Congress passes anti-mass surveillance amendment with overwhelming support


We did it! The US House of Representatives, under pressure from a mass phone-in campaign, passed an amendment to the Defense Appropriations Bill that prohibits the NSA from using its budget to sabotage Internet security or conduct "backdoor" mass surveillance. The amendment was passed with overwhelming, bipartisan support: 293 ayes, 123 nays, and 1 present. This isn't the end of the long project of reining in the NSA, but it's a very important first step. As a foreigner who isn't entitled to lobby Congress, I extend heartfelt thanks to all my American friends who took the time to call their lawmakers and demand adult supervision and lawful behavior from your out-of-control spies.

Read the rest

NSA helps foreign governments conduct mass surveillance at home


A new release of Snowden's leaked NSA docs detail RAMPART-A, through which the NSA gives foreign governments the ability to conduct mass surveillance against their own populations in exchange for NSA access to their communications. RAMPART-A, is spread across 13 sites, accesses three terabytes/second from 70 cables and networks. It cost US taxpayers $170M between 2011 and 2013, allocated through the NSA's "black budget."

The NSA makes its foreign partners promise not to spy on the USA using its equipment and in return, agrees not to spy on its partners' populations (with "exceptions"). However, as was documented in Glenn Greenwald's indispensable No Place to Hide, the NSA has a simple trick for circumventing any promises not to spy on its partners' populations.

"No Place to Hide" revealed a list of 33 "third party" countries that assist the NSA in conducting mass surveillance, including Saudi Arabia, Israel, Singapore, Ethiopia, and 15 EU member states. These countries do not allow the NSA to spy on their own countries, but the NSA exploits a loophole to conduct this surveillance anyway: it will strike an agreement with Country A, on one end of a high-speed cable not to spy on it population, and with Country B, on the other end of the cable, not to spy on its population, but will conduct mass surveillance of Country A's communications from Country B and vice-versa.

How Secret Partners Expand NSA’s Surveillance Dragnet [Ryan Gallagher/The Intercept]

CALL CONGRESS NOW, END NSA MASS SURVEILLANCE


If you call your Congressional rep today, we can stop NSA mass surveillance in its tracks. Today, Congress will vote on a critical amendment to the Defense Appropriations Bill: under this amendment, the NSA will be prohibited from using its prodigious budget to conduct mass, warrantless surveillance and to sabotage security standards and technology. This doesn't solve all the surveillance problems, but it's the cleanest, quickest and most plausible way to hamstring NSA spying. The last time this happened, Congress came within seven votes of passing it. The chances are even better now. CALL.

Shut the NSA's Backdoor to the Internet

(Image: I want you to blow the whistle, Mike, )

Germany is NSA's largest listening post, according to new report based on Snowden leaks

A general view of the large former monitoring base of the U.S. intelligence organization National Security Agency (NSA) during break of dawn in Bad Aibling south of Munich, July 11, 2013. Chancellor Angela Merkel has defended Germany's cooperation with U.S. intelligence, dismissing comparisons of its techniques to those used in communist East Germany in an attempt to ease tensions a day before talks on the thorny issue in Washington.   REUTERS/Michael Dalder


A general view of the large former monitoring base of the U.S. intelligence organization National Security Agency (NSA) during break of dawn in Bad Aibling south of Munich, July 11, 2013. Chancellor Angela Merkel has defended Germany's cooperation with U.S. intelligence, dismissing comparisons of its techniques to those used in communist East Germany in an attempt to ease tensions a day before talks on the thorny issue in Washington. REUTERS/Michael Dalder

Using documents leaked by National Security Agency whistleblower Edward Snowden, Der Spiegel reports that the NSA has turned Germany into its most important base of operations in Europe. "NSA is more active in Germany than anywhere else in Europe," reports the paper, "And data collected here may have helped kill suspected terrorists."

The German archive provides the basis for a critical discussion on the necessity and limits of secret service work as well as on the protection of privacy in the age of digital communication. The documents complement the debate over a trans-Atlantic relationship that has been severely damaged by the NSA affair.

They paint a picture of an all-powerful American intelligence agency that has developed an increasingly intimate relationship with Germany over the past 13 years while massively expanding its presence. No other country in Europe plays host to a secret NSA surveillance architecture comparable to the one in Germany. It is a web of sites defined as much by a thirst for total control as by the desire for security. In 2007, the NSA claimed to have at least a dozen active collection sites in Germany.

The documents indicate that the NSA uses its German sites to search for a potential target by analyzing a "Pattern of Life," in the words of one Snowden file. And one classified report suggests that information collected in Germany is used for the "capture or kill" of alleged terrorists.

"New NSA Revelations: Inside Snowden's Germany File" [Der Spiegel]

Related:

Possible hidden Latin warning about NSA in Truecrypt's suicide note


When the anonymous authors of the Truecrypt security tool mysteriously yanked their software last month, there was widespread suspicion that they had been ordered by the NSA to secretly compromise their software. A close look at the cryptic message they left behind suggests that they may have encoded a secret clue in the initials of each word of the sentence ("Using TrueCrypt is not secure as it may contain unfixed security issues"), the Latin phrase "uti nsa im cu si" which some claim can be translated as a warning that the NSA had pwned Truecrypt.

Read the rest

US appeals court rules a warrant is required for cell phone location tracking

logo25

Big news in the fight for security and privacy in the US: the 11th Circuit Court of Appeals this week ruled that a warrant is required for cell phone location tracking.

Read the rest

How can you trust your browser?


Tim Bray's Trusting Browser Code explores the political and technical problems with trusting your browser, especially when you're using it to do sensitive things like encrypt and decrypt your email. In an ideal world, you wouldn't have to trust Google or any other "intermediary" service to resist warrants forcing it to turn over your sensitive communications, because it would be technically impossible for anyone to peek into the mail without your permission. But as Bray points out, the complexity and relative opacity of Javascript makes this kind of surety difficult to attain.

Bray misses a crucial political problem, though: the DMCA. Under US law (and similar laws all over the world), telling people about vulnerabilities in DRM is illegal, meaning that a bug in your browser that makes your email vulnerable to spying might be illegal to report, and will thus potentially never be fixed. Now that the World Wide Web Consortium and all the major browser vendors (even including Mozilla) have capitulated on adding DRM to the Web, this is the most significant political problem in the world of trusting your browser.

Read the rest

Time-capsule crypto to help journalists protect their sources


Jonathan Zittrain writes, "I published an op-ed in the Boston Globe today musing on the prospects for 'time capsule encryption,' one of several ways of storing information that renders it inaccessible to anyone until certain conditions -- such as the passage of time -- are met. I could see libraries and archives offering such technology as part of accepting papers and manuscripts, especially in the wake of the "Belfast Project" situation, where a library promised confidentiality for accounts of the Troubles in North Ireland, and then found itself amidst subpoenas from law enforcement looking to solve long-cold cases. But the principle could apply to any person or company thinking that there's a choice between leaving information exposed to leakage, or destroying it entirely."

I'm less enthusiastic about this than Jonathan is. I think calibrating the strength of your time-capsule is very hard. If the NSA might be an order of magnitude faster than the rest of us at brute-force cryptanalysis, that means you need to make your 10-year capsule strong enough to last for 100 years just to be on the safe side. Same goes for proof-of-work.

Read the rest

'NSA vs. USA,' anti-spying dance music video

An anti-mass-surveillance music video by Shahid Buttar, director of the Bill of Rights Defense Committee.

Download the extended dance floor mix. Read the lyrics (annotated with hyperlinks to help you learn more). [HT: Rainey Reitman]

Today is the day we Reset the Net

Today is the day we Reset the Net! It’s been one year since the Edward Snowden disclosures hit the news and the whole world woke up to the scale of mass, indiscriminate Internet surveillance — a spying campaign that was only possible because our own tools leak our private information in great gouts. Reset the Net provides you with a technical, political, and social toolkit to harden our Internet against the spies; and Boing Boing is proud to be playing a role.

Read the rest

Tomorrow: Berlin sunrise mass whistle-in to commemorate Snowden leaks


A reader writes, "Just after sunrise on June 5, the NK Projekt in Berlin is leading a massive whistle-blowing session to commemorate the one-year anniversary of Edward Snowden's own whistle blowing activities."

(Image: I want you to blow the whistle, Mike, CC-BY-SA)

Five dumb things that NSA apologists should really stop saying


The Electronic Frontier Foundation has rounded up the five most discredited arguments advanced by apologists for NSA spying, including "The NSA has Stopped 54 Terrorist Attacks with Mass Spying"; Just collecting call detail records isn’t a big deal"; "There Have Been No Abuses of Power"; "Invading Privacy is Okay Because It’s Done to Prevent Terrorist Attacks"; and "There’s Plenty of Oversight From Congress, the Foreign Intelligence Surveillance Court, and Agency Watchdogs." Each of these claims is meticulously debunked in the post.

Read the rest

Snowden, one year after: Now we know the NSA's secrets

Josh from the ACLU writes, "To mark this Thursday's one-year anniversary of the first NSA revelation from Edward Snowden, we've made a very cool video showing what's happened so far (and yes that is Snowden's voice at the end). You've not seen an NSA video like this before. We've also created a guide (PDF) to what we think needs to be done for surveillance reform by Congress, the president, the courts, and tech companies."

They Knew Our Secrets. One Year Later, We Know Theirs.

NSA facial recognition: combining national ID cards, Internet intercepts, and commercial facial databases for millions of people

A newly released set of slides from the Snowden leaks reveals that the NSA is harvesting millions of facial images from the Web for use in facial recognition algorithms through a program called "Identity Intelligence." James Risen and Laura Poitras's NYT piece shows that the NSA is linking these facial images with other biometrics, identity data, and "behavioral" data including "travel, financial, behaviors, social network."

The NSA's goal -- in which it has been moderately successful -- is to match images from disparate databases, including databases of intercepted videoconferences (in February 2014, another Snowden publication revealed that NSA partner GCHQ had intercepted millions of Yahoo video chat stills), images captured by airports of fliers, and hacked national identity card databases from other countries. According to the article, the NSA is trying to hack the national ID card databases of "Pakistan, Saudi Arabia and Iran."

This news is likely to be rhetorically useful to campaigners against national ID cards in countries like the UK, where the issue has been hotly debated for years (my own Member of Parliament, Meg Hillier, was the architect of one such programme, and she, along with other advocates for national ID cards, dismissed fears of this sort of use as paranoid ravings).

The development of the's NSA facial recognition technology has been accompanied by a mounting imperative to hack into, or otherwise gain access to, other databases of facial images. For example, the NSA buys facial images from Google's Pittpatt division, while another program scours mass email interceptions for images that appear to be passport photos.

An interesting coda to the piece is that the NSA has developed the capability to infer location by comparing scenery in terrestrial photos to satellite images, which sounds like a pretty gnarly computer-vision problem.

Read the rest

House approves 'media shield' amendment, as reporter reveals 2011 subpoena fight

houseofrep232way_wide-4bac6d92f39d630d0f94f3c708ca06710a717d2f-s6-c30The House of Representatives today voted 225-183 to approve an appropriations bill amendment that bars the Justice Department from forcing reporters to testify about their confidential sources.

Read the rest