Submit a link Features Reviews Podcasts Video Forums More ▾

Yahoo beefs up security in two meaningful and important ways

Yahoo has taken some serious steps towards protecting user-privacy, writes the Electronic Frontier Foundation's Seth Schoen. After revelations that the NSA and GCHQ had hacked its services, intercepted private video-chats, and harvesting mass data from its fiber optic links, the company has added forward secrecy and STARTTLS to its roster of default-on security measures. Of the two, forward secrecy is the most interesting, as it protects the privacy of old intercepted Yahoo data even if the company loses control of its keys. Bravo, Yahoo! Cory 7

Britain is turning into a country that can't tell its terrorists from its journalists


Sarah Harrison, a British journalist who's worked with Wikileaks and the Snowden papers, writes that she will not enter the UK any longer because the nation's overbroad anti-terror laws, combined with the court decision that validates using them to detain journalists who are not suspected of terrorism under any reasonable definition of the term, means that she fears begin detained at the airport and then jailed as a terrorist when she refuses to decrypt her files and grant police access to her online accounts. Under the UK's Terrorism Act of 2000, journalists who write because they hope to expose and halt corruption are liable to being jailed as terrorists because they report on leaks in a way that is "designed to influence the government." And "the government," according to the Act, is any government, anywhere in the world -- meaning that journalists who report on leaks that embarrass any government in the world can be treated as terrorists in the UK.

Nor is this an idle risk: Glenn Greenwald's partner, David Miranda, was detained under terrorism rules when he transited through the UK, and a UK judge subsequently found that the detention was justified on these grounds, even though no one suggests that Miranda is involved in terrorism in any way. As Harrison writes, "Britain is turning into a country that can't tell its terrorists from its journalists."

The final paragraphs of Harrison's editorial sum it up neatly:

Read the rest

NSA wiretapped 122 world leaders; GCHQ penetrated German satellite companies for mass surveillance potential


Newly disclosed documents from the trove Edward Snowden provided to journalists reveal the existence of the "Nymrod" database that listed 122 world leaders, many from nations friendly to the USA, that were spied upon by the NSA. Included in the list is German Chancellor Angela Merkel, who was already known to have been wiretapped by the NSA thanks to an earlier disclosure. Nymrod's "Target Knowledge Database" combed through the NSA's pool of global intercepts to amass dossiers of private communications -- emails, faxes, calls and Internet traffic -- related to the leaders.

Additionally, the UK spy agency GCHQ infiltrated and compromised two German satellite communications companies -- Stellar and Cetel -- and IABG, a company that supplied them with equipment. It wiretapped their senior executives as well. None of these companies are accused of having done anything amiss, but were targeted by British spies because their services carried Internet traffic and were a convenient "access chokepoint" from which to conduct mass-surveillance programs.

Read the rest

Podcast: If GCHQ wants to improve national security it must fix our technology

Here's a reading (MP3) of my latest Guardian column, If GCHQ wants to improve national security it must fix our technology where I try to convey the insanity of spy agencies that weaken Internet security in order to make it easier for them to spy on people, by comparing this to germ warfare.

Read the rest

UK Deputy PM commissions independent review of spy powers

Glyn sez, "UK Deputy PM Nick Clegg has commissioned a review into the new intrusive capabilities of British intelligence agencies and the legal framework in which they operate."

Read the rest

GCHQ spied on millions of Yahoo video chats, harvested sexual images of chatters, compared itself to "Tom Cruise in Minority Report"



A stunning new Snowden leak reveals that the UK spy agency GCHQ harvested images and text from millions of Yahoo video chats, including chats in which one or both of the participants was British or American. Between 3 and 11 percent of the chats they intercepted were sexual in nature, and revealing images of thousands of people were captured and displayed to spies. The programme, called OPTIC NERVE, focused on people whose usernames were similar to those of suspects, and ran from at least 2008 until at least 2010. The leak reveals that GCHQ intended to expand the programme to Xbox 360 Kinect cameras and "fairly normal webcam traffic." The programme was part of a facial recognition research effort that GCHQ compared to "Tom Cruise in Minority Report." While the documents do not detail efforts as widescale as those against Yahoo users, one presentation discusses with interest the potential and capabilities of the Xbox 360's Kinect camera, saying it generated "fairly normal webcam traffic" and was being evaluated as part of a wider program. Beyond webcams and consoles, GCHQ and the NSA looked at building more detailed and accurate facial recognition tools, such as iris recognition cameras – "think Tom Cruise in Minority Report", one presentation noted.

