Whistleblowing and Internal Monitoring/Investigations

Many thanks again to the Faculty of Law at the University of Hong Kong for hosting my presentation on “Whistleblowing & Internal Monitoring/Investigations” yesterday. It was a really interactive and responsive class. The scheduled three hours was barely enough to cover what I estimated to be an hour plus presentation thanks to all the interesting questions and my sincere apologies to the class for rushing through the latter parts of the slides.

One question at the end of the session, what’s the take-away on the topic.

With and without a poison-pen letter from a whistleblower, a pre-transaction reputation/investigative due diligence should always be conducted ahead of all other types of due diligence. This is not a biased opinion but one proven by real life experience from many past cases whereby some serious and damaging red flags on reputation issues/risks could potentially kill a transaction no matter how good the counterparties emerged in the legal, financial and other due diligence – although in some situations clients took advantage of the negative findings to re-negotiate terms for the pending transaction. Information is power!

In a post-transaction external/internal investigation especially one potentially heading to the courts, with and without a poison-pen letter, it is critical to conduct public records research first as the findings could be documented evidence legally admissible in courts that can help the lawyers and clients win the case. If the public records search turns out futile (a likely scenario in non-transparent and opaque jurisdictions), the findings from intelligence becomes pivotal.

I shared with the class an example of a typical court case whereby the client wins if we can prove two people A & B collaborated on a fraud scheme. No surprise they denied even knowing each other. A barrister once told me how he often receives surveillance photos of A & B say having coffee together as evidence – and how he can easily lose the case with such weak evidence. The best evidence is to prove the two have a long history of relationship – they attended the same school (public records), they were past business partners (public records), their companies were sued (public records), they commented on each other’s FaceBook (could be public records), etc. In the absence of any/sufficient public records evidence, findings from intelligence gathering can potentially turn into public records and important evidence. Consider:

– They not only attended the same school but same class, same computer club and even went on a school camping trip to Nepal when they were 10. The latter are findings from intelligence gathering
as they may be difficult to find in public records but the sources could provide photos as proof.

– They were in the same WhatsApp & WeChat groups? A source from the group could provide a screenshot of group members as proof.

– They were neighbors when they were young? This could be difficult to prove in public records because they don’t own the properties then but if there’s a lead they were neighbors, a search on their parents names could lead to documented proof.

Hence the importance of intelligence gathering. And thinking out of the box.

Shhh… What About Snowden Now with NSA Surveillance on Hold?

(Above) Photo credit: http://glenngreenwald.net/

Check out the following Guardian article:

Charges against Edward Snowden stand, despite telephone surveillance ban

The former NSA contractor revealed the banned surveillance programme, but an Obama administration spokesman says they will not review his charges

The White House refused to reconsider its legal pursuit of Edward Snowden on Monday, while it sought to take credit for outlawing the bulk telephone surveillance programme he revealed.

Obama administration spokesman Josh Earnest rejected the argument that the imminent passage of legislation banning the practice meant it was time to take a fresh look at the charges against the former National Security Agency contractor.

“The fact is that Mr Snowden committed very serious crimes, and the US government and the Department of Justice believe that he should face them,” Earnest told the Guardian at the daily White House press briefing.

“That’s why we believe that Mr Snowden should return to the United States, where he will face due process and have the opportunity to make that case in a court of law.”

Earnest refused to comment on whether Snowden could be allowed to employ a whistleblower defence if he choose to return voluntarily, something his supporters have argued is impossible under current Espionage Act charges.

“Obviously this is something that the Department of Justice would handle if they are having [those conversations],” said Earnest. “The thing I would put out is that there exists mechanisms for whistleblowers to raise concerns about sensitive national security programmes.”

“Releasing details of sensitive national security programmes on the internet for everyone, including our adversaries to see, is inconsistent with those protocols that are established for protecting whistleblowers,” he added.

But the White House placed itself firmly on the side of NSA reform, when asked if the president was “taking ownership” of the USA Freedom Act, which is expected to pass Congress later this week.

“To the extent that we’re talking about the president’s legacy, I would suspect [it] would be a logical conclusion from some historians that the president ended some of these programmes,” replied Earnest.

“This is consistent with the reforms that the president advocated a year and a half ago. And these are reforms that required the president and his team to expend significant amounts of political capital to achieve over the objection of Republicans.”

The administration also avoided four separate opportunities to warn that the temporary loss of separate Patriot Act surveillance provisions that expired alongside bulk collection on Sunday night had put the safety of Americans at risk, as some have claimed.

“All I can do is I can illustrate to you very clearly that there are tools that had previously been available to our national security professionals that are not available today because the Senate didn’t do their job,” said Earnest.

“As a result, there are programmes and tools that our national security professionals themselves say are important to their work that are not available to them right now, as we speak.”

Asked four times by reporters whether that meant Americans were markedly less safe as a result of the standoff in the Senate, the White House spokesman repeatedly said it was up to these national security staff, not him, to say.

Shhh… Spy On Spies – A New Breed of Spies

Here’s an interesting story:


Meet the privacy activists who spy on the surveillance industry

by Daniel Rivero | April 6, 2015

LONDON– On the second floor of a narrow brick building in the London Borough of Islington, Edin Omanovic is busy creating a fake company. He is playing with the invented company’s business cards in a graphic design program, darkening the reds, bolding the blacks, and testing fonts to strike the right tone: informational, ambiguous, no bells and whistles. In a separate window, a barren website is starting to take shape. Omanovic, a tall, slender Bosnian-born, Scottish-raised Londonite gives the company a fake address that forwards to his real office, and plops in a red and black company logo he just created. The privacy activist doesn’t plan to scam anyone out of money, though he does want to learn their secrets. Ultimately, he hopes that the business cards combined with a suit and a close-cropped haircut will grant him access to a surveillance industry trade show, a privilege usually restricted to government officials and law enforcement agencies.

Once he’s infiltrated the trade show, he’ll pose as an industry insider, chatting up company representatives, swapping business cards, and picking up shiny brochures that advertise the invasive capabilities of bleeding-edge surveillance technology. Few of the features are ever marketed or revealed openly to the general public, and if the group didn’t go through the pains of going undercover, it wouldn’t know the lengths to which law enforcement and the intelligence community are going to keep tabs on their citizens.

“I don’t know when we’ll get to use this [company], but we need a lot of these to do our research,” Omanovic tells me. (He asked Fusion not to reveal the name of the company in order to not blow its cover.)

The strange tactic– hacking into an expo in order to come into close proximity with government hackers and monitors– is a regular part of operations at Privacy International, a London-based anti-surveillance advocacy group founded 25 years ago. Omanovic is one of a few activists for the group who goes undercover to collect the surveillance promotional documents.

“At last count we had about 1,400 files,” Matt Rice, PI’s Scottish-born advocacy officer says while sifting through a file cabinet full of the brochures. “[The files] help us understand what these companies are capable of, and what’s being sold around the world,” he says. The brochures vary in scope and claims. Some showcase cell site simulators, commonly called Stingrays, which allow police to intercept cell phone activity within a certain area. Others provide details about Finfisher– surveillance software that is marketed exclusively to governments, which allows officials to put spyware on a target’s home computer or mobile device to watch their Skype calls, Facebook and email activity.

The technology buyers at these conferences are the usual suspects — the Federal Bureau of Investigation (FBI), the UK’s Government Communications Headquarters (GCHQ), and the Australian Secret Intelligence Service– but also representatives of repressive regimes —Bahrain, Sudan, pre-revolutionary Libya– as the group has revealed in attendees lists it has surfaced.

At times, companies’ claims can raise eyebrows. One brochure shows a soldier, draped in fatigues, holding a portable device up to the faces of a somber group of Arabs. “Innocent civilian or insurgent?,” the pamphlet asks.

“Not certain?”

“Our systems are.”

The treasure trove of compiled documents was available as an online database, but PI recently took it offline, saying the website had security vulnerabilities that could have compromised information of anyone who wanted to donate to the organization online. They are building a new one. The group hopes that the exposure of what Western companies are selling to foreign governments will help the organization achieve its larger goal: ending the sale of hardware and software to governments that use it to monitor their populations in ways that violate basic privacy rights.

The group acknowledges that it might seem they are taking an extremist position when it comes to privacy, but “we’re not against surveillance,” Michael Rispoli, head of PI’s communications, tells me. “Governments need to keep people safe, whether it’s from criminals or terrorists or what it may be, but surveillance needs to be done in accordance with human rights, and in accordance with the rule of law.”

The group is waging its fight in courtrooms. In February of last year, it filed a criminal complaint to the UK’s National Cyber Crime Unit of the National Crime Agency, asking it to investigate British technology allegedly used repeatedly by the Ethiopian government to intercept the communications of an Ethiopian national. Even after Tadesse Kersmo applied for– and was granted– asylum in the UK on the basis of being a political refugee, the Ethiopian government kept electronically spying on him, the group says, using technology from British firm Gamma International. The group currently has six lawsuits in action, mostly taking on large, yet opaque surveillance companies and the British government. Gamma International did not respond to Fusion’s request for comment on the lawsuit, which alleges that exporting the software to Ethiopian authorities means the company assisted in illegal electronic spying.

“The irony that he was given refugee status here, while a British company is facilitating intrusions into his basic right to privacy isn’t just ironic, it’s wrong,” Rispoli says. “It’s so obvious that there should be laws in place to prevent it.”

PI says it has uncovered other questionable business relationships between oppressive regimes and technology companies based in other Western countries. An investigative report the group put out a few months ago on surveillance in Central Asia said that British and Swiss companies, along with Israeli and Israeli-American companies with close ties to the Israeli military, are providing surveillance infrastructure and technical support to countries like Turkmenistan and Uzbekistan– some of the worst-ranking countries in the world when it comes to freedom of speech, according to Freedom House. Only North Korea ranks lower than them.

PI says it used confidential sources, whose accounts have been corroborated, to reach those conclusions.

Not only are these companies complicit in human rights violations, the Central Asia report alleges, but they know they are. Fusion reached out to the companies named in the report, NICE Systems (Israel), Verint Israel (U.S./ Israel), Gamma (UK), or Dreamlab (Switzerland), and none have responded to repeated requests for comment.

The report is a “blueprint” for the future of the organization’s output, says Rice, the advocacy officer. “It’s the first time we’ve done something that really looks at the infrastructure, the laws, and putting it all together to get a view on how the system actually works in a country, or even a whole region,” says Rice.

“What we can do is take that [report], and have specific findings and testimonials to present to companies, to different bodies and parliamentarians, and say this is why we need these things addressed,” adds Omanovic, the researcher and fake company designer.

The tactic is starting to show signs of progress, he says. One afternoon, Omanovic was huddled over a table in the back room, taking part in what looked like an intense conference call. “European Commission,” he says afterwards. The Commission has been looking at surveillance exports since it was revealed that Egypt, Tunisia, and Bahrain were using European tech to crack down on protesters during the Arab Spring, he added. Now, PI is consulting with some members, and together they “hope to bring in a regulation specifically on this subject by year’s end.”

***

Privacy International has come a long way from the “sterile bar of an anonymous business hotel in Luxembourg,” where founder Simon Davies, then a lone wolf privacy campaigner, hosted its first meeting with a handful of people 25 years ago. In a blog post commemorating that anniversary, Davies (who left the organization about five years ago) described the general state of privacy advocacy when that first meeting was held:

“Those were strange times. Privacy was an arcane subject that was on very few radar screens. The Internet had barely emerged, digital telephony was just beginning, the NSA was just a conspiracy theory and email was almost non-existent (we called it electronic mail back then). We communicated by fax machines, snail mail – and through actual real face to face meetings that you travelled thousands of miles to attend.”

Immediately, there were disagreements about the scope of issues the organization should focus on, as detailed in the group’s first report, filed in 1991. Some of the group’s 120-odd loosely affiliated members and advisors wanted the organization to focus on small privacy flare-ups; others wanted it to take on huge, international privacy policies, from “transborder data flows” to medical research. Disputes arose as to what “privacy” actually meant at the time. It took years for the group to narrow down the scope of its mandate to something manageable and coherent.

Gus Hosein, current executive director, describes the 90’s as a time when the organization “just knew that it was fighting against something.” He became part of the loose collective in 1996, three days after moving to the UK from New Haven, Connecticut, thanks to a chance encounter with Davies at the London Economics School. For the first thirteen years he worked with PI, he says, the group’s headquarters was the school pub.

They were fighting then some of the same battles that are back in the news cycle today, such as the U.S. government wanting to ban encryption, calling it a tool for criminals to hide their communications from law enforcement. “[We were] fighting against the Clinton Administration and its cryptography policy, fighting against new intersections of law, or proposals in countries X, Y and Z, and almost every day you would find something to fight around,” he says.

Just as privacy issues stemming from the dot com boom were starting to stabilize, 9/11 happened. That’s when Hosein says “the shit hit the fan.”

In the immediate wake of that tragedy, Washington pushed through the Patriot Act and the Aviation and Transportation Security Act, setting an international precedent of invasive pat-downs and extensive monitoring in the name of anti-terrorism. Hosein, being an American, followed the laws closely, and the group started issuing criticism of what it considered unreasonable searches. In the UK, a public debate about issuing national identification cards sprung up. PI fought it vehemently.

“All of a sudden we’re being called upon to respond to core policy-making in Western governments, so whereas policy and surveillance were often left to some tech expert within the Department of Justice or whatever, now it had gone to mainstream policy,” he says. “We were overwhelmed because we were still just a ragtag bunch of people trying to fight fights without funding, and we were taking on the might of the executive arm of government.”

The era was marked by a collective struggle to catch up. “I don’t think anyone had any real successes in that era,” Hosein says.

But around 2008, the group’s advocacy work in India, Thailand and the Philippines started to gain the attention of donors, and the team decided it was time to organize. The three staff members then started the formal process of becoming a charity, after being registered as a corporation for ten years. By the time it got its first office in 2011 (around the time its founder, Davies, walked away to pursue other ventures) the Arab Spring was dominating international headlines.

“With the Arab Spring and the rise of attention to human rights and technology, that’s when PI actually started to realize our vision, and become an organization that could grow,” Hosein says. “Four years ago we had three employees, and now we have 16 people,” he says with a hint of pride.

***

“This is a real vindication for [Edward] Snowden,” Eric King, PI’s deputy director says about one of the organization’s recent legal victories over the UK’s foremost digital spy agency, known as the Government Communications Headquarters or GCHQ.

PI used the documents made public by Snowden to get the British court that oversees GCHQ to determine that all intelligence sharing between GCHQ and the National Security Administration (NSA) was illegal up until December 2014. Ironically, the court went on to say that the sharing was only illegal because of lack of public disclosure of the program. Now that details of the program were made public thanks to the lawsuit, the court said, the operation is now legal and GCHQ can keep doing what it was doing.

“It’s like they’re creating the law on the fly,” King says. “[The UK government] is knowingly breaking the law and then retroactively justifying themselves. Even though we got the court to admit this whole program was illegal, the things they’re saying now are wholly inadequate to protect our privacy in this country.”

Nevertheless, it was a “highly significant ruling,” says Elizabeth Knight, Legal Director of fellow UK-based civil liberties organization Open Rights Group. “It was the first time the [courts have] found the UK’s intelligence services to be in breach of human rights law,” she says. “The ruling is a welcome first step towards demonstrating that the UK government’s surveillance practices breach human rights law.”

In an email, a GCHQ spokesperson downplayed the significance of the ruling, saying that PI only won the case in one respect: on a “transparency issue,” rather than on the substance of the data sharing program. “The rulings re-affirm that the processes and safeguards within these regimes were fully adequate at all times, so we have not therefore needed to make any changes to policy or practice as a result of the judgement,” the spokesperson says.

Before coming on board four years ago, King, a 25-year old Wales native, worked at Reprieve, a non-profit that provides legal support to prisoners. Some of its clients are at Guantanamo Bay and other off-the-grid prisons, something that made him mindful of security concerns when the group was communicating with clients. King worried that every time he made a call to his clients, they were being monitored. “No one could answer those questions, and that’s what got me going on this,” says King.

Right now, he tells me, most of the group’s legal actions have to do with fighting the “Five Eyes”– the nickname given to the intertwined intelligence networks of the UK, Canada, the US, Australia and New Zealand. One of the campaigns, stemming from the lawsuit against GCHQ that established a need for transparency, is asking GCHQ to confirm if the agency illegally collected information about the people who signed a “Did the GCHQ Illegally Spy On You?” petition. So far, 10,000 people have signed up to be told whether their communications or online activity were collected by the UK spy agency when it conducted mass surveillance of the Internet. If a court actually forces GCHQ to confirm whether those individuals were spied on, PI will then ask that all retrieved data be deleted from the database.

“It’s such an important campaign not only because people have the right to know, but it’s going to bring it home to people and politicians that regular, everyday people are caught up in this international scandal,” King says. “You don’t even have to be British to be caught up in it. People all over the world are being tracked in that program.”

Eerke Boiten, a senior lecturer at the interdisciplinary Cyber Security Centre at the University of Kent, says that considering recent legal victories, he can’t write off the effort, even if he would have dismissed it just a year ago.

“We have now finally seen some breakthroughs in transparency in response to Snowden, and the sense that intelligence oversight needs an overhaul is increasing,” he wrote in an email to me. “So although the [British government] will do its best to shore up the GCHQ legal position to ensure it doesn’t need to respond to this, their job will be harder than before.”

“Privacy International have a recent record of pushing the right legal buttons,” he says. “They may win again.”

A GCHQ spokesperson says that the agency will “of course comply with any direction or order” a court might give it, stemming from the campaign.

King is also the head of PI’s research arm– organizing in-depth investigations into national surveillance ecosystems, in tandem with partner groups in countries around the world. The partners hail from places as disparate as Kenya and Mexico. One recently released report features testimonials from people who reported being heavily surveilled in Morocco. Another coming out of Colombia will be more of an “exposé,” with previously unreported details on surveillance in that country, he says.

And then there’s the stuff that King pioneered: the method of sneaking into industry conferences by using a shadow company. He developed the technique Omanovic is using. King can’t go to the conferences undercover anymore because his face is now too well known. When asked why he started sneaking into the shows, he says: “Law enforcement doesn’t like talking about [surveillance]. Governments don’t talk about it. And for the most part our engagement with companies is limited to when we sue them,” he laughs.

When it comes to the surveillance field, you would be hard pressed to find a company that does exactly what it says it does, King tells me. So when he or someone else at PI sets up a fake company, they expect to get about as much scrutiny as the next ambiguous, potentially official organization that lines up behind them.

Collectively, PI has been blacklisted and been led out of a few conferences over the past four years they have been doing this, he estimates.

“If we have to navigate some spooky places to get what we need, then that’s what we’ll do,” he says. Sometimes you have to walk through a dark room to turn on a light. Privacy International sees a world with a lot of dark rooms.

“Being shadowy is acceptable in this world.”

Shhh… Apple Still Wants to Find You Even When Location Services are Switched Off

Interesting live demonstration – see video clip below, where the publisher Chris Gagné said:

Apple’s help text says “You can also turn Location Services off altogether by deselecting Enable Location Services in the Privacy pane of Security & Privacy preferences. However, here’s a video showing that although Location Services are turned off, Apple’s com.apple.geod (their location services daemon) is still active and attempting to communicate with gsp-ssl.ls.apple.com. It’s blocked from doing so by Little Snitch, whose Network Monitor is showing all of these attempts. This is on Mac Os 10.10.2.

Shhh… Paris Attacks: Dangerous Precedence & Irreversible Damages with Cameron's Pursuit of “Safe Spaces” & Ban on Encrypted Online Messaging Apps

In the aftermath of the recent Charlie Hebdo attacks, it came as no surprise politicians were quick to up the antenna (again) on surveillance and stifle the right to privacy – whilst, in the same breath, they drape themselves publicly in Paris to embrace free speech and press freedom.

British Prime Minister David Cameron, for example, stole the headlines this week saying that, if re-elected in May, he would ban encrypted online messaging apps like WhatsApp and Snapchat if the British intelligence agencies were not given backdoors to access the communications.

“We must not allow terrorists safe space to communicate with each other,” said Cameron as he spoke about a “comprehensive piece of legislation” to close the “safe spaces” used by suspected terrorists – and also planned to encourage US President Barack Obama (who should be reminded that he has promised to pursue NSA reforms) to make internet companies like Facebook and Twitter cooperate with British intelligence agencies to track the online activities of Islamist extremists.

Backdoors are by and large security holes and what Cameron is proposing would set a dangerous precedence with irreversible consequences far beyond the loss of free speech – this is best summed up in the following open letter to David Cameron (below – and here):

Cameron-OpenLetter
Cameron-OpenLetter2

Shhh… Online Privacy: How to Track & Manage Our Digital Shadow

Photo (above) credit: http://thespecialhead.deviantart.com/art/Shadow-people-304525517

I found this excellent MyShadow website which not only explains what digital shadows mean but also provides a useful tool to check what traces one leaves online – by specifying the hardware and software one uses – and best of all, explores ways to mitigate them.

Have fun cleaning up your digital footprints.

Shadow-myshadowORG
Shadow-myshadowORG2
Shadow-myshadowORG3
Shadow-myshadowORG4

Shhh… US Federal Court: Warrantless Surveillance Footage in Public Areas is an Invasion of Privacy

Guess one would easily assume privacy does not apply in public areas – just look at the proliferation of CCTV cameras in the streets.

Well, that’s probably not necessarily the case judging by one recent court ruling in Washington. It may be good news for the general public and bad news for law enforcement.

Now first, many would probably associate the following 2 photos with typical covert surveillance operations, whereby operatives waited patiently to snap photos (and video) evidence of their subjects.

Surveillance-Detectives

Surveillance-Detectives2

But in this case involving the Washington police and Leonel Vargas (an “undocumented” immigrant suspected of drug trafficking), the authorities had a better idea.

The police planted a video camera, without a warrant, on a nearby utility pole 100 yards from Vargas’ rural Washington state house and shot 6 weeks worth of footage of his front yard whereby they eventually captured convincing evidence.

Vargas challenged the case on the grounds of violation of his privacy, which the government argued was not valid as his front yard is a public space and thus privacy does not apply.

The evidence put forward by the authorities was subsequently thrown out of the court by US District Judge Edward Shea, whose ruling is well summed up as such:

Law enforcement’s warrantless and constant covert video surveillance of Defendant’s rural front yard is contrary to the public’s reasonable expectation of privacy and violates Defendant’s Fourth Amendment right to be free from unreasonable search. The video evidence and fruit of the video evidence are suppressed.

Find out more about this case from here and there.

Shhh… How to Contact US Senators Who Block NSA Surveillance Bill & Disregard Our Privacy

Fancy rolling up your sleeves and doing something about the (continued) intrusions of your privacy and communications? Now here’s your chance.

The US Senate was just 2 votes shy last Tuesday on the USA Freedom Act, a surveillance reform bill which would have otherwise put a (legal) stop to the National Security Agency’ clandestine domestic surveillance programs and metadata collection as revealed by the Snowden revelations.

Here is a list of the senators and their respective votes:

U.S. Senate Roll Call Votes 113th Congress - 2nd Session

And here’s a list of those 42 senators that voted NAYs – ie. they support more NSA surveillance – along with their social media handles so you can send them a personal Twitter message. Reckon they wouldn’t mind at all since they don’t value privacy, or respect your privacy to be precise. Besides it’s only their contact coordinates disclosed. Tell them how you feel about losing more than your contact coordinates, ie. your metadata and privacy. And share it with your friends, they may have something to tell those senators. So why are you waiting?

USsenate-Vote2
USsenate-Vote3
USsenate-Vote4

And here’s one to highlight:

Shhh… Lawsuit After Proof of British Police Spying on Reporters for Years

A media friend once revealed how a stranger called him to offer some leaks, tried to force him to disclose his sources (which he declined) when they met and eventually coerced him to cooperate or “bear the consequences”.

He sought my advice after running away from the stranger – that he assumed to be a Chinese spy – as he reckoned all his communication channels have been snooped. It was a fear he lives to this day.

I suppose he is not as “lucky” as these British journalists (see story below), who filed a lawsuit against the London’s Metropolitan Police and Britain’s Home Office after they discovered evidence of how the British police have spent years stalking and detailing their movements.

UK Police Spied on Reporters for Years, Docs Show

LONDON — Nov 21, 2014, 12:28 PM ET
By RAPHAEL SATTER Associated Press

Freelance video journalist Jason Parkinson returned home from vacation this year to find a brown paper envelope in his mailbox. He opened it to find nine years of his life laid out in shocking detail.

Twelve pages of police intelligence logs noted which protests he
covered, who he spoke to and what he wore all the way down to the color of his boots. It was, he said, proof of something he’d long suspected: The police were watching him.

“Finally,” he thought as he leafed through documents over a strong black coffee, “we’ve got them.”

Parkinson’s documents, obtained through a public records request, are the basis of a lawsuit being filed by the National Union of Journalists against London’s Metropolitan Police and Britain’s Home Office. The lawsuit, announced late Thursday, along with recent revelations about the seizure of reporters’ phone records, is pulling back the curtain on how British police have spent years tracking the movements of the country’s news media.

“This is another extremely worrying example of the police monitoring journalists who are undertaking their proper duties,” said Paul Lashmar, who heads the journalism department at Britain’s Brunel University.

The Metropolitan Police and the Home Office both declined to comment.

Parkinson, three photographers, an investigative journalist and a newspaper reporter are filing the lawsuit after obtaining their surveillance records. Parkinson, a 44-year-old freelancer who has covered hundreds of protests some of them for The Associated Press said he and his colleagues had long suspected that the police were monitoring them.

“Police officers we’d never even met before knew our names and seemed to know a hell of a lot about us,” he said.

Several journalists told AP the records police kept on them were sometimes startling, sometimes funny and occasionally wrong.

One intelligence report showed that police spotted Parkinson cycling near his then-home in northwest London and carried detailed information about him and his partner at the time.

Jules Mattsson, a 21-year-old journalist with the Times of London, says another record carried a mention of a family member’s medical history, something he says made him so upset he called the police to demand an explanation.

“No one could possibly defend this,” he said.

Jess Hurd, a 41-year-old freelance photographer and Parkinson’s partner, said she was worried the intelligence logs were being shared internationally.

“I go to a lot of countries on assignment,” she said. “Where are these database logs being shared? Who with, for what purpose?”

The revelations add to public disclosures about British police secretly seizing journalists’ telephone records in leak investigations. Several senior officers have recently acknowledged using anti-terrorism powers to uncover journalists’ sources by combing through the records.

Some police argue they’re hunting for corrupt officers, a particularly salient issue in the wake of Britain’s phone hacking scandal, which exposed how British tabloid journalists routinely paid officers in exchange for scoops.

It isn’t yet clear how often the practice takes place, but the admission drew concern in Parliament and outrage from media groups.
Lashmar, a member of the National Union of Journalists who is not involved in the lawsuit, said the specter of terrorism was pushing police to be bolder and bolder about how closely they watch the nation’s press.

“Police seem to have got the message that journalists are now fair game and you can surveil and watch them,” he said.

Shhh… When the Postman Became A Spy

Question: If the NSA managed to threaten and make Internet and technology giants like Yahoo, Google, Apple, Facebook, etc to hand over our metadata, who else could they target?

The US Postal Service?

And why not – since the information like names, addresses and postmark dates of both the senders and recipients conveniently splashed on the package covers could provide valuable investigative leads to law enforcement agencies?

As it turned out, the USPS Office of Inspector General (OIG) — the internal watchdog of the postal service – found that “USPS captured information from the outside of about 49,000 pieces of consumer mail in 2013 and turned much of it over to law enforcement organizations throughout the country, unbeknownst to the intended senders and recipients” – see full story below.

And why then should one trust the postal services outside the US – given the Snowden revelations also revealed how intelligence agencies across the globe have duly followed the NSA leads?

The US Postal Service has been quietly surveilling more mail than anyone thought

Program captured information from the outside of 49,000 pieces of mail in 2013 alone, sharing it with law enforcement agents

By Carl Franzen on October 28, 2014 02:15 pm

Snail mail is growing steadily less popular thanks to the internet, but people in the US still send lots of it every year — over 158 billion pieces of mail were handled by the US Postal Service in 2013 alone. As it turns out, the USPS has also been quietly spying on way more of the mail passing through its doors than previously acknowledged. A report from the agency’s internal watchdog — the USPS Office of Inspector General (OIG) — found that USPS captured information from the outside of about 49,000 pieces of consumer mail in 2013 and turned much of it over to law enforcement organizations throughout the country, unbeknownst to the intended senders and recipients. This information reportedly did not include the contents of letters and packages, but rather was limited to the information appearing only on the exterior, such as names, addresses, and postmark dates.

The report on the USPS information capturing program, called “mail covers,” was initially published to little fanfare over the summer and subsequently reported on by Politico, but is getting more attention now with an article appearing today in The New York Times that includes additional details.

First some background: the mail covers program is hardly new, it’s been in existence for over a hundred years, as The Times notes. It’s also not as invasive as a full search warrant for the contents of mail, which the USPS also grants (although only for federal search warrants; state search warrants aren’t accepted by the agency). In a guide for law enforcement agencies, the USPS explains exactly how the program works: a police officer/law enforcement agent needs to be already conducting an investigation into a suspected felony and have the names and addresses for their intended surveillance targets. The officer must send this information to the USPS through the mail or provide it verbally (in person or over the phone), along with a reason why the mail cover is needed. Then the USPS will begin capturing the information from the exterior of all the targets’ incoming and outgoing mail for up to 30 days (although extensions are available). The USPS says that “information from a mail cover often provides valuable investigative leads,” but adds that it “is confidential and should be restricted to those persons who are participating in the investigation.”

However, as the OIG report found, there are numerous problems with the way the USPS has been running the mail covers program. For starters, the USPS has a mail cover app that apparently doesn’t work very well and is blamed for the agency continuing to capture information from the mail of 928 targets even after the surveillance period was supposed to have ended. The USPS also appears to have started mail cover surveillance on targets without sufficient justification from law enforcement as to why it was needed, and some USPS employees didn’t even keep the written justification on file like they were supposed to. And in a further failure of duty, several mail covers weren’t started on time. Perhaps most troubling of all, the USPS doesn’t appear to have been accurately reporting the total number of mail covers in its official records provided to the Times under Freedom of Information Act requests, which show only 100,000 total requests for mail surveillance between 2001 and 2012 (an average of 8,000 a year, way fewer than the 49,000 mail covers acknowledged in the OIG report). The USPS said it agreed with the findings of the OIG report and would work to implement changes, but for an agency already struggling with how to move into the future, the findings are hardly good news.

Shhh… More NSA Shakeup Following Another Conflict of Interest?

More personnel problems at the National Security Agency…

Another conflict of interest matter has led the agency’s top spy Teresa Shea to leave her position as director of signals intelligence (SIGINT), which the NSA said last week was a “routine” transition “planned well before recent news articles”.

Shea as the SIGINT head was behind some of the most controversial mass surveillance programs disclosed by former NSA contractor Edward Snowden.

The shakeup followed a recent BuzzFeed report (below) on the financial interests of Shea and her husband James Shea. The latter was a contractor with a SIGINT “contracting and consulting” company – Telic Networks – registered to the couple’s home. He is also the vice president of another SIGINT contractor – DRS Signals Solutions – that “appears to do business with the NSA”. The sleuth Shea herself had also incorporated an “office and electronics” business at her home.

These headlines came hot on the heels of recent reports on former NSA director Keith Alexander, who had business dealings with potential conflicts of interest during and after his NSA reign in March. Furthermore, a recent Reuters report found Alexander also hired another top NSA official, chief technology officer Patrick Dowd, to work at his new cyber-security company when Dowd was still on NSA payroll.

Find out more from the following Buzzfeed report:

Exclusive: Shakeup At NSA After BuzzFeed News Reports On Potential Conflict Of Interest

Top National Security Agency official Teresa Shea is leaving her position after BuzzFeed News reported on her and her husband’s financial interests. The move comes as the NSA faces more questions about the business dealings of its former director Keith Alexander, and potential ethics conflicts. This post has been updated to include a response from the NSA.

posted on Oct. 24, 2014, at 12:28 p.m.

Aram Roston
BuzzFeed Staff

WASHINGTON — One of the nation’s top spies is leaving her position at the National Security Agency (NSA), a spokesman confirmed Friday, amid growing disclosures of possible conflicts of interest at the secretive agency.
The shakeup comes just a month after BuzzFeed News began reporting on the financial interests of the official, Teresa Shea, and her husband.

Shea was the director of signals intelligence, or SIGINT, which involves intercepting and decoding electronic communications via phones, email, chat, Skype, and radio. It’s widely considered the most important mission of the NSA, and includes some of the most controversial programs disclosed by former contractor Edward Snowden, including the mass domestic surveillance program.

The NSA provided a statement Friday that said Teresa Shea’s “transition” from the SIGINT director job was routine and “planned well before recent news articles.” The agency indicated she would remain employed, but did not provide specifics.

The Sheas did not respond to a message left at their home telephone number.

In September, BuzzFeed News reported that a SIGINT “contracting and consulting” company was registered at Shea’s house, even while she was the SIGINT director at NSA. The resident agent of the company, Telic Networks, was listed as James Shea, her husband.

Mr. Shea is also the vice president of a major SIGINT contractor that appears to do business with the NSA. The company, DRS Signals Solutions, is a subsidiary of DRS Technologies, which itself is a subsidiary of Italian-owned Finmeccanica SPA.

Last week BuzzFeed News also reported Shea herself had incorporated an “office and electronics” business at her house, and that the company owned a six-seat airplane and a condominium in the resort town of Hilton Head, South Carolina.

Over the past month, Teresa and James Shea haven’t returned phone calls, and the NSA has declined to comment about any specifics, beyond explaining how the agency tries to address conflict of interest issues in general, and to say that “the agency takes Federal ethics laws quite seriously.”

In April, Adm. Michael Rogers took over as director of the NSA, and it was expected he might shuffle staff. One intelligence source said Shea’s departure from her job appeared to be due in part to the “optics” of a top NSA official coming under scrutiny by the press for her and her husband’s business dealings. The other said the press disclosures may have nothing to do with her leaving.

In a statement Friday, NSA spokesman Michael Halbig said that “NSA considers regular rotations of senior leaders as a catalyst for achieving diverse, fresh perspectives on the nation’s critical national security challenges.”

He added that “We value her leadership as a senior leader and look forward to her continued contribution to the mission to help defend the nation.”

Since she would no longer be director of SIGINT, presumably potential conflicts stemming from her husband’s role as a SIGINT contractor, with a SIGINT company at their home, would be alleviated.

Shea, as SIGINT director, presided over most of the NSA operations disclosed by Snowden. The most controversial of those is the mass domestic surveillance program, under which the agency collects data on virtually every phone call Americans make, domestically or overseas, from a cell phone or a landline. But other operations included disclosures that calls by the leaders of foreign allies were intercepted, and that a vast amount of electronic communications were collected from American internet companies such as Google and Yahoo.

Last week, the NSA came under increasing pressure because of the business dealings of former director Keith Alexander, who left the agency in March.

Reuters disclosed that Alexander hired another top NSA official to work at his company, even while the scientist continued to work at the NSA. Reuters said the NSA had begun a review of the unusual agreement, under which NSA Chief Technology Officer Patrick Dowd was to work 20 hours a week at Alexander’s company, Ironnet Cybersecurity, while still working for the U.S. government.

This week, after the controversy erupted, the company said Dowd would no longer work there.

Shhh… Privacy: Tor Guide on Browsing Anonymously

Here’s an interesting chart on how to use Tor to browse the web anonymously:

TorInfographics

The Tor Project is a free software and an open network that shields your online identity and thus helps you maintain privacy by defending against network surveillance:

But Tor can still be compromised and multiple layers of security is recommended:

Shhh-cretly to Feature in "Citizen B": A Documentary on Surveillance & Privacy

Shhh-cretly was interviewed by renowned and award-winning director Werner Boote, who was in Hong Kong with his Austrian crew this week to film Citizen B, a 90-minute documentary on surveillance and privacy to be released in 2015.

IMG_20141009_161005

IMG_20141009_161920

CitizenB

CitizenB2

Shhh… The Guardian Bagged An Emmy

Congratulations to The Guardian for winning an Emmy award in New York Tuesday night for its groundbreaking coverage on the Snowden revelations.

The multimedia interactive feature NSA Decoded by The Guardian emerged the winner in the new approaches: current news category at the news and documentary Emmy awards.

The interactive coverage, which includes interviews and discussions with key players like journalist Glenn Greenwald, former NSA employees, senators and members of US congress, helps the audience understand the facts and implications of Edward Snowden’s disclosures last year about the NSA’s mass surveillance program.

The Guardian has also won in April, along with the Washington Post, the Pulitzer prize for public service for their groundbreaking coverage of the Snowden revelations.

Shhh…. Court Documents Revealed NSA Threatened Yahoo to Provide Metadata

The US government once threatened to fine internet giant Yahoo with fines of US$250,000 a day in 2008 for every day it failed and balked at demand for user data to support government mass surveillance programs that the company believed was unconstitutional, according to numerous media reports citing court documents unsealed Thursday, adding further concrete insights into how the federal authorities forced American tech companies to take part in the controversial NSA’s PRISM program as revealed by the Snowden revelations last year which were initially denied by those companies and the American government.

The 1500-pages of documents reportedly revealed how Yahoo waged and eventually lost a secretive legal battle as government attorneys held firm that Yahoo holds no legal standing on users’ privacy issues – and also warned the company not to inform users the government snoops on their communications metadata.

Yahoo challenged and lost its case – first at the Foreign Intelligence Surveillance Court and subsequently at an appeals court, the Foreign Intelligence Court of Review – and finally complied with the government demands, which were later extended to other major players in the US tech industry, including Google, Apple and Facebook – see photo below (Credit: Picture taken from the book “No Place to Hide” by Glenn Greenwald).

Glenn-pg108

According to Greenwald in his recent book:

“The court [Foreign Intelligence Surveillance Act court] is one of the most secretive institutions in the government. All of its rulings are automatically designated top secret, and only a small handful of people are authorized to access its decisions.”

And according to one of the documents Greenwald received from NSA whistle-blower Edward Snowden:

“It ordered Verizon Business to turn over to the NSA “all call detail records” for “communications (i) between the United States and abroad; and (ii) wholly within the United States, including local telephone calls.”

And:

“Moreover, the court order specified that the bulk collection of American telephone records was authorized by Section 215 of the Patriot Act. Almost more than the ruling itself, this radical interpretation of the Patriot Act was especially shocking.”

It remains to be seen if similar court documents relating to other US tech companies would soon emerge.

Shhh… New US Drone Base in the Sahara

The government of Niger has given the Pentagon the greenlight to set up a new and second drone base in the West African nation – in one of the most remote places along an ancient caravan crossroads in the middle of the Sahara, at the mud-walled desert city of Agadez.

This base, its third in the region, will allow the US military to fly unarmed drones along a desert corridor that connects northern Mali and southern Libya which allows the drones to zero on a key route for arms traffickers, drug smugglers and Islamist fighters migrating across the Sahara, according to a report by online news portal Stuff in New Zealand based on sources from Nigerian and US officials.

This move allows the Pentagon “track Islamist fighters who have destabilized parts of North and West Africa. It also advances a little-publicized US strategy to tackle counter-terrorism threats alongside France, the former colonial power in that part of the continent,” according to Stuff.

A document from the US Department of Justice dated July 16, 2010 was released to justify US drone killings.

USdronesSahara

The picture above reveals the American and French military presence in the Sahara region, courtesy of The Washington Post.

Shhh… GCHQ's Hacking Tools Leaked

The latest Snowden revelations include a leaked document that lists the cyber-spy tools and techniques used by the American NSA’s UK counterpart GCHQ, according to a BBC News report.

More disturbing point: the GCHQ apparently used its toolbox to find ways to “alter the outcome of online polls, find private Facebook photos, and send spoof emails that appeared to be from Blackberry users, among other things”.

Shhh… GCHQ’s Hacking Tools Leaked

The latest Snowden revelations include a leaked document that lists the cyber-spy tools and techniques used by the American NSA’s UK counterpart GCHQ, according to a BBC News report.

More disturbing point: the GCHQ apparently used its toolbox to find ways to “alter the outcome of online polls, find private Facebook photos, and send spoof emails that appeared to be from Blackberry users, among other things”.

More US Cyber-Spying?

Defense Secretary Hagel Faces a Tough Time Explaining This to China

US Defense Secretary Chuck Hagel announced at the National Security Agency headquarters last Friday that the Pentagon would triple its cyber security staff – to 6,000 – over the next few years to defend against computer-based attacks.

That’s great. I wonder how Hagel is going to face the music when he visits China later this week where he expects to be grilled on the latest NSA revelations and aggressive US cyber spying. Just last month, it was revealed that the NSA has for years assessed the networks of Chinese telecommunications company Huawei, which the US House of Representatives has long advocated that US companies should avoid on the grounds of national security.

Find out more from my latest column here and there.

When the Boss Hacks

Hot Mails

There is an unspoken underlying tension in the workplace on privacy matters relating to office telephones, computers, emails, documents, CCTV cameras, etc. Employers like to think they reserve the right to probe what they consider their property while employees believe their turf is clear from invasion.

This tension is nowhere better exemplified than by reports last Thursday that operatives with US tech giant Microsoft Inc. hacked into a blogger’s Hotmail account in the course of an investigation to try to identify an employee accused of stealing Microsoft trade secrets.

And it is not uncommon in my business to encounter client complaints about potential espionage and other alleged misconduct by their employees, leading to their consideration to search the (company-owned) computers, emails, phone records, etc.

Find out more from my latest column here and there.

Coping With Offline Snoops

Latest NSA Revelations Not the End of the World

The latest NSA revelations about their ability to penetrate into computers that are not even connected to the Internet may have caused deep concerns but there are at least 2 defensive measures one can undertake.

You can find out more from my latest column here.

Shhh… the NSA's special app for iPhones

The NSA has a special DROPOUTJEEP program for all Apple devices including the iPhones to intercept all SMS messages, collect contact lists, locate a phone (and its user/owner) and also activate the device’s microphone and camera with 100 percent success rate, according to a leaked document obtained by German magazine Der Speigel and a presentation by security researcher/independent journalist Jacob Applebaum, who said:

“[The NSA] literally claim that anytime they target an iOS device that it will succeed for implantation. Either they have a huge collection of exploits that work against Apple products, meaning that they are hoarding information about critical systems that American companies produce and sabotaging them, or Apple sabotaged it themselves. Not sure which one it is. I’d like to believe that since Apple didn’t join the PRISM program until after Steve Jobs died, that maybe it’s just that they write sh—y software. We know that’s true.”

I wrote in Sept 2012 that the NSA and Defense Information Systems Agency (the unit that manages all communications hardware needs for the Pentagon) issued their own specially developed smartphones for their top level officials. And they chose Android – no surprise now?!

Check out this NSA doc and YouTube presentation.

Shhh… the NSA’s special app for iPhones

The NSA has a special DROPOUTJEEP program for all Apple devices including the iPhones to intercept all SMS messages, collect contact lists, locate a phone (and its user/owner) and also activate the device’s microphone and camera with 100 percent success rate, according to a leaked document obtained by German magazine Der Speigel and a presentation by security researcher/independent journalist Jacob Applebaum, who said:

“[The NSA] literally claim that anytime they target an iOS device that it will succeed for implantation. Either they have a huge collection of exploits that work against Apple products, meaning that they are hoarding information about critical systems that American companies produce and sabotaging them, or Apple sabotaged it themselves. Not sure which one it is. I’d like to believe that since Apple didn’t join the PRISM program until after Steve Jobs died, that maybe it’s just that they write sh—y software. We know that’s true.”

I wrote in Sept 2012 that the NSA and Defense Information Systems Agency (the unit that manages all communications hardware needs for the Pentagon) issued their own specially developed smartphones for their top level officials. And they chose Android – no surprise now?!

Check out this NSA doc and YouTube presentation.

What Snowden Has Shown the World

The Year 2014 Equals 1 P.S.

Historians can be expected to mark June 9, 2013 as a significant date in the evolution of the surveillance and monitoring of mankind and peg 2013 alongside George Orwell’s Nineteen Eighty-Four, making 2014 officially 1PS – one year Post Snowden.

There is justification for this chronological divide. The world will be working its way out of the events of last June for years and decades to come, trying to come to grips with the astonishing ability of electronic snoopers to surreptitiously monitor the details of millions of lives.

It appears that they will continue to be able to do so despite growing knowledge of the pervasive level of this surveillance.

Please find the full column here.

The Walls that Spy

Bad news for those who say ‘If only the walls could talk’. They can.

Hotel rooms are never safe havens as spies know only too well, but warnings of the risk often fall on deaf ears, to the sorrow or sometimes embarrassment of the tenants. Two recent news stories and the episode that I describe below hopefully change the public perceptions.

The stories describe how the UK’s Government Communications Headquarters (GCHQ) has traced and wiretapped top diplomats in their hotel suites over the past three years through its secret “Royal Concierge” program, which tracked some 350 hotels across the world, according to documents exposed by the former US intelligence contractor turned fugitive Edward Snowden.

Separately, it emerged in media reports last week that US President Barack Obama takes extreme measures to ward off any threats of secret video or audio surveillance by setting up an anti-spy portable tent in his hotel suite when traveling abroad, including in allied countries that the US allegedly targeted in conducting massive surveillance against foreign leaders and citizens. That amplifies the deep US concerns about being spied upon as much as spying on its friends and risks inviting potential hypocritical labeling of the White House.

I have written previously about the risk but there is much more than meets the eye, including an interesting exchange I once had with a foreign agent about the spy trade and hotel room risks.

Please find the entire column here and there.

For Whom the Whistle Blows

That Whistle Could Have You Behind Bars

For Whom the Bell Tolls was a 1940 novel by Ernest Hemingway about an American in the International Brigades who blows up a bridge during the Spanish Civil War with death the ultimate sacrifice.

But what about For Whom The Whistle Blows? That informs the current debate about Bradley Manning and Edward Snowden, two Americans who risked their lives by leaking documents on US foreign policy and covert cyber-snooping activities during the US war on terrorism. Are they prisoners – one in a US army stockade and the other in exile in Moscow – of conscience?

In contrast to the contemptuous labels and espionage charges the US government slapped on the two, one a US Army private first class and the other a former government intelligence contractor, both claimed their motive was to spark public debate and promote greater transparency in US government conduct. Whistle-blowers in general have all along been quite rightly championed and heralded by the authorities, media and the general public – at least by those whose oxen are not being gored from the revelations. Such are the dichotomies of modern history.

You can find the entire column here and there.

Was Edward Snowden A Spy?

Or was Dick Cheney looking for a cheap excuse to play politics?

Edward Snowden with his sudden departure from Hong Kong for Moscow and eventually elsewhere, possibly a country hostile to the US, would reignite the question if he’s a spy or double agent.

But the allegations made last week by former US vice president Dick Cheney that the National Security Agency whistle-blower Edward Snowden could be a spy for China is off track, and he knows it, and are a deliberate public distraction as the Obama administration searches for scapegoats in the midst of defending the NSA surveillance programs with their one and only trump card.

Snowden left with his passport annulled, a warrant on his head plus criminal charges of espionage, theft and communicating classified intelligence to unauthorized persons.

But here is the dichotomy: While the corporate world is still coping with US regulations on better corporate governance practices, where does the notion of whistleblowing stand right now?

Please read the entire column here.

If I Were Snowden

The Art of Hiding and Being Undetectable

The world knows by now Edward Snowden, the former private contractor for the National Security Agency who leaked revelations of massive US clandestine electronic surveillance and eavesdropping programs, is still at large in Hong Kong.

You might wonder how Snowden managed to remain obscure, both in the physical and cyber spheres.

Hong Kong, a former British colony now a major global financial center and Special Administrative Region of China, is one of the most densely populated areas in the world with a population of over seven million spread over just 1,104 square kilometers.

But it is precisely for these reasons that Hong Kong may be the ideal place. One could be easily spotted or located or one could capitalize on the dense crowd and modern infrastructure to negotiate his way unnoticed in the physical, digital and cyber dimensions.

And Snowden sure knows how to do that.

So what would you do if you were Snowden or if you simply needed to hide and remain undetectable for a period of time?

Please read the full column here and there.

The Enemies of the US

Take your pick: Edward Snowden, Internet and phone service providers, or just everybody?

The furor over the past week about how US intelligence agencies like the National Security Agency and the Federal Bureau of Investigation have for years scooped up massive loads of private communications data raises one critical and distressing question.

Who, worldwide and in the US, are the general public supposed to trust now that it seems all forms of digital and cyber communications risk being read by the American authorities? The Americans, it seems, don’t believe it’s that big a deal. By 62-34, according to the latest poll by Pew Research and the Washington Post, they say it’s more important to investigate the threats than protect their privacy. But what about the rest of the world?

The immediate acknowledgement, rather than point blank denial, of the massive clandestine eavesdropping programs is no doubt alarming even for those long suspicious of such covert undertakings. But the more disturbing part is that the official response amounts to plain outright lies.

Please read this entire Opinion Column here.

The State of Cyber-War

In Spies We Trust

The two-day private talks between the US and Chinese Presidents Barack Obama and Xi Jinping this weekend in Rancho Mirage, CA are expected to include, among other thorny issues, the dwindling trust between the two countries following the recent spate of cyber intrusions the US have repeatedly alleges to have originated from China.

In the first diplomatic efforts to defuse chronic tensions, the two have also agreed to launch regular, high-level talks next month on how to set standards of behavior for cyber security and commercial espionage. But don’t expect anything concrete from these meetings. The state of cyberspace diplomacy is heading only south.

Please read the full column here.

Big Brother Meets Big Data

The Security Assault on Social Networks

Forget hacking. It works but it’s illegal.

Big data mining is the future of cyber espionage. It is not illegal as long as the data is open source and in the public domain. And all that data on “open” social networking Web sites are most vulnerable.

Two recent commercially developed software packages could soon be giving your government and employer and possibly anyone else who is interested – ways to spy on you like never before, including monitoring your words, your movements and even your plans now and into the future.

Please read the full column here and there.

DIY Counter Espionage

Spying on Spies

The FBI probe into the scandal involving former CIA director David Petraeus and his mistress may have stolen global headlines the past week.

But there is something else the FBI knows that should warrant more attention. Something closer to those of us less exalted than the boss of the world’s most famous spy agency.

The FBI is known to have video footage, covertly taken in a hotel room somewhere in China, showing how Chinese agents broke in and swept through the belongings and laptop of an American businessman.

There were recent media reports of similar incidents. The FBI is now showing the clip as a warning to corporate security experts of major US companies.

The FBI also warned some months ago about the risks of using hotel wi-fi networks and recommended all government officials, businessmen and academic personnel take extra caution when traveling abroad.

Whilst the corporate world is often most at risks, the average citizens are also highly vulnerable, especially to electronic surveillance on home and foreign soil.

So what can one do to protect the personal data and business secrets on the computers, especially when traveling abroad?

Please read full article here and there.

How to Beat the CIA and Protect Your Data

A little secret and long overdue column – as I have promised some weeks ago.

How about leading a cyber lifestyle without the risks of compromising your computer, privacy and precious confidential data… ie. your life?!

There’s an easy solution and you do not have to be a computer expert. But the CIA, MI6, etc, wouldn’t want you to know the trick… because you can beat those spies and hackers by going online and leaving no trace.

Read the full article here.

Shhh… Spying on Journalists

The Pentagon’s recent sworn: They won’t spy on journalists.

(Yeah right…. Yes, I hear you at the back.)

The US Defense Secretary Leon Panetta gave an order July 19 to clampdown on classified leaks from the Pentagon and “monitor all major, national level reporting”.

This raised immediate concerns amongst the press as journalists wondered: is the Pentagon planning to spy on their very act of reporting or simply to conduct wide-sweeping news scans for supposedly leaked information? The former, left to one’s imagination, could include wiretapping, surveillance and various forms of intrusive acts.

The Pentagon press secretary George Little reportedly replied in writing:

“The secretary and the chairman both believe strongly in freedom of the press and encourage good relations between the department and the press corps.” (Read this).

Meanwhile, a true story, I know a journalist who was spied upon by a Chinese intelligence agent.

The agent apparently tried to recruit the reporter by offering “huge rewards” if he cooperates and collects information about certain individuals under the pretense of combing background data for potential stories.

This journo friend declined outright but not long after, he suspected his phones were bugged and asked for help.

My advice?

Quite simply though cumbersome: buy and replace regularly several low-value, use-and-dispose SIM cards, several used cellular phones (the pre-smartphone days type like those good old Nokia, Ericsson, Motorola, etc) and used laptops.

In short, change your phone and cyber lifestyle – at least for the time being (Refer to my earlier commentary: Shhh… How to Beat the CIA and Protect Your Data).

Shhh… Spies Boundary

I just picked up 2 interesting reports on surveillance matters.

It was reported that the FBI claimed its surveillance on those involved in the Occupy movement is within legal boundaries and did not cause “unnecessary intrusions into the lives of law-abiding people.”

This came after the American Civil Liberties Union used the Freedom of Information Act to secure FBI surveillance documents on the movement in a lawsuit and asked why the agency withheld two-thirds of its records and subsequently cited national security as a reason for the nondisclosure (Read this).

On the other side of the Atlantic Ocean, the civil rights group Liberty used the UK Data Protection Act to represent a disabled woman in a legal action against a commercial security firm and its undercover surveillance “usual practice” which, as part of their investigative works for insurance companies, send agents disguised as delivery men to spy on the sick and disabled in their homes (Read this).

These are just going to lead to endless debates. Watch this space, I might post a column on this topic.

 

Shhh… Counting Spies

Interesting spy updates over the past few days.

Question: where do you think is the spy capital of the world?

Hint: Starts with letter B.

Did someone say Bei….?

Answer: Brussels.

Say what, Brussels?! Well, that’s according to Belgian intelligence chief Alain Winants, who added that spies usually pretend to be diplomats, journalists, lobbyists, businessmen or students (Read this – and please see my previous columns about spies pretending to be businessmen in China and students in US campus in Spy vs Spy and Espionage on Campus, respectively).

Now speaking of diplomats, the well known intelligence historian and collector of spy gadgets H. Keith Millon reportedly claimed “there are more spies at the United Nations than diplomats” (Read this).

The latter piece is not surprising but much depends on one’s definition of spy. But then again, given Million’s reputation in the intelligence trade…

Shhh… New iPhone Spy App to Log the World

It’s the App, Stupid!

Sounds familiar? Yes, it’s often the software that matters more than the hardware.

Whilst the countdown to the new iPhone 5 release is grabbing headlines, there is reportedly a new Spy App for iPhone that should deserve even more attention. This is unlike any other past so called iPhone Spy software: imagine you can log all incoming and outgoing phone calls and SMS of a chosen target’s phone?!

Yes, I know. The potential for this new iPhone Spy App, if it’s true, will simply blow your socks off…

Shhh… How to Beat the CIA and Protect Your Data

Business travel is a nightmare these days, especially when one visits a country known for high espionage/ corporate espionage activities or active government eavesdropping and wiretapping.

So what if you need to transmit confidential data, sensitive business information and trade secrets via emails or the cloud? Or simply access your online banking account?

Public wifi pose significant risks. The Internet connection in your hotel room is not any better. And you can forget the Internet cafe.

No worries, there’s a solution and I will soon be posting a column on this matter. Watch this space.