Whistleblowing and Internal Monitoring/Investigations

Many thanks again to the Faculty of Law at the University of Hong Kong for hosting my presentation on “Whistleblowing & Internal Monitoring/Investigations” yesterday. It was a really interactive and responsive class. The scheduled three hours was barely enough to cover what I estimated to be an hour plus presentation thanks to all the interesting questions and my sincere apologies to the class for rushing through the latter parts of the slides.

One question at the end of the session, what’s the take-away on the topic.

With and without a poison-pen letter from a whistleblower, a pre-transaction reputation/investigative due diligence should always be conducted ahead of all other types of due diligence. This is not a biased opinion but one proven by real life experience from many past cases whereby some serious and damaging red flags on reputation issues/risks could potentially kill a transaction no matter how good the counterparties emerged in the legal, financial and other due diligence – although in some situations clients took advantage of the negative findings to re-negotiate terms for the pending transaction. Information is power!

In a post-transaction external/internal investigation especially one potentially heading to the courts, with and without a poison-pen letter, it is critical to conduct public records research first as the findings could be documented evidence legally admissible in courts that can help the lawyers and clients win the case. If the public records search turns out futile (a likely scenario in non-transparent and opaque jurisdictions), the findings from intelligence becomes pivotal.

I shared with the class an example of a typical court case whereby the client wins if we can prove two people A & B collaborated on a fraud scheme. No surprise they denied even knowing each other. A barrister once told me how he often receives surveillance photos of A & B say having coffee together as evidence – and how he can easily lose the case with such weak evidence. The best evidence is to prove the two have a long history of relationship – they attended the same school (public records), they were past business partners (public records), their companies were sued (public records), they commented on each other’s FaceBook (could be public records), etc. In the absence of any/sufficient public records evidence, findings from intelligence gathering can potentially turn into public records and important evidence. Consider:

– They not only attended the same school but same class, same computer club and even went on a school camping trip to Nepal when they were 10. The latter are findings from intelligence gathering
as they may be difficult to find in public records but the sources could provide photos as proof.

– They were in the same WhatsApp & WeChat groups? A source from the group could provide a screenshot of group members as proof.

– They were neighbors when they were young? This could be difficult to prove in public records because they don’t own the properties then but if there’s a lead they were neighbors, a search on their parents names could lead to documented proof.

Hence the importance of intelligence gathering. And thinking out of the box.

Shhhcretly Exclusive: Edward Snowden’s Warning Cry

Shhhcretly is pleased to have the exclusive rights to release the English version of this coverage on Edward Snowden.

This original article was first published 1 December 2018 in German in the Austrian newspaper Der Standard, which reserves the publishing rights.

Shhhcretly would like to thank Der Standard and Steffen Arora for their kind permission to share the translated piece exclusively on this blog.

(Above) Photo credit: Lindsay Mills 2018.

 

Edward Snowden’s warning cry
By Steffen Arora
Der Standard, 1st December 2018

Former CIA contractor Edward Snowden’s revelations shone a light on the western world’s surveillance practices. But he, and those who helped him, are paying a high price. He talks to Der Standard about the need to fight on.

“This is retaliation.” In an interview with Der Standard, Edward Snowden spoke in no uncertain terms about the authorities’ treatment of the people who saved his life. In June 2013, the former US intelligence services contractor became a hounded whistleblower after he exposed the extent to which the US and its allies carry out global surveillance of the internet and digital communications, regardless of suspicious activity. He made these revelations from Hong Kong, never expecting that the moment they were published, he would become the world’s most wanted man.

It was the same moment that Robert Tibbo’s telephone rang. The Canadian had made a name for himself in the city as a dedicated human rights lawyer. He fought for the rights of asylum seekers living a pariah existence in Hong Kong – with next to no chance of their status being recognized and leading a decent life there. Tibbo saw Snowden as another refugee who needed help. To hide him from his pursuers, Tibbo found shelter for Snowden with some of his other clients; asylum seekers from Sri Lanka and the Philippines.

“They were warm, welcoming and kind. When I had fallen to the bottom of the world, they helped me up without giving a damn about who I was,” Snowden says. In the current political climate, loaded with the fear of outsiders, Snowden holds the refugees’ actions in even higher regard. “Their example, their humanity, it gave me a reason to keep fighting.”

Refugees and their lawyer under pressure

Not only Snowden, but also those who helped him, are now paying a high price for their actions. The US continues to accuse Snowden of spying and demand his extradition – and President Donald Trump would like to see him executed. Meanwhile, the seven refugees and their lawyer Mr. Tibbo are under pressure from the Hong Kong authorities.

In 2018, it is no longer an exception that human rights lawyers like Tibbo become the object of persecution themselves, says Manfred Nowak, Austrian human rights lawyer and former United Nations Special Rapporteur on Torture. Not only lawyers, but also journalists and activists from NGOs are being increasingly targeted, he says, even murdered, as records such as Russia’s show. “Human rights have not been in a crisis like this since the end of the Second World War,” Nowak says.

For Snowden’s helpers, the situation has deteriorated to the extent that this week, Tibbo turned for help to a selection of media outlets including the New York Times, Paris Match and Der Standard. He himself was forced to leave Hong Kong under diplomatic protection. He had to leave the seven refugees behind.

Effectively in exile, he continues working for his clients, who are living in constant fear of deportation. No country wants to take them in. Even Canada, which showed willingness to do so back in 2016, appears to have retreated in the face of pressure from abroad.

“Death by delay” is how lawyers such as Pascal Paradis from the NGO Lawyers Without Borders, which has been working on the case, describes this process. Snowden himself, fleeing US authorities, was left stranded in Moscow. Since then he has faced accusations that he is a Russian spy.

In fact he was aiming for Latin America, he says. “The Department of State failed to cancel my passport in time to keep me from leaving Hong Kong. But once they realized I was in the air en route to Latin America, they made public announcements to put every government around the world on notice that they intended to block my freedom of movement.”

No asylum in Austria

When he landed in Moscow for a stopover, he was stuck and could not travel further. All of his asylum applications in Europe were rejected, including by Austria. “This more than anything else is what prevents me from leaving Russia,” Snowden says in response to his critics. “If major powers of Europe can be induced by this or that secret promise to be violators of the asylum right rather than its guarantor, you can’t help but question the whole system. If you can’t count on a right now, can you count on a law?”

Manfred Nowak also sees this danger. “Democracy as a form of government is increasingly coming under pressure, as we can see in the US, Great Britain, Hungary, Poland or Italy. These countries are governed by populists, who came to power through democratic channels, but are now attacking democracy.” Nowak sees Brazil’s new president, Jair Bolsonaro, as a particularly stark example of a fascist being voted in to lead a democracy.

Nowak stresses the importance of learning from history: Free elections have destroyed democracies time and time again. “Strident democracies” urgently need to defend themselves against “pseudo- democracies,” he says, pointing to leaders such as Trump, Viktor Orban and Bolsonaro.

The western world is currently experiencing a backlash, meaning human rights defenders must go on the offensive, Nowak says. “Everyone must do their bit,” he warns emphatically. “Otherwise it could be too late.”

Nowak sees this backlash in Austria too, where the center-right and far-right are governing in coalition. “Measures are being taken which are being seen, and therefore criticized, as restrictions on the constitutional state, democracy and human rights.”

“There’s a machine behind it”

Snowden sees the refugees’ treatment and his own as telling. “You can’t look at something like this without getting a sense that the mask has dropped, and behind all the pretense of civility and process we like to believe governs our little day to day, there’s a machine behind it that would burn everything we love to the ground without a tear if it meant making a problem go away.”

Snowden is convinced it’s no coincidence that those who helped him are now being targeted. “They’re worried about the example of these families, the symbol their moral choice represents. Anybody can look at this situation and see at a glance who is right and who is wrong.”

But if the “big governments” manage to rewrite this story with an unhappy ending for those involved, they will also succeed in changing the positive message of his work with a single blow, Snowden warns. He says he does not know how far state institutions would go to achieve this, “but they’ve already gone too far.”

Human rights lawyer Nowak has first-hand experience of the conditions in Hong Kong, where the seven migrants are currently stuck. He trained lawyers there; Tibbo was one of his students.

Nowak says he knew the Hong Kong Bar Association, which is putting the Canadian lawyer under pressure and sabotaging his mandate for the refugees, as an “independent institution.” He can only assume the bar’s current treatment of Tibbo is a result of “enormous pressure from outside.”

