIS IS precisely WHAT WE DO.”

The Buyers

The push into the local district attorney market, for which the company considered San Bernardino a pilot, appears to have been facilitated by SS8, a massive California-based security company that markets to law enforcement agencies in the United States and abroad. (Rabe denied that SS8 is working with Hacking Team, despite emails between the companies.) The local market could be lucrative: a budget for the district attorney in New York that Hacking Team proposed in April totaled $760,000 in upfront license fees, and another $382,000 in services and maintenance.

“As with so many other surveillance technologies that were originally created for the military and intelligence community, they eventually trickle down to local law enforcement who start using them without seeking the approval of legislators — and, in many cases, keeping the courts in the dark too,” said Christopher Soghoian, principal technologist of the American Civil Liberties Union.

The DEA, FBI and Army bought Hacking Team’s software through a company called Cicom, which for several years served as a middleman for Hacking Team’s U.S. business. The DEA and Army contracts to buy Remote Control System through Cicom were first revealed by the advocacy group Privacy International this spring. Reporters noted that Cicom shared the same corporate address in the United States as Hacking Team, but when asked about the connection by Ars Technica, Hacking Team’s U.S. spokesperson Eric Rabe said, “I cannot confirm any relationship between the company Cicom and Hacking Team.”

Alex Velasco, Cicom’s general manager, has in fact been a consultant under contract to represent Hacking Team to clients in North America since 2012, company emails show. The relationship ended in March, after Hacking Team accused Velasco of scheming to market competing products, according to an internal investigation commissioned by Hacking Team. Velasco declined to comment to The Intercept on the allegations, because he is in legal proceedings with Hacking Team.

Hacking Team was also in talks in 2014 with the FBI’s National Domestic Communications Assistance Center, a secretive unit formed in 2012 and focused on interception technologies. Velasco claims in an email that the group came to them after Citizen Lab, a research group at the University of Toronto focused on Internet technology and human rights, published a highly critical report on Hacking Team’s global sales. “If anything good came out of the Citizen lab articles is that it brought them to contact us to see if it was true,” he wrote. “Thank you Citizen Lab!!”

It’s not clear from Hacking Team emails what Army component bought an RCS system in 2011, but it was based at Fort Meade and apparently sat unused for years. According to a 2013 email from Velasco, “they purchased a system right before they got their budget cut…They were never given permission to pull an internet line to their office to install the system. (ridiculous but true!)”

Hacking Team was in the midst of negotiations for a new FBI contract from Cicom after Velasco’s firing, but the agency decided to go with another vendor due to budget timing issues, according to an email from Phillipe Vinci, Hacking Team’s vice president for business development. Besides, the product was “seen as a ‘nice to have’ by FBI,” but “they confessed they were using it for low level types of investigations. For critical operations, they were using another platform,” wrote Vinci. He said the FBI wanted more ability to go after users of Tor, the anonymizing web browser; those users accounted for 60 percent of its targets.

But Hacking Team appeared determined to continue its conquest of the U.S. market.

“There will be a process to have ‘HT Usa Inc.’ accredited,” wrote operations manager Daniele Milan. He pledged to stay in touch with the FBI, marketing new features, and identifying problems “to resolve for them (in exchange for $$$).”

While Hacking Team’s emails reveal the company to be stringent about selling only to governments, the company officials appear to worry less about how its technology is used once it gets to those customers. Responding to concerns raised by the district attorney of New York in 2013, Hacking Team’s chief operating officer Giancarlo Russo wrote that “all the consideration regarding the ‘legal framework’ cannot be addressed by us.”

Instead, he was more concerned about local customers’ ability to use the product effectively. “If you buy a Ferrari… they can teach you how to drive. They cannot grant you will be the winner of the race,” he wrote to his colleagues in English. “If Beretta sell you a gun, the most peculiar and sophisticated one, they can teach how to use it. They can not grant you are going to shoot your target properly on the field.”

–– Sheelagh McNeill contributed research to this report.

Check out the Reuters article below:

Russian parliament approves Internet privacy bill

Technology | Fri Jul 3, 2015 11:04am EDT
Reuters/Mal Langsdon

Russia’s parliament gave its final approval on Friday to a law that would require Internet search engines to remove users’ personal information from their results.

