The forthcoming report of the Privacy and Civil Liberties Oversight Board, the arm's-length body established by the Congress to investigate NSA spying, has leaked, with details appearing in The New York Times and The Washington Post.
From its pages, we learn that the board views the NSA's metadata collection program -- which was revealed by Edward Snowden -- as illegal, without "a viable legal foundation under Section 215, implicates constitutional concerns under the First and Fourth Amendments, raises serious threats to privacy and civil liberties as a policy matter, and has shown only limited value…As a result, the board recommends that the government end the program."
The report goes farther than the President's Review Group on Intelligence and Communications Technologies (whose recommendations Obama ignored) and even farther than the policies announced by the President himself.
The Board also found that NSA metadata collection didn't stop any terrorist attacks, and would not have been useful in preventing the 9/11 attacks.
Read the rest
Dave from the Electronic Frontier Foundation writes, "I escort a lot of TV crews in and out of the building at EFF. Few have been as efficient and polite as Ben Blum, a 13-year-old San Francisco independent YouTube producer who interviewed EFF's Parker Higgins for this short documentary. Pitched to us as an entry in a C-Span competition about what issues Congress should deal with in 2014, Data Obsession breaks down the controversy over domestic surveillance with help from AT&T whistleblower Mark Klein.
Data Obsession - A Look Inside Government Surveillance
As we wait to hear Obama's plan to reform the NSA, spare a thought for the poor rubberstamping judges of the Foreign Intelligence Surveillance Court, who are charged with the solemn duty of granting permission for pretty much every stupid, overreaching surveillance plan America's spooks bring before it in its secretive, unaccountable chambers. These hardworking civil servants have sounded the alarm
that any burden on them to actually pay attention to whether surveillance is proportional, necessary and legal would put an undue strain on them: "Even if additional financial, personnel, and physical resources were provided, any substantial increase in workload could nonetheless prove disruptive to the Courts' ability to perform their duties
." Oh, diddums
Cryptoseal has shut down Cryptoseal Privacy, a VPN product advertised as a privacy tool, citing the action against Lavabit, the privacy-oriented email provider used by Edward Snowden. Court documents released in the wake of Lavabit's shut-down showed that the US government believes that it has the power to order service providers to redesign their systems to make it possible to spy on users. Cryptoseal had been operating under the assumption that since it had no way of spying on its users, it was immune to wiretap orders, and the revelation that they may be forced to break their system's security was enough to put them off altogether. Like Lavabit, Cryptoseal was unwilling to advertise a service that was immune from snooping if they might someday be forced to secretly redesign their systems to make snooping possible.
Read the rest
Lavabit founder Ladar Levison speaking at the 2013 Liberty Political Action Conference (LPAC) in Chantilly, Virginia. Photo: Gage Skidmore.
Edward Snowden. Photo: The Guardian/Reuters.
Ever since Lavabit, the privacy-oriented email provider used by whistleblower Edward Snowden, shut down abruptly
in August, we've been wondering what, exactly, the Feds had demanded of founder Ladar Levison. As he wrote in his cryptic note, he felt that he was facing an order that would make him "complicit in crimes against the American people" but he was legally unable to say more.
But now, thanks to unsealed records, we're able to get some insight into what the NSA and the Feds demanded of Lavabit (and, presumably, of other companies that have not shut down): first they asked him to decrypt the communications of one of their customers (almost certainly Edward Snowden). When they were told that this wasn't technically possible, they demanded that the system be modified to make it possible, and when Lavabit balked, they got a court order requiring that Lavabit turn over its SSL keys, compromising all of the company's users' communications. Funnily enough, Levison "complied" with this court-order by turning over the keys as 11 pages of 4-point type, but the court didn't go for that.
Read the rest
"In response to a FOIA request from USA TODAY, the Justice Department said its ethics office never looked into complaints from two federal judges that they had been misled about NSA surveillance," reports USA Today's Brian Heath
. An email exchange between the reporter and a Justice rep published at Cryptome.org
reveals that the government clearly did not want this story published. — Xeni
Over at Wired.com, David Kravets writes about an order
by a Foreign Intelligence Surveillance Court (FISC) judge demanding that the US government begin to declassify its opinions related to the Patriot Act. The order "means the government likely will have to make public opinions surrounding the court’s legal interpretations of Section 215 of the Patriot Act," a controversial provision that allows FISC "to authorize broad warrants for most any type of 'tangible' records, including those held by banks, doctors and phone companies."
The Electronic Frontier Foundation has won a huge victory in its ongoing battle to turn over the rock of secret surveillance in the USA. A federal court has ordered the government to publish a 2011 opinion from the Foreign Intelligence Surveillance Court in which the court held that the NSA's surveillance was unconstitutional and not in "the spirit of" federal law.
For almost two years, EFF has been fighting the government in federal court to force the public release of an 86-page opinion of the secret Foreign Intelligence Surveillance Court (FISC). Issued in October 2011, the secret court’s opinion found that surveillance conducted by the NSA under the FISA Amendments Act was unconstitutional and violated “the spirit of” federal law.
Today, EFF can declare victory: a federal court ordered the government to release records in our litigation, the government has indicated it intends to release the opinion today, and ODNI has called a 3:00 ET press conference to discuss "issues" with FISA Amendments Act surveillance, which we assume will include a discussion of the opinion.
It remains to be seen how much of the opinion the government will actually make available to the public. President Obama has repeatedly said he welcomes a debate on the NSA’s surveillance: disclosing this opinion—and releasing enough of it so that citizens and advocates can intelligently debate the constitutional violation that occurred—is a critical step in ensuring that an informed debate takes place.
EFF Victory Results in Release of Secret Court Opinion Finding NSA Surveillance Unconstitutional
NBC reports that senior US Attorney James Trump sent Lavabit founder Ladar Levison and his lawyer a veiled arrest threat when Levison shut down his private email service (used by NSA leaker Edward Snowden) rather than comply with a secret order to spy on his customers. Nothing more can be said definitively, because the order to Levison came with a gag order prohibiting Levison from discussing it. Everyone is pretty sure that Levison was served with a National Security Letter.
This gives additional context to the decision of Lavabit competitor Silent Circle to pre-emptively shut down its own private email service as well, in advance of any sort of court order. If a secret court can issue a secret order requiring you to spy on your customers, and if shutting down the service will land you in jail, then simply not operating the kind of service that spooks find snoopworthy is the only option.
Read the rest
Earlier this week, Xeni reported on the shutdown of Lavabit, the email provider used by NSA whistleblower Edward Snowden. Ladar Levison, Lavabit's founder, has given an interview to Forbes about his reasoning for the shutdown, which comes -- apparently -- as a result of a secret NSA search-warrant complete with a gag order.
After discussing the general absurdity and creepiness of not being allowed to freely criticize the government for the order they brought to his company, he concludes by saying that he's stopped using email altogether, and "If you knew what I know about email, you might not use it either."
Read the rest
The Guardian has the latest of the Snowden/NSA leaks, detailing the semantic loophole exploited by the Agency in order to spy on the communications of Americans and people in the USA, something it is otherwise forbidden from doing. Since the initial Snowden leaks, President Obama, ranking Democrats (including Diane Feinstein), and NSA officials have made categorical statements denying that the NSA spies on Americans. These statements appear to be outright lies, as revealed by these revelations, and make me wonder if there are Hill rats looking up the procedures for impeachment at this very moment.
The revelations revolve around Section 702 of the FISA Amendments Act, whose wording contains enough ambiguity that the Agency has been able to interpret it as giving them authority to spy on Americans and people in America. As a foreigner in the UK (and thus liable to total, open, uncontroversial NSA surveillance), I extend my sympathy to my American sisters and brothers.
Read the rest
Rush Holt (D-NJ) has introduced a bill called the "Surveillance State Repeal Act" that repeals the PATRIOT Act and much of FISA (though it leaves some pretty terrible parts of FISA intact). It's only 8 pages long, but it has the potential to do a lot of good.
Read the rest
America's 11-judge Foreign Intelligence Surveillance Court (FISC) has made more than a dozen classified rulings that vastly expanded the powers of America's spy agencies, operating under an obscure legal doctrine called "special needs." Under this doctrine, established in 1989 in a Supreme Court case over drug testing railway workers, a "minimal intrusion on privacy" is allowed in order to help the state mitigate "overriding public danger." FISC's rulings have widened this ruling to allow for wholesale spying in the name of preventing "nuclear proliferation," as well as terrorism. The NYT calls this a "shadow Supreme Court" but notes that FISC proceedings only hear from the government -- no one presents alternatives to the government's arguments. Much of the expansion of surveillance turns on whether metadata collection is intrusive (I think it is):
The officials said one central concept connects a number of the court’s opinions. The judges have concluded that the mere collection of enormous volumes of “metadata” — facts like the time of phone calls and the numbers dialed, but not the content of conversations — does not violate the Fourth Amendment, as long as the government establishes a valid reason under national security regulations before taking the next step of actually examining the contents of an American’s communications.
This concept is rooted partly in the “special needs” provision the court has embraced. “The basic idea is that it’s O.K. to create this huge pond of data,” a third official said, “but you have to establish a reason to stick your pole in the water and start fishing.”
Under the new procedures passed by Congress in 2008 in the FISA Amendments Act, even the collection of metadata must be considered “relevant” to a terrorism investigation or other intelligence activities.
The court has indicated that while individual pieces of data may not appear “relevant” to a terrorism investigation, the total picture that the bits of data create may in fact be relevant, according to the officials with knowledge of the decisions.
In Secret, Court Vastly Broadens Powers of N.S.A. [Eric Lichtblau/NYT]
(via Hacker News)
Two legislators have introduced legislation that would require the President to disclose his secret interpretation of America's spying laws. This is especially relevant in the wake of yesterday's Snoweden leaks showing how the NSA uses a secret interpretation of the FISA spying law to spy on Americans.
The new bill in the house complements a similar bill introduced in the Senate last week.
"In order to have an informed public debate on the merits of these programs, it is important for the American people to know how such programs have been authorized, their limits and their scope," said Rep. Adam Schiff (D-CA) in a statement.
"Particularly now that the existence of these programs has been acknowledged, I believe there is much more that can be shared with the public about their legal basis," Schiff said. "It is my hope that this legislation will increase transparency and inform the national debate about the surveillance authorities provided to the Intelligence Community. I also believe that requiring additional disclosure would provide another valuable check on any potential expansion of surveillance under these authorities, whether by this or any future Administration.”
Lawmakers introduce new bill to compel gov’t to declassify secret court opinions
Here's an important consideration for Europeans in light of the NSA dragnet surveillance revealed by the recent leaks: some of the amendments to the controversial new EU Data Protection Regulation would open the door to the secret transfer of EU citizens' private information to US intelligence agencies. The UK Liberal Democrat MEP Baroness Ludford has advocated amendments that do this. The Open Rights Group and principled UK LibDems are calling on the Baroness to withdraw her support for these amendments and support transparency and accountability in the handling of sensitive personal information of Europeans.
For instance, the Baroness is behind amendment number 1210.
This removes the right to know if your data might be transferred to a third country or international organisation. It does this by deleting the following bit of the proposed Regulation:
Article 14 – paragraph 1 – point g
(g) where applicable, that the controller intends to transfer to a third country or international organisation and on the level of protection afforded by that third country or international organisation by reference to an adequacy decision by the Commission;
It hardly needs spelling out given the recent news about PRISM and state surveillance, but knowing which companies or countries your data might be moved to is likely to increasingly be a fundamental consideration for someone deciding whether to share personal data.
Baroness Ludford amendment - opening the door to FISAAA?