Snowden has called on his supporters not to give up on the fight for a free world. And above all the fight for those who helped him. “Take a look at the world. Before long, we’ll all feel like refugees.”

NOTE: Documents evidencing the Hong Kong Bar Association egregious treatment of Mr Tibbo can be found in the Der Standard article as embedded PDFs: https://www.derstandard.at/story/2000092725390/pressure-mounts-on-edward-snowdens-lawyer-robert-tibbo?ref=article

Shhh… A Cyber-Geopolitical Threats 2019 Roundup

The year 2019 has been setting the scene on the cyber-geopolitical scene for the 2020s. Here’s a nice sum up.

And on the personal front the best defense is to keep yourself informed – Watch out for fake news and facts-check everything you read especially anything that seems too perfectly outrageous.

Shhh… Updates on Edward Snowden & the Snowden Refugees

I am proud to share with you a presentation by my fellow alumnus Robert Tibbo, best known as the lawyer for American whistleblower Edward Snowden, on 29 December 2019 in Messe Leipzig, Germany, an update on the situation with Snowden and the Snowden Refugees.

The lecture covers the current global erosion and dismantling of international refugees and constitutional law by increasingly authoritarian democracies and loss of international protection for whistleblowers and the brave people who protect whistleblowers, like the Snowden Refugees.

“The Snowden Refugees still in limbo in Hong Kong are at heightened risk and need public support and donations to survive. The two children in Hong Kong need to be brought to the safety of Canada at the earliest time to remove them from the dangers in Hong Kong and to have all three children reunited in Montreal,” said Tibbo.

Snowden will make an appearance in the 35th minute of the lecture.

“The choices that we made, and the things that you do, they have power. And doing nothing, that’s a choice. Now lots of us would like to think that’s a willing choice. We like to think that we are the sole captain of our own destiny. And that’s the way it’s supposed to be, that’s the way it’s intended, that’s the way we designed the system,” according to Snowden.

“And yet the system today, somehow the actors within it spend an enormous amount of energy trying to make you forget that the things you do affect the outcomes. They’ll tell you not to worry about it, that it’s not so bad. After all it ‘could be worse’. But I say to you it could be better.

“And every time we hear those words, that’s what we need to say – Every system in history, even the most powerful, has been subject to change. And every hack that is performed against us can face a patch.”

Shhh… The Matrix, With Mozilla

This is really terrific news for the privacy conscious and open source community – Mozilla is joining the Matrix, the new protocol for open, decentralized, encrypted communication.

The Matrix protocol aims to create a global decentralized encrypted real-time communications network that provides an open platform similar to the Web.

One general (and major) appeal of Matrix is that it works seamlessly between different service providers by supporting what is known as “bridging messages” from different chat applications into the “Matrix rooms”. These bridges currently include popular communications apps like WhatsApp, WeChat, Telegram, Signal, Skype, Facebook Messenger, etc. In laymen’s terms, you can add your favorite communications apps to Matrix for better (and ultimate) privacy protection.

The Matrix community, admittedly still in its infancy but with huge potential, is understandably thrilled in welcoming onboard Mozilla, the “champions of the open web, open standards, not to mention open source”. The Matrix protocol is currently using the “riot.im” interface, which is hindering its appeal to the masses. Hence the introduction of Mozilla will be crucial for its development.

If anyone asks what is the safest way to communicate, or which is the safest communications apps these days – like “Is Telegram still safe?” – the Matrix protocol is probably the answer going forward.

Shhh… Fancy Having A Live Flight Tracker?

Maybe it’s the Christmas holiday season or there’s an aviation geek in you, like a Die Hard to check and track aircraft data in real time?

Check out Flightradar24 where you can view live air traffic information worldwide on your computer and smartphone like a pro. You can drill into specific airport, airline and aircraft, live or historically through its database.

Shhh… Crafty Hackers Into Insider Trading

The whole purpose of getting inside is to…?

Well, hackers have figured that out: use their hacking skills to grab hold of corporate press releases before they become public and optimize the information for insider trading. Why didn’t anyone think of that earlier?

Find out more about this case from the following New York Times article.

Shhh… Duncan Campbell – Global Spying Program ECHELON & the Decades-long Cosy NSA-GCHQ Relationship

(Above) Photo Credit: The Intercept

DuncanCampbell-ABCcase

Above photo: From left to right Duncan Campbell, Crispin Aubrey and John Berry in the ‘ABC’ case (Source: The Intercept – ANL/Re/REX Shutterstock)

The Register: Special Report Duncan Campbell has spent decades unmasking Britain’s super-secretive GCHQ, its spying programmes, and its cosy relationship with America’s NSA. Today, he retells his life’s work exposing the government’s over-reaching surveillance, and reveals documents from the leaked Snowden files confirming the history of the fearsome ECHELON intercept project. This story is also published simultaneously today by The Intercept, as is – at long last – Duncan’s Register Christmas Lecture from last year.

Find out more on this insightful article printed by The Intercept and The Register.

Shhh… The Chinese Version of All the President's Men

(Above) Photo credit: Max Whittaker for The New York Times.

Below is a New York Times article on a China matter widely quoted by the Chinese media.

And here are some additional background coverage on the case:

China Seeks Businessman Said to Have Fled to U.S., Further Straining Ties
By MICHAEL FORSYTHE and MARK MAZZETTIAUG. 3, 2015

LOOMIS, Calif. — China is demanding that the Obama administration return a wealthy and politically connected businessman who fled to the United States, according to several American officials familiar with the case. Should he seek political asylum, he could become one of the most damaging defectors in the history of the People’s Republic.

The case of the businessman, Ling Wancheng, has strained relations between two nations already at odds over numerous issues before President Xi Jinping’s first state visit to the United States in September, including an extensive cybertheft of American government data and China’s aggressive territorial claims.

Mr. Ling is the youngest brother of Ling Jihua, who for years held a post equivalent to that of the White House chief of staff, overseeing the Communist Party’s inner sanctum as director of its General Office. Ling Jihua is one of the highest-profile casualties of an anticorruption campaign that Mr. Xi has made a centerpiece of his government.

The Obama administration has thus far refused to accede to Beijing’s demands for Ling Wancheng, and his possible defection could be an intelligence coup at China’s expense after it was revealed last month that computer hackers had stolen the personnel files of millions of American government workers and contractors. American officials have said that they are nearly certain the Chinese government carried out the data theft.

Mr. Ling’s wealth and his family’s status have allowed him to move freely in elite circles in China, and he may be in possession of embarrassing information about current and former officials loyal to Mr. Xi.

Mr. Ling appears to have evaded the Chinese authorities. He is now in the United States, according to several American officials and his next-door neighbor here in the foothills of the Sierra Nevada, where property records show Mr. Ling owns a 7,800-square-foot home, which he bought from a professional basketball player for $2.5 million.

The Chinese government in recent months has been raising pressure on the Obama administration to return Mr. Ling, according to the American officials. The officials spoke on the condition of anonymity in order to discuss a delicate diplomatic matter that has already complicated an arrangement made in April between the Department of Homeland Security and China’s Ministry of Public Security.

Under that arrangement, signed during a visit to Beijing by Jeh Johnson, the secretary of Homeland Security, the United States would be able to repatriate many of the tens of thousands of Chinese currently in the United States awaiting deportation, some in American detention facilities. In return, the United States would help the Chinese track down wealthy fugitives from China living in the United States who might also be breaking American laws.

Several American officials confirmed that Mr. Ling is in the United States, but they would not say publicly whether Mr. Ling had applied for asylum or give information about his whereabouts. The Department of Homeland Security, which handles asylum cases, does not comment about specific cases because of privacy laws.

China’s Foreign Ministry did not comment after being sent a faxed request for information on Mr. Ling’s case. Press officers for the White House, State Department and Department of Homeland Security declined to comment.

Three telephone numbers that people in California used to contact Mr. Ling all had Dallas area codes. Mr. Ling, whose English is said to be poor, did not respond to text messages in Chinese requesting an interview. Two of the three numbers are no longer in service, and no one answered the third number.

Christopher K. Johnson, a former C.I.A. analyst focusing on China, said the Chinese leadership might want Mr. Ling’s assistance in prosecuting his older brother. And, Mr. Johnson said, it would want to prevent the “treasure trove” of knowledge he has about Chinese politics from passing to United States officials.

“The leadership would want this guy badly,” Mr. Johnson, now at the Center for Strategic and International Studies in Washington, said in a telephone interview. “There’s no question that he would have access to a lot of interesting things.”