The bill, passed by the State Duma lower house in its third reading, seeks to emulate European Union rules on the “right to be forgotten”, under which search engines must take down certain results that appear under a search of a person’s name.

Under the new Russian legislation, Internet users will have the right to request the removal of information that is incorrect or “no longer relevant because of subsequent events or actions”, TASS news agency reported.

The regulation, which now needs to be signed into law by President Vladimir Putin, has been criticized by Russian web companies who are concerned about balancing rights to personal privacy against the freedom of information.

“We believe that control over dissemination of information should not restrict free access to public data. It should not upset the balance of personal and public interests,” said Russia’s biggest search engine Yandex.

After discussing the draft with search engine providers, the Duma approved some minor changes to the bill, Yandex added.

Users will now need to provide specific references to the web pages they wanted deleting and web companies will have 10 days to comply with the request.

TASS reported that search engines would also not be required to remove information about an applicant’s criminal record.

“Yandex and other Internet companies have criticized this legislation from the moment we heard about,” Yandex said in a statement. “Unfortunately, many important changes, from our point of view, have not been implemented.”

Google in Russia was not immediately available for comment.

(Reporting by Jack Stubbs and Maria Kiselyova; Editing by Alison Williams)

To celebrate the US Independence Day on 4 July, WikiLeaks, together with The Intercept, released its latest disclosure “Bugging Brazil“, “a top secret US National Security Agency target list of 29 key Brazilian government phone numbers that were selected for intensive interception”.

“The US targeted not only those closest to the President, but waged an economic espionage campaign against Brazil, spying on those responsible for managing Brazil’s economy, including the head of its Central Bank. The US also extensively targetted Brazil’s diplomacy, targeting the phones of its Foreign Minister and its ambassadors to Germany, France, the EU, the US and Geneva as well as its military chiefs,” according to WikiLeaks.

“Our publication today shows the US has a long way to go to prove its dragnet surveillance on ‘friendly’ governments is over. The US has not just being targetting President Rouseff but the key figures she talks to every day. Even if US assurances of ceasing its targetting of President Rousseff could be trusted, which they cannot, it is fanciful to imagine that President Rousseff can run Brazil by talking to herself all day. If President Rousseff wants to see more US investment in Brazil on the back of her recent trip as she claims, how can she assure Brazilian companies that their US counterparts will not have an advantage provided by this surveillance, until she can really guarantee the spying has stopped – not just on her, but on all Brazilian issues,” said WikiLeaks Editor-in-Chief Julian Assange.

Check out the full list of NSA high priority targets for Brazil here.

Glenn Greenwald and his colleagues at The Intercept has just released an extensive report on the NSA use of XKEYSCORE. And here’s a video on the same topic:

See the related Guardian article for more details.

As I have said previously, it’s all a farce and now becoming a circus… And consider the timing, what kind of message is this for France given the recent WikiLeaks’ Espionnage Élysée exposé of NSA spying on not only 3 French Presidents but also French companies?

See the New York Times article below.

Surveillance Court Rules That N.S.A. Can Resume Bulk Data Collection

By CHARLIE SAVAGEJUNE 30, 2015

WASHINGTON — The Foreign Intelligence Surveillance Court ruled late Monday that the National Security Agency may temporarily resume its once-secret program that systematically collects records of Americans’ domestic phone calls in bulk.

But the American Civil Liberties Union said Tuesday that it would ask the United States Court of Appeals for the Second Circuit, which had ruled that the surveillance program was illegal, to issue an injunction to halt the program, setting up a potential conflict between the two courts.

The program lapsed on June 1, when a law on which it was based, Section 215 of the USA Patriot Act, expired. Congress revived that provision on June 2 with a bill called the USA Freedom Act, which said the provision could not be used for bulk collection after six months.

The six-month period was intended to give intelligence agencies time to move to a new system in which the phone records — which include information like phone numbers and the duration of calls but not the contents of conversations — would stay in the hands of phone companies. Under those rules, the agency would still be able to gain access to the records to analyze links between callers and suspected terrorists.

But, complicating matters, in May the Court of Appeals for the Second Circuit, in New York, ruled in a lawsuit brought by the A.C.L.U. that Section 215 of the Patriot Act could not legitimately be interpreted as permitting bulk collection at all.

