Cryptoseal has shut down Cryptoseal Privacy, a VPN product advertised as a privacy tool, citing the action against Lavabit, the privacy-oriented email provider used by Edward Snowden. Court documents released in the wake of Lavabit's shut-down showed that the US government believes that it has the power to order service providers to redesign their systems to make it possible to spy on users. Cryptoseal had been operating under the assumption that since it had no way of spying on its users, it was immune to wiretap orders, and the revelation that they may be forced to break their system's security was enough to put them off altogether. Like Lavabit, Cryptoseal was unwilling to advertise a service that was immune from snooping if they might someday be forced to secretly redesign their systems to make snooping possible.
Read the rest
Lavabit founder Ladar Levison speaking at the 2013 Liberty Political Action Conference (LPAC) in Chantilly, Virginia. Photo: Gage Skidmore.
Edward Snowden. Photo: The Guardian/Reuters.
Ever since Lavabit, the privacy-oriented email provider used by whistleblower Edward Snowden, shut down abruptly
in August, we've been wondering what, exactly, the Feds had demanded of founder Ladar Levison. As he wrote in his cryptic note, he felt that he was facing an order that would make him "complicit in crimes against the American people" but he was legally unable to say more.
But now, thanks to unsealed records, we're able to get some insight into what the NSA and the Feds demanded of Lavabit (and, presumably, of other companies that have not shut down): first they asked him to decrypt the communications of one of their customers (almost certainly Edward Snowden). When they were told that this wasn't technically possible, they demanded that the system be modified to make it possible, and when Lavabit balked, they got a court order requiring that Lavabit turn over its SSL keys, compromising all of the company's users' communications. Funnily enough, Levison "complied" with this court-order by turning over the keys as 11 pages of 4-point type, but the court didn't go for that.
Read the rest
"In response to a FOIA request from USA TODAY, the Justice Department said its ethics office never looked into complaints from two federal judges that they had been misled about NSA surveillance," reports USA Today's Brian Heath
. An email exchange between the reporter and a Justice rep published at Cryptome.org
reveals that the government clearly did not want this story published. — Xeni
Over at Wired.com, David Kravets writes about an order
by a Foreign Intelligence Surveillance Court (FISC) judge demanding that the US government begin to declassify its opinions related to the Patriot Act. The order "means the government likely will have to make public opinions surrounding the court’s legal interpretations of Section 215 of the Patriot Act," a controversial provision that allows FISC "to authorize broad warrants for most any type of 'tangible' records, including those held by banks, doctors and phone companies."
The Electronic Frontier Foundation has won a huge victory in its ongoing battle to turn over the rock of secret surveillance in the USA. A federal court has ordered the government to publish a 2011 opinion from the Foreign Intelligence Surveillance Court in which the court held that the NSA's surveillance was unconstitutional and not in "the spirit of" federal law.
For almost two years, EFF has been fighting the government in federal court to force the public release of an 86-page opinion of the secret Foreign Intelligence Surveillance Court (FISC). Issued in October 2011, the secret court’s opinion found that surveillance conducted by the NSA under the FISA Amendments Act was unconstitutional and violated “the spirit of” federal law.
Today, EFF can declare victory: a federal court ordered the government to release records in our litigation, the government has indicated it intends to release the opinion today, and ODNI has called a 3:00 ET press conference to discuss "issues" with FISA Amendments Act surveillance, which we assume will include a discussion of the opinion.
It remains to be seen how much of the opinion the government will actually make available to the public. President Obama has repeatedly said he welcomes a debate on the NSA’s surveillance: disclosing this opinion—and releasing enough of it so that citizens and advocates can intelligently debate the constitutional violation that occurred—is a critical step in ensuring that an informed debate takes place.
EFF Victory Results in Release of Secret Court Opinion Finding NSA Surveillance Unconstitutional
NBC reports that senior US Attorney James Trump sent Lavabit founder Ladar Levison and his lawyer a veiled arrest threat when Levison shut down his private email service (used by NSA leaker Edward Snowden) rather than comply with a secret order to spy on his customers. Nothing more can be said definitively, because the order to Levison came with a gag order prohibiting Levison from discussing it. Everyone is pretty sure that Levison was served with a National Security Letter.
This gives additional context to the decision of Lavabit competitor Silent Circle to pre-emptively shut down its own private email service as well, in advance of any sort of court order. If a secret court can issue a secret order requiring you to spy on your customers, and if shutting down the service will land you in jail, then simply not operating the kind of service that spooks find snoopworthy is the only option.
Read the rest
Earlier this week, Xeni reported on the shutdown of Lavabit, the email provider used by NSA whistleblower Edward Snowden. Ladar Levison, Lavabit's founder, has given an interview to Forbes about his reasoning for the shutdown, which comes -- apparently -- as a result of a secret NSA search-warrant complete with a gag order.
After discussing the general absurdity and creepiness of not being allowed to freely criticize the government for the order they brought to his company, he concludes by saying that he's stopped using email altogether, and "If you knew what I know about email, you might not use it either."
Read the rest
The Guardian has the latest of the Snowden/NSA leaks, detailing the semantic loophole exploited by the Agency in order to spy on the communications of Americans and people in the USA, something it is otherwise forbidden from doing. Since the initial Snowden leaks, President Obama, ranking Democrats (including Diane Feinstein), and NSA officials have made categorical statements denying that the NSA spies on Americans. These statements appear to be outright lies, as revealed by these revelations, and make me wonder if there are Hill rats looking up the procedures for impeachment at this very moment.
The revelations revolve around Section 702 of the FISA Amendments Act, whose wording contains enough ambiguity that the Agency has been able to interpret it as giving them authority to spy on Americans and people in America. As a foreigner in the UK (and thus liable to total, open, uncontroversial NSA surveillance), I extend my sympathy to my American sisters and brothers.
Read the rest
Rush Holt (D-NJ) has introduced a bill called the "Surveillance State Repeal Act" that repeals the PATRIOT Act and much of FISA (though it leaves some pretty terrible parts of FISA intact). It's only 8 pages long, but it has the potential to do a lot of good.
Read the rest
America's 11-judge Foreign Intelligence Surveillance Court (FISC) has made more than a dozen classified rulings that vastly expanded the powers of America's spy agencies, operating under an obscure legal doctrine called "special needs." Under this doctrine, established in 1989 in a Supreme Court case over drug testing railway workers, a "minimal intrusion on privacy" is allowed in order to help the state mitigate "overriding public danger." FISC's rulings have widened this ruling to allow for wholesale spying in the name of preventing "nuclear proliferation," as well as terrorism. The NYT calls this a "shadow Supreme Court" but notes that FISC proceedings only hear from the government -- no one presents alternatives to the government's arguments. Much of the expansion of surveillance turns on whether metadata collection is intrusive (I think it is):
The officials said one central concept connects a number of the court’s opinions. The judges have concluded that the mere collection of enormous volumes of “metadata” — facts like the time of phone calls and the numbers dialed, but not the content of conversations — does not violate the Fourth Amendment, as long as the government establishes a valid reason under national security regulations before taking the next step of actually examining the contents of an American’s communications.
This concept is rooted partly in the “special needs” provision the court has embraced. “The basic idea is that it’s O.K. to create this huge pond of data,” a third official said, “but you have to establish a reason to stick your pole in the water and start fishing.”
Under the new procedures passed by Congress in 2008 in the FISA Amendments Act, even the collection of metadata must be considered “relevant” to a terrorism investigation or other intelligence activities.
The court has indicated that while individual pieces of data may not appear “relevant” to a terrorism investigation, the total picture that the bits of data create may in fact be relevant, according to the officials with knowledge of the decisions.
In Secret, Court Vastly Broadens Powers of N.S.A. [Eric Lichtblau/NYT]
(via Hacker News)
Two legislators have introduced legislation that would require the President to disclose his secret interpretation of America's spying laws. This is especially relevant in the wake of yesterday's Snoweden leaks showing how the NSA uses a secret interpretation of the FISA spying law to spy on Americans.
The new bill in the house complements a similar bill introduced in the Senate last week.
"In order to have an informed public debate on the merits of these programs, it is important for the American people to know how such programs have been authorized, their limits and their scope," said Rep. Adam Schiff (D-CA) in a statement.
"Particularly now that the existence of these programs has been acknowledged, I believe there is much more that can be shared with the public about their legal basis," Schiff said. "It is my hope that this legislation will increase transparency and inform the national debate about the surveillance authorities provided to the Intelligence Community. I also believe that requiring additional disclosure would provide another valuable check on any potential expansion of surveillance under these authorities, whether by this or any future Administration.”
Lawmakers introduce new bill to compel gov’t to declassify secret court opinions
Here's an important consideration for Europeans in light of the NSA dragnet surveillance revealed by the recent leaks: some of the amendments to the controversial new EU Data Protection Regulation would open the door to the secret transfer of EU citizens' private information to US intelligence agencies. The UK Liberal Democrat MEP Baroness Ludford has advocated amendments that do this. The Open Rights Group and principled UK LibDems are calling on the Baroness to withdraw her support for these amendments and support transparency and accountability in the handling of sensitive personal information of Europeans.
For instance, the Baroness is behind amendment number 1210.
This removes the right to know if your data might be transferred to a third country or international organisation. It does this by deleting the following bit of the proposed Regulation:
Article 14 – paragraph 1 – point g
(g) where applicable, that the controller intends to transfer to a third country or international organisation and on the level of protection afforded by that third country or international organisation by reference to an adequacy decision by the Commission;
It hardly needs spelling out given the recent news about PRISM and state surveillance, but knowing which companies or countries your data might be moved to is likely to increasingly be a fundamental consideration for someone deciding whether to share personal data.
Baroness Ludford amendment - opening the door to FISAAA?
Google has sent the US Attorney General a letter asking for permission to publish aggregate statistics on the number of gag-ordered-FISA requests it gets. These requests are secret and not included in Google's "Transparency Report" of government requests.
We therefore ask you to help make it possible for Google to publish in our Transparency Report aggregate numbers of national security requests, including FISA disclosures—in terms of both the number we receive and their scope. Google’s numbers would clearly show that our compliance with these requests falls far short of the claims being made. Google has nothing to hide.
Google appreciates that you authorized the recent disclosure of general numbers for national security letters. There have been no adverse consequences arising from their publication, and in fact more companies are receiving your approval to do so as a result of Google’s initiative. Transparency here will likewise serve the public interest without harming national security.
Asking the U.S. government to allow Google to publish more national security request data
Bruce Schneier writes in The Atlantic to comment on the leaked court order showing that the NSA has been secretly engaged in bulk domestic surveillance, recording who everyone is talking to, when, for how long, and where they are when they do. Schneier points out -- as many have -- that this is the tip of the iceberg, and lays out a set of government secrets that we need whistleblowers to disclose in order to grasp the full scope of the new, total surveillance state:
We need details on the full extent of the FBI's spying capabilities. We don't know what information it routinely collects on American citizens, what extra information it collects on those on various watch lists, and what legal justifications it invokes for its actions. We don't know its plans for future data collection. We don't know what scandals and illegal actions -- either past or present -- are currently being covered up.
We also need information about what data the NSA gathers, either domestically or internationally. We don't know how much it collects surreptitiously, and how much it relies on arrangements with various companies. We don't know how much it uses password cracking to get at encrypted data, and how much it exploits existing system vulnerabilities. We don't know whether it deliberately inserts backdoors into systems it wants to monitor, either with or without the permission of the communications-system vendors.
And we need details about the sorts of analysis the organizations perform. We don't know what they quickly cull at the point of collection, and what they store for later analysis -- and how long they store it. We don't know what sort of database profiling they do, how extensive their CCTV and surveillance-drone analysis is, how much they perform behavioral analysis, or how extensively they trace friends of people on their watch lists.
We don't know how big the U.S. surveillance apparatus is today, either in terms of money and people or in terms of how many people are monitored or how much data is collected. Modern technology makes it possible to monitor vastly more people -- yesterday's NSA revelations demonstrate that they could easily surveil everyone -- than could ever be done manually.
What We Don't Know About Spying on Citizens: Scarier Than What We Know
A number of civil rights groups including PEN, will be represented by the ACLU in a Supreme Court case on the legality of the US government's program of mass, warrantless surveillance.
The groups went to court in July 2008 to overturn provisions of the FISA Amendments Act that allow the dragnet surveillance of American’s international emails and phone calls, arguing that the expectation of monitoring harms their ability to communicate freely with international clients and colleagues. Both the Bush and Obama administrations have sought to have the suit dismissed on the ground that because the groups cannot show that their communications have been monitored under the secret program, they cannot demonstrate they have been harmed by the program and so lack “standing” to sue. The Second Circuit Court of Appeals rejected that logic, ruling that PEN and its co-plaintiffs have a reasonable basis to fear that the government may be monitoring their conversations under the terms of the law, and that the groups should be allowed their day in court.
The Obama administration appealed that decision, and today’s announcement means that the Supreme Court will review the standing question later this year. The ACLU, which is representing PEN and its co-plaintiffs, will argue the case.
“With the FAA up for reauthorization at the end of the year, it is disappointing that we must once again argue the standing question instead of examining the legality of the program itself,” said Peter Godwin, president of PEN American Center. “For us, the important question is whether the system of checks and balances works, so that laws allowing programs that are utterly secret must at least be subject to independent judicial review. We look to the Supreme Court to uphold our right to clarify how the NSA’s surveillance program affects our organization’s sensitive international communications.”
PEN Heading to Supreme Court in Warrantless Surveillance Case