While it is unclear how much Ling Wancheng knows, the Communist Party itself has revealed some tantalizing clues about his brother Ling Jihua’s behavior, claiming that his corruption was a family affair. Last month, the party announced that Ling Jihua — a loyalist to the previous president, Hu Jintao — had been expelled from the party and would be tried, saying that he had “accepted huge bribes personally and through his family.”

Ling Jihua, 58, rose through the Communist Party’s Youth League under Mr. Hu in the 1980s and eventually served as either deputy or chief of the Central Committee’s General Office from 1999 to 2012. He was Mr. Hu’s personal secretary and closest protégé, and his position came with great powers: the ability to control the guards who protected the senior leadership, a significant voice in top personnel appointments and a central role in carrying out policy.

“It’s really the nerve center for the entire system,” Joseph Fewsmith, a professor at the Pardee School of Global Studies at Boston University who focuses on Chinese politics, said of Ling Jihua’s former position. “This is the essence of power politics.”

Ling Jihua was expected to advance to the elite Politburo, as every person who previously held that position since 1942 had done, including former Prime Minister Wen Jiabao.

But on March 18, 2012, Ling Jihua’s son was killed when the black Ferrari he was driving crashed in Beijing. One of two women with him in the car later died.

Ling Jihua’s botched cover-up of the episode helped lead to his political downfall. He was denied a spot on the Politburo, demoted to a less important post and, in December 2014, officially put under a corruption investigation.

But the corruption inquiry into Ling Jihua goes far beyond the Ferrari crash, and his younger brother, Ling Wancheng, may have played an important role.

As a senior official, Ling Jihua had his moves monitored. But his brother, as a private citizen, was far less constrained. He built a fortune as the chief of a Beijing-based investment company, which bought well-timed stakes in companies that went on to hold successful initial public offerings, earning the firm $225 million, according to a report in Caixin, a respected Chinese news media company. A company using the same California address that he used to buy his home in Loomis also bought at least two golf courses, one near Loomis, the other in Carson City, Nev., property records show.

Ling Wancheng is one of several Chinese citizens in the United States whom Beijing has requested be returned to China. A forum has been established to discuss these cases, called the U.S.-China Joint Liaison Group on Law Enforcement Cooperation, where the Chinese regularly press their case to Obama administration officials.

However, Ling Wancheng, who is believed to be in his mid-50s and goes by the name Wang Cheng or Jason Wang, was not on the publicly disclosed list of 40 fugitives believed to be in the United States that was released by the Chinese government this year, indicating how delicate the case may be to the senior leadership.

Marc Raimondi, a spokesman for the Department of Justice, said the department “has repeatedly shown that it will vigorously pursue prosecutions in the United States where there is alleged money laundering or other criminal activity in this country by fugitives sought by China.”

But, he added, “it is not sufficient to simply provide a list of names.” The department has urged China to provide evidence, Mr. Raimondi said.

In late 2013, Mr. Ling, using the name Wang Cheng, and a person using the name Li Ping, the same name as a former presenter on state television whom the Chinese news media have identified as Mr. Ling’s wife, bought a house in a gated community in Loomis from a National Basketball Association player, Beno Udrih, real estate records show.

Ray Matteson, Mr. Ling’s neighbor in Loomis, and his wife soon became friends with the couple next door, who introduced themselves as Jason and Jane Wang. The Mattesons invited them over for dinner or drinks at least three times. Mr. Ling offered gifts, once giving them a bottle of liquor from the family’s home province, Shanxi, and on another occasion two magnums of California wine.

The Mattesons said their neighbor had given no hints about his family’s high-level political struggle, the arrest of Ling Jihua and another older brother or the death of his nephew.

“In my mind, there’s no question he was a gentleman,” said Mr. Matteson, who, along with another person who met him in Loomis, confirmed that Jason Wang was the man identified in the Chinese news media as Mr. Ling. Neither person, however, could match the woman introduced as Jane Wang with pictures of Li Ping, the former Chinese television presenter.

Mr. Ling would send text messages to his next-door neighbors. His English was poor, so he often used emoji, like a thumbs up or a happy face. He would send links to videos he found funny, and he asked for advice on where to find people to clean his windows.

Mr. Matteson said he had not seen Mr. Ling since October, when the two couples had dinner at Mr. Matteson’s home. But if Mr. Ling was in hiding in the United States, the prosaic details of maintaining a California estate kept him tethered to Loomis: There were homeowners association fees to pay, and a gardener had to keep the bushes trimmed and the lawn mowed.

Mr. Matteson’s last contact with Mr. Ling was in May, when the alarm system in Mr. Ling’s house was activated and the security company asked Mr. Matteson to contact Mr. Ling to obtain the code to enter the gate to his home.

The Mattesons said they had never seen any unusual activity in the neighborhood, except for one visit several months ago by officers from the Department of Homeland Security, who said they were trying to contact Mr. Ling.

Ling Wancheng’s visa status is unclear. Christopher Bentley, a spokesman for the United States Citizenship and Immigration Services, a division of Homeland Security, said that it usually took one to three years for an asylum case to be settled. During that period, he said, the asylum seeker is allowed to stay legally in the country.

Michael Forsythe reported from Loomis, and Mark Mazzetti from Washington.

Shhh… Google: No to Global ‘Right to Be Forgotten’ Order

Check out this Politico article below and my previous related columns on the same subject:


Google contests global ‘right to be forgotten’ order

Don’t make us apply European laws around the world, Google pleads.
By David Meyer
30/7/15, 5:59 PM CET
Updated 31/7/15, 5:38 PM CET

Google is appealing an order from the French data protection authority to apply the “right to be forgotten” on a global basis, the company said Thursday.

The Commission nationale de l’informatique et des libertés (CNIL) said in June that, when Google receives requests for the delisting of personal information from its search results, it should remove links to that information from all its sites around the world, including google.com.

The search giant currently only removes such results from its European domains, as the “right to be forgotten” stems from a ruling by Europe’s highest court.

Google has now formally asked CNIL to withdraw its order for global delisting.

“We’ve worked hard to implement the right to be forgotten ruling thoughtfully and comprehensively in Europe, and we’ll continue to do so,” said Peter Fleischer, Google’s global privacy chief, in a statement. “But as a matter of principle, we respectfully disagree with the idea that a national data protection authority can assert global authority to control the content that people can access around the world.”

The Court of Justice of the European Union ruled in May 2014 that EU-wide privacy legislation applies to foreign search engines operating in the region. It said search engines must take down links to information that is “inaccurate, inadequate, irrelevant or excessive” upon request, as long as there are no good reasons to keep them in its results.

Google went on to comply with the ruling, though a dispute remained between the firm and privacy regulators over the scope of the delinking.

Internet regulation is inherently complicated by the fact that the Internet does not naturally respect national borders. This leads to a tension between those who want to see national laws respected in the countries where they apply, and those who see international enforcement as the only way to make that happen.

While it is relatively easy to apply rules to country-specific versions of a website, such as those with addresses ending in Germany’s “.de” or France’s “.fr,” there is nothing to stop people visiting other versions of the site to find missing information.

The Article 29 Working Party, the umbrella group for EU data protection regulators, wrote in November that “limiting delisting to EU domains on the grounds that users tend to access search engines via their national domains cannot be considered a sufficient mean to satisfactorily guarantee the [privacy] rights of data subjects.”

This stance was the basis for CNIL’s order in June, which came with the threat of a fine of up to €150,000 for non-compliance.

However, a Google-convened panel of privacy experts said in February that the rights of EU citizens had to be balanced with those of people in other countries, who may have the right to see the offending information under their own national laws.

Americans accessing google.com, for example, live in a country whose legal system broadly prioritizes freedom of speech over the right to privacy.

Google built on this theme on Thursday, arguing that global delisting would risk a “chilling effect” on the web as many countries around the world have their own national speech restrictions.

The firm cited several national examples: Turkey criminalizes some criticisms of Kemal Ataturk; Thailand does the same for its royalty; and Russians are banned from disseminating “gay propaganda” online.

“If the CNIL’s proposed approach were to be embraced as the standard for Internet regulation, we would find ourselves in a race to the bottom,” Fleischer wrote in a blog post. “In the end, the Internet would only be as free as the world’s least free place.”

CNIL said it had received Google’s appeal and would “look at the arguments,” though it claimed those arguments were “in part political” whereas its own reasoning was “strictly legal.”

The regulator added that it would respond within two months.

Nicholas Hirst contributed to this story.