Congress did not include language in the Freedom Act contradicting the Second Circuit ruling or authorizing bulk collection even for the six-month transition. As a result, it was unclear whether the program had a lawful basis to resume in the interim.

After President Obama signed the Freedom Act on June 2, his administration applied to restart the program for six months. But a conservative and libertarian advocacy group, FreedomWorks, filed a motion in the surveillance court saying it had no legal authority to permit the program to resume, even for the interim period.

In a 26-page opinion made public on Tuesday, Judge Michael W. Mosman of the surveillance court rejected the challenge by FreedomWorks, which was represented by a former Virginia attorney general, Ken Cuccinelli, a Republican. And Judge Mosman said the Second Circuit was wrong, too.

“Second Circuit rulings are not binding” on the surveillance court, he wrote, “and this court respectfully disagrees with that court’s analysis, especially in view of the intervening enactment of the USA Freedom Act.”

When the Second Circuit issued its ruling that the program was illegal, it did not issue any injunction ordering the program halted, saying it would be prudent to see what Congress did as Section 215 neared its June 1 expiration. Jameel Jaffer, an A.C.L.U. lawyer, said on Tuesday that the group would now ask for one.

“Neither the statute nor the Constitution permits the government to subject millions of innocent people to this kind of intrusive surveillance,” Mr. Jaffer said. “We intend to ask the court to prohibit the surveillance and to order the N.S.A. to purge the records it’s already collected.”

Advertisement
Continue reading the main story

Advertisement
Continue reading the main story

The bulk phone records program traces back to October 2001, when the Bush administration secretly authorized the N.S.A. to collect records of Americans’ domestic phone calls in bulk as part of a broader set of post-Sept. 11 counterterrorism efforts.

The program began on the basis of presidential power alone. In 2006, the Bush administration persuaded the surveillance court to begin blessing it under of Section 215 of the Patriot Act, which says the government may collect records that are “relevant” to a national security investigation.

The program was declassified in June 2013 after its existence was disclosed by the former intelligence contractor Edward J. Snowden.

It remains unclear whether the Second Circuit still considers the surveillance program to be illegal during this six-month transition period. The basis for its ruling in May was that Congress had never intended for Section 215 to authorize bulk collection.

In his ruling, Judge Mosman said that because Congress knew how the surveillance court was interpreting Section 215 when it passed the Freedom Act, lawmakers implicitly authorized bulk collection to resume for the transition period.

“Congress could have prohibited bulk data collection” effective immediately, he wrote. “Instead, after lengthy public debate, and with crystal-clear knowledge of the fact of ongoing bulk collection of call detail records,” it chose to allow a 180-day transitional period during which such collection could continue, he wrote.

The surveillance court is subject to review by its own appeals panel, the Foreign Intelligence Surveillance Court of Review. Both the Second Circuit and the surveillance review court are in turn subject to the Supreme Court, which resolves conflicts between appeals courts.

Wyn Hornbuckle, a Justice Department spokesman, said in a written statement that the Obama administration agreed with Judge Mosman.

Since the program was made public, plaintiffs have filed several lawsuits before regular courts, which hear arguments from each side before issuing rulings, unlike the surveillance court’s usual practice, which is to hear only from the government. Judge Mosman’s disagreement with the Second Circuit is the second time that the surveillance court has rejected a contrary ruling about the program by a judge in the regular court system.

In a lawsuit challenging the program that was brought by the conservative legal advocate Larry Klayman, Judge Richard J. Leon of Federal District Court in the District of Columbia ruled in December 2013 that the program most likely violated the Fourth Amendment, which prohibits unreasonable searches and seizures.

But in March 2014, Judge Rosemary M. Collyer, a Federal District Court judge who also sits on the secret surveillance court, rejected Judge Leon’s reasoning and permitted the program to keep going. The Obama administration has appealed Judge Leon’s decision to the Court of Appeals for the District of Columbia.

The Freedom Act also contains a provision saying that whenever the surveillance court addresses a novel and significant legal issue, it must either appoint an outside “friend of the court” who can offer arguments contrary to what the government is saying, or explain why appointing one is not appropriate.

The first test of that reform came last month when another judge on the court, F. Dennis Saylor IV, addressed a separate issue raised by the passage of the Freedom Act. Judge Saylor acknowledged that it was novel and significant, but declined to appoint an outside advocate, saying the answer to the legal question was “sufficiently clear” to him without hearing from one.

A version of this article appears in print on July 1, 2015, on page A19 of the New York edition with the headline: Surveillance Court Rules That N.S.A. Can Resume Bulk Data Collection.

(Above) photo credit: Focus

Assume this is no surprise to many? Following the recent WikiLeaks’ Espionnage Élysée exposé about the NSA spying on 3 French presidents, new WikiLeaks documents revealed how “the US has had a decade- long policy of economic espionage against France, including the interception of all French corporate contracts and negotiations valued at more than $200 million”.

“That covers not only all of France’s major companies, from BNP Paribas, AXA and Credit Agricole to Peugeot and Renault, Total and Orange, but it also affects the major French farming associations,” according to WikiLeaks founder Julian Assange.

“Central within the cache of documents are two long-term spying orders (“collection requirements”) which define the kinds of intelligence the NSA is tasked with collecting in its surveillance operations against France. The documents make clear that the NSA has been tasked with obtaining intelligence on all aspects of the French economy, from government policy, diplomacy, banking and participation in international bodies to infrastructural development, business practices and trade activities,” according to WikiLeaks.

Here’s a related story from Techcrunch:

New WikiLeaks Documents Reveal NSA Spied On Top French Companies

by Romain Dillet (@romaindillet)

Following last week’s eavesdropping reports, WikiLeaks shared new documents with Libération and Mediapart. This time, the new documents reveal that the NSA was spying on France’s best performing companies for economic intelligence purposes.

In addition to eavesdropping French Economy Ministers François Baroin and Pierre Moscovici between 2004 and 2012, the NSA gathered as much data as possible on big French companies. In particular, the agency wanted to know more about the companies that signed expensive export contracts for industrial goods, such as nuclear power plants, planes, high speed trains, etc.

According to an economic espionage order, the NSA intercepted all French corporate contracts and negotiations valued at more than $200 million in many different industries, such as telecommunications, electrical generation, gas, oil, nuclear and renewable energy, and environmental and healthcare technologies.

A second economic espionage order called “France: Economic Developments” shows that information was then shared with other U.S. agencies and secretaries, including the Secretary of Energy, the Secretary of Commerce, the Federal Reserve and the Secretary of Treasury. Eventually, this data could have been used to help sign export deals.

According to France’s IT security agency Anssi, the NSA could have spied on at least a hundred French companies, including most public CAC40 companies. Airbus filed a complaint for intelligence gathering earlier today.

The second document also states that the NSA could share this information with its closest allies — the U.K., Canada, New Zealand and Australia. It’s unclear whether the NSA is still actively spying on French companies. Today’s news is particularly interesting as it proves that the NSA is not only a geopolitical intelligence agency. It also plays an important role when it comes to economic intelligence.

See the following CNN article for more details.

(Above) Photo credit: The Intercept

No surprise, that’s the ultimate official French reaction to the WikiLeaks’ Espionnage Élysée exposé on the NSA “unspeakable practice” earlier this week – check out The Intercept article below.

French Justice Minister Says Snowden and Assange Could Be Offered Asylum

By Jenna McLaughlin @JennaMC_Laugh

French Justice Minister Christiane Taubira thinks National Security Agency whistleblower Edward Snowden and WikiLeaks founder Julian Assange might be allowed to settle in France.

If France decides to offer them asylum, she would “absolutely not be surprised,” she told French news channel BFMTV on Thursday (translated from the French). She said it would be a “symbolic gesture.”

Taubira was asked about the NSA’s sweeping surveillance of three French presidents, disclosed by WikiLeaks this week, and called it an “unspeakable practice.”

Her comments echoed those in an editorial in France’s leftist newspaper Libération Thursday morning, which said giving Snowden asylum would be a “single gesture” that would send “a clear and useful message to Washington,” in response to the “contempt” the U.S. showed by spying on France’s president.

