Submit a link Features Reviews Podcasts Video Forums More ▾

Utah representative proposes shutting off NSA's water suppy

The NSA has a research facility in Bluffdale, Utah. It's loaded with "metadata-gathering computers that currently require 1.7 million gallons of water a day" to keep them cool. Utah representative Marc Roberts (R) has introduced HB161, which would shut off their water supply. If the bill passes, how will the federal government respond?

NSA recording all the voice calls in one country; 5-6 more countries in the pipeline


A new Snowden leak reveals that all the voice calls in an unnamed country are recorded and saved for 30 days on a rolling basis, with millions of voice "cuts" (clippings) harvested from the corpus for long-term storage by the system. The system, called MYSTIC, has been running since 2009, and its search tool, RETRO, has been fully operational against a whole country's phone calls since 2011.

President Obama has stated that " the United States is not spying on ordinary people who don't threaten our national security" -- this is a hard statement to square with the idea of recording all the voice calls made in an entire country.

The Washington Post article detailing the programs states at least five more countries are now covered by MYSTIC, with a sixth coming online.

Read the rest

Podcast: If GCHQ wants to improve national security it must fix our technology

Here's a reading (MP3) of my latest Guardian column, If GCHQ wants to improve national security it must fix our technology where I try to convey the insanity of spy agencies that weaken Internet security in order to make it easier for them to spy on people, by comparing this to germ warfare.

Read the rest

Zuckerberg phones Obama to complain about NSA spying


The day after a Snowden leak revealed that the NSA builds fake versions of Facebook and uses them to seed malicious software in attacks intended to hijack "millions" of computers, Facebook CEO and founder Mark Zuckerberg telephoned President Obama to complain about the NSA's undermining of the Internet's integrity.

As many have pointed out, it would have been nice to hear Zuckerberg taking the Internet's side before his own stock portfolio was directly affected, but better late than never. Zuckerberg's post on his conversation excoriates the US government for its Internet sabotage campaign, and calls on the USG to "be the champion for the internet, not a threat." Curiously, Zuckerberg calls for "transparency" into the NSA's attacks on the Internet, but stops short of calling for an end to government-sponsored attacks against the net.

In the end, though, Zuckerberg calls on companies to do a better job of securing themselves and their users against intrusive spying. It's not clear how that will work for Facebook, though: its business model is predicated on tricking, cajoling, and siphoning personal data out of its users and warehousing it forever in a neat package that governments are unlikely to ignore. I'm told that 90% of US divorce proceedings today include Facebook data; this is a microcosm of the wider reality when you make it your business to stockpile the evidentiary chain of every human being's actions.

Read the rest

How the NSA plans to automatically infect "millions" of computers with spyware




A new Snowden leak, detailed in a long, fascinating piece in The Intercept, explains the NSA's TURBINE initiative, intended to automate malicious software infections. These infections -- called "implants" in spy jargon -- have historically been carried out on a narrow, surgical scale, targeted at people of demonstrated value to spies, due to the expense and difficulty of arranging the attacks.

But TURBINE, which was carried out with other "Five Eyes" spy agencies as part of the NSA's $67.6M "Owning the Net" plan, is intended to automate the infection process, allowing for "millions" of infections at once.

The article mentions an internal NSA message-board posting called "I hunt sys admins," sheds some light on the surveillance practices at the NSA. In the post, an NSA operative explains that he targets systems administrators at companies, especially telecoms companies, as a "means to an end" -- that is, infiltrating the companies' networks. As Glenn Greenwald and Ryan Gallagher point out, this admission shows that malware attacks are not targeted solely or even particularly at people suspected of terrorism or other crimes -- rather, they are aimed at the people who maintain the infrastructure of critical networks and systems to allow the NSA to control those systems.

The malware that TURBINE implants can compromise systems in a variety of ways, including hijacking computer cameras and microphones, harvesting Web-browsing history and email traffic, logging passwords and other keystrokes, etc.

Read the rest

Snowden at SXSW: immediate impressions


Yesterday at SXSW, Barton Gellman and I did a one-hour introductory Q&A before Edward Snowden's appearance. Right after Snowden and his colleagues from the ACLU wrapped up, I sat down and wrote up their event for The Guardian, who've just posted my impressions:

Read the rest

Livestream: Edward Snowden at SXSW

I'm at SXSW, having just done the panel introducing Edward Snowden's first live address to the USA. He will be appearing momentarily. The livestream is provisioned for 1M simultaneous sessions -- watch above.

Read the rest

Kansas Rep Pompeo wants to cancel Snowden's SXSW appearance

Edward Snowden is speaking at SXSW on Monday at an event that I'm also part of.Rep Mike Pompeo (R-KS), who sits on the House Intelligence Committee (and on whose watch the abuses that Snowden has detailed occurred) has demanded that his appearance be cancelled. Pompeo says that Snowden lacks credibility in the area of "privacy, surveillance, and online monitoring." Pompeo demonstrably lacks credibility in the area of the First Amendment. Cory 23

Videos of individual Trustycon talks

I linked to the seven-hour video file from Trustycon, the convention held as an alternative to RSA's annual security event, inspired by the revelation that RSA took money from the NSA to sabotage its own products.

Now Al has broken down the video into the individual talks, uploading them to Youtube. This is very handy -- thanks, Al!

TrustyCon Videos Available (Thanks, Al!)

Edward Snowden's magnificent testimony to the EU

NSA whistleblower Edward Snowden has submitted written testimony [PDF] to an EU committee investigating mass surveillance. Glyn Moody's Techdirt post gives a great tl;dr summary of the document, but you should really read it for yourself. It's ten single-spaced pages, but Snowden turns out to be an extremely talented writer who beautifully lays out his arguments, managing the trick of being dispassionate while simultaneously conveying the import of his subject matter.

Snowden makes the point that his testimony doesn't disclose anything that the press hasn't already published, but there's been so much that it's worth reviewing some of it. He directs our attention to something I'd missed: the NSA's Foreign Affairs Division (FAD) spends an extraordinary amount of time lobbying EU nations (and other countries) to change their laws so that the NSA can legally spy on everyone in the country. What's more, they cook these deals -- for example, they'll get German permission to listen in on everything by non-Germans and get a Danish deal that covers all the non-Danes, but since the Internet backbones traverse both countries, they can spy on Germans in Denmark and Danes in Germany. As Snowden says, "The surest way for any nation to become subject to unnecessary surveillance is to allow its spies to dictate its policy."

Read the rest

Middle schooler wins C-SPAN prize for doc about NSA spying

Dave from the Electronic Frontier Foundation sez, "Remember when Rep. Mike Rogers likened opponents of pernicious cybersecurity legislation to 14-year-olds? It turns out that middle-school-age students are also well-prepared to debate him on the NSA's programs as well. EFF congratulates students from two middle schools who took home top prizes in the C-SPAN StudentCam 2014 competition for young filmmakers with their documentaries on the debate over mass surveillance."

Read the rest

Edward Snowden to speak at SXSW


The ACLU and SXSW will host a video chat with Edward Snowden on Monday, during the day's civil-liberties-focused program track. I'll be speaking immediately before Snowden, with Barton Gellman, and we will be staying for the Snowden event. Snowden will be interviewed by ACLU technologist Christopher Soghoian, and the event is moderated by the ACLU's Ben Wizner. I hope to see you there -- it's why I'm flying to Austin.

Read the rest

Trustycon: how to redesign NSA surveillance to catch more criminals and spy on a lot fewer people

The Trustycon folks have uploaded over seven hours' worth of talks from their event, an alternative to the RSA security conference founded by speakers who quit over RSA's collusion with the NSA. I've just watched Ed Felten's talk on "Redesigning NSA Programs to Protect Privacy" (starts at 6:32:33), an absolutely brilliant talk that blends a lucid discussion of statistics with practical computer science with crimefighting, all within a framework of respect for privacy, liberty and the US Bill of Rights.

Felten's talk lays out how the NSA's mass-collection program works, what its theoretical basis is for finding terrorists in all that data, and then explains how this is an incredibly inefficient and risky and expensive way of actually fighting crime. Then he goes on to propose an elegant alternative that gets better intelligence while massively reducing the degree of surveillance and the risk of disclosure.

I'm using Vid to MP3 to convert the whole seven hours' worth of talks to audio and plan on listening to them over the next couple of days.

Update: Here's that MP3 -- it's about 1GB. Thanks to the Internet Archive for hosting it!

TrustyCon - Live from San Francisco

Report from Trustycon: like RSA, but without the corruption


Seth Rosenblatt reports from Trustycon, the conference formed as a protest against, and alternative to the RSA security conference. RSA's event is the flagship event in the security industry, but the news that RSA had accepted $10M from the NSA to sabotage its own products so that spies could break into the systems of RSA customers led high profile speakers like Mikko Hypponen to cancel their appearances at the event.

Trustycon sold out, raised $20,000 for the Electronic Frontier Foundation, and, most importantly, got key members of the security industry to come to grips with the question of improving network security in an age when spy agencies are spending hundreds of millions of dollars every year to undermine it.

Read the rest

GCHQ's dirty-tricking psyops groups: infiltrating, disrupting and discrediting political and protest groups


In a piece on the new Omidyar-funded news-site "The Intercept," Glenn Greenwald pulls together the recent Snowden leaks about the NSA's psyops programs, through which they sought to attack, undermine, and dirty-trick participants in Anonymous and Occupy. The new leaks describe the NSA' GCHQs use of "false flag" operations (undertaking malicious actions and making it look like the work of a group they wish to discredit), the application of "social science" to disrupting and steering online activist discussions, luring targets into compromising sexual situations, deploying malicious software, and posting lies about targets in order to discredit them.

As Greenwald points out, the unit that conducted these actions, "Jtrig" (Joint Threat Research Intelligence Group), does not limit itself to attacking terrorists -- it explicitly targets protest groups, and political groups that have no connection with national security, including garden-variety criminals who are properly the purview of law enforcement agencies, not intelligence agencies.

The UK spy agency GCHQ operates a programme, called the "Human Science Operations Cell," whose remit is "strategic influence and disruption."

Some of the slides suggest pretty dubious "social science" (see below) -- they read like a mix between NLP hucksters and desperate Pick Up Artist losers.

Read the rest