Read the rest

GCHQ's dirty-tricking psyops groups: infiltrating, disrupting and discrediting political and protest groups


In a piece on the new Omidyar-funded news-site "The Intercept," Glenn Greenwald pulls together the recent Snowden leaks about the NSA's psyops programs, through which they sought to attack, undermine, and dirty-trick participants in Anonymous and Occupy. The new leaks describe the NSA' GCHQs use of "false flag" operations (undertaking malicious actions and making it look like the work of a group they wish to discredit), the application of "social science" to disrupting and steering online activist discussions, luring targets into compromising sexual situations, deploying malicious software, and posting lies about targets in order to discredit them.

As Greenwald points out, the unit that conducted these actions, "Jtrig" (Joint Threat Research Intelligence Group), does not limit itself to attacking terrorists -- it explicitly targets protest groups, and political groups that have no connection with national security, including garden-variety criminals who are properly the purview of law enforcement agencies, not intelligence agencies.

The UK spy agency GCHQ operates a programme, called the "Human Science Operations Cell," whose remit is "strategic influence and disruption."

Some of the slides suggest pretty dubious "social science" (see below) -- they read like a mix between NLP hucksters and desperate Pick Up Artist losers.

Read the rest

How UK spies committed illegal DoS attacks against Anonymous

A new Snowden leak, reported by NBC, documents the UK spy agency GCHQ's attacks on Anonymous, which included Denial-of-Service attacks, which are strictly forbidden under UK law. As the Slashdot story notes, "Regular citizens would face 10 years in prison and enormous fines for committing a DoS / DDoS attack. The same applies if they encouraged or assisted in one. But if you work in the government, it seems like you're an exception to the rule."

NBC has published a minimally redacted version [PDF] of the GCHQ slide-deck detailing the agency's illegal hacking attacks on alleged Anonymous participants.

Read the rest

Video of the ritual destruction of a Guardian laptop with the Snowden leaks, as ordered by Prime Minister David Cameron


Remember when UK Prime Minister David Cameron ordered government officials to go to the offices of the Guardian in London and demand the symbolic destruction of a laptop with the Edward Snowden leaks on it? It was a bizarre kind of high-tech exorcism, a bizarre ritual in which one of many, many copies of the Snowden documents were ritually destroyed, because, in the Prime Minister's words, "We've had enough debate about them."

The Guardian has posted a video of the exorcism, showing how the stern officials oversaw the piece-by-piece systematic destruction of the machine. It's not embeddable, but it's a remarkable piece of footage that you should really go and watch.

Revealed: the day Guardian destroyed Snowden hard drives under watchful eye of GCHQ – video

(via Techdirt)

Top lawyer finds GCHQ spying is illegal & UK spies who help US drone strike may be accessories to murder


UK Labour Member of Parliament Tom Watson writes, "I thought you might be interested to read the latest developments on the drones and data collection front. I've asked privacy expert Jemima Stratford QC for her legal opinion on aspects of the Snowden revelations. Contrary to reassurance from the Foreign Secretary and Chair of the ISC she finds [PDF]:


1. interception of 'internal' contents data of British citizens in the UK is unlawful under RIPA [ed: the Regulation of Investigatory Powers Act 2000; the UK's controversial spying bill]

2. the RIPA framework is outdated and not fit for purpose, leaving British citizens exposed to unlawful interference

3. transfer of data to NSA, which shares data with CIA, leaves GCHQ officials exposed to charges of aiding murder in the UK where the government knows that data is available for use to direct drone strikes against non-combatants

Further, she argues:

4. the government should agree and publish a new memorandum of understanding with the US specifying how data from UK can be stored and used by foreign agents.

Watson doesn't do the report justice, really -- Stratford's opinion includes that UK participation in US drone strikes opens up individual UK intelligence operatives to being charged as accessories to murder. Watson sent copies of the report to all the members of the all-party parliamentary drone group, which of which he is chair. He's also sending it to the parliamentary intelligence and security committee for their own hearings on surveillance.

The Guardian has a great summary of the memo here, but really, you should read it yourself [PDF] -- it's a very quick and easy read. Stratford is a leading public law barrister, and she argues beautifully.

Read the rest

European Court of Human Rights will hear case about GCHQ spying


This is huge news: the European Court of Human Rights has agreed to hear a challenge to bulk Internet surveillance by the UK spy agency GCHQ. The case was brought by Big Brother Watch, the Open Rights Group and English PEN, and German Internet activist Constanze Kurz. This is a rare instance of "impact litigation" in the UK, where a bad law or practice can be ended swiftly and decisively by having a court hear a test-case about the law and rule on its constitutionality. This tactic has been incredibly effective in the US -- EFF's famous Bernstein victory, which legalized strong cryptography, is a good example -- but has been less available to UK activists.

Read the rest

NSA harvests 200M of SMSes every day with untargeted, global "Dishfire" program

The latest Snowden leak details DISHFIRE, a joint NSA/GCHQ program to slurp up hundreds of millions of SMS messages from global mobile phone users. Included in the program are text messages to and from Americans, though these are apparently subsequently purged. The UK spy agency GCHQ also makes extensive use of the database. Text messages are stored for long terms, so that spies can do historic lookups on people they target. The DISHFIRE database allows for full-text search.

Vodaphone expressed shock and outrage at the news that its customers' private messages were being harvested without a warrant or due process, characterising the program as outside the law.

Read the rest

UK Ministry of Defense can arrest you without warrant for taking pictures, grazing animals near NSA and drone outposts

The UK Ministry of Defense has introduced by-laws in the vicinity of bases in the UK, making it a detainable offense to take pictures or make any image of any person or thing; to graze livestock; or to fail to clean up your dog's turds. The rules also allow the MoD to put you in jail "without warrant" for setting up protest camps on MoD property.

These rules come into effect just as a recent Snowden leak revealed that one of the bases in the UK was used by the NSA and GCHQ to spy on Oxfam, Medecins Sans Frontiers, as well as Angela Merkel. Another one of the affected bases is reportedly used to pilot drones deployed in Yemen.

All in all, the rules effect 150 bases around the UK. The MoD the second-largest landowner in the UK.

Read the rest

NSA and GCHQ targeted NGOs, charities, EU chief, Israeli defense minister for deep surveillance


The latest Snowden leak reveals a list of bizarre targets for NSA/GCHQ surveillance, including the World Health Organization, Unicef and Medecins Sans Frontiers; the VP of the European Commission (whose file included EU competition policy); the UN's special representative to Darfur; German diplomatic networks; and other diplomatic targets. The program was run through GCHQ's Bude listening station in Cornwall, which receives large amounts of funding from the NSA. There's no colourable claim that this surveillance had anything to do with preventing terrorism or enhancing national security. It's an incoherent mishmash of out-and-out industrial espionage, institutional mistrust of humanitarian relief agencies, and a reflexive need to spy. And it's going to piss a lot of people off.

Read the rest

NSA uses Google's tracking cookies to target and "exploit" their subjects


A new set of leaked NSA slides from the Snowden trove was published in the Washington Post today, detailing NSA/GCHQ's use of Web cookies (including Google's PREF cookie) to uniquely identify people as they move around the Web, in order to target them and compromise them.

They also report on an NSA program called HAPPYFOOT that uses mobile phones to do very fine-grained tracking of targets.

Ed Felten, an eminent computer scientist and security researcher, has written a lengthy comment on the disclosures, exploring the different options companies have if they want to safeguard their tracking cookies from being hijacked by the NSA. His primary recommendation is that these cookies should only be sent over SSL.

Read the rest