Snowden, who faces criminal espionage charges in the U.S., has found himself stranded in Moscow with temporary asylum as he awaits responses from two dozen countries where he’d like to live; and Assange is trapped inside the Ecuadorian Embassy in London to avoid extradition to Sweden. (See correction below.)

Taubira, the chief of France’s Ministry of Justice, holds the equivalent position of the attorney general in the United States. She has been described in the press as a “maverick,” targeting issues such as poverty and same-sex marriage, often inspiring anger among French right-wingers.

Taubira doesn’t actually have the power to offer asylum herself, however. She said in the interview that such a decision would be up to the French president, prime minister and foreign minister. And Taubira just last week threatened to quit her job unless French President François Hollande implemented her juvenile justice reforms.

Correction: Due to an editing error, an earlier version of this article improperly described the state of Assange’s case in Sweden and his reason for avoiding extradition. He has refused to go to Sweden, where he faces accusations of sexual assault, because he fears he could then be extradited to the United States.

(This post is from our blog: Unofficial Sources.)

Source for picture (above): WikiLeaks

Please refer to WikiLeaks for more details.

Check out the related news here.

Check out the related news coverage.

Edward Snowden Supports Apple’s Public Stance On Privacy

by Josh Constine (@joshconstine)

Edward Snowden says we should support Apple’s newly emphasized commitment to privacy rather than a business model driven by personal data collection, whether or not Tim Cook is being genuine. Snowden spoke over video conference during the Challenge.rs conference in Barcelona today.

I asked Snowden his thoughts on Cook’s recent acceptance speech for an Electronic Privacy Information Center award, saying:

“CEO Tim Cook recently took a stand on privacy and Apple’s business, saying “some of the most prominent and successful companies have built their businesses by lulling their customers into complacency about their personal information. They’re gobbling up everything they can learn about you and trying to monetize it. We think that’s wrong. And it’s not the kind of company that Apple wants to be.”

Do you think Cook’s perspective genuine and honest, and how do you think it will play out long-term with regards to it hurting or helping Apple’s business, or whether Apple will keep this promise to privacy?”

Snowden responded:

“I think in the current situation, it doesn’t matter if he’s being honest or dishonest. What really matters is that he’s obviously got a commercial incentive to differentiate himself from competitors like Google. But if he does that, if he directs Apple’s business model to be different, to say “we’re not in the business of collecting and selling information. We’re in the business of creating and selling devices that are superior”, then that’s a good thing for privacy. That’s a good thing for customers.

And if that position comes to be reversed in the future, I think that should be a much bigger hammer that comes against Apple because then that’s a betrayal of trust, that’s a betrayal of a promise to its customers. But I would like to think that based on the leadership that Tim Cook has shown on this position so far, he’s spoken very passionately about private issues, that we’re going to see that continue and he’ll keep those promises.

It’s reasonable to wonder how much of Cook’s chest-beating on privacy is philosophy and how much is marketing. Since the iCloud celebrity photo hack last year, we’ve written about how Apple needs to be more transparent about security and privacy. Snowden seems to agree it could benefit the company as well as society.

Apple’s steps in that direction through press releases and public appearances by Cook have been positively received. They resonate especially well with the public in contrast to other tech giants like Google and Facebook that are aggressively collecting private personal data, and the widespread security breaches of big brands.

Yet while people frequently say privacy is important to them, their unwillingness to stray from products that rely on mining their data seems to suggest otherwise. We’re just at the start of the age of personalized computing, and those that embrace it may get an advantage in the market.

Apple is experimenting with ways to personalize with privacy in mind. Its new Proactive update to Siri scans your email to remind you about events, but only does this on your device rather than copying your data to its servers for processing. To keep up while remaining true to its ideals, Apple will need more creative solutions like this to deliver convenience without being creepy.

Please check out my two previous columns on this topic – and the latest on the situation from the Bloomberg article below:

Google Faces French Ultimatum Over Right to Be Forgotten

by Stephanie Bodoni
June 12, 2015 — 5:22 PM HKT
Updated on June 12, 2015 — 11:24 PM HKT

Google Inc. risks French fines after being handed a 15-day ultimatum to extend the so-called right to be forgotten to all its websites, including those outside the European Union.