Shhh… Spies Vs Silicon Valley

Check out the following Guardian article:

Spies helped build Silicon Valley. Now the tables are turning

David Cameron wants US tech sector companies to do more to fight terrorism. But they’ve grown too powerful to listen

Gordon Corera
Wednesday 29 July 2015

If you want to understand how modern British and American intelligence services operate, you could do worse than visit the new exhibition that opens at Bletchley Park this week. It tells the story of code-breaking in the first world war, which paved the way not just for the better-known success story of world war two, but also GCHQ and the NSA’s modern day bulk interception.

A century ago, just as today, intelligence services and network providers used to enjoy a symbiotic relationship. Britain, for example, exploited its dominance of the telegraph system to spy after its companies had built an imperial web of cables that wrapped itself around the world. Britain’s first offensive act of the conflict was to cut Germany’s own undersea cables and install “secret censors” in British company offices around the world that looked out for enemy communications. A staggering 80m cable messages were subject to “censorship” during the war.

In recent decades the US has enjoyed a similar ability to spy on the world thanks to its role in building the internet – what the NSA called “home field advantage”. This worked via two channels. The first was fibre-optic cables passing through either American or British territory, allowing intelligence agencies to install the modern equivalent of secret censors: computerised black boxes that could filter data to look for emails based on “selectors”. The second channel was Silicon Valley – which had thrived thanks to massive Pentagon and NSA subsidies. People around the world sent their communications and stored their data with American companies, whose business model often involved collecting, analysing and monetising that data. This attracted spies like bears to honey. And so Prism was born – requiring the companies themselves to run selectors across their own data. 45,000 selectors were running in 2012. Put together with cable-tapping, this meant that nearly 90,000 people around the world were being spied on.

Building the internet allowed the US to export its values, import other countries’ information through spying and make a lot of money for American corporations along the way. But the relationships have fractured. The Snowden disclosures were one reason – exposure led tech companies to back away from quiet cooperation and make privacy a selling point (even competing with each other as seen in Apple’s CEO blast against Google recently).

At the same time, Isis’s use of social media has increased the state’s desire to get more from these companies, leading to growing tension. It was notable that David Cameron’s speech on extremism last week singled out tech companies for criticism. When their commercial models are built around tracking our likes and dislikes, why do they say it’s too difficult to help when it comes to the fight against terrorism, the prime minister asked.

A big problem for the spies is that during the first world war the cable companies that helped Britain knew who was boss. Today it is more complex. An angry Mark Zuckerberg of Facebook told President Obama that his administration “blew it” when it tried to defend Prism by saying it was only used to spy on foreigners. After all, most of Facebook and Silicon Valley’s customers are foreigners.

The British government criticised Facebook for not spotting private messages from one of the men who went on to kill Lee Rigby. This is the kind of thing Cameron wants the companies to do more on. But whose job is it to spy? The companies are nervous of signing up to a system in which it is their job to scan their customers’ data and proactively report suspicious content, effectively outsourcing the act of spying (and not just the collection of data) to the private sector. Such a deal, tech companies fear, could set a dangerous precedent: if you help Britain when it comes to national security, what do you do when China or Russia come knocking?

On his first day as director of GCHQ, Robert Hannigan launched a volley against Silicon Valley, accusing it of acting as “command and control” for groups like Isis. But since then, the tone has been more conciliatory. What Hannigan may have realised is that companies have the upper hand, partly because the data is with US companies that are subject to US laws. To avoid the Russia and China issue, they assert their co-operation is voluntary and there is not much the British state can do about it.

It was notable that in his speech, Cameron didn’t threaten new legislation. Why? Because he knows that power relations between governments and corporations have shifted since the first world war: modern tech firms are too big to be pushed around.

If they have a vulnerability, it’s their dependence on customers: verbal volleys from politicians and spies are a sign that the real battleground is now public opinion. Companies are gambling that focusing on privacy will win them the trust of the public, while governments in London and Washington are hoping that talking about terrorism will pressure companies to cooperate more. Who wins this tug of war may depend on events that neither party can control, including the prevalence of terrorist attacks. Whatever the case, the old alliance between Silicon Valley and the spies is no more.

Shhh… US-Canada Border – Secret Deal Between Canada’s Spies and Border Guards

Check out this article from The Star:

Secret deal between Canada’s spies and border guards raises concerns

A memorandum of understanding between the two agencies allowed info sharing, joint operations without political oversight.

By: Alex Boutilier Ottawa Bureau Reporter, Published on Thu Jul 02 2015

OTTAWA—A secret deal between Canada’s spies and border guards proposed more information sharing and joint operations without the need for political sign-off, the Star has learned.

A 2014 deal between the Canadian Security Intelligence Service and the Canada Border Services Agency proposed the two agencies be allowed to share information and resources without the prior approval of their political masters.

“The Framework (Memorandum of Understanding) will also authorize (CSIS) to enter into more specific arrangements with CBSA, as required, without the necessity to seek your approval each time,” wrote CSIS director Michel Coulombe in a memo explaining the deal to Public Safety Minister Steven Blaney.

Blaney’s office won’t say whether or not the deal has been approved.

The deal, obtained under access to information law, would permit the two agencies to share “investigative techniques, the provision of equipment, the sharing of information, resources or personnel” to assist one another to meet shared objectives.

CSIS is allowed to enter into agreements with other departments and agencies, including foreign partners, and routinely does. But the rules governing the spy agency state that CSIS needs the express permission from the public safety minister to do so.

But Coulombe explicitly stated that, under the new deal, Blaney’s approval would not be required for further co-operation between the two agencies. Both would otherwise have to follow their respective mandates, the deal states.

The Star requested an interview with Blaney, and provided a detailed list of questions. That interview request was denied. Blaney’s office would not say if the minister approved the deal, and did not respond to the Star’s questions.

Jeremy Laurin, a spokesperson for the minister, instead provided a written statement referencing the threat of “jihadi terrorists” and the necessity for national security agencies to work together.

“In today’s global threat environment, national security is a team effort — which means that CSIS works with many domestic partners,” Laurin wrote. “CBSA is one of those partners.”

It’s not clear when the deal itself was drafted — the documents themselves are undated, but were released in a batch of briefing notes written last summer. That means the proposal would have crossed Blaney’s desk well before the Conservatives introduced controversial new terror laws that drastically expanded the agency’s mandate.

Bill C-51 allows CSIS to “disrupt” real or perceived threats to national security, rather than passing the intelligence they gather to an enforcement agency. The legislation, which recently became law, also greatly expands government agencies’ ability to share information deemed relevant to national security.

While the scope of the information sharing provisions alarmed security researchers and privacy experts, the majority Conservatives said they were necessary to ensure Canadians were kept safe. But The Canadian Press reported Wednesday that CSIS had told senior bureaucrats that improvements to their access to information could be achieved within the existing law.

Wesley Wark, a security researcher at the University of Ottawa, said it’s not uncommon for agencies to have formal agreements governing joint operations. But this deal in particular, Wark said, appears to diminish political accountability.

“It also shows a tendency on (the) part of the Harper government to allow for an erosion of ministerial accountability,” Wark wrote after reviewing the documents. “And it reminds us of one of the big holes in the fabric of accountability for security and intelligence — namely the absence of independent, external review of CBSA.”

Craig Forcese, also a University of Ottawa professor and vocal critic of Bill C-51, said the “stovepipe” nature of Canada’s intelligence review bodies is a major concern with these type of agreements.

The Security Intelligence Review Committee, for instance, can review actions taken by CSIS after the fact. But the committee has no ability to “follow the thread” of an operation when CSIS partners with another agency like CBSA, the RCMP, or Canada’s electronic spying agency, the Communications Security Establishment.

“If I had set out to intentionally design a system of accountability likely to break, it would look a lot like our current system of stovepiped review,” Forcese said.

“Add to that CBSA has no review body of its own — and, as best I know, is the only agency with a law enforcement or intelligence mandate in the country without some form of external, independent review or oversight.”

The Star requested the text of CSIS’s memorandums of understanding with other agencies. The agency declined to provide them, or to list which agencies it co-operates with, saying that the agency operates within its mandate, ministerial direction, and internal policy.

Before:

CSIS is permitted to enter into partnerships, both domestic and international, under Section 17 of the CSIS Act. The act requires the agency to get the go-ahead from the public safety minister beforehand.

After:

If the CSIS-CBSA deal was accepted, the two agencies could co-operate without bothering to get approval from politicians.

Under C-51:

The Conservatives’ controversial terror law allows for the free flow of information between 17 domestic law enforcement agencies and departments. Canada’s privacy commissioner has called the provision excessive.

Shhh… Hacked By Your Cyber-security Firm?

(Above) Photo credit: Hacked.com

Do you still have faith in cyber-security firms – recall the recent story about the Hacking Team?

Consider this: A Cyber-security firm known as Tiversa scams potential and ex-clients into memberships by hacking into their servers as a scare tactic to increase profits for Tiversa. Tiversa was brought before the Washington D.C. courthouse in May to explain their scam.

Shhh… Email Spams Dip First Time in Twelve Years

Check out the VentureBeat article below:

Symantec: Spam falls below 50% of all email for the first time since 2003

July 17, 2015 8:20 AM
Emil Protalinski

Good news for all of us who still have to use email: spam rates are dropping! In fact, junk messages now account for just 49.7 percent of all emails.

The latest figure comes from security firm Symantec’s June 2015 Intelligence Report, which notes this is the first time in over a decade that the rate has fallen below 50 percent. The last time the company recorded a similar spam rate was back in September 2003, or almost 12 years ago.

More specifically, Symantec saw 704 billion email messages sent in June, of which 353 billion were classified as spam. At one of the peaks of the spam epidemic, in June 2009, 5.7 trillion of the 6.3 trillion messages sent were spam, according to past data from Symantec.

Symantec

The report uses Symantec clients to extrapolate the figure, so the actual rate could be a bit higher or lower. That said, the spam rate appears to be dropping: Symantec’s spam number was 52.1 percent in April and 51.5 percent in May.

The decline of spam is usually attributed to legal prosecution against botnets (including by major tech companies like Microsoft), faster reaction times by network providers, improved blocking, and better filtering. The main goal is to make the business less lucrative: If you can slash profit margins for a spammer, you can slash spam itself.

This is great news for not just email users but companies that are dedicated to fighting spam. Their business isn’t going away anytime soon, but they are making progress.

Other findings in the report, which talks about not just spam but security overall, include:

– 57.6 million new malware variants were created in June, up from 44.5 million pieces of malware created in May and 29.2 million in April.

– Ransomware attack has increased for the second month in a row and crypto-ransomware has reached its highest levels since December 2014.

You can read Symantec’s full 19-page report here.

Shhh… SPIEGEL: US Attack on Press Freedom

As more details emerge, it is becoming increasingly clear that representatives of the German government at best looked away as the Americans violated the law, and at worst supported them…

Journalists, who scrutinize and criticize those who govern, are an elementary part of the “checks and balances” — an American invention — aimed at ensuring both transparency and accountability. When it comes to intelligence issues, however, it appears this system has been out of balance for some time…

Everything the government said was a lie. As far back as 2013, the German government was in a position to suspect, if not to know outright, the obscene extent to which the United States was spying on an ally…

See original Spiegel story below.


An Attack on Press Freedom: SPIEGEL Targeted by US Intelligence

By SPIEGEL Staff

Revelations from WikiLeaks published this week show how boundlessly and comprehensively American intelligence services spied on the German government. It has now emerged that the US also conducted surveillance against SPIEGEL.

Walks during working hours aren’t the kind of pastime one would normally expect from a leading official in the German Chancellery. Especially not from the head of Department Six, the official inside Angela Merkel’s office responsible for coordinating Germany’s intelligence services.

Walks during working hours aren’t the kind of pastime one would normally expect from a leading official in the German Chancellery. Especially not from the head of Department Six, the official inside Angela Merkel’s office responsible for coordinating Germany’s intelligence services.

But in the summer of 2011, Günter Heiss found himself stretching his legs for professional reasons. The CIA’s station chief in Berlin had requested a private conversation with Heiss. And he didn’t want to meet in an office or follow standard protocol. Instead, he opted for the kind of clandestine meeting you might see in a spy film.

Officially, the CIA man was accredited as a counsellor with the US Embassy, located next to Berlin’s historic Brandenburg Gate. Married to a European, he had already been stationed in Germany once before and knew how to communicate with German officials. At times he could be demanding and overbearing, but he could also be polite and courteous. During this summer walk he also had something tangible to offer Heiss.

The CIA staffer revealed that a high-ranking Chancellery official allegedly maintained close contacts with the media and was sharing official information with reporters with SPIEGEL.

The American provided the name of the staffer: Hans Josef Vorbeck, Heiss’ deputy in Department Six. The information must have made it clear to Heiss that the US was spying on the German government as well as the press that reports on it.

The central Berlin stroll remained a secret for almost four years. The Chancellery quietly transferred Vorbeck, who had until then been responsible for counterterrorism, to another, less important department responsible dealing with the history of the BND federal intelligence agency. Other than that, though, it did nothing.

Making a Farce of Rule of Law

Officials in the Chancellery weren’t interested in how the CIA had obtained its alleged information. They didn’t care to find out how, and to which degree, they were being spied on by the United States. Nor were they interested in learning about the degree to which SPIEGEL was being snooped on by the Americans. Chancellery officials didn’t contact any of the people in question. They didn’t contact members of the Bundestag federal parliament sitting on the Parliamentary Control Panel, the group responsible for oversight of the intelligence services. They didn’t inform members of the Office for the Protection of the Constitution, the agency responsible for counterintelligence in Germany, either. And they didn’t contact a single public prosecutor. Angela Merkel’s office, it turns out, simply made a farce of the rule of law.

As a target of the surveillance, SPIEGEL has requested more information from the Chancellery. At the same time, the magazine filed a complaint on Friday with the Federal Public Prosecutor due to suspicion of intelligence agency activity.

Because now, in the course of the proceedings of the parliamentary investigative committee probing the NSA’s activities in Germany in the wake of revelations leaked by whistleblower Edward Snowden, details about the event that took place in the summer of 2011 are gradually leaking to the public. At the beginning of May, the mass-circulation tabloid Bild am Sonntag reported on a Chancellery official who had been sidelined “in the wake of evidence of alleged betrayal of secrets through US secret services.”

Research conducted by SPIEGEL has determined the existence of CIA and NSA files filled with a large number of memos pertaining to the work of the German newsmagazine. And three different government sources in Berlin and Washington have independently confirmed that the CIA station chief in Berlin was referring specifically to Vorbeck’s contacts with SPIEGEL.

An Operation Justified by Security Interests?

Obama administration sources with knowledge of the operation said that it was justified by American security interests. The sources said US intelligence services had determined the existence of intensive contacts between SPIEGEL reporters and the German government and decided to intervene because those communications were viewed as damaging to the United States’ interests. The fact that the CIA and NSA were prepared to reveal an ongoing surveillance operation to the Chancellery underlines the importance they attached to the leaks, say sources in Washington. The NSA, the sources say, were aware that the German government would know from then on that the US was spying in Berlin.

As more details emerge, it is becoming increasingly clear that representatives of the German government at best looked away as the Americans violated the law, and at worst supported them.

Just last Thursday, Günter Heiss and his former supervisor, Merkel’s former Chief of Staff Ronald Pofalla, were questioned by the parliamentary investigative committee and attempted to explain the egregious activity. Heiss confirmed that tips had been given, but claimed they hadn’t been “concrete enough” for measures to be taken. When asked if he had been familiar with the issue, Pofalla answered, “Of course.” He said that anything else he provided had to be “in context,” at which point a representative of the Chancellery chimed in and pointed out that could only take place in a meeting behind closed doors.

In that sense, the meeting of the investigative committee once again shed light on the extent to which the balance of power has shifted between the government and the Fourth Estate. Journalists, who scrutinize and criticize those who govern, are an elementary part of the “checks and balances” — an American invention — aimed at ensuring both transparency and accountability. When it comes to intelligence issues, however, it appears this system has been out of balance for some time.

Government Lies

When SPIEGEL first reported in Summer 2013 about the extent of NSA’s spying on Germany, German politicians first expressed shock and then a certain amount of indignation before quickly sliding back into their persona as a loyal ally. After only a short time and a complete lack of willingness on the part of the Americans to explain their actions, Pofalla declared that the “allegations are off the table.”

But a number of reports published in recent months prove that, whether out of fear, outrage or an alleged lack of knowledge, it was all untrue. Everything the government said was a lie. As far back as 2013, the German government was in a position to suspect, if not to know outright, the obscene extent to which the United States was spying on an ally. If there hadn’t already been sufficient evidence of the depth of the Americans’ interest in what was happening in Berlin, Wednesday’s revelations by WikiLeaks, in cooperation with Süddeutsche Zeitung, filled in the gaps.

SPIEGEL’s reporting has long been a thorn in the side of the US administration. In addition to its reporting on a number of other scandals, the magazine exposed the kidnapping of Murat Kurnaz, a man of Turkish origin raised in Bremen, Germany, and his rendition to Guantanamo. It exposed the story of Mohammed Haydar Zammar, who was taken to Syria, where he was tortured. The reports triggered the launch of a parliamentary investigative committee in Berlin to look also into the CIA’s practices.

When SPIEGEL reported extensively on the events surrounding the arrest of three Islamist terrorists in the so-called “Sauerland cell” in Germany, as well as the roles played by the CIA and the NSA in foiling the group, the US government complained several times about the magazine. In December 2007, US intelligence coordinator Mike McConnell personally raised the issue during a visit to Berlin. And when SPIEGEL reported during the summer of 2009, under the headline “Codename Domino,” that a group of al-Qaida supporters was believed to be heading for Europe, officials at the CIA seethed. The sourcing included a number of security agencies and even a piece of information supplied by the Americans. At the time, the station chief for Germany’s BND intelligence service stationed in Washington was summoned to CIA headquarters in Langley, Virginia.

The situation escalated in August 2010 after SPIEGEL, together with WikiLeaks, the Guardian and the New York Times, began exposing classified US Army reports from Afghanistan. That was followed three months later with the publication of the Iraq war logs based on US Army reports. And in November of that year, WikiLeaks, SPIEGEL and several international media reported how the US government thinks internally about the rest of the world on the basis of classified State Department cables. Pentagon officials at the time declared that WikiLeaks had “blood on its hands.” The Justice Department opened an investigation and seized data from Twitter accounts, e-mail exchanges and personal data from activists connected with the whistleblowing platform. The government then set up a Task Force with the involvement of the CIA and NSA.

Not even six months later, the CIA station chief requested to go on the walk in which he informed the intelligence coordinator about Vorbeck and harshly criticized SPIEGEL.

Digital Snooping

Not long later, a small circle inside the Chancellery began discussing how the CIA may have got ahold of the information. Essentially, two possibilities were conceivable: either through an informant or through surveillance of communications. But how likely is it that the CIA had managed to recruit a source in the Chancellery or on the editorial staff of SPIEGEL?

The more likely answer, members of the circle concluded, was that the information must have been the product of “SigInt,” signals intelligence — in other words, wiretapped communications. It seems fitting that during the summer of 2013, just prior to the scandal surrounding Edward Snowden and the documents he exposed pertaining to NSA spying, German government employees warned several SPIEGEL journalists that the Americans were eavesdropping on them.

At the end of June 2011, Heiss then flew to Washington. During a visit to CIA headquarters in Langley, the issue of the alleged contact with SPIEGEL was raised again. Chancellery staff noted the suspicion in a classified internal memo that explicitly names SPIEGEL.

One of the great ironies of the story is that contact with the media was one of Vorbeck’s job responsibilities. He often took part in background discussions with journalists and even represented the Chancellery at public events. “I had contact with journalists and made no secret about it,” Vorbeck told SPIEGEL. “I even received them in my office in the Chancellery. That was a known fact.” He has since hired a lawyer.

It remains unclear just who US intelligence originally had in its scopes. The question is also unlikely to be answered by the parliamentary investigative committee, because the US appears to have withheld this information from the Chancellery. Theoretically, at least, there are three possibilities: The Chancellery — at least in the person of Hans Josef Vorbeck. SPIEGEL journalists. Or blanket surveillance of Berlin’s entire government quarter. The NSA is capable of any of the three options. And it is important to note that each of these acts would represent a violation of German law.

Weak Arguments

So far, the Chancellery has barricaded itself behind the argument that the origin of the information had been too vague and abstract to act on. In addition, the tip had been given in confidentiality, meaning that neither Vorbeck nor SPIEGEL could be informed. But both are weak arguments, given that the CIA station chief’s allegations were directed precisely at SPIEGEL and Vorbeck and that the intelligence coordinator’s deputy would ultimately be sidelined as a result.

And even if you follow the logic that the tip wasn’t concrete enough, there is still one committee to whom the case should have been presented under German law: the Bundestag’s Parliamentary Control Panel, whose proceedings are classified and which is responsible for oversight of Germany’s intelligence services. The nine members of parliament on the panel are required to be informed about all intelligence events of “considerable importance.”

Members of parliament on the panel did indeed express considerable interest in the Vorbeck case. They learned in fall 2011 of his transfer, and wanted to know why “a reliable coordinator in the fight against terrorism would be shifted to a post like that, one who had delivered excellent work on the issue,” as then chairman of the panel, Social Demoratic Party politician Thomas Oppermann, criticized at the time.

But no word was mentioned about the reasons behind the transfer during a Nov. 9, 2011 meeting of the panel. Not a single word about the walk taken by the CIA chief of station. Not a word about the business trip to Washington taken by Günter Heiss afterward. And not a word about Vorbeck’s alleged contacts with SPIEGEL. Instead, the parliamentarians were told a myth — that the move had been made necessary by cutbacks. And also because he was needed to work on an historical appraisal of Germany’s foreign intelligence agency, the BND.

Deceiving Parliament

Officials in the Chancellery had decided to deceive parliament about the issue. And for a long time, it looked as though they would get away with it.

The appropriate way of dealing with the CIA’s incrimination would have been to transfer the case to the justice system. Public prosecutors would have been forced to follow up with two investigations: One to find out whether the CIA’s allegations against Vorbeck had been true — both to determine whether government secrets had been breached and out of the obligation to assist a longtime civil servant. It also would have had to probe suspicions that a foreign intelligence agency conducted espionage in the heart of the German capital.

That could, and should, have been the case. Instead, the Chancellery decided to go down the path of deception, scheming with an ally, all the while interpreting words like friendship and partnership in a highly arbitrary and scrupulous way.

Günter Heiss, who received the tip from the CIA station chief, is an experienced civil servant. In his earlier years, Heiss studied music. He would go on as a music instructor to teach a young Ursula von der Leyen (who is Germany’s defense minister today) how to play the piano. But then Heiss, a tall, slightly lanky man, switched professions and instead pursued a career in intelligence that would lead him to the top post in the Lower Saxony state branch of the Office for the Protection of the Constitution. Even back then, the Christian Democrat was already covering up the camera on his laptop screen with tape. At the very least “they” shouldn’t be able to see him, he said at the time, elaborating that the “they” he was referring to should not be interpreted as being the US intelligence services, but rather the other spies – “the Chinese” and, “in any case, the Russians.” For conservatives like Heiss, America, after all, is friendly territory.

‘Spying Among Friends Not Acceptable’

If there was suspicion in the summer of 2011 that the NSA was spying on a staff member at the Chancellery, it should have set off alarm bells within the German security apparatus. Both the Office for the Protection of the Constitution, which is responsible for counter-intelligence, and the Federal Office for Information Security should have been informed so that they could intervene. There also should have been discussions between the government ministers and the chancellor in order to raise government awareness about the issue. And, going by the maxim the chancellor would formulate two years later, Merkel should have had a word with the Americans along the lines of “Spying among friends is not acceptable.”

And against the media.

If it is true that a foreign intelligence agency spied on journalists as they conducted their reporting in Germany and then informed the Chancellery about it, then these actions would place a huge question mark over the notion of a free press in this country. Germany’s highest court ruled in 2007 that press freedom is a “constituent part of a free and democratic order.” The court held that reporting can no longer be considered free if it entails a risk that journalists will be spied on during their reporting and that the federal government will be informed of the people they speak to.

“Freedom of the press also offers protection from the intrusion of the state in the confidentiality of the editorial process as well as the relationship of confidentiality between the media and its informants,” the court wrote in its ruling. Freedom of the press also provides special protection to the “the secrecy of sources of information and the relationship of confidentiality between the press, including broadcasters, and the source.”

Criminalizing Journalism

But Karlsruhe isn’t Washington. And freedom of the press is not a value that gives American intelligence agencies pause. On the contrary, the Obama administration has gained a reputation for adamantly pursuing uncomfortable journalistic sources. It hasn’t even shied away from targeting American media giants.

In spring 2013, it became known that the US Department of Justice mandated the monitoring of 100 telephone numbers belonging to the news agency Associated Press. Based on the connections that had been tapped, AP was able to determine that the government likely was interested in determining the identity of an important informant. The source had revealed to AP reporters details of a CIA operation pertaining to an alleged plot to blow up a commercial jet.

The head of AP wasn’t the only one who found the mass surveillance of his employees to be an “unconstitutional act.” Even Republican Senators like John Boehner sharply criticized the government, pointing to press freedoms guaranteed by the Bill of Rights. “The First Amendment is first for a reason,” he said.

But the Justice Department is unimpressed by such formulations. New York Times reporter James Risen, a two-time Pulitzer Prize winner, was threatened with imprisonment for contempt of court in an effort to get him to turn over his sources — which he categorically refused to do for seven years. Ultimately, public pressure became too intense, leading Obama’s long-time Attorney General Eric Holder to announce last October that Risen would not be forced to testify.

The Justice Department was even more aggressive in its pursuit of James Rosen, the Washington bureau chief for TV broadcaster Fox. In May 2013, it was revealed that his telephone was bugged, his emails were read and his visits to the State Department were monitored. To obtain the necessary warrants, the Justice Department had labeled Rosen a “criminal co-conspirator.”

The strategy of criminalizing journalism has become something of a bad habit under Obama’s leadership, with his government pursuing non-traditional media, such as the whistleblower platform WikiLeaks, with particular aggression.

Bradley Manning, who supplied WikiLeaks with perhaps its most important data dump, was placed in solitary confinement and tormented with torture-like methods, as the United Nations noted critically. Manning is currently undergoing a gender transition and now calls herself Chelsea. In 2013, a military court sentenced Manning, who, among other things, publicized war crimes committed by the US in Iraq, to 35 years in prison.

In addition, a criminal investigation has been underway for at least the last five years into the platform’s operators, first and foremost its founder Julian Assange. For the past several years, a grand jury in Alexandria, Virginia has been working to determine if charges should be brought against the organization.

Clandestine Proceedings

The proceedings are hidden from the public, but the grand jury’s existence became apparent once it began to subpoena witnesses with connections to WikiLeaks and when the Justice Department sought to confiscate data belonging to people who worked with Assange. The US government, for example, demanded that Twitter hand over data pertaining to several people, including the Icelandic parliamentarian Brigitta Jonsdottir, who had worked with WikiLeaks on the production of a video. The short documentary is an exemplary piece of investigative journalism, showing how a group of civilians, including employees of the news agency Reuters, were shot and killed in Baghdad by an American Apache helicopter.

Computer security expert Jacob Appelbaum, who occasionally freelances for SPIEGEL, was also affected at the time. Furthermore, just last week he received material from Google showing that the company too had been forced by the US government to hand over information about him – for the time period from November 2009 until today. The order would seem to indicate that investigators were particularly interested in Appelbaum’s role in the publication of diplomatic dispatches by WikiLeaks.

Director of National Intelligence James Clapper has referred to journalists who worked with material provided by Edward Snowden has his “accomplices.” In the US, there are efforts underway to pass a law pertaining to so-called “media leaks.” Australia already passed one last year. Pursuant to the law, anyone who reveals details about secret service operations may be punished, including journalists.

Worries over ‘Grave Loss of Trust’

The German government isn’t too far from such positions either. That has become clear with its handling of the strictly classified list of “selectors,” which is held in the Chancellery. The list includes search terms that Germany’s foreign intelligence agency, the BND, used when monitoring telecommunications data on behalf of the NSA. The parliamentary investigative committee looking into NSA activity in Germany has thus far been denied access to the list. The Chancellery is concerned that allowing the committee to review the list could result in uncomfortable information making its way into the public.

That’s something Berlin would like to prevent. Despite an unending series of indignities visited upon Germany by US intelligence agencies, the German government continues to believe that it has a “special” relationship with its partners in America — and is apparently afraid of nothing so much as losing this partnership.

That, at least, seems to be the message of a five-page secret letter sent by Chancellery Chief of Staff Peter Altmaier, of Merkel’s Christian Democrats, to various parliamentary bodies charged with oversight. In the June 17 missive, Altmaier warns of a “grave loss of trust” should German lawmakers be given access to the list of NSA spying targets. Opposition parliamentarians have interpreted the letter as a “declaration of servility” to the US.

Altmaier refers in the letter to a declaration issued by the BND on April 30. It notes that the spying targets passed on by the NSA since 2005 include “European political personalities, agencies in EU member states, especially ministries and EU institutions, and representations of certain companies.” On the basis of this declaration, Altmaier writes, “the investigative committee can undertake its own analysis, even without knowing the individual selectors.”

Committee members have their doubts. They suspect that the BND already knew at the end of April what WikiLeaks has now released — with its revelations that the German Economics Ministry, Finance Ministry and Agriculture Ministry were all under the gaze of the NSA, among other targets. That would mean that the formulation in the BND declaration of April 30 was intentionally misleading. The Left Party and the Greens now intend to gain direct access to the selector list by way of a complaint to Germany’s Constitutional Court.

The government in Berlin would like to prevent exactly that. The fact that the US and German intelligence agencies shared selectors is “not a matter of course. Rather, it is a procedure that requires, and indicates, a special degree of trust,” Almaier writes. Should the government simply hand over the lists, Washington would see that as a “profound violation of confidentiality requirements.” One could expect, he writes, that the “US side would significantly restrict its cooperation on security issues, because it would no longer see its German partners as sufficiently trustworthy.”

Altmaier’s letter neglects to mention the myriad NSA violations committed against German interests, German citizens and German media.

Shhh… US Government Hacks at OPM Exposed More Than 21Million People

It was much worse than previously reported: more than 21 million people were “swept up in a colossal breach of government computer systems that was far more damaging than initially thought”. Find out more from the New York Times.

Shhh… FBI, DEA & US Army Bought Italian Spyware

Find out more from The Intercept article below:

Leaked Documents Show FBI, DEA and U.S. Army Buying Italian Spyware

By Cora Currier and Morgan Marquis-Boire @coracurrier@headhntr

The FBI, Drug Enforcement Administration and U.S. Army have all bought controversial software that allows users to take remote control of suspects’ computers, recording their calls, emails, keystrokes and even activating their cameras, according to internal documents hacked from the software’s Italian manufacturer.

The company, Hacking Team, has also been aggressively marketing the software to other U.S. law enforcement and intelligence agencies, demonstrating their products to district attorneys in New York, San Bernardino, California, and Maricopa, Arizona; and multi-agency task forces like the Metropolitan Bureau of Investigation in Florida and California’s Regional Enforcement Allied Computer Team. The company was also in conversation with various other agencies, including the CIA, the Pentagon’s Criminal Investigative Service, the New York Police Department, and Immigrations and Customs Enforcement.

The revelations come from hundreds of gigabytes of company information, including emails and financial records, which were released online Sunday night and analyzed by The Intercept. Milan-based Hacking Team is one of a handful of companies that sell off-the-shelf spyware for hundreds of thousands of euros — a price point accessible to smaller countries and large police forces. Hacking Team has drawn fire from human rights and privacy activists who contend that the company’s aggressive malware, known as Remote Control System, or RCS, is being sold to countries that deploy it against activists, political opponents and journalists.

Even in the U.S., where the software would presumably be used only with a judge’s approval, the tactic is still controversial. Just last month, Sen. Chuck Grassley, R-Iowa, wrote to the director of the FBI asking for “more specific information about the FBI’s current use of spyware,” in order for the Senate Judiciary Committee to evaluate “serious privacy concerns.”

The leaked emails show that the FBI has been using Hacking Team’s software since 2011, apparently for the secretive Remote Operations Unit. It’s long been reported that the FBI has deployed malware in investigations, but details on the agency’s efforts are thin, with the tactic only surfacing rarely in court cases — such as one instance last year when the FBI spoofed an Associated Press article to get a target to click on a link. The FBI reportedly develops its own malware and also buys pre-packaged products, but the relationship with Hacking Team has not been previously confirmed.

Hacking Team’s spokesperson, Eric Rabe, said in a statement that “we do not disclose the names or locations of our clients” and “we cannot comment on the validity of documents purportedly from our company.”

The director of the Metropolitan Bureau of Investigation in Florida told The Intercept that it “does not have plans to purchase any product from Hacking Team.” The Manhattan District Attorney’s office said, “It would be an overstatement to say that our office is planning to purchase this type of software. This company is one of several in the industry whom we’ve requested meetings with in order to keep pace with rapid technological advancements in the private sector.”

The CIA declined to comment, and ICE said it “does not discuss law enforcement tools and techniques.” (The Intercept will update this story if other agencies named in the documents respond to requests for comment.)

The leaked emails show that U.S. agencies worried about the legality and perception of Hacking Team’s tools.

Hacking Team refers to its U.S. clients by code names. The FBI unit is “Phoebe” (initially “f-client,” but one employee complained “it sounds like an antivirus),” the DEA is “Katie,” and the CIA, which appears to have sampled, but not bought Remote Control System, is “Marianne.”

In 2011, a representative of the DEA’s Office of Investigative Technology told Hacking Team that its budget request for Remote Control System had been denied because it was considered “too controversial,” according to an email. “We are working on the foreign angle,” the DEA said, according to Hacking Team’s U.S. account manager.

“I imagine Katie [DEA] is referring to the fact that they as the DEA could buy RCS for other countries (Colombia) where it’s less problematic to use it,” an employee replied in Italian.

The purchase did go through in 2012, and it appears to have been used mainly in conjunction with Colombian law enforcement. As one email explained, “Katie will be administrator of the system, while the locals will be collecting the data. They are saying if this works out, they will bring it to other countries around the world. Already they are speaking of El Salvador and Chile.”

Robotec, a company that manages Hacking Team’s sales to several Latin American countries, also mentions clients in Colombia using DEA funding.

Local police in the U.S. also had their worries. Florida law enforcement told Hacking Team this year that the software could create legal problems without the ability to have “‘minimization’ of the calls and messages — (ie. deleting portions which are not relevant to the search.)”

In 2013, San Bernardino’s district attorney wanted to go to a judge to obtain a warrant targeting a “known bad guy” even for a trial run of the software. “If the systems [sic] proves itself in this live trial, and the judge is convinced of both its value and proper protection of privacy, they would then move into the purchase phase,” one of Hacking Team’s U.S. business partners, from the security giant SS8, explained.

“One of the concerns of this segment is that the HT product is ‘too powerful,’” Fred D’Alessio, who sits on the board of SS8 and is identified on LinkedIn as a senior advisor to Hacking Team, wrote about local agencies. “They have also said, their biggest challenge is ‘getting the lawyers and the District Attorneys to agree on what they can do legally.”

Hacking Team’s FBI contacts worried that the spread of Hacking Team software around the country could cause word to get out (as has happened with technology like Stingrays, the devices that police use to track cell phone location.) “If San Bernardino gets exposed, they might also expose Phoebe,” Hacking Team’s U.S. point man, Alex Velasco, wrote in September 2013.

The FBI’s use of Hacking Team’s software also informs the public debate about the growing use of encryption to protect Internet communications. FBI and other top U.S. law enforcement officials have been calling for a law that would provide for a “backdoor” into commercial encryption technologies — something privacy advocates and many cybersecurity researchers see as a undermining Internet security.

Hacking Team claims that its software offers a way around encryption, obviating the need for a backdoor. Vincenzetti regularly sends out articles about the encryption debate to his email list with a plug for Remote Control System. Last February, he wrote that law enforcement and security agencies could use “technologies to ACCESS THE DATA they need IN CLEARTEXT, BEFORE it gets encrypted by the device and sent to the network and AFTER it is received from the network and decrypted by the device itself. Actually THIS IS precisely WHAT WE DO.”

The Buyers

The push into the local district attorney market, for which the company considered San Bernardino a pilot, appears to have been facilitated by SS8, a massive California-based security company that markets to law enforcement agencies in the United States and abroad. (Rabe denied that SS8 is working with Hacking Team, despite emails between the companies.) The local market could be lucrative: a budget for the district attorney in New York that Hacking Team proposed in April totaled $760,000 in upfront license fees, and another $382,000 in services and maintenance.

“As with so many other surveillance technologies that were originally created for the military and intelligence community, they eventually trickle down to local law enforcement who start using them without seeking the approval of legislators — and, in many cases, keeping the courts in the dark too,” said Christopher Soghoian, principal technologist of the American Civil Liberties Union.

The DEA, FBI and Army bought Hacking Team’s software through a company called Cicom, which for several years served as a middleman for Hacking Team’s U.S. business. The DEA and Army contracts to buy Remote Control System through Cicom were first revealed by the advocacy group Privacy International this spring. Reporters noted that Cicom shared the same corporate address in the United States as Hacking Team, but when asked about the connection by Ars Technica, Hacking Team’s U.S. spokesperson Eric Rabe said, “I cannot confirm any relationship between the company Cicom and Hacking Team.”

Alex Velasco, Cicom’s general manager, has in fact been a consultant under contract to represent Hacking Team to clients in North America since 2012, company emails show. The relationship ended in March, after Hacking Team accused Velasco of scheming to market competing products, according to an internal investigation commissioned by Hacking Team. Velasco declined to comment to The Intercept on the allegations, because he is in legal proceedings with Hacking Team.

Hacking Team was also in talks in 2014 with the FBI’s National Domestic Communications Assistance Center, a secretive unit formed in 2012 and focused on interception technologies. Velasco claims in an email that the group came to them after Citizen Lab, a research group at the University of Toronto focused on Internet technology and human rights, published a highly critical report on Hacking Team’s global sales. “If anything good came out of the Citizen lab articles is that it brought them to contact us to see if it was true,” he wrote. “Thank you Citizen Lab!!”

It’s not clear from Hacking Team emails what Army component bought an RCS system in 2011, but it was based at Fort Meade and apparently sat unused for years. According to a 2013 email from Velasco, “they purchased a system right before they got their budget cut…They were never given permission to pull an internet line to their office to install the system. (ridiculous but true!)”

Hacking Team was in the midst of negotiations for a new FBI contract from Cicom after Velasco’s firing, but the agency decided to go with another vendor due to budget timing issues, according to an email from Phillipe Vinci, Hacking Team’s vice president for business development. Besides, the product was “seen as a ‘nice to have’ by FBI,” but “they confessed they were using it for low level types of investigations. For critical operations, they were using another platform,” wrote Vinci. He said the FBI wanted more ability to go after users of Tor, the anonymizing web browser; those users accounted for 60 percent of its targets.

But Hacking Team appeared determined to continue its conquest of the U.S. market.

“There will be a process to have ‘HT Usa Inc.’ accredited,” wrote operations manager Daniele Milan. He pledged to stay in touch with the FBI, marketing new features, and identifying problems “to resolve for them (in exchange for $$$).”

While Hacking Team’s emails reveal the company to be stringent about selling only to governments, the company officials appear to worry less about how its technology is used once it gets to those customers. Responding to concerns raised by the district attorney of New York in 2013, Hacking Team’s chief operating officer Giancarlo Russo wrote that “all the consideration regarding the ‘legal framework’ cannot be addressed by us.”

Instead, he was more concerned about local customers’ ability to use the product effectively. “If you buy a Ferrari… they can teach you how to drive. They cannot grant you will be the winner of the race,” he wrote to his colleagues in English. “If Beretta sell you a gun, the most peculiar and sophisticated one, they can teach how to use it. They can not grant you are going to shoot your target properly on the field.”

–– Sheelagh McNeill contributed research to this report.

Shhh… WikiLeaks: NSA’s Been Bugging Top Brazilian Political and Financial Targets

To celebrate the US Independence Day on 4 July, WikiLeaks, together with The Intercept, released its latest disclosure “Bugging Brazil“, “a top secret US National Security Agency target list of 29 key Brazilian government phone numbers that were selected for intensive interception”.

“The US targeted not only those closest to the President, but waged an economic espionage campaign against Brazil, spying on those responsible for managing Brazil’s economy, including the head of its Central Bank. The US also extensively targetted Brazil’s diplomacy, targeting the phones of its Foreign Minister and its ambassadors to Germany, France, the EU, the US and Geneva as well as its military chiefs,” according to WikiLeaks.

“Our publication today shows the US has a long way to go to prove its dragnet surveillance on ‘friendly’ governments is over. The US has not just being targetting President Rouseff but the key figures she talks to every day. Even if US assurances of ceasing its targetting of President Rousseff could be trusted, which they cannot, it is fanciful to imagine that President Rousseff can run Brazil by talking to herself all day. If President Rousseff wants to see more US investment in Brazil on the back of her recent trip as she claims, how can she assure Brazilian companies that their US counterparts will not have an advantage provided by this surveillance, until she can really guarantee the spying has stopped – not just on her, but on all Brazilian issues,” said WikiLeaks Editor-in-Chief Julian Assange.

Check out the full list of NSA high priority targets for Brazil here.

Shhh… XKEYSCORE – The NSA Insight Into Everything We Do Online

Glenn Greenwald and his colleagues at The Intercept has just released an extensive report on the NSA use of XKEYSCORE. And here’s a video on the same topic: