• What is Section 702 and Why Should You Fear It

    March 11, 2023 // 7 Comments »

    You’ve been warned — a fight over the U.S. government’s ability to spy on its own citizens is coming to Congress. Section 702 is up for renewal again in December.

    Section 702 grew out of an illegal post-9/11 program called Stellarwind exposed by NSA whistleblower Tom Drake. It refers to a provision of the United States Foreign Intelligence Surveillance Act (FISA) that was enacted in 2008. It authorizes the U.S. government to collect the communications of non-U.S. persons located outside of the United States for the purpose of obtaining foreign intelligence information. But the program also allows for the incidental collection of information about U.S. persons who may be communicating with the targeted foreigners. Section 702 was renewed by Congress in 2018 with the passing of the FISA Amendments Reauthorization Act. This reauthorization extended the authority for Section 702 for another six years, through December 31, 2023, hence the looming fight.

    The reauthorization included some modifications to the program, including new reporting requirements and limitations on the use of information obtained under Section 702 in certain types of legal proceedings. The law also included some new privacy protections, such as the requirement for a warrant to search for and use information related to U.S. persons in certain cases. The latter only applies to the FBI, which is required to obtain a court order to review anything that comes up in response to queries using American identifiers that are purely for a criminal investigation with no link to national security. Oh yes, that’s right: Section 702, which was written to stop another 9/11, is widely used by domestic law enforcement as part of regular police work.

    But the most controversial aspect of the law remains the “Three Hops Rule.” If you are speaking with a foreigner outside the U.S. by phone, then that makes everyone else you speak with, American or not, eligible for monitoring. That’s one hop. Everyone they talk to is also eligible, that’s two hops, and so forth. The number of people subject to legal surveillance under Section 702 thus grows geometrically every time someone sends an email, like some sick version of the old game Six Degrees of Kevin Bacon. Suddenly one communication sweeps in many, often unrelated, persons, and the Fourth Amendment’s right to privacy is reduced to dryer lint because no warrants are generally needed and little if any oversight is applied. The scooping up of American communications is now (who says the Feds have no sense of humor) referred to as “incidental collection” even though it is quite purposeful.

    The two things, three hops and Section 702, were never intended to be used together but certainly are. Technological advances, primarily the internet and fiber-optic lines, made foreigners’ messages available on domestic U.S. networks — the routing of a communication from Beijing to London passes through America. Since the Reagan years, the NSA, with the help of communications companies, has been able to vacuum up in bulk, without targeting anyone, messages that both originate and terminate abroad as they travel across American networks.

    The potential for abuse is underscored by the scale of all this in an age when almost all of our communications are electronic (including phone calls) and when hubs of communication (Google and email providers, most of whom cooperate directly with the government to collect and hand over your data, as exposed by NSA whistleblower Edward Snowden) concentrate more and more of what we say, read, watch, and buy into fewer nodes to tap. In 2021, there were more than 230,000 foreign targets of Section 702 warrantless surveillance (that number multiplied by the three hops rule, of course.)

    In contrast, the government obtained FISA court warrants to eavesdrop on about only 300 Americans or noncitizens on domestic soil. Proponents of Section 702 argue obtaining warrants for all those foreigners would sharply curtail the intelligence the government is able to gather. Applying for court orders requires time and resources, and then there are those nasty legal and evidentiary standards to be met. Because everything is highly classified, absent whistleblowers, public oversight is limited. One declassified audit showed the FBI misused the system for routine employment checks and other unauthorized sneak peeks. The FISA court, in an example of what passes as oversight, criticized the FBI for “widespread violations” of rules intended to protect Americans’ privacy but still signed off on the program’s continuance.

    “Section 702 allows mass warrantless surveillance of individuals’ communications, including Americans. It embodies a long history of government overreach and abuse, including the most recent oversight report released in December 2022, which found that the FBI conducted numerous unlawful searches for Americans’ information,” Kathleen McClellan of ExposeFacts.org told The Spectator.

    One idea being floated is to separate the collection of raw material from the query process, i.e., actually using the material. A revised Section 702 would continue to allow mass monitoring, but before the NSA or FBI, et al, could search that collected date for Americans by identifier (name, Social Security number, etc.) they would need a warrant to show probable cause. Something like this change might be the key to seeing Section 702 reauthorized, as House Judiciary Committee members focus on civil liberties while members of the Intelligence Subcommittee tend to be more supportive of surveillance powers. The fear-mongering ducks are already being lined up. General Paul Nakasone, head of the NSA and Cyber Command, said 702 powers have helped the U.S. government stop planned terrorist plots and cyber espionage campaigns before they happen. “702 provides a critically important capability to the intelligence community as we face rising challenges from China and Russia, as well as threats from terrorism, cyber actors, and others,” Senate Intelligence Chair Mark Warner claims.

    Congress is expected to rely heavily on the advice of the U.S. Privacy and Civil Liberties Oversight Board (PCLOB), an independent executive branch agency led by a bipartisan group of five presidentially nominated and Senate-confirmed Board Members. The Board is examining significant changes to the operation of the 702 program since their Report on the Surveillance Program Operated Pursuant to Section 702 of the Foreign Intelligence Surveillance Act (2014) in order to provide an accurate description of the current program. The Board’s review covers selected focus areas for investigation, including but not necessarily limited to, U.S. person queries of information collected under Section 702, and ‘Upstream’ collection [data handed over from communication providers.] The Oversight Project also includes reviewing the program’s past and projected value and efficacy, as well as the adequacy of existing privacy and civil liberties safeguards. The changes made to Section 702 on the last renewal go-round in 2018 drew heavily from this report, a good indicator the PCLOB may influence the 2023 renewal process as well.

    The bad news is most of the Fourth Amendment protections of Americans’ privacy disappeared in the aftermath of September 11, all in the name of fighting terrorism. There seems no question Section 702, one of the Fourth Amendment-busting laws, will be renewed. The hope for civil libertarians and privacy advocates alike in salvaging some rights lies in marginal changes to the law along the line of PCLOB recommendations to limit use of Americans’ identifiers as query terms and to force NSA and others to disclose more of the extent of the program’s use. 

    Related Articles:




    Copyright © 2020. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity.

    Posted in Democracy, Post-Constitution America

    Tradecraft: Why Spies Knew the Hunter Biden Emails Were Not Russia Disinfo

    April 12, 2022 // Comments Off on Tradecraft: Why Spies Knew the Hunter Biden Emails Were Not Russia Disinfo

    Hunter Biden just paid over a million dollars in back taxes for income he never claimed, but which was found in his emails, the ones from his laptop that had been dismissed by the MSM as Russian disinformation.

    The FBI is conducting an ongoing criminal investigation into Hunter’s business activities based on the contents of the laptop. It was only the FBI’s use of the laptop as evidence which finally forced the New York Times this month to admit what it said was bull last year.

    See, as the NY Post broke the story that a laptop full of Hunter Biden’s files indicated a potential pay-for-play scenario involving then-candidate Joe Biden just ahead of the 2020 presidential election, almost in real time more than 50 former senior intelligence officials signed a letter claiming the emails “have all the classic earmarks of a Russian information operation.” The signers said their national security experience made them “deeply suspicious the Russian government played a significant role in this case. If we are right this is Russia trying to influence how Americans vote in this election, and we believe strongly that Americans need to be aware of this.”

    The letter played off prejudices from 2016 that the Russians manipulated an American election. In fact, most of the letter’s signatories — James Clapper and John Brennan among them — had played key roles in misdirecting public opinion around the DNC server hack and later the whole of Russiagate. In the hands of the MSM the meme quickly morphed into “the laptop is fake, ignore it.” Twitter and Facebook quickly banned all mentions of the laptop, and the story disappeared in the MSM. Until now.

    In my 24-year State Department career I was exposed to foreign disinformation and as a journalist today I read the Hunter Biden emails. There is no way experienced intelligence officers could have mistaken the contents of the Biden laptop for fake, produced, material.

    The most glaring reason is most of the important emails could be verified by simply contacting the recipient and asking him if the message was real. Disinfo at this level of sophistication would never be so simple to disprove.

    In addition, the laptop contents were about 80 percent garbage and maybe 20 percent useful (dirty) information, a huge waste of time if you are trying to move your adversary to act in a certain way. Such an overbearing amount of non-actionable material also risks burying the good stuff, and if this is disinfo you want your adversary to find the good stuff. It is also expensive to produce information that has no take attached to it, and fake info of any kind is at risk of discovery, blowing the whole operation. Lastly, nothing on the laptop was a smoking gun. You need the disinfo to lead fairly directly to some sort of actionable conclusion, a smoking gun, or your cleverness will be wasted.

    Compare the alleged Russian disinfo of the Biden laptop to the real disinfo of the Christopher Steele “Russiagate” Dossier. To begin, Steele pastes fake classified markings on his document. That signals amateur work to the pros but causes the media to salivate, Steele’s goal (always remember who your target is, who you are trying to fool.) Steele never names his sources to prevent verification by the media (a major tell.) Steele also finds a way to push the important info up front, in his case a Summary. If Biden’s laptop was disinfo, the makers could have included an Index, or Note to Self where “Hunter” called out the good stuff. Or maybe even a fake email doing the same. Steele’s dossier is also concise, 35 typed pages. Hunter’s laptop is a pack rat’s nightmare of jumbled stuff, thousands of pages, receipts, info on cam girls, and the like.

    But the real give away is who was out there peddling the info/disinfo. Ideally you want the stuff to come from the most reliable source you can find to give it credibility. Steele, as a professional intelligence officer, used multiple, overlapping sources, including himself. The list included leaks to a selected patsy journalists, the State Department, John McCain, and even the Department of Justice (FBI and DOJ officials.) Steele not only planted the disinfo, he figured out a way to create “buzz” around it. Textbook work.

    For the Biden laptop, it is understood the whole messy thing was shopped all across the MSM by Rudy Giuliani, about the most mistrusted man available for the purpose. The source must be reputable for the gag to work and there is no way a full-spectrum Russian disinformation operation would use Rudy. That alone should have ended the discussion among those 50 letter signing intelligence officials.

    Lastly, everything on the laptop was verifiable in an hour or two by an organization like the NSA. They could have had an intern verify the emails, bank statements, wire transfers, etc. using about half of the capabilities Edward Snowden revealed they have. James Clapper and John Brennan knew this, and knew equally well the media, if they picked up the story at all, would not ask any such questions, and the NSA, et al, would never weigh in. It would be our little secret.

    So we’ll call that letter claiming the Biden emails were potential Russian disinfo a lie, a fabrication, made-up, fake stuff designed to influence an election. That’s disinformation by any definition, and evidence the only disinformation op run in 2020 was run against the American voters by their own intelligence community working with the media and on behalf of the Democrats. Almost half of Americans now believe Trump would have won a second term if the media had fully reported on the laptop’s revelations, so it worked. You know some of its hallmarks now, so keep a sharp eye out in 2024.

     

    Related Articles:




    Copyright © 2020. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity.

    Posted in Democracy, Post-Constitution America

    The Terrifying Executive We Need for the Wrong Reasons

    December 18, 2016 // 65 Comments »

    trump

    I understand why all of the often false, usually bombastic, reporting on Trump is angering me.

    You know the stuff — take a “fact,” real or fully made up, and conflate it with some apocalyptic prediction. Watch: Trump alternates between wearing boxers and briefs. Will his indecisiveness cause him to pull back when America is attacked by the Russians?

    The other story everyone writes now is based on the journalist’s apparent post-November 9 discovery of an element of fascism, racism and/or parts of the Constitution and presidential practice. And so someone is shocked that Trump will be able to choose drone kill targets, or have access to everything the NSA sweeps up about his enemies.


    The first type of stories are just pathetic, kiddies with pencils seeing what they can get away with, journalists working out in public their disbelief that someone like Trump won, people witnessing their first presidential transition and not dealing with it well. Those stories will fade away, or move to the tabloids where they’ll find a home aside Elvis and Roswell.

    The latter stories, the ones worrying about what Trump will do with the power of _____ are more worrisome. The ascribe fear of executive power and a government run amuck to one man, someone they loathe, Trump. They ignore that these powers, of which we should all be legitimately terrified, are not of a man but of our system.

    Trump, per se, for example, doesn’t control drone killings, the executive does. Bush killed, Obama killed, the president after Trump will kill. Same for the NSA — they all had, and future presidents will have, the ability to spy on anyone.


    By focusing on one man, we imagine any solutions will rest in getting rid of this man (recount! electoral college! impeachment!) That is dangerous.

    Any solutions (I’m not optimistic) must be changes to the system of ever-growing executive power. In that sense, perhaps the election of someone so obvious in his erratic statements, so oafish in his behavior, may be for the best. A bucket of cold well water to the face might be what’s needed for a citizenry that allowed one president to sell all his acquisition of power via a faux-sincere monologue of fear mongering, and another on the strength of his coolness and personal trust.

    The change has to be to the system, not the person. In that sense, perhaps Trump will be the president we need, if not the one we wanted.



    Related Articles:




    Copyright © 2020. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity.

    Posted in Democracy, Post-Constitution America

    Requiem for the Obama Administration, Trump Edition

    December 7, 2016 // 78 Comments »

    obama_burns_constitution

    The problems many are now predicting under the Trump administration did not start on November 8. The near-unrestrained executive power claimed by the Obama administration will be transferred to the president-elect. Here’s what that means.


    Torture

    Obama did not prosecute, fire or discipline anyone for torturing people on behalf of the people of the United States. He did not hold any truth commissions, and ensured almost all of the government documents on the torture program remain classified. He did not prosecute the CIA official who willfully destroyed video tapes of the torture scenes. He has not specifically disavowed secret prisons and renditions, just suspended their use.

    As with the continued hunting down of Nazis some 70 years after their evil acts, the message that individual responsibility exists must stalk those who would do evil on behalf of a government. “I was only following orders” is not a defense against inhuman acts. The purpose of tracking down the guilty is less to punish and more to discourage the next person from doing evil; the purpose is to morally immunize a nation-state.

    Because of these failures President Trump can, as he has proposed, restart the torture program at any time. Some claim the CIA won’t participate. Some always will of course, and if not at CIA, then a contractor will be found. And if another terror attack or two take place, then people at CIA and elsewhere in government will be lining up to conduct the torture as they did last time. They know they will never be held accountable. Indeed, Trump is apparently considering the CIA official who destroyed the torture tapes, Jose Rodriguez, to head up the agency.


    Assassinations

    Obama legalized, formalized, and normalized drone assassinations on a global scale, including the killing of American citizens without due process in direct violation of the Fifth Amendment, on the president’s order alone. The only real restraint he codified is self-restraint. When you leave a door open, you never know who will walk in.

    Because of this President Trump can do the same thing. Trump is unlikely to blow up the entire world with the nuclear codes, but please do not act surprised when his choice of American citizen targets may not match up with yours.


    Guantanamo

    Obama never closed Guantanamo as he promised. He could have, simply by depopulating it regardless of what Congress might have said. In 2014 when Obama needed to trade five Taliban from Gitmo for U.S. Army soldier Bowe Bergdahl in Afghanistan, Obama simply ordered those Taliban freed. He could do the same with anyone else there. He could have applied the full pressure of the U.S. on various countries to accept freed prisoners. He could have ordered the show trials to be conclude.

    Obama did not do these things. He instead normalized indefinite detention as a policy of the United States, and alongside that, as with torture and drone assassinations, the use of secret, convoluted legal opinions to justify such executive powers.

    So if President Trump choses to start refilling the cells at Guantanamo, and reminding the world of the lengths a frightened America is willing to go to imprison a single man, it should not be a surprise. And with the “legal” opinions, including ones still secret, behind such policies, stopping Trump will require years of counter-litigation never even begun under the Obama administration.


    Espionage Act

    Obama prosecuted more federal whistleblowers as spies under the Espionage Act than all previous U.S. presidents combined. He sent to jail people who exposed torture, and people who allegedly leaked information to journalists showing American complicity in dangerous acts abroad. He had Chelsea Manning prosecuted for exposing war crimes in Iraq. He used the Espionage Act to destroy the lives of others who under any definition except his own would be considered political heroes.

    Obama and his Justice Department created the playbook for how to use the hereto obscure Espionage Act to do these things.

    So if President Trump, perhaps with an attorney general Rudy Giuliani, uses that playbook to lock up whistleblowers, journalists, and people you might call dissidents and political prisoners, remember to again look the other way.


    Freedom of Information Act (FOIA)

    The Obama administration set a record for redacting government files or outright denying access to them in fiscal year 2014 – some 77% of FOIA requests were redacted or denied outright. More than any previous administration, Obama took longer to turn over files, said more often it couldn’t find documents and refused a record number of times to turn over newsworthy files quickly absent lawsuits brought to force the government’s hand. In the case of Hillary Clinton, files considered “unclassified” in one context were redacted in whole in another.

    Though the backlog of unanswered requests grew by 55%, the administration cut the number of full-time FOIA employees by nine percent. Despite the critical nature of the documents, the State Department was allowed to do its FOIA screening of the Clinton emails largely with an ad hoc crew of retirees. The impact on journalists, and the right of the people to know, was immeasurable.

    So don’t be surprised if the Trump administration does not end up as the most transparent one ever.


    NSA

    Obama never realistically reigned in the NSA after the Bush-era Patriot Act allowed the agency to turn its surveillance tools on the Homeland. Absent a few cosmetic changes, NSA continues to gather the full spectrum of Americans’ communications in violation of the Fourth Amendment, abetted by the secret FISA court and vaguely Constitutional tools such as National Security Letters and parallel reconstruction. Information lives forever, and the NSA is building bigger data warehouses to keep storing it.

    President Trump will have that information about you at his disposal. And so all who bleated “they had nothing to hide and thus have nothing to fear” during the Obama (and Bush) administration, out of trust for a president or fear of terror, well, now you can join the rest of us who have been terrified for a very long time.



    Related Articles:




    Copyright © 2020. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity.

    Posted in Democracy, Post-Constitution America

    Thinking Like an Intelligence Officer: Anthony Weiner and Russian Spies

    November 5, 2016 // 31 Comments »

    weiner

    There are many reasons why Federal Bureau of Investigation Director James Comey is interested in the emails on Anthony Weiner’s home computer, emails which may include United States government information pertinent to Hillary Clinton or those communicating with her.

    The majority of those reasons for Comey’s involvement, for good or for bad depending on your political position, have been laid out across the media spectrum.

    But there may be one more reason not yet discussed. Since we seem to be spending so much time this election cycle on the Russians this year, let’s think like Russian intelligence officers. Comey may be looking at an intelligence operation.

    Professional intelligence officers do not risk international incidents to play the equivalent of pranks on nation states, say by embarrassing the Democratic National Committee with leaked documents months before the election. That’s Wikileaks level stuff. No, when you want to rig an election, you rig an election. Have a look at the way the CIA historically manipulated elections — assassinations, massive demonstrations, paid off protesters and journalists, serious stuff that directly affected leaders and votes. You don’t mess around with half-measures.

    Now have a look at the Edward Snowden documents, and the incredible efforts the National Security Agency went to to gather information, and then let’s think like intelligence officers. The world of real “spies” is all about “the take,” information. Putin (or Obama, or…) doesn’t likely have on his desk a proposal to risk cyberwar to expose a CNN contributor for handing over debate questions. He wants more of hard information he can use to make decisions about his adversary. What is Obama (or Putin, et al) thinking, what are his plans, what are his negotiating points ahead of the next summit… information at a global strategic level.

    That’s worth risking retaliation, maybe even a confrontation, for. So let’s think like intelligence officers. How do you get to that kind of stuff?

    How the great game of intelligence gathering works is in the end very basic: who has access to the information you want, what are their vulnerabilities, and how do you exploit those vulnerabilities to get to the information. What do they want and how can you give it to them?

    Hillary Clinton as Secretary of State had access to extraordinarily sensitive information, both classified and unclassified. Huma Abedin is arguably the most powerful person in Clinton’s circle, and had access to much or all of that pool of information. What Huma knows would be of great interest to Moscow.

    How to get the info? Huma’s husband is a publicly outed sexual predator. Everyone in the world knows he sexts, trolls online message boards, and seemingly does little to hide his identity while doing it all. He is a target, the kind of dream package of vulnerabilities an intelligence officer waits a whole career to have fall into their lap.

    Baiting the trap appears to be easy. As recently as August Weiner was in a flirty chat with someone he thought was a young woman named Nikki, but was actually Nikki’s male, Republican friend using the account in order to manipulate him (Weiner later claimed he knew he was being set up.)

    So perhaps for the Russians, contacting Weiner would have been as easy as posting a few fake sexy photos and waiting for him to take a bite. Placing malware on his computer to see what was there was as easy as trading a few more sexy photos with him. He clicks, he loads the malware, NSA 101 level stuff. An intelligence officer then has access to Weiner’s computer, as well as his home wireless network, and who knows what else. An Internet-enabled nanny cam? A smartphone camera? Huma’s own devices?

    To be fair, I doubt any intelligence agent could have believed their own eyes when they realized Weiner’s computer was laden with (presumably unencrypted) official U.S. government documents. Depending on the time period the documents covered, it is possible the Russian intelligence could have been reading Clinton’s mail in near-real time. Somebody in Moscow may have gotten a helluva promotion this year.

    If I was a sloppy journalist these days, I guess I could package all this for you by claiming it came from “several anonymous government officials. Instead, you know it’s all made up. Just like a spy novel. Because no real intelligence agent could have put these pieces together like this.

    Right?



    Related Articles:




    Copyright © 2020. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity.

    Posted in Democracy, Post-Constitution America

    Hidden Mics as Part of Government Surveillance Program

    May 19, 2016 // 9 Comments »

    NSA-golden-nugget-slide


    In another example of multi-dimensional clash among the Fourth Amendment, privacy, technology and the surveillance state, hidden microphones that are part of a broad, public clandestine government surveillance program that has been operating around the San Francisco Bay Area have been exposed.


    The FBI planted listening devices at bus stops and other public places trying to prove real estate investors in San Mateo and Alameda counties are guilty of bid rigging and fraud. FBI agents were previously caught hiding microphones inside light fixtures and at public spaces outside an Oakland Courthouse, between March 2010 and January 2011.

    The apparent goal of the feds was to catch the defendants in their impromptu conversations following court sessions.


    At issue is the Fourth Amendment’s guarantee against unwarranted search, which includes electronic “search,” and the concept that one has no expectation of privacy in a public place. The legal argument is that by choosing voluntarily to enter a public space, such a courtroom or bus stop, one gives up one’s Fourth Amendment rights. In the government’s interpretation, their actions are roughly the equivalent of overhearing a conversation on street corner waiting for a light to change.

    The lawyer for one of the accused real estate investors will ask the judge to throw out the recordings. “Speaking in a public place does not mean that the individual has no reasonable expectation of privacy. Private communication in a public place qualifies as a protected ‘oral communication’ and therefore may not be intercepted without judicial authorization.”


    In addition to the Constitutional issues in the real estate case, the broad use of public surveillance devices also touches on the question of other people who may be swept up alongside the original targets. For example, the FBI’s interpretation means if its microphones inadvertently pick up conversation relating to another alleged crime, they would be free to use that as evidence in court as well.

    The use of microphones, coupled with technologies such as voice recognition (to identify a person) and keyword recognition (to identify specific terms of interest electronically) means that what appears to be a one-dimensional listening device can actually function within a web of technology to enable broad-spectrum surveillance of masses of people in public spaces.


    (The “Golden Nugget” slide above is provided by the NSA, courtesy of former employee Edward Snowden)

    Related Articles:




    Copyright © 2020. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity.

    Posted in Democracy, Post-Constitution America

    Talking More About Apple, Encryption and the Fourth Amendment

    March 19, 2016 // Comments Off on Talking More About Apple, Encryption and the Fourth Amendment



    I had a chance to drop by Ron Paul’s web show to talk more about Apple, Encryption, the evil genius of the FBI/NSA, and the Fourth Amendment.





    Related Articles:




    Copyright © 2020. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity.

    Posted in Democracy, Post-Constitution America

    Calling Bull on Obama’s Call for Law Enforcement Access to Encryption

    March 14, 2016 // 12 Comments »

    fourth amendment


    As the government’s fight to eliminate encryption as we know it, and ensure themselves unfettered access to all of all Americans’ communications, spreads out of the most-mediagenic example with Apple, Barack Obama has weighed in, using some of the oldest and sleaziest scare tactics available.

    Speaking to an audience of technology executives at the South by Southwest festival, Obama said America had “already accepted that law enforcement can rifle through your underwear” in searches for those suspected of preying on children, and he said there was no reason that a person’s digital information should be treated differently.

    “If, technologically, it is possible to make an impenetrable device or system, where the encryption is so strong that there is no key, there is no door at all, then how do we apprehend the child pornographer?” Obama said. “How do we disrupt a terrorist plot?”

    If the government has no way into a smartphone, he added, “then everyone is walking around with a Swiss bank account in your pocket… This notion that somehow our data is different and can be walled off from those other trade-offs we make, I believe, is incorrect.”


    Obama has resorted to the low-level scare tactics, invoking a landscape where pedophiles and terrorist employ encryption to prey on our children, and blow up our homes. And the president insists we trust him on this, that should the government gain access to all of our communications via some encryption backdoor, the tool will only be used for hard-to-argue with good — specifically, child pornographers and terrorists.

    Now do keep in mind that this is the same president who promised us soon after the Snowden revelations came out in 2013 that the feds were looking at “only metadata” and not reading Americans’ communications.

    That said, maybe I am wrong to be so cynical. Maybe this time Obama is sincere in needing those encryption backdoors to protect us from the pedos and jihadis.


    So, Barack, let’s put up or shut up.

    You tell us exactly how many American communications your NSA, et al, have gathered in say the last five years. You then tell us how many of those communications had unbreakable encryption applied. Then tell us how many of those encrypted messages were directly connected to child porn or unambiguous terrorism cases. Then tell us exactly how many of those cases were left unprosecuted only because of some encrypted message.

    And no cheating by falling back on the equally old scare tactic of “well, if we disrupt on case, it’s all worth it, I mean what if it was your child.” We are talking about abrogating the entire Fourth Amendment here. And as you say safety is worth sacrificing for, I say freedom is worth dying for.

    You tell us all that, and let us — the people you are spying on — weigh out the risk-versus-gain, the so-called trade off between our freedom and our safety. And unless and until you’re ready to throw some real cards on the table, I call bullsh*t on your arguments. Sir.



    Related Articles:




    Copyright © 2020. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity.

    Posted in Democracy, Post-Constitution America

    FBI Has New Plan to Spy on High School Students

    March 11, 2016 // 10 Comments »

    cve


    The FBI is instructing high schools across the country to report students who criticize government policies as potential future terrorists, warning that such “extremists” are in the same category as ISIS.

    The FBI’s Preventing Violent Extremism in Schools guidelines try to avoid the appearance of specific discrimination against Muslim students by targeting every American teenager who is politically outspoken, as if that somehow makes all this better. The FBI’s goal is to enlist every teacher and every student as informants. The concept is not dissimilar to attempts by the FBI to require tech companies such as Apple to become extensions of the FBI’s power. FYI, the FBI also now has full access to data collected on Americans by the NSA.


    You really do need to scan through the FBI’s materials, which are aimed directly at our children; my words cannot describe the chilling 1984-tone purposely adopted.


    As author Sarah Lazare points out, the FBI’s justification for such mass teenage surveillance is based on McCarthy-era theories of radicalization, in which authorities monitor thoughts and behaviors that they claim without any proof lead to acts of subversion, even if the people being watched have not committed any wrongdoing. This model is now (again, welcome back to the 1950s) official federal policy.

    The FBI guidelines claim “High school students are ideal targets for recruitment by violent extremists seeking support for their radical ideologies, foreign fighter networks, or conducting acts of violence within our borders… youth possess inherent risk factors.” In light of this, the FBI instructs teachers to “incorporate a two-hour block of violent extremism awareness training” into the core curriculum for all youth in grades 9 through 12.


    Here are the danger signs the FBI directs teachers keep a sharp eye out for:

    — “Talking about traveling to places that sound suspicious”;

    — “Using code words or unusual language”;

    — “Using several different cell phones and private messaging apps”;

    — “Studying or taking pictures of potential targets (like a government building);”

    — “Some immigrant families may not be sufficiently present in a youth’s life due to work constraints to foster critical thinking”;

    — “Encryption is often used to facilitate extremism discussions.”


    And just to make sure the connection with McCarthyism and the red baiting days of the 1950s is clear enough, the FBI materials warn “Anarchist extremists believe that society should have no government, laws, or police, and they are loosely organized, with no central leadership. Violent anarchist extremists usually target symbols of capitalism they believe to be the cause of all problems in society — such as large corporations, government organizations, and police agencies.”

    So, sorry, Bernie Sanders supporters.



    Related Articles:




    Copyright © 2020. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity.

    Posted in Democracy, Post-Constitution America

    FBI and Access to NSA Data on Americans

    March 10, 2016 // 11 Comments »

    firstamendment_0



    Hear that hissing sound? That is the last gasps for air from the Bill of Rights. The Bill is one breath away from hell.


    The FBI has quietly revised its rules for searching data involving Americans’ communications collected by the National Security Agency.

    The classified revisions were accepted by the secret U.S. FISA court that governs surveillance, under a set of powers colloquially known as Section 702. That is the portion of law that authorizes the NSA’s sweeping PRISM program, among other atrocities.

    PRISM, and other surveillance programs, first came to mainstream public attention with the information leaked by NSA whistleblower Edward Snowden, preceeded by other NSA whistleblowers such as Thomas Drake and Bill Binney.

    Since at least 2014 the FBI has been allowed direct access to the NSA’s massive collections of international emails, texts and phone calls – which often include Americans on one end of the conversation, and often “inadvertently” sweep up Americans’ domestic communications as well. FBI officials can search through the NSA data, using Americans’ identifying information, for “routine” queries unrelated to national security.

    As of 2014, the FBI has not been required to make note of when it searched NSA-gathered metadata, which includes the “to” or “from” lines of an email. Nor does it record how many of its data searches involve Americans’ identifying details.


    So, quick summary: secret surveillance programs enacted in secret ostensibly to protect America from terrorism threats are now turning over data on American citizens to the FBI, fully unrelated to issues of national security. The rules governing all this are secret, decided by a secret court.

    If that does not add up to a chilling definition of a police state that would give an old Stasi thug a hard-on, than I don’t know what is.



    Related Articles:




    Copyright © 2020. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity.

    Posted in Democracy, Post-Constitution America

    You Should Care About Apple, Your iPhone and the FBI

    March 8, 2016 // 9 Comments »

    spy

    Yep, you should care. Very much. Hang up the phone and listen.



    What This is All About

    The FBI wants Apple to help unlock an iPhone used by one of the attackers who killed 14 people in the December San Bernardino shooting. Specifically, the Bureau wants Apple to create new software that would override a security system on the phone designed to erase its contents after ten unsuccessful password tries. The new software would also eliminate the built-in pause required between tries.

    The software on the San Bernardino shooter’s phone, after ten tries, will automatically destroy any data on it as a security measure. The FBI needs that ten try limit, plus the required pauses between tries, taken away so that they can run a “brute force” attack against the password. A brute force attack runs an unlimited number of passwords (a1, a2, a3… aa1, aa2, aa3…) at high speed against the system until one works.

    Apple said no. The FBI took Apple to court, where it successfully argued an 1789 law that compelled cooperation with simple court orders applied to Apple’s encryption in 2016. Apple is appealing.



    What This is Really All About

    This is really all about encryption, and whether the U.S. government can force companies to bypass their own security systems on demand. It is about whether a tech company’s primary obligation is to provide secure products that protect the privacy of its customers (good and bad people), or to act as a tool of American law enforcement to strip away that privacy as the government requires.

    The battle is actually even more significant. Since the Ed Snowden revelations exposed the NSA spying on persons worldwide, including inside the United States, the Federal government has been demanding a “back door” into commercial encryption systems.

    Some simplified tech talk: encryption turns data from something that can be read into 23hd892k*&^43s. Two “keys” are needed; one to turn the data into unreadable text, and one to reverse the process. In the case of the iPhone, Apple holds the encrypting key, and the user the unencryption key, her password. A backdoor is a bit of computer code that would allow law enforcement to bypass that second key and read anyone’s data. That’s what the Feds want, as, per Snowden, some current, commercially available encryption may still be beyond the NSA’s ability to break, and some other encryption can only be broken slowly, with expensive computers.



    What This is Really, Really All About

    The fight isn’t over whether Apple can comply with the government’s request; technically it can. It’s whether it should.

    Efforts to force companies to create that desired back door have proven unsuccessful. Many tech companies resent that the NSA hacked into their systems whenever possible up until the Snowden revelations, and others fear a consumer backlash if they cooperate too broadly. Congress so far has been unable to pass laws compelling the creation of back doors. The FBI is so desperate that they even deleted “safety” advice they once issued recommending people do encrypt their phones.

    The San Bernardino shooter’s iPhone is seen by many as a test case.

    The request is technologically doable, the shooter is dead, fully without privacy and cannot countersue, a search warrant for the phone exists, the phone is physically in the FBI’s possession on U.S. soil and the circumstances are very much PR-friendly — the guy was a terrorist, and who knows, maybe the phone holds clues to prevent some future attack. You really can’t do better than that.

    Some 40% of Americans agree that Apple should unlock the phone. And just in case you still don’t get it, remember the government took the provocative step of asking the court to unseal the case, which would normally be secret by default.

    Apple is pushing back.

    The company filed a request to vacate response to the court order, claiming it violated the First and Fifth Amendments, and exceeded the powers granted to the government in the All Writs Act, that 1789 law. Facebook, Microsoft, Twitter and Google plan to file briefs supporting Apple’s position. Meanwhile, both the FBI and Apple want Congress to weigh in, and indeed the House Judiciary Committee will hold a hearing on encryption issues.

    It is very likely the case will reach the Supreme Court.



    The Broader Implications

    The case the Supreme Court will almost certainly hear is not about a single phone, but about creating a legal precedent for the United States government to demand whatever cooperation it needs from private companies with stockholder obligations to bypass security and encryption as it wishes; FBI director Comey stated the case will “be instructive for other courts” when interpreting how far third parties have to go in helping the government hack their products.

    In an op-ed, the New York Police Department Commissioner and his intelligence and counterterrorism chief admitted that what Apple has been asked to do will drive how the government demands tech companies provide access to secured devices in the future.

    Apple CEO Tim Cook said this “is, in our view, the software equivalent of cancer.” Indeed, the Justice Department is already seeking court orders for at least twelve other iPhones.



    Why You Should Care

    If Apple fails, the U.S. government will be able to read the contents of any electronic device in the U.S., regardless of encryption. The legal precedent will absolutely spill out past the iPhone to all other devices. For anyone who lives, travels or passes through America, this will touch you. In addition, phone, email and social media data passes through the U.S. from many parts of the world even if the users on both ends are outside the country.

    In addition, what would Apple’s (Google’s, et al) response be to a request from your favorite bad government? What if China were to require it hold a backdoor key as a condition for sales in the Mainland? What if your favorite bad government overtly decided to use that backdoor to “legally” gather proprietary data from your company, against journalists and dissidents, or to amass blackmail information on a colleague?

    A win for the government in the Apple case would also further stretch the applicability of the All Writs Act to ever more information inside the U.S., or held by companies with ties to the U.S. — medical records, for example.

    For investors, will knowing the U.S. and your favorite bad government now have access to a device help or hinder sales (Apple has already claimed compliance will “tarnish the Apple brand”)?

    And of course once backdoors exist, who, in the age of leaks (Snowden hacked the NSA itself), can assure that the knowledge will not end up your favorite set of wrong hands, say perhaps those Russian gangsters who are always sending you Spam emails?

    Bottom Line: everyone has something they wish to keep to themselves. The Apple case will significantly affect how possible that will be going forward.



    Related Articles:




    Copyright © 2020. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity.

    Posted in Democracy, Post-Constitution America

    Police are Calculating Your ‘Threat Score’ to Decide How to Treat You

    January 12, 2016 // 14 Comments »

    face




    I watched a documentary about North Korea which explained how the government there assigns a score to each citizen, based on how large a threat to the regime s/he is perceived to be. When I lived in Taiwan under a military government years ago, such a number was encoded into every national ID card. Those citizens every interaction with the government and police force was shadowed by those scores.

    Same as in 21st century post-Constitutional America.

    Even as our nation learned more about how our daily lives are cataloged by the National Security Agency, a new generation of technology is being used by local law enforcement that offers them unprecedented power to peer into the lives of citizens. Ominously, software that is part of such systems, assigns each citizen monitored a Threat Score, allegedly to alert cops enroute to a crime scene of what to expect of the once-innocent-until-proven-guilty citizen they will encounter.


    One such product is a software suite called Beware. On their website, the maker claims:

    There are no such things as routine calls… Accessed through any browser (fixed or mobile) on any Internet-enabled device including tablets, smartphones, laptop and desktop computers, Beware® from Intrado searches, sorts and scores billions of publically-available commercial records in a matter of seconds – alerting responders to potentially dangerous situations while en route to, or at the location of, a 911 request for assistance.

    Intrado Beware® is a tool to help first responders understand the nature of the environment they may encounter during the window of a 911 event.

    Police officials say such tools can provide critical information that can help uncover terrorists or thwart mass shootings, though no such uncovering has ever happened.

    Programs such as Beware scour billions of data points, including arrest reports, property records, commercial databases, deep Web searches and social media postings. One example is how authorities in Oregon are facing a civil rights investigation after using social media-monitoring software to keep tabs on persons using #BlackLivesMatter hashtags.


    Does anyone expect that a police response to a citizen labeled at a “low threat” level will be as preloaded for disaster as one for a “high threat” person? What if that police response is based primarily on the free speech protected use of a hash tag?

    I wonder if my score will change after this article. Or yours, for reading it.




    Related Articles:




    Copyright © 2020. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity.

    Posted in Democracy, Post-Constitution America

    Your Business Been Hacked? Thanks NSA!

    December 23, 2015 // 4 Comments »

    feedthrough

    It appears that the NSA (“or someone”) hacked into the code of a popular firewall and planted a password in there that would allow them access as needed.


    That means the NSA (“or someone”) would be able to bypass the security features of a network and do what they wanted inside. This is basically an act of sabotage. Given that American organizations as well as foreign ones use these same firewalls, and that the planted password could be discovered by others outside the NSA, the act made vulnerable a multitude of innocent, untargeted systems.

    Juniper Networks makes a popular line of enterprise firewalls whose operating system is called Screen OS. The company raised alarm bells with an advisory announcing that they’d discovered “unauthorized code” in some versions of Screen OS, a strange occurrence that hinted that a security agency had managed to tamper with the product before it shipped. One possible route would be for any such agency to have its own people inside the company, acting under cover.


    An investigator for Juniper reported that he and his team have confirmed that the “unauthorized code” is a backdoor whose secret password enables the wielder to telnet or ssh into Juniper’s appliances. The password is <<< %s(un='%s') = %u, "presumably chosen so that it would be mistaken for one of the many other debug format strings in the code." Further investigation located 26,000 Juniper devices that are vulnerable to this attack until patched.

    The code appears to have been in multiple versions of the company’s ScreenOS software going back to at least August 2012.

    The next mystery to solve is where this unauthorized code comes from. In this case, someone deliberately inserted a backdoor password into Juniper's devices. Juniper says the hack is sophisticated enough that it had to have been made by a state-level actor. This was not done by your movie-version basement hacker.

    “The weakness in the VPN itself that enables passive decryption is only of benefit to a national surveillance regime like the British, the U.S., the Chinese, or the Israelis,” said one researcher at the International Computer Science Institute and UC Berkeley. “You need to have wiretaps on the Internet for that to be a valuable change to make in the software.”


    That’s a huge deal.

    If it’s the NSA (which looks possible, given a Snowden leak about a program called FEEDTROUGH that installs persistent backdoors in Juniper devices) then it will mean that the U.S. government deliberately sabotaged tens, if not hundreds, of thousands of networks that were protected by products from a U.S. company that is the second-largest provider of networking equipment in the world (after Cisco.)

    Or was the second-largest provider. Discovery of the backdoor is unlikely to be good for business.



    Related Articles:




    Copyright © 2020. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity.

    Posted in Democracy, Post-Constitution America

    Power is No Substitute for Knowledge

    October 17, 2015 // 4 Comments »

    gigo

    I welcome guest blogger William Astore today, whose own blog, The Contrary Perspective, is always worth your time. Bill?


    Francis Bacon is famous for the aphorism, “Knowledge is power.” Yet the reverse aphorism is not true. The United States is the most powerful nation in the world, yet its knowledge base is notably weak in spite of all that power. Of course, many factors contribute to this weakness. Our public educational systems are underfunded and driven by meaningless standardized test results. Our politicians pander to the lowest common denominator. Our mainstream media is corporate-owned and in the business of providing info-tainment when they’re not stoking fear. Our elites are in the business of keeping the American people divided, distracted, and downtrodden, conditions that do not favor critical thinking, which is precisely the point of their efforts.

    All that is true. But even when the U.S. actively seeks knowledge, we get little in return for our investment. U.S. intelligence agencies (the CIA, NSA, DIA, and so on) aggregate an enormous amount of data, then try to convert this to knowledge, which is then used to inform action. But these agencies end up drowning in minutiae. Worse, competing agencies within a tangled bureaucracy (that truly deserves the label of “Byzantine”) end up spinning the data for their own benefit. The result is not “knowledge” but disinformation and self-serving propaganda.

    When our various intelligence agencies are not drowning in minutiae or choking on their own “spin,” they’re getting lost in the process of converting data to knowledge. Indeed, so much attention is put on process, with so many agencies being involved in that process, that the end product – accurate and actionable knowledge – gets lost. Yet, as long as the system keeps running, few involved seem to mind, even when the result is marginal — or disastrous.

    Consider the Vietnam War. Massive amounts of “intelligence” data took the place of knowledge. Data like enemy body counts, truck counts, aircraft sorties, bomb tonnages, acres defoliated, number of villages pacified, and on and on. Amassing this data took an enormous amount of time; attempting to interpret this data took more time; and reaching conclusions from the (often inaccurate and mostly irrelevant) data became an exercise in false optimism and self-delusion. Somehow, all that data suggested to US officialdom that they were winning the war, a war in which US troops were allegedly making measurable and sustained progress. But events proved such “knowledge” to be false.

    Of course, there’s an acronym for this: GIGO, or garbage (data) in, garbage (knowledge) out.

    In this case, real knowledge was represented by the wisdom of Marine Corps General (and Medal of Honor recipient) David M. Shoup, who said in 1966 that:

    I don’t think the whole of Southeast Asia, as related to the present and future safety and freedom of the people of this country, is worth the life or limb of a single American [and] I believe that if we had and would keep our dirty bloody dollar-crooked fingers out of the business of these nations so full of depressed, exploited people, they will arrive at a solution of their own design and want, that they fight and work for. And if, unfortunately, their revolution must be of the violent type…at least what they get will be their own and not the American style, which they don’t want…crammed down their throat.

    But few wanted to hear Shoup and his brand of hard-won knowledge, even if he’d been handpicked by President Kennedy to serve as the Commandant of the Marine Corps exactly because Shoup had a reputation for sound and independent thinking.

    Consider as well our rebuilding efforts in Iraq after 2003. As documented by Peter Van Buren in his book “We Meant Well,” those efforts were often inept and counterproductive. Yet the bureaucracy engaged in those efforts was determined to spin them as successes. They may even have come to believe their own spin. When Van Buren had the clarity and audacity to say, We’re fooling no one with our Kabuki dance in Iraq except the American people we’re sworn to serve, he was dismissed and punished by the State Department.

    Why? Because you’re not supposed to share knowledge, real knowledge, with the American people. Instead, you’re supposed to baffle them with BS. But Van Buren was having none of that. His tell-all book (you can read an excerpt here) captured the Potemkin village-like atmosphere of US rebuilding efforts in Iraq. His accurate knowledge had real power, and for sharing it with the American people he was slapped down.

    Tell the truth – share real knowledge with the American people – and you get punished. Massage the data to create false “knowledge,” in these cases narratives of success, and you get a pat on the back and a promotion. Small wonder that so many recent wars have gone so poorly for America.

    What the United States desperately needs is insight. Honesty. A level of knowledge that reflects mastery. But what we’re getting is manufactured information, or disinformation, or BS. Lies, in plainspeak, like the lie that Iraq had in 2002 a large and active program in developing WMD that could be used against the United States. (Remember how we were told we had to invade Iraq quickly before the “smoking gun” became a “mushroom cloud”?)

    If knowledge is power, what is false knowledge? False knowledge is a form of power as well, but a twisted one. For when you mistake the facade you’re constructing as the real deal, when you manufacture your own myths and then forget they’re myths as you consume them, you may find yourself hopelessly confused, even as the very myths you created consume you.

    So, a corollary to Francis Bacon: Knowledge is power, but as the United States has discovered in Vietnam, Iraq, and elsewhere, power is no substitute for knowledge.




    Related Articles:




    Copyright © 2020. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity.

    Posted in Democracy, Post-Constitution America

    New Law Says Web Sites Would Have to Inform Law Enforcement about Readers’ ‘Terrorist Activity’

    July 16, 2015 // 14 Comments »

    1984


    Social media sites such as Twitter and YouTube would be required to report “terrorist” videos and other content posted by users to federal authorities under legislation approved this past week by the Senate Intelligence Committee.


    The measure, contained in the 2016 intelligence authorization, still has to be voted on by the full Senate. The measure applies to “electronic communication service providers,” which includes e-mail services such as Google and Yahoo. “Posted content” would likely also apply to readers’ comments, and in theory to authors’ postings such as this one.

    Companies such as Twitter have recently stepped up efforts to remove terrorist content in response to growing concerns that they have not done enough to stem whatever the government deems propaganda. Twitter removed 10,000 accounts over a two-day period in April. Officials want more. “In our discussions with parts of the executive branch, they said there have been cases where there have been posts of one sort or another taken down” that might have been useful to know about, a Senate aide said.

    The snitch bill is modeled after a federal law — the 2008 Protect Our Children Act — that requires online firms to report images of child pornography and to provide information identifying who uploaded the images to the National Center for Missing and Exploited Children. The center then forwards the information to the FBI. Of course actual images of child porn are pretty straightforward to notice, exploit innocents and involve no legitimate protected speech.

    But otherwise, sure, it’s the same thing. Statement: I Like Terrorism = Child Rape Images.

    Industry officials privately called the new law a bad idea only because it sounds like an expensive hassle for them. “Asking Internet companies to proactively monitor people’s posts and messages would be the same thing as asking your telephone company to monitor and log all your phone calls, text messages, all your Internet browsing, all the sites you visit,” said one official.

    Wait, isn’t that what we’ve been told the NSA has been doing to us since 9/11?

    Still, national security experts who will likely personally profit from the measure say it makes sense. “In a core set of cases, when companies are made aware of terrorist content, there is real value to security, and potentially even to the companies’ reputation,” said Michael Leiter, a former director of the National Counterterrorism Center, now an executive vice president with Leidos, a national security contractor. “Rules like this always implicate complex First Amendment and corporate interests. But ultimately this is a higher-tech version of ‘See something, say something.’”

    But what about those nasty First Amendment issues?

    “The intelligence bill would turn communications service providers into the speech police, while providing them little guidance about what speech they must report to the police,” said Gregory Nojeim of the Center for Democracy and Technology. “The natural tendency will be to err on the side of reporting anything that might be characterized as ‘terrorist activity’ even if it is not. And their duty to report will chill speech on the Internet that relates to terrorism.”


    America: A nation of snitches, watching each other, reporting whatever thing we think is suspicious or terrorism. To The Authorities. But it’s for our own good, right Citizens? I think I saw a Twilight Zone like that. No, wait, it was the McCarthy Era, sorry.



    Related Articles:




    Copyright © 2020. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity.

    Posted in Democracy, Post-Constitution America

    You Want to Commit Espionage with Hacked Personnel Data?

    June 15, 2015 // 16 Comments »

    obama-nsa



    Did the most-recent, recent, breach of United States government personnel files significantly compromise American security? Yes. Could a foreign government make use of such information to spy on the United States? Oh my, yes.

    China-based hackers are suspected of breaking into the computer networks of the United States Office of Personnel Management (OPM), the human resources department for the entire federal government. They allegedly stole personnel and security clearance information for at least four million federal workers. The current attack was not the first. Last summer the same office announced an intrusion in which hackers targeted the files of tens of thousands of those who had applied for top-secret security clearances; the Office of Personnel Management conducts more than 90 percent of federal background investigations, including all those needed by the Department of Defense and 100 other federal agencies.

    Why all that information on federal employees is a gold mine on steroids for a foreign intelligence service is directly related to what is in the file of someone with a security clearance.

    Most everyone seeking a clearance starts by completing Standard Form 86, Questionnaire for National Security Positions, form SF-86, an extensive biographical and social contact questionnaire.

    Investigators, armed with the questionnaire info and whatever data government records searches uncover, then conduct field interviews. The investigator will visit an applicant’s home town, her second-to-last-boss, her neighbors, her parents and almost certainly the local police force and ask questions in person. As part of the clearance process, an applicant will sign the Mother of All Waivers, giving the government permission to do all this as intrusively as the government cares to do; the feds really want to get to know a potential employee who will hold the government’s secrets. This is old fashioned shoe-leather cop work, knocking on doors, eye balling people who say they knew the applicant, turning the skepticism meter up to 11.

    Things like an old college roommate who moved back home to Tehran, or that weird uncle who still holds a foreign passport, will be of interest. Some history of gambling, drug or alcohol misuse? Infidelity? A tendency to not get along with bosses? Significant debt? Anything at all hidden among those skeletons in the closet?

    The probe is looking for vulnerabilities, pure and simple. And that’s the scary “why this really matters” part of the China-based hack into American government personnel files.



    America’s spy agencies, like every spy agency, know people are manipulated and compromised by their vulnerabilities. If someone applying for a federal position has too many of them, or even one of particular sensitivity, s/he may be too risky to expose to classified information.

    And that’s because unlike almost everything you see in the movies, the most important intelligence work is done the same way it has been done since the beginning of time. Identify a person with access to the information needed (“Qualifying an agent;” a Colonel will know rocket specifications, a file clerk internal embassy phone numbers, for example.) Learn everything you can about that person. Was she on her college tennis team? Funny thing, your intelligence officer likes tennis, too! Stuff like that is very likely in the files taken from the Office of Personnel Management.

    But specifically, a hostile intelligence agency is looking for a target’s vulnerabilities. They then use that information to approach the target person with a pitch – give us the information in return for something.

    For example, if you learn a military intelligence officer has money problems and a daughter turning college age, the pitch could be money for secrets. A recent divorce? Perhaps some female companionship is desired, or maybe nothing more than a sympathetic new foreign friend to have a few friendly beers with, and really talk over problems. That kind of information is very likely in the files taken from the Office of Personnel Management. And information is power; the more tailored the approach, the more likely the chance of success.

    Also unlike in the movies, blackmail is a last resort. Those same vulnerabilities that dictate the pitch are of course ripe fodder for blackmail (“Tell us the location of the code room or we’ll show these photos of your new female friend to the press.”) However, in real life, a blackmailed person will try whatever s/he can do to get out of the trap. Guilt overwhelms and confession is good for the soul. A friendly approach based on mutual interests and goals (Your handler is a nice guy, with a family you’ve met. You golf together. You need money, they “loan” you money. You gossip about work, they like the details) has the potential to last for many productive years of cooperative espionage.


    So much of what a foreign intelligence service needs to know to create those relationships and identify those vulnerabilities is in those hacked files, neatly typed and in alphabetical order. Never mind the huff and puff you’ll be hearing about identity theft, phishing and credit reports.

    Espionage is why this hack is a big, big deal.



    Related Articles:




    Copyright © 2020. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity.

    Posted in Democracy, Post-Constitution America

    DEA Secretly Tracked Billions of Americans’ Calls a Decade Before 9/11

    April 9, 2015 // 9 Comments »

    phone



    While the Snowden-NSA revelations continue to shock Americans on a daily basis, and illustrate how intrusive the government is in our lives, and how casually it violates our Fourth Amendment right against unwarranted searches, it just got worse.

    It turns out the Drug Enforcement Agency (DEA) was spying on Americans, gathering metadata on our phone calls, almost a decade before 9/11, and right up to 2013. With help from the U.S. military.



    Decades of Metadata Spying

    In an exclusive report, USA Today learned the U.S. government started keeping secret records of Americans’ international telephone calls nearly a decade before the 9/11 terrorist attacks, harvesting billions of calls in a program that provided a blueprint for the far broader National Security Agency surveillance that followed. The DEA spying only stopped, supposedly, in 2013, no longer needed due to the NSA.

    For more than two decades, the Justice Department and the DEA amassed databases of virtually all telephone calls from the U.S. to as many as 116 countries “linked to drug trafficking.” The State Department officially says there are 195 countries out there, so the DEA was monitoring most of them. The Justice Department revealed in January that the DEA had collected data about calls to “designated foreign countries.” But the comprehensive scale of the operation has not been disclosed until now.

    Federal investigators claim they used the call records — metadata — to track drug cartels’ distribution networks. They say they also used the records to help rule out foreign ties to the bombing in 1995 of a federal building in Oklahoma City and to identify U.S. suspects in other investigations.

    Still believing metadata is not intrusive? Read this.



    Telecoms Roll Over

    America’s telecommunications and phone companies apparently turned over their records voluntarily and without asking for warrants. Officials said a few telephone companies were reluctant to provide so much information, but none ever challenged the issue in court. Those that hesitated received letters from the Justice Department urging them to comply.

    The data collection was “one of the most important and effective Federal drug law enforcement initiatives,” the Justice Department said in a 1998 letter to Sprint. The previously undisclosed letter noted the operation had “been approved at the highest levels of Federal law enforcement authority,” including then-Attorney General Janet Reno and her deputy and later Attorney General during the NSA-spying era, Eric Holder.

    The data collection began in 1992 during the administration of George H.W. Bush, nine years before his son, George W., authorized the NSA to gather its own logs of Americans’ phone calls in 2001. The program was re-approved by top Justice Department officials in the Clinton and Obama administrations. There was no oversight or court approval.



    U.S. Military Involvement

    The DEA program also employed U.S. military assets. When the volume of data threatened to overwhelm DEA, the military responded with a pair of supercomputers and intelligence analysts who had experience tracking the communication patterns of Soviet military units. The supercomputers were installed in DEA headquarters in Arlington, Virginia.

    To keep the whole program secret and thus outside of any legal challenge, the DEA did not to use the information as evidence in criminal prosecutions per se. Instead, its Special Operations Division passed the data to field agents as tips, a process approved by Justice Department lawyers.

    That process is know as “parallel construction,” and has a sordid history. Read this.



    The Template

    They just did it. The template for the NSA’s later spying on America was set long before 9/11. All the elements were already in place: no-questions-asked cooperation from the telcoms, no warrants or oversight, near-perfect secrecy, near-perfect pointless, dragnet security on American citizens in their homes. Multiple administrations, and multiple corporate executives of publicly-traded companies, kept silent.

    One notes that despite all this spying, drugs are still quite available in the U.S. and while it is nice that there was no foreign connection to the 1995 Oklahoma City bombing, the DEA spying did miss a whopper of a terror attack some years later. At least 9/11 was not drug-related.

    And for those criminal defense attorneys who might want to reopen some old cases and challenge guilty verdicts based on the unconstitutionality of these searches, sorry. The DEA has destroyed the databases.


    BONUS: The DEA is still mass-targeting Americans, only now via large-scale subpoenas.



    Related Articles:




    Copyright © 2020. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity.

    Posted in Democracy, Post-Constitution America

    NSA Can Track You Through Your Phone’s Battery Use

    February 26, 2015 // 21 Comments »

    snowden hopex

    I see you out there.

    Sitting in front of your computer. I see what you’re wearing, who you are with. I know where you have been today, and who you interacted with. I know where you were last night.

    Watching You

    We are shocked on a daily basis at the degree our cell phones can be used to monitor our movements. The most basic technique is via the phone’s built-in GPS; heck, that system is actually designed to locate the phone in physical space, and can at least be turned on and off (though it appears the NSA may be able to remotely trigger the system.)

    Next up is the way that cell phones work. Your phone is constantly seeking to connect to three cell towers at once. As you move around, it drops the connection to the weakest signal, holds on to two others, and reconnects to a new third. This happens seamlessly, and so you can keep talking to your girlfriend even as you drive (don’t use your phone while driving.) Your location can be tracked fairly accurately by someone who is measuring your triangulated point among the three towers.

    And when your phone connects to a Wi-Fi signal (how’s that Starbucks latte?), your location is easily determined.

    Lastly, the NSA has access to the SIM chip in your phone, which basically opens up the basic encryption used that might have in olden days offered some modicum of privacy.

    Location via Battery Levels

    Now, here’s another way.

    A team of security researchers from Stanford and the Israeli government (!) just published the details of a technique that lets spies watch as you move around by monitoring tiny changes in your phone’s battery level. It all comes down to how hard your phone has to work to ping those three cell towers. The towers that are further away or obscured by a building or hill cause your phone to use a little bit more power. If the spies know your normal routine, they can track your movements with 90 percent accuracy. If they don’t know your routine, that accuracy drops to about 60 percent. That may still be enough to place you close enough for whatever purpose, or to find you for closer monitoring.

    This is especially concerning because there’s not really any way to protect yourself from this kind of surveillance, aside from taking out your phone’s battery. Most any app can gain access to battery usage data, so a hacker could either build a fake app to monitor that data or pull data from another app.

    Funny thing: in the Edward Snowden documentary, CitizenFour, Snowden tells reporters visiting him to remove the batteries from their phones and place everything inside the metal box of the room fridge.


    And Oh Yes, They’re Watching You

    And oh my does the NSA like tracking your phone.

    The National Security Agency is gathering nearly five billion records a day on the whereabouts of cellphones around the world, enabling the agency to track the movements of individuals — and map their relationships — in ways that would have been previously unimaginable. The records feed a vast database that stores information about the locations of at least hundreds of millions of devices 24/7.

    Sophisticated mathematical tech­niques then enable NSA analysts to map cellphone owners’ relationships by correlating their patterns of movement over time with thousands or millions of other phone users who cross their paths. So let’s also hope you don’t accidentally find yourself nearby anyone the NSA is interested in. Since the ever-hungry NSA cannot know in advance which tiny fraction of the records it may need, it collects and keeps as many as it can — 27 terabytes, by one account, or more than double the text content of the Library of Congress’ print collection.

    And for those last seven or eight people who still cling to “Hey, I’ve got nothing to hide,” good for you. You may not be an ISIS super-villain, but really, nothing to hide from your girlfriend, boyfriend, boss, creditors, stalkers, ex-spouse, creepy guy downstairs, complete strangers, nobody? Because once information is collected, it exists, and once it exists it can be hacked, shared with foreign governments, your local cops, leaked or otherwise made available.


    So smile, and speak up — somebody’s paying attention!




    Related Articles:




    Copyright © 2020. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity.

    Posted in Democracy, Post-Constitution America

    Seriously? NSA Knew North Korea Hacked Sony Because it Hacked North Korea First

    January 20, 2015 // 8 Comments »

    kim_jong_un_computer


    What’s wrong with this picture?

    We all famously know the U.S. government directly blamed North Korea for the Sony hack, allegedly in retaliation for the sad Seth Rogen “comedy” The Interview. Serious questions arose almost immediately about how the U.S. could be so sure it was the boys from Pyongyang at fault, and not some outside hacking group pretending to be North Korea, or a disgruntled Sony insider. After all, the initial contacts between the hacker and Sony (below) mentioned nothing about The Interview, and of course, even after the movie was released, nothing happened.


    Snowden Docs Suggest an Answer

    According to new Edward Snowden documents published by der Spiegel and others, the source of the U.S. government’s confidence may be simple: the NSA claims to have inserted malware into North Korea’s computer systems in 2010, years before the hack even happened, creating backdoor access. The malware was targeted specifically at North Korea’s own hackers, not necessarily the government their per se. The NSA was watching North Korea’s geeks the whole time.


    So Where was the NSA?

    Assuming that U.S. malware tale is true, it begs the question: if the NSA had such broad access to North Korean hacking resources, why didn’t they know about the Sony hack and warn the company? It seems unlikely that the North Koreans just plopped down one day and zoomed into Sony’s networks, hoovering up the mass of data someone got a hold of.

    It appears that whoever hacked into Sony took their time. The New York Times reports the first step was a simple “spear phishing” attack on Sony, the use of emails that insert malicious code into a computer system if an unknowing user clicks on a link. This took place in early September 2014. The intruders then stole the credentials of a Sony systems administrator, which allowed them to roam freely inside Sony’s systems. Investigators have concluded that the hackers spent more than two months, from mid-September to mid-November, mapping Sony’s computer systems, identifying critical files and planning how to destroy computers and servers. The damage only began on November 24.


    Counter-Arguments

    One counter-argument offered is that the NSA did not want to disclose their access into North Korea over something as small as Sony. The response is quite obvious. All that needed to be done is for someone to make a quick call to Sony and say “Hey, don’t ask who I am or how I know, but you might want to take a look at XYZ on your network. Bye!” Like the way the NSA uses the FBI and DEA as cut outs to pass data to local law enforcement, nobody at the receiving end knows how or why the lucky information fell into their laps.

    Another counter-argument is that the NSA was focused on protecting U.S. government systems and did not see anything all that important about Sony. The first thing wrong with the idea is that one of NSA’s stated missions is cybersecurity for the U.S. as a whole, not just Federal systems. The other argument is that if Sony being hacked was just not that big a deal, the rest of the U.S. government sure acted like it was. And all over a movie.

    So Seriously, Where was the NSA?

    So where was the NSA? With claimed access directly into North Korea’s systems, access that made attributing the Sony hack post-facto a supposed slam dunk, where was the NSA when it came to stopping the attack? This question is the one looming over the entire world-wide spying operation the NSA has become, given its stated purpose of protecting things. Where was the NSA ahead of the Boston Bombings? Ahead of the attacks in France? Ahead of all the shootings and lone wolves wandering around America? Ahead of the much more financially-damaging hacks against the credit card processing systems of Target and Home Depot?

    The question remains thus begged: if all the money spent, and civil liberties shunted aside, in the name of protection, doesn’t protect us when it matters, then what is the point of the NSA?

    We’ll call that a rhetorical question.






    Related Articles:




    Copyright © 2020. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity.

    Posted in Democracy, Post-Constitution America

    Utah May Fight NSA by Cutting Off Their Water

    December 26, 2014 // 3 Comments »

    nsadatacenter

    It may be time to fight fire with water. Specifically, the NSA’s fire with Utah’s water.


    Congressional Fail

    Some eighteen months after the first Snowden revelations showed the government of the United States, primarily via the NSA, has created a near-complete surveillance state over its own frightened citizens, the people’s voice in Washington, Congress, has done exactly nothing in response. Even the comically-weak and Orwellian-named Leahy attempt at showpiece reform of the NSA, the USA Freedom Act, failed to move forward.

    Once again the intelligence agencies’ allies in Congress fought to kill the bill, as they succeeded in doing with a companion House measure that passed in May. Senate Minority Leader Mitch McConnell, due soon for his upgrade, argued the bill would help ISIS. “God forbid that tomorrow we wake up to the news that a member of ISIS is in the United States,” claimed Senator Marco Rubio. Without the NSA’s call tracking program, he said, “that plot may go forward, and that would be a horrifying result.” “Let’s not have another repeat of 9/11,” added Senator Dan Coats. It is unlikely in the hyper-extreme that the Republican-controlled Senate would act any differently once they take power in January.


    Utah Water Sports

    So it is with some Quixotic pleasure that a Utah state legislative committee will vote on a bill that could deprive a National Security Agency facility just outside Salt Lake City of its water, all in protest of the government agency’s collection of civilian data.

    Specifically, the Utah bill prohibits municipalities from giving “material support or assistance in any form to any federal data collection and surveillance agency,” a very thinly veiled reference to the NSA’s Utah Data Center, a massive collection facility in Bluffdale, outside Salt Lake City. The Bluffdale center is believed to be one of the world’s largest data warehouses, intended as the electronic realization of the NSA’s stated desire to “collect the whole haystack.” The haystack is every piece of data the NSA can collect on every single person and entity globally. The concept is to amass such data with the ability to later reach back into it as needs grow and emerge. The email you send today is likely of little value to the government, but will be stored anyway. If in three years you or someone you know becomes a “person of interest,” your entire life can then be reconstructed historically.


    Power from the People

    The Bluffdale facility consumes a staggering 65 megawatts of power, enough to run about 33,000 homes. Hardware that uses that much juice needs a lot of cooling, hence the center’s need for water. A lot of water. Cut off the water and you close down the center.

    In the spirit of these Post-Constitutional times, the people are getting doused twice by the NSA. Not only are Constitutional rights being trod upon, but taxpayers are being made to pay for it. In addition to the actual construction and maintenance costs of the center, the city of Bluffdale chose to issue $3.5 million in bonds to pay for the water lines servicing the facility. Bluffdale also signed an agreement with the NSA that allows the agency to pay less for water than city ordinances would otherwise require.

    And exactly how much cheap, taxpayer-subsized water is the NSA gulping down? That’s a secret. The Salt Lake Tribune has no far failed to force the NSA to reveal how much water the facility requires. The NSA contends information about water usage would allow someone to calculate the computing power inside the data center.


    Symbols

    Though there is no chance that even one drop of water will be denied the NSA in Utah, the action is symbolic, and in troubled times symbols may count for something. Remember, Congress refused to endorse even the lightest of symbolic gestures, so the action of a Utah state legislative committee should not be dismissed.



    Related Articles:




    Copyright © 2020. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity.

    Posted in Democracy, Post-Constitution America

    Voiceprints: Time to be Afraid Again

    November 18, 2014 // 12 Comments »

    brazil


    The end of privacy in the United States was brought about as much by technology as intention. Those who claim there is little new here — the government read the mail of and wiretapped the calls and conversations of Americans under COINTELPRO from 1956 to at least 1971, for example – do not fully understand the impact of technology.


    Size Matters

    The spying and compiling of information on innocent Americans by J. Edgar Hoover’s low-tech FBI is well-known; files, recordings and photos secretly obtained exposed the lives of civil rights leaders, popular musicians and antiwar protesters. You will likely think of additional examples, or they’ll be in the next batch of Snowden documents.

    Technology now being employed by the NSA and others inside the U.S. has never before existed, in scale, scope or sheer efficiency. Size matters. We are the first people in history to deal with this kind of threat to privacy. Avoiding even the majority of encroaching digitalization essentially means withdrawing from society.



    Voiceprints

    The financial services company where I maintain my meager investments recently added a new feature. When I access my account via smartphone, instead of typing in a password that can be guessed, or stolen, I have the option of creating a voiceprint ID. I speak a specific phrase, which is broken down digitally and stored by the company. When I want to access my account, I simply repeat the phrase, as the parameters of one’s voice are as unique as a fingerprint. The company compares my speech to the stored example and if they match, I’m in.

    “We’ve done a lot of testing, and looked at siblings, even twins,” said one voiceprint analyst. “Even people with colds, we looked at that.” The results are clear: Your voice is another biometric, the same as DNA, finger and hand prints, iris patterns, facial recognition and the like. Voiceprinting is the technology employed when the media reports that the CIA has “authenticated” the latest pronouncement from the latest celebrity terrorist.

    But unlike those metrics, which require some level of contact, presence or connection between you and the collector of the data, voices can be accessed remotely from anywhere in the world, fully without your knowledge. Make a phone call, have a conversation with someone, use Skype or shout out the window and you can be collected. Your identity can be stored and compared to other instances when you make a phone call, have a conversation with someone, use Skype or shout out the window.

    It doesn’t matter at that point whether you use a stranger’s throw-away burner phone purchased with cash from a street corner in Istanbul to leave an anonymous tip on a fraud hotline. Or blowing the whistle on government malfeasance to a journalist. Compares the speech to the stored example and if they match, you’re in. Or maybe out.


    Here, Now

    The use of voiceprint technology is in regular use worldwide. The Associated Press reports the single largest known implementation is in Turkey, where a cell phone service provider has collected voiceprint data from 10 million customers. Never far behind on these matters, U.S. law enforcement officials use the technology to monitor inmates calling from inside prisons and to track offenders on the outside who have been paroled. In New Zealand, the Internal Revenue Department claims one million voiceprints on file, what its revenue minister says is “the highest level of voice biometric enrollments per capita in the world.” In South Africa, seven million voiceprints have been collected by the country’s Social Security Agency, in part to verify that those claiming pensions are still alive. Worldwide it is estimated that some 65 million voiceprints are on file in corporate hands.

    One can speculate further. In the United States, where the NSA boasts of “collecting it all,” it seems unlikely that “all” does not include voiceprints. Allow your inner conspiracy theorist a little room, and circuitry designed to collect and pass on voiceprints might be surreptitiously built into nearly every audio device out there, from Bluetooth to Mr. Microphone.


    Off the Shelf

    The technology of voiceprints is available off the shelf. You likely know one provider already, Nuance Communications. Among other things, they make the popular Dragon Speaking software that allows home computer users to convert the spoken words into text in a document.

    The company is quite proud of its voiceprint technology; have a look at their web page. And hey, small world — Nuance also sells its own line of microphones and Bluetooth headsets.

    There are many more companies selling voiceprint technology over-the-counter; here’s just one other as an example.


    The New World Order

    What can be accessed can be collected. What can be collected can be stored. What can be stored can be leaked, hacked, shared and used. What can be used, well, can be used. Now, next Sunday, be a nice son or daughter and call your mom to say hello. Just be sure to speak slowly and clearly.



    Related Articles:




    Copyright © 2020. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity.

    Posted in Democracy, Post-Constitution America

    How to Communicate Securely with the Media

    November 15, 2014 // 5 Comments »




    Glenn Greenwald almost missed the story of his career because he didn’t understand how to communicate securely.

    The person Greenwald now knows as Edward Snowden began contacting him via open email, urging Greenwald to learn how to use encryption and other web tools to receive sensitive information. When Greenwald was slow to act, Snowden even made a video tutorial to baby-step him through the necessary procedures. Absent these extraordinary efforts by Snowden, who knows when or even if his game-changing NSA information would have come to light.

    You don’t have to wait for some future Snowden to teach you how to communicate securely, thanks to Trevor Timm, co-founder and the executive director of the Freedom of the Press Foundation.

    SecureDrop

    Freedom of the Press Foundation has helped news organizations install SecureDrop, an open-source whistleblower submission system that helps sources get documents to journalists in a much more anonymous and secure way than email. Currently, journalists at five major news organizations in the United States use SecureDrop. Here’s how to use it:

    — Find a public wifi internet connection that is not connected to your work or home, such as a coffee shop. Take the bus to a new place you’ll not visit again.

    Download and install the Tor Browser Bundle. For more security, also install and use the Tails operating system. For maximum security, run all this off a flash drive you bought with cash, and throw away the drive after one use.

    –Using the Tor Browser, enter in your news organization’s Onion URL (below). Only load this URL inside the Tor Browser.

    — Follow the instructions on the SecureDrop screen.


    Onion URLs

    Here are Onion URLs for the five groups of journalists currently operating SecureDrop:

    The Intercept: y6xjgkgwj47us5ca.onion

    ProPublica: pubdrop4dw6rk3aq.onion

    New Yorker: strngbxhwyuu37a3.onion

    Forbes: bczjr6ciiblco5ti.onion

    Wired’s Kevin Poulsen: poulsensqiv6ocq4.onion


    A Plea to Computer People

    I have heard from many journalists their concern that sources are unaware or incapable of communicating securely. Many times the journalist, who may or may not really understand this stuff, ends up trying to explain it to an already-nervous source whose computer skills may be basic at best. Every one of the writers say the same thing: someone please create a secure system for dummies.

    So, computer people of the web, please consider this. Create a one-button click piece of software that installs all the software needed on a flash drive. The users need only plug in the flash drive and click one button. Create the necessary front ends so that the software can be used by anyone. Please don’t write in and say “But it is already so easy to use.” Experience is that it is not. Think software that your grandma could make work. For better or worse, many people who are or who might communicate important information to responsible journalists need your help. Without your help, many will either not communicate at all, or put themselves at increased risk by communicating insecurely.

    Disclaimer

    Anyone takes great personal risk, including financial ruin and potential jail time, by transmitting to journalists, so all the warnings and caveats apply. Do not leak or transmit classified information. Courts are attacking journalists’ abilities to protect their sources. Though Snowden and others have endorsed the use of systems such as described here, there is no information now available on if/how the NSA can monitor such communications, now or in the future. The FBI has successfully, on a known, limited scale, monitored some parts of the Tor Network. Everything else. This is America, 2014. We’re on our own to fix our country.




    Related Articles:




    Copyright © 2020. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity.

    Posted in Democracy, Post-Constitution America

    US Air Travel Snarled by One Guy Not a Terrorist

    September 29, 2014 // 6 Comments »




    Luckily ISIS has never thought to employ psychotic contractors in a bid to mess with America. ‘Cause that apparently works.


    O’ Hare Meltdown

    The problems in America’s creaky infrastructure started Friday morning when Brian Howard, an FAA contractor, wandered into the radar facility in Aurora, Illinois that serves Chicago’s O’Hare airport, one of the busiest in the world. Howard, seen on surviellance video dragging a suitcase and can of gasoline that did not seem to alarm anyone, then set the center on fire in an apparent suicide attempt. Paramedics said a shirtless Howard was in the process of slicing his throat with a knife when they found him in the basement of the burning facility. The fire destroyed 23 of the center’s 29 computers.

    The result was chaos: Massive flight delays and cancellations at one of the nation’s busiest airports could last for up to two weeks. On Sunday, more than 700 flights in and out Chicago’s O’Hare International Airport were canceled, bringing the number of scrubbed flights to 2,000 since Friday’s sabotage. Even as of Monday, three days after the attack, O’ Hare and nearby Midway Airport were running at only 60 percent capacity, mucking up air traffic across the United States and causing millions of dollars and lost revenues.


    It was on Facebook

    The attack did not take place without warning. “Take a hard look in the mirror, I have. And this is why I am about to take out ZAU (Chicago Air Route Traffic Control Center) and my life,” Howard wrote on Facebook. His account has since been taken down. The Facebook message was posted to Howard’s wall a half-hour after he entered the facility, from inside, and one of Howard’s relatives sent the message to local police.

    The incident “is no terrorist act,” the Aurora police quickly announced to the media.


    See Something, Do Nothing

    So let’s sum up a bit while we’re all stuck here waiting for our flights:

    The NSA, who monitors our social media to stop terrorism, misses this. A guy with access to an important radar facility states his intentions clearly and publicly online to take it out. That guy with critical access is just another contractor. Nobody working with the guy notices he seems to be slipping mentally, nobody sees something and says something. The guy then shows up at the facility dragging a suitcase and a can of gasoline, wanders into a sensitive area and proceeds to set a fire. Nobody seems to notice this for awhile. Whatever fire suppression equipment is in place to protect this vital infrastructure fails to save 23 of the 29 computers needed to control air traffic over America’s second-busiest airport, and repairs will take more than two weeks.

    Well, I for one feel safer. ISIS (al Qaeda, Khorasan, the Legion of Doom) really doesn’t have to create massive, complex Bond-level plots. They need only sit back and allow insane American contractors to go about their business. In the spirit of America, we’ll roll up our sleeves and do it ourselves, darn it.




    Related Articles:




    Copyright © 2020. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity.

    Posted in Democracy, Post-Constitution America

    E.O. 12333: End-Running the Fourth Amendment

    September 22, 2014 // 7 Comments »




    Historians of the Constitutional Era of the United States (1789-2001, RIP) will recall the Fourth Amendment to the Constitution, the one that used to protect Americans against unreasonable and unwarranted searches.

    The Supreme Court had generally held that searches required a warrant. That warrant could be issued only after law enforcement showed they had “probable cause.” That in turn had been defined by the Court to require a high standard of proof, “a fair probability that contraband or evidence of a crime will be found in a particular place.”

    The basic idea for more or less over 200 years: unless the government has a good, legal reason to look into your business, it couldn’t. As communications changed, the Fourth evolved to assert extend those same rights of privacy to phone calls, emails and texts, the same rules applying there as to physical searches.

    That was Then

    It was a good run. The Bill of Rights was designed to protect the people from their government. If the First Amendment’s right to speak out publicly was the people’s wall of security, then the Fourth Amendment’s right to privacy was its buttress. It was once thought that the government should neither be able to stop citizens from speaking nor peer into their lives. Folks, as our president now refers to us, should not have to fear the Knock on the Door in either their homes or The Homeland writ large.

    In Post-Constitutional America (2001-Present), the government has taken a bloody box cutter to the original copy of the Constitution and thrown the Fourth Amendment in the garbage. The NSA revelations of Edward Snowden are, in that sense, not just a shock to the conscience but to the concept of privacy itself: Our government spies on us. All of us. Without suspicion. Without warrants. Without probable cause. Without restraint.

    The government also invades our privacy in multiple other ways, all built around end-runs of the Fourth Amendment, clever wordplay, legal hacks and simple twisting of words. Thus you get illegally obtained information recycled into material usable in court via what is called parallel construction. You have the creation of “Constitution Free” zones at the U.S. border. The Department of Justice created a Post-Constitutional interpretation of the Fourth Amendment that allows it to access millions of records of Americans using only subpoenas, not search warrants, to grab folks’ emails by searching one web server instead of millions of individual homes. Under a twist of an old “privacy law,” doctors disclose your medical records to the NSA without your permission or knowledge. SWAT raids by local police designed to break into African-American businesses on harassment expeditions are also now OK.

    The Center of It All: Executive Order 12333

    The most egregious example of such word-twisting and sleazy legal manipulations to morph illegal government spying under the Fourth Amendment into topsy-turvy quasi-legal spying is the use of Executive Order 12333, E.O. 12333, what the spooks call “twelve triple three.” The Order dates from 1981, signed by Ronald Reagan to buff up what his predecessors limited in response to overzealous law enforcement activities. The Gipper would be mighty proud that his perhaps most lasting accomplishment was legalizing surveillance of every American citizen.

    Back to today. Despite all the secret FISA court decisions and as yet uncovered legal memos, most collection of U.S. domestic communications and data is done under E.O. 12333, section 2.3 paragraph C.

    Specifically, the one sentence that the government believes allows them to bypass the Fourth Amendment says the intelligence community can “collect, retain, or disseminate information concerning United States persons” if that information is “obtained in the course of a lawful foreign intelligence, counterintelligence, international narcotics or international terrorism investigation.”

    So, the work-around for the Fourth Amendment is as follows: NSA collects massive amounts of data on foreigners, often by hoovering up every fragment of electronic stuff flowing around the U.S. it can. So, while purportedly looking for a single terrorist email enroute to Yemen (“the needle”), the NSA collects every single email from Google, Yahoo and Microsoft (“the haystack.”) Thus, any American’s emails caught in that net are considered to have been collected “incidentally” to the goal of finding that one terrorist email. The NSA claims that the Executive Order thus makes its mass-scale violations of the Fourth Amendment legal.

    Tom Drake, perhaps the best-known NSA whistleblower prior to Edward Snowden, put it in simpler terms: “12333 is now being used as the legal justification for everything.”

    Oh and hey reformers: Executive Orders by one president stay in force until another president changes or negates them. We could have one at work today written by George Washington. What that also means is that Congress, should they regain consciousness, can’t change an E.O. Congress could in theory pass a law making the contents of an E.O. invalid, but that presumes someone in Congress knows the order exists and what it says. Many E.O.’s are classified and if they are not, such as 12333, the legal documents behind them and FISA interpretations of them, likely are.

    Snowden Knew

    Again, as a historical note, executive orders– basically dictates from the president– once did not trump the Constitution. However, in Post-Constitutional America, they do.

    As for this realization we have come upon, E.O. 12333, well, we’re all behind the curve. Edward Snowden, while still at NSA, wrote a now-famous email to the spy agency’s legal advisor, asking specifically whether an Executive Order has more legal force than an actual law passed by Congress, or indeed the Constitutional itself. The NSA’s answer was a bit convoluted, but said in a pinch the Constitution wins (wink wink), even while acting as if the opposite is true.

    As General Michael Hayden, then head of the NSA, said in a blistering blast of Newspeak, “I am convinced that we are lawful because what it is we’re doing is reasonable.”

    Ask Obama This Question

    So let’s make it simple: Journalists with access to the president, ask this question directly: Why is E.O. 12333 being used today, interpreted by the FISA court or any other means, stating that the NSA’s surveillance of U.S. citizens is “reasonable,” and thus no warrant is required for the surveillance to continue and remain constitutional under the Fourth Amendment?

    Of course getting an answer out of Obama will not happen. After all, he is the Constitutional law professor who studied the document the same way a burglar learns about an alarm system. TO BREAK IT BETTER.


    BONUS: The stuff above is real amateur-level writing on E.O. 12333. When you are ready to dig in deep, get over to Marcy Wheeler’s blog. She is the smartest person working in journalism today on the subject. My debt to her is hereby acknowledged.



    Related Articles:




    Copyright © 2020. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity.

    Posted in Democracy, Post-Constitution America

    Mysterious Phony Cell Towers: Who is Spying on You Now?

    September 4, 2014 // 7 Comments »




    A security researcher identified multiple “fake” cell phone towers around the United States, many near military bases, designed to intercept calls and texts without your knowledge, and to potentially inject spyware into your phone by defeating built-in encryption.

    The researcher has located a number of towers; what he can’t figure out is who built them and who controls them.

    Tech

    The basics of the technology are pretty clear: your cell phone is always trying to electronically latch-on to three cell towers. Three means the network can triangulate your phone’s location, and pass you off from one set of towers to the next tower in line as you move around. The phone obviously looks for the strongest tower signal to get you the best reception, those bars. The fake towers, called Interceptors, jump into this dance and hijack your signal for whatever purpose the tower owner would like. The Interceptors then transparently pass your signal on to a real tower so you can complete your call, and you don’t know anything happened.

    Because phones use various types of encryption, the Interceptors need to get around that. There are likely complex methods, but why not go old-school and save some time and money? The towers do that by dropping your modern-day 4G or 3G signal, and substituting a near-obsolete 2G signal, which is not encrypted. That is one way researchers can find the Interceptor towers, by identifying a phone using a 2G signal when it should be 4G or 3G.

    More Tech

    Want more tech? Popular Science magazine has it:

    Whether your phone uses Android or iOS, it also has a second operating system that runs on a part of the phone called a baseband processor. The baseband processor functions as a communications middleman between the phone’s main O.S. and the cell towers. And because chip manufacturers jealously guard details about the baseband O.S., it has been too challenging a target for garden-variety hackers.

    But for governments or other entities able to afford a price tag of $100,000, high-quality interceptors are quite realistic. Some interceptors are limited, only able to passively listen to either outgoing or incoming calls. But full-featured devices like the VME Dominator, available only to government agencies, not only capture calls and texts, but actively control the phone, sending out spoof texts, for example. Edward Snowden revealed the NSA is capable of an over-the-air attack that tells the phone to fake a shut-down while leaving the microphone running, turning the seemingly deactivated phone into a bug. And various ethical hackers have demonstrated DIY interceptor projects that work well-enough for less than $3,000.

    Those VME Dominators are quite a piece of electronics. In addition to ho-hum listening in, they allow for voice manipulation, up or down channel blocking, text intercept and modification, calling and sending texts on behalf of the user, and directional finding of a user. The VME Dominator, its manufacturer Meganet claims, “is far superior to passive systems.”


    Stingray

    Police departments around the U.S. have been using such tech to spy on, well, everyone with a cell phone. The cops’ devices are called Stingrays, and work off the same 4G-to-2G exploit mentioned above.

    The tech does not require a phone’s GPS and was first deployed against America’s enemies in Iraq. Then it came home.

    Also available is a version of Stingray that can be worn by a single person like a vest.

    Because the antiquated 2G network in the U.S. is due to be retired soon, the Department of Homeland Security is issuing grants to local police agencies to obtain a new, state-of-the-art cell phone tracking system called Hailstorm. The key advantage is Hailstorm will work natively with 4G, rendering current layperson detection methods ineffectual.


    Who is Spying On You Now?

    The technology is important, but not the real story here. The real question is: who owns those Interceptor towers and who is spying on you?

    Is it:

    — The NSA? A likely culprit. While post-Patriot Act the NSA can simply dial up your cell provider (Verizon, ATT, etc.) and ask for whatever they want, the towers might be left-overs from an earlier time. The towers do have the advantage of being able to inject spyware. But their biggest advantage is that they bypass the carriers, which keeps the spying much more secret. It also keeps the spying outside any future court systems that might seek to rein in the spooks.

    — Local law enforcement? Maybe, but the national placement of the towers, and their proximity in many cases to military bases, smells Federal.

    — DEA or FBI? Also likely. Towers could be established in specific locations for specific investigations, hence the less-than-nationwide coverage. One tower was found at a Vegas casino. While the NSA shares information with both the DEA and the FBI, what self-respecting law enforcement agency wouldn’t want its own independent capability?

    — The military? Another maybe. The military might want the towers to keep a personal eye on the area around their bases, or to spy on their own personnel to ensure they are not on the phone to Moscow or Beijing.

    — Private business? Unlikely, but the towers could be testbeds for new technology to be sold to the government, or perhaps some sort of industrial spying.

    The mystery remains!



    Related Articles:




    Copyright © 2020. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity.

    Posted in Democracy, Post-Constitution America

    Satire: NSA Quits Spying on Americans Out of Disgust

    August 26, 2014 // 6 Comments »




    Citing an endless river of filth, vacuous conversations, idiotic Tweets and endless cat videos, the NSA announced it is “freaking done” with spying on Americans.

    The NSA decision came only hours after thousands of analysts, following similar threats at CIA, said they planned to quit and apply for jobs as Apple Geniuses and Best Buy Geek Squad workers.

    Speaking on background, one disgruntled NSA employee said “Go ahead, throw me in jail for an Espionage Act violation, that would be better than doing this job. Right after 9/11, my boss said we had to start monitoring all Americans’ electronic communications to find terrorists. So we did, plugging into Google for tens of thousands of personnel at NSA, and those two interns we assigned to Bing. At first we thought it was an anomaly that 64 percent of all Internet traffic was flowing to ‘BarelyLegalCheerleaders.com’ but the numbers tracked. Most of the rest of the web was shopping during work hours.”

    “And is all you talk about on your cells where you are and what you are doing at that second? Where was the ‘Mohammed, now we blow up the bridge and avenge the brothers’ stuff? No, instead it was 24/7 ‘I’m, yeah, at the mall. I might get an Orange Julius. LOL.’ You people even pronounce the term ‘LOL’ out loud as ‘lull’ as if it was a real word. Do you know what it’s like to listen to that all day? I’d rather clean the toilets at NSA but that job was already filled by some guy named Mohammed who didn’t even have a Facebook.”

    “Hacking into the TOR network was also a disappointment. We expected dirty bomb recipes and blueprints of government buildings being passed around, but instead it was all selfies from ComiCon, Hunger Games fan fiction, and terabytes of cat videos pumped out of Russia by Ed Snowden. That guy really has some free time since blowing the whistle on the NSA. Hah, and now we’re getting out of the domestic spying mission and the dude’s still trying to get NewEgg to ship to a Moscow address. Now that’s a proper LOL.”

    “Still we didn’t give up. Thinking all this Internet wastage was some sort of elaborate al Qaeda spoof, we really drilled down. Our conclusion as briefed to the White House: What the hell is wrong with these people? They spend all day looking at the most disgusting images ever created by humankind, really, really sick stuff. Even the jihadis we were trying to blackmail for looking at porn mostly stayed on meh celebrity bikini sites. The people assigned to the American division now all have PTSD and are in desensitization therapy. NSA even had to create a classified commendation medal to award them just to limit potential workplace-violence and OSHA lawsuits.”

    After a series of late-night meetings between worker reps from NSA and CIA, it was decided to threaten a mass walk-off if high-level action was not taken.

    “Initially the brass were all whining about national security and no more 9/11’s, but then we showed them some of the actual websites you people spend your time looking at. And from work, too. During the day in Washington DC alone 98 percent of the web traffic is from .gov addresses. We see a bunch of those people trying to access The Intercept, Firedoglake and Wikileaks, get blocked by the firewalls, and then spend the next 45 minutes figuring out a way around the software to get to ‘BuffDudes.com’ for the next half hour.”

    “After the bosses saw that, they immediately agreed to the changes requested. Hayden even entered the Cone of Silence and burped up his lunch. And you should see the garbage that guy looks at online for fun. I mean, we did. Whatever.”

    “So,” stated the official NSA spokesperson on background, “until you morons clean up your filthy minds and start planning terrorist stuff online, we will no longer be able to afford the human cost of spying on you. Heck, even if al Qaeda blew up Chicago, about two-thirds of you wouldn’t even notice as long as YouTube stayed online.”

    A spokesperson for the Department of Homeland Security stated her agency would continue to monitor every bit of web traffic, claiming the staff could not get enough of this stuff, and that many airport screeners had volunteered free overtime.



    Related Articles:




    Copyright © 2020. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity.

    Posted in Democracy, Post-Constitution America

    Caught Stealing Data in Europe, U.S. Now Seeks to Legalize the Theft

    August 4, 2014 // 11 Comments »



    Nearly unique among nations, the U.S. broadly imposes extraterritoriality– in the case, the enforcement of U.S. laws in other, sovereign nations.

    An Exceptional Nation

    Many examples of extraterritoriality grow out of America’s archipelago of military bases around the world, where Status of Forces Agreements (SOFA) allow service members exemption from local laws, even when they commit crimes against host country people. The U.S. also stations Customs and Border Patrol agents in other nations, denying boarding on U.S.-bound flights from Canada, for example, to Canadian citizens otherwise still standing in their own country. Imagine the outcry in America if the Chinese were to establish military bases in Florida exempt from U.S. law, or if the Russians choose which Americans could fly out of Kansas City Airport. Never mind drone strikes, bombings, deployment of Special Forces, invasions and CIA-sponsored coups.

    The snowballing NSA revelations have already severely damaged U.S. credibility and relationships around the world; nations remain shocked at the impunity with which America dug into their private lives. NSA spying has also cost American tech firms $180 billion in lost revenues, as “We’re not an American company” becomes a sales point.

    A New Level

    An American court has just taken things to a new level of extraterritorial offensiveness by requiring Microsoft to turn over to the U.S. government emails it holds on its servers. But in this case, those servers are located in Ireland, a European Union nation with its own privacy laws. Those laws are apparently of no real concern to the United States.

    In a July 31 ruling upholding a lower court decision, U.S. Magistrate Judge James Francis in New York ruled that an American search warrant can be applied outside the country and served on a foreign company if that company has some business connection to an American corporation. The ruling makes all data in the world subject to a U.S. court, assuming some nexus to an American entity can be found. The nexus question is important; U.S. law holds that a company doing business in the U.S., say Malaysian Airlines, can be sued in the U.S. for some event that occurred abroad, such as an air crash in the Ukraine. The court ruling could in theory require Credit Suisse to open its servers in Zurich to the U.S. government simply because they have an office in Manhattan.

    In the current case, the theory was that because Microsoft owned and controlled a foreign subsidiary company based in Ireland, any data stored in that overseas office or its data centers fell within (virtual) U.S. territory. This exposes massive amounts of foreign cloud-stored data, including emails and web searches, to American law enforcement working through an American court system that has been compliant in satisfying its needs post-9/11.

    Rules are For Fools

    The Judge went further is his decision, claiming official channels between countries that currently allow for cross-border law enforcement operations, called mutual legal assistance treaties (MLATs), are “generally… slow and laborious, as it requires the cooperation of two governments and one of those governments may not prioritize the case as highly as the other.” The judge added: “The burden on the government would be substantial, and law enforcement efforts would be seriously impeded.”

    MLATs, the system that has been in place for many, many years prior to this week’s court ruling, are formal treaties whereby countries agree to share law enforcement information when it is to the benefit of both sides. They are subject to transparency and scrutiny, court review and have numerous steps built in to protect the rights of the accused. An example of an MLAT’s typical use might be a cross-border investigation into an alleged narco trafficker doing bad things in both nations. MLAT’s are usually administered abroad through the FBI’s Legal Attache stationed at the U.S. Embassy.

    EU Data Laws

    The American court’s ruling, allowing the United States to simply demand Microsoft’s data from Ireland for whatever purpose it may decide to use it, is a big, big deal. European information law is very strict. Data held by a company in Europe is considered to ultimately belongs to the citizen who generated it. A citizen can request access to his or her own data, and when it’s no longer needed, it must be deleted.

    In the U.S., data is considered the property of the tech company that has its hands on it at the moment. So, in America, your Facebook posts and Instagram pictures don’t really belong to you, and you can’t block those companies from giving them to the government, or selling them to a third party for that matter.

    Yet the most amazing thing about the judge’s ruling is its sheer audacity. In the immediate wake of the revelations that the NSA has been stealing Europe’s data, the judge has ruled that it is in fact now legal for the U.S. government to simply demand that data.

    Microsoft to Appeal

    In hopes of salvaging its business in Europe, Microsoft is appealing the decision. http://publicpolicy.verizon.com/blog/entry/verizon-files-amicus-brief-in-support-of-microsoft Verizon, Apple, AT&T, and Cisco, despite handing over their data to the NSA domestically willy-nilly, are supporting Microsoft in its efforts to block the European grabs.

    In its appeal, Microsoft summed up the issue concisely:

    A U.S. prosecutor cannot obtain a U.S. warrant to search someone’s home located in another country, just as another country’s prosecutor cannot obtain a court order in her home country to conduct a search in the United States. We think the same rules should apply in the on line world, but the government disagrees.




    Related Articles:




    Copyright © 2020. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity.

    Posted in Democracy, Post-Constitution America

    NSA Spying Costs U.S. Companies Up To $180 Billion in Lost Overseas Business

    August 1, 2014 // 6 Comments »




    The German government will end its contract with Verizon. Brazil dumped Boeing for Swedish company Saab to replace its fighter jets. Sources told Bloomberg News “The NSA problem ruined it” for the U.S. defense contractor.

    Unfettered NSA spying has cost U.S. companies up to $180 billion in lost overseas business. The number is expected to grow.

    Cisco saw a ten percent drop in overseas business. Dropbox and Amazon Cloud Services reported immediate drops in their sales abroad. Qualcomm, IBM, Microsoft, and HP all reported declines in sales in China due to NSA spying. The total costs to U.S. businesses could reach as high as $180 billion.

    ServInt Corporation, a Virginia-based company providing website hosting services, has seen a 30 percent decline in foreign customers since the NSA leaks began in June 2013, said Christian Dawson, its chief operating officer.

    Big Losses for U.S. Tech Firms

    According to a new report by the nonprofit New America Foundation, in total NSA spying could slow the growth of the U.S. tech industry by as much as four percent in the short run, though the massive hit to American credibility could have long-range repercussions that are hard to estimate at present. The NSA spying is leading many nations to develop their own, indigenous capabilities that suggest fewer opportunities for American tech firms into the future. For example, Brazil and India are planning domestic IT companies that will keep their data centers within national boundaries and thus hopefully out of NSA’s reach. Greece, Brunei, and Vietnam have announced similar plans.

    The point really stings: cloud storage services are already a $150 billion industry, a number expected only to grow. The question now is how much of that growth for American companies will be siphoned off by foreign competition because of the NSA’s wholesale spying. One-third of Canadian businesses said in a survey they were moving their data outside the U.S. as a result of NSA spying. Artmotion, a Swiss web hosting provider reported that within a month after the first revelations of NSA spying, business jumped 45 percent.

    You’re an American Company? No, Thanks

    “We’re not an American company” may prove to be a decisive sales point, and the NSA activities a persuasive marketing tool. The point is not theoretical. “Ties revealed between foreign intelligence agencies and firms in the wake of the U.S. National Security Agency affair show that the German government needs a very high level of security for its critical networks,” Germany’s Interior Ministry said in a statement about the canceled Verizon contract.

    While the NSA likely is even now working on ways to break into foreign data centers, the immediate concern for many governments abroad is the “sharing” agreements NSA enjoys with American firms. As revealed by Edward Snowden, most American tech companies are required by the U.S. government to make themselves open to the NSA, either by directly sharing data (for example, Verizon) prepackaged to NSA needs, or by allowing the NSA to dictate what technological back doors will be built into the actual hardware (Cisco.) Either way, in the minds of many foreign governments, purchasing goods or services from an American company is the equivalent of exposing by default all data that passes through those goods or services to the American government.

    “I can’t imagine foreign buyers trusting American products,” said security expert Bruce Schneier. “We have to assume companies have been co-opted, wittingly or unwittingly. If you were a company in Sweden, are you really going to want to buy American products?”

    Corrupting the Entire Internet

    The New America report also explains that the NSA has fundamentally attacked the basic security of the Internet by undermining essential encryption tools and standards, inserting backdoors into widely-used computer hardware and software products, stockpiling vulnerabilities (“zero day defects”) in commercial software rather than making sure those security flaws get fixed, dropping spyware into routers around the world, impersonating popular sites like Facebook and LinkedIn to gather data, and hacking into Google and Yahoo’s backbone data links to harvest emails, address books and more.

    This all in spite of one of the core missions of the NSA being to protect America’s cybersecurity.

    A Wake Up Call?

    The cynical might say that with the loss of business revenues abroad, the American government finally has a reason to reign in the NSA, at least overseas. Tech companies, after all, are traditionally big political donors, especially to the Democrats and thus hold some clout. Domestically, there is little financial incentive for less spying; remember, the only person on earth Obama has personally and specifically assured is not being monitored via her cell phone is a foreigner, German Chancellor Angela Merkel. No, sorry, Americans are still fair game.

    Perhaps the worst news for American tech is hardest to quantify. “It’s not possible to put an exact dollar figure on the cost of lost business for U.S. companies as a result of the NSA revelations,” said Chris Hopfensperger, policy director for BSA/The Software Alliance, a Washington-based trade association. “If a customer goes directly to a non-U.S provider for something, you never know that you didn’t get the call.”

    Funny, because while the American company may indeed never know they didn’t get the call, the NSA might. Who could have thought the wake up call to U.S. firms would be so ironic?



    Related Articles:




    Copyright © 2020. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity.

    Posted in Democracy, Post-Constitution America

    Parallel Construction: Unconstitutional NSA Searches Deny Due Process

    July 24, 2014 // 6 Comments »




    The NSA sits at the nexus of violations of both the Fourth and Fifth Amendments with a legal dodge called Parallel Construction.

    Parallel Construction is a technique used by law enforcement to hide the fact that evidence in a criminal case originated with the NSA. In its simplest form, the NSA collects information showing say a Mr. Anderson committed a crime. This happens most commonly in drug cases. The conclusive information is passed to the Drug Enforcement Agency (DEA), who then works backwards from the conclusion to create an independent, “legal” body of evidence to use against Mr. Anderson.

    Example: an NSA email intercept shows our Mr. Anderson received a Fedex package with drugs, which he hid under his bed. The DEA takes this info, and gets a search warrant for the Fedex data, which leads them to Mr. Anderson’s apartment. A new legal warrant authorizes a search, and agents “find” the drugs under the bed right where the NSA said they were in the first place.

    Some may call this little more than illegal evidence laundering.

    Some Constitutional Background

    The Fourth Amendment to the Constitution protects Americans against unreasonable and unwarranted searches. The Supreme Court has generally held that searches of, for example, someone’s home, require a warrant. That warrant can be issued only after law enforcement shows they have “probable cause.” That in turn has been defined by the Court to require a high standard of proof, “a fair probability that contraband or evidence of a crime will be found in a particular place.” The NSA pulling information out of the cyberspace ether bypasses and thus violates the Fourth Amendment.

    The NSA violations of the Fourth Amendment enable further DEA and other law enforcement violations of the Fifth Amendment, specifically the critical due process clause. The concept of due process dates back to the 13th century Magna Carta.

    Specifically, the use of information obtained illegally and whose ultimate source is concealed from the accused violates procedural due process. This is the requirement that before any government actions to take away life, liberty or possessions, the persons affected have the right to defend themselves, to understand the evidence against them, and to question and call witnesses in rebuttal, one’s “day in court.” In short, procedural due process aims to protect individuals from the coercive power of government by ensuring that adjudication processes are fair and open.

    DEA is blunt in a document released via FOIA as to how conveniently parallel construction violates these rights:

    Our friends in the military and intelligence community never have to prove anything to the general public. They can act upon classified information without ever divulging their sources or methods to anyway [sic] outside their community.


    Why Do This to Americans?

    With exceptions, courts have held that evidence obtained illegally cannot be used in trial. So why bother to fight for an exception when, using NSA data surreptitiously, evidence can subsequently be obtained cleanly under a warrant, albeit a warrant issued by a court kept ignorant of the source of the underlying information. Another reason to use parallel construction is to hide the NSA’s role. Apart from the broader goal of not disclosing to the American people what their government is doing, blurring the trail back to the NSA gets around any courtroom attempts that require such data to be shared with the defense. And of course the defense can’t ask for something it does not know exists. Lastly, if defendants do not know the ultimate source of the information used to convict them, they cannot know to ask to review potential sources of exculpatory evidence– information that could reveal entrapment, mistakes or biased witnesses.

    Needless to say, using information obtained already pre-packaged from the NSA makes DEA’s and other law enforcement agencies’ jobs much easier. They have to do little work on their own to gather the data needed to track down Americans they seek to prosecute. It’s all in the bag.

    DEA as the Nexus

    DEA seems to be the center of the NSA distribution network, as the program originally started as a way to bust foreign drug dealers before it metastasized into the currrent tool for broadly evading the Bill of Rights.

    How widespread domestically is the practice of parallel construction? No one knows. It is known that the unit of the DEA that distributes the NSA information is called the Special Operations Division (SOD.) It partners with two dozen other agencies, including the FBI, CIA, Internal Revenue Service and the Department of Homeland Security. Once laundered of any NSA fingerprints, what those multiple agencies do with the data, and how far they themselves spread it to even more agencies, or to local law enforcement, is unknown.

    Why it Matters

    There have been complex questions raised about the hiding of NSA-obtained information used to convict Americans, leading to the Solictor General of the United States lying to the Supreme Court about how the Justice Department was not notifying defendants in situations when warrantless surveillance had led in turn to a wiretap order that produced evidence used in court. The Justice Department has taken to notifying some defendents that information obtained via warrantless survellience is being used against them, allowing for a likely Supreme Court challenge. The Justice Department has previously blocked Supreme Court challenges by hiding how information was obtained, thus denying the accused of “standing” in the Court’s eyes.

    As part of the response to such government actions, organizations such as the Los Angeles County Bar Association are now offering for-continuing-education-credit tutorials to defense attorneys under titles such as “Criminal Prosecutions and Classified Information.”

    A lot of attention Post-Snowden has been paid to what the NSA does– vacuum up emails, listen in on Skype chats and so forth. Too little attention has been devoted to what is done with the information NSA collects. The appetites of law enforcement agencies in Post-Constitutional America are bottomless, and the NSA holds terabytes of data to fill them.



    Related Articles:




    Copyright © 2020. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity.

    Posted in Democracy, Post-Constitution America

    Edward Snowden is the Most Dangerous Man in America. Good.

    July 21, 2014 // 9 Comments »




    Oh yes, yes, Edward Snowden is clearly the most dangerous man in America.

    Speaking via video link (he uses Skype!) from Russia to the HopeX hackers’ conference in New York City July 19, Edward Snowden issued a call to arms to those present. Engineers, he said, “need to think now in adversarial terms to defeat government technical capabilities.” While the government now uses technology to shield themselves from accountability, software and hardware must “become a way to express our freedoms while protecting our freedoms.”

    Technology and Government

    Snowden went on to make a number of important points regarding the new relationship technology has created between the government and the people.

    — Technology now makes it possible to publish information without the government’s ability to stop it. While the photocopier was the “killer app” of Daniel Ellsberg’s day, Wikileaks and Snowden’s own revelations show the empowerment potential of technology. Snowden reminded the audience that when the government fears its people (as opposed to the inverse), that is democracy.

    — The value of masses of documents– evidence– cannot be understated because it cannot be ignored. Only mass evidence of NSA illegal spying “brought the president to the podium, and the people back to the table of government.”

    — Snowden noted his and other whistleblowers’ attempts to “go through channels” with their concerns, but cautioned “The American Revolution was not fought for the right to channels.”

    — Secret courts interpreting secret laws to issue secret findings carried out by secret agencies in secret defines much of our world today. The government through this “exploit chain” has shut us out from the process and policies that impact our lives.

    — Via his NSA revelations, we now know a new truth about our world, that who we love, who we spend time with, who we hate is now known by people who are not held accountable, not even by the full Congress.


    Encoding Our Rights

    Snowden’s most important points were part of a call to action for technologists. He emphasized encryption, while very important, only protects content (what is written in your emails) and not metadata (information about to whom you send emails, for example.) This means, encryption or not, everything you communicate is being measured and analyzed; the government is programmatically examining our lives, in bulk, creating layers of suspicion by association. And in that sense, metadata is not about you, or me, it is about us, the collective us, all Americans and all others around the world.

    In this sense, what the NSA is doing is perhaps greater, perhaps even worse, than “merely” listening in on what you say or reading what you write. They are, in a broader sense, creating a map of how every global citizen fits in with every other citizen. Pair that with whatever content is collected, and the NSA comes close to knowing everything.

    That is why, Snowden told the crowd, the next job for us all, and Snowden’s own future work, will be to encode our rights into our technology, to take away by our own hands and intellect what the government has learned to use against us.

    The key is to divorce the connection from the connector, i.e., create unattributable communications that destroy the government’s ability to collect and analyze metadata and run traffic analysis. Snowden gave the example of Tor, a secure enough networking tool. The big weakness of Tor is that the NSA can easily see that a computer has entered the Tor network, allowing them to otherwise easily target that computer, and, if possible, target the person associated with that computer. Same with someone who makes a call using the Verizon network. Divorcing the connection from the connector means cutting those links of association, forcing NSA to have to find some other means of targeting an individual or uncovering broader patterns.

    Whistleblowers

    A significant issue that holds many potential whistleblowers back is the risk of getting caught. Getting caught in this era means potentially life in prison, loss of family, loss of savings, loss of job and/or loss of status, position and identity. If technologists can lower the risk of getting caught, then that would likely make it more likely that more people would consider acts of patriotism and conscience. It is important that thousands (maybe hundred of thousands?) of people could have done what Snowden did, but only one man did it.

    Snowden then made one of his most chilling, and significant points, unexpectedly.

    He informed that crowd that there were almost certainly NSA operatives among them as he spoke. He explained that NSA has a budget just for sending people to hacker conferences, to see what they can learn, which people to look at further, and report back. Addressing those NSA people specifically, as well as the mass audience, Snowden challenged them directly to think about the world they wanted to live in, and then help build it.

    Comment

    Snowden just upped his game. In addition to his own work and revelations, he is now directing how others should proceed. He is combining technology and patriotism, whistleblowing and philosophy.

    The NSA may be right; Edward Snowden may be the most dangerous man (virtually) in America.

    Note: The presentation was built around a three-way discussion among Daniel Ellsberg, Trevor Timm and Ed Snowden. I’ve only reported on Snowden’s remarks, though seeing him interact with Ellsberg was like what I imagined being in the room would have been like when Bruce Springsteen met Pete Seeger.

    Here’s the full audio of the presentation if you’d like to listen.




    Related Articles:




    Copyright © 2020. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity.

    Posted in Democracy, Post-Constitution America