France’s data protection regulator, CNIL, ordered the world’s most-used search engine to proceed with delistings of links across its network, irrespective of the domain name, according to a statement on Friday. CNIL said it received “hundreds of complaints following Google’s refusals.”

The order comes more than a year after a ruling by the EU’s highest court created a right to be forgotten, allowing people to seek the deletion of links on search engines if the information was outdated or irrelevant. The ruling created a furor, with Mountain View, California-based Google appointing a special panel to advise it on implementing the law. The panel opposed applying the ruling beyond EU domains.

If Google “doesn’t comply with the formal notice within the 15 days,” Isabelle Falque-Pierrotin, the president of CNIL “will be in position to nominate a rapporteur to draft a report recommending to the CNIL Select Committee to impose a sanction to the company,” the watchdog said.

“We’ve been working hard to strike the right balance in implementing the European court’s ruling, cooperating closely with data protection authorities,” Al Verney, a spokesman for Google in Brussels, said in an e-mailed statement. “The ruling focused on services directed to European users, and that’s the approach we are taking in complying with it.”

Links Removal

EU data protection chiefs, currently headed by Falque-Pierrotin, last year already urged Google to also remove links, when needed, from .com sites.

Google Chairman Eric Schmidt has argued that the EU court’s ruling in May 2014 — in which it ordered search links tied to individuals cut when those people contend the material is irrelevant or outdated — didn’t need to be extended to the U.S. site.

“It is easy circumventing the right to be forgotten by using the domain Google.com,” said Johannes Caspar, the Hamburg data protection commissioner. “Google should be compliant with the decision and fill the protection gap quickly.”

Google has removed 342,161, or 41.3 percent, of links that it has “fully processed,” according to a report on its website.

‘Right Balance’

The U.K.’s Information Commissioner’s Office said in a statement that its experience with removal requests “suggests that, for the most part, Google are getting the balance right between the protection of the individual’s privacy and the interest of internet users.”

The right-to-be-forgotten rules add to separate demands for curbs on Google’s market power being considered by lawmakers this week. EU antitrust regulators in April escalated their four-year-old probe into Google, sending the company a statement of objections accusing the Internet giant of abusing its dominance of the search-engine market.

The same day, the EU also started a new investigation into Google’s Android mobile-phone software.

The latest news on Snowden’s encrypted files being decoded by Russian and Chinese spies would surely do no good for the former NSA contractor but conspiracy theorists would certainly question not just the validity of these claims but the timing – consider recent attempts to restore NSA surveillance and let’s not forget how closely the the NSA works with its British counterparts GCHQ, or MI6 for that matter.

(Above) photo credit: MARC VALLÉE

Check out the NYT article below.

Hackers May Have Obtained Names of Chinese With Ties to U.S. Government

By DAVID E. SANGER and JULIE HIRSCHFELD DAVISJUNE 10, 2015

WASHINGTON — Investigators say that the Chinese hackers who attacked the databases of the Office of Personnel Management may have obtained the names of Chinese relatives, friends and frequent associates of American diplomats and other government officials, information that Beijing could use for blackmail or retaliation.

Federal employees who handle national security information are required to list some or all of their foreign contacts, depending on the agency, to receive high-level clearances. Investigators say that the hackers obtained many of the lists, and they are trying to determine how many of those thousands of names were compromised.

In classified briefings to members of Congress in recent days, intelligence officials have described what appears to be a systematic Chinese effort to build databases that explain the inner workings of the United States government. The information includes friends and relatives, around the world, of diplomats, of White House officials and of officials from government agencies, like nuclear experts and trade negotiators.

“They are pumping this through their databases just as the N.S.A. pumps telephone data through their databases,” said James Lewis, a cyberexpert at the Center for Strategic and International Studies. “It gives the Chinese the ability to exploit who is listed as a foreign contact. And if you are a Chinese person who didn’t report your contacts or relationships with an American, you may have a problem.”

Officials have conceded in the briefings that most of the compromised data was not encrypted, though they have argued that the attacks were so sophisticated and well hidden that encryption might have done little good.

The first attack, which began at the end of 2013 and was disclosed in the middle of last year, was aimed at the databases used by investigators who conduct security reviews. The investigators worked for a contracting firm on behalf of the Office of Personnel Management, and the firm was fired in August.

The broader attack on the personnel office’s main databases followed in December. That attack, announced last week, involved the records of more than four million current and former federal employees, most of whom have no security clearances.

White House and personnel office officials have provided few details about the latest breach. But the Department of Homeland Security has been telling outside experts and members of Congress that it regards the detection of the attack as a success, because it made use of new “signatures” of foreign hackers, based on characteristics of computer code, to find the attack.

In a statement, the personnel office said Wednesday that “it was because of these new enhancements to our IT systems that O.P.M. was able to identify these intrusions.” But the detection happened in April, five months after the attack began.

The list of relatives and “close or continuous contacts” is a standard part of the forms and interviews required of American officials every five years for top-secret and other high-level clearances, and government officials consider the lists to be especially delicate.

In 2010, when The New York Times was preparing to publish articles based on 250,000 secret State Department cables obtained by WikiLeaks, the newspaper complied with a request by the department to redact the names of any Chinese citizens who were described in the cables as providing information to American Embassy officials. Officials cited fear of retaliation by the Chinese authorities.

Officials say they do not know how much of the compromised data was exposed to the Chinese hackers. While State Department employees, especially new ones, are required to list all their foreign friends, diplomats have so many foreign contacts that they are not expected to list them all.

But other government officials are frequently asked to do so, especially in interviews with investigators. The notes from those interviews, conducted by a spinoff of the personnel office called the United States Investigative Service, were obtained by hackers in the earlier episode last year.

Intelligence agencies use a different system, so the contacts of operatives like those in the C.I.A. were not in the databases.

But the standard form that anyone with a national security job fills out includes information about spouses, divorces and even distant foreign relatives, as well as the names of current or past foreign girlfriends and boyfriends, bankruptcies, debts and other financial information. And it appears that the hackers reached, and presumably downloaded, images of those forms.

“I can’t say whether this was more damaging than WikiLeaks; it’s different in nature,” said Representative Adam B. Schiff, a California Democrat who is a member of the House Intelligence Committee, which was briefed by intelligence officials, the Department of Homeland Security and the personnel office on Tuesday. Mr. Schiff, who declined to speak about the specifics of the briefing, added, “But it is certainly one of the most damaging losses I can think of.”

Investigators were surprised to find that the personnel office, which had already been so heavily criticized for lax security that its inspector general wanted parts of the system shut down, did not encrypt any of the most sensitive data.

The damage was not limited to information about China, though that presumably would have been of most interest to the hackers. They are likely to be particularly interested in the contacts of Energy Department officials who work on nuclear weapons or nuclear intelligence, Commerce Department or trade officials working on delicate issues like the negotiations over the Trans-Pacific Partnership, and, of course, White House officials.

In a conference call with reporters on Wednesday, Senator Angus King, an independent from Maine on both the Intelligence Committee and the Armed Services Committee, called for the United States to retaliate for these kinds of losses. “Nation-states need to know that if they attack us this way, something bad is going to happen to their cyberinfrastructure,” he said.

But Mr. King said he could not say if the attacks on the personnel office were state-sponsored, adding, “I have to be careful; I can’t confirm the identity of the entity behind the attack.” The Obama administration has not formally named China, but there has been no effort to hide the attribution in the classified hearings.

The scope of the breach is remarkable, experts say, because the personnel office apparently learned little from earlier government data breaches like the WikiLeaks case and the surveillance revelations by Edward J. Snowden, both of which involved unencrypted data.

President Obama has said he regards the threat of cyberintrusions as a persistent challenge in a world in which both state and nonstate actors “are sending everything they’ve got at trying to breach these systems.”

The problem “is going to accelerate, and that means that we have to be as nimble, as aggressive and as well resourced as those who are trying to break into these systems,” he said at a news conference this week.

The White House has stopped short of blaming Katherine Archuleta, the director of the personnel office, for the breach, emphasizing that securing government computer systems is a challenging task.

Correction: June 10, 2015

An earlier version of a photo caption with this article misstated the name of the federal office building where employees handle national security information are required to list their foreign contacts. It is the Office of Personnel Management building, not Office of Personal Management.

Matt Apuzzo contributed reporting.

The legendary former NSA crypto-mathematician and whistleblower William Binney: