Submit a link Features Reviews Podcasts Video Forums More ▾

NSA versus puzzles

This is well-said, from Will Potter on Mashable: "[NSA Deputy Director Richard] Ledgett said he didn't know what NSA surveillance was important, because it's all pieces of a bigger puzzle. The reality is that the NSA isn't working with a mosaic or a puzzle. What the NSA is really advocating is the collection of millions of pieces from different, undefined puzzles in the hopes that sometime, someday, the government will be working on a puzzle and one of those pieces will fit." Cory 2

Alaska senator on a comedy news video about NSA surveillance

Pat sez, "Alaska Robotics News is a political satire series covering the Alaska legislative session. We've had good luck at engaging law makers and have had several notable guests on the show. U.S. Senator Mark Begich recently joined us to talk about NSA dragnet surveillance and precognitive policing. We have a small group of writers contributing the the show and enjoy a lot of support from our community. This segment was a good opportunity to get outside our local issues and poke at the boiling frog of government surveillance."

Read the rest

Utah representative proposes shutting off NSA's water suppy

The NSA has a research facility in Bluffdale, Utah. It's loaded with "metadata-gathering computers that currently require 1.7 million gallons of water a day" to keep them cool. Utah representative Marc Roberts (R) has introduced HB161, which would shut off their water supply. If the bill passes, how will the federal government respond?

NSA recording all the voice calls in one country; 5-6 more countries in the pipeline


A new Snowden leak reveals that all the voice calls in an unnamed country are recorded and saved for 30 days on a rolling basis, with millions of voice "cuts" (clippings) harvested from the corpus for long-term storage by the system. The system, called MYSTIC, has been running since 2009, and its search tool, RETRO, has been fully operational against a whole country's phone calls since 2011.

President Obama has stated that " the United States is not spying on ordinary people who don't threaten our national security" -- this is a hard statement to square with the idea of recording all the voice calls made in an entire country.

The Washington Post article detailing the programs states at least five more countries are now covered by MYSTIC, with a sixth coming online.

Read the rest

Podcast: If GCHQ wants to improve national security it must fix our technology

Here's a reading (MP3) of my latest Guardian column, If GCHQ wants to improve national security it must fix our technology where I try to convey the insanity of spy agencies that weaken Internet security in order to make it easier for them to spy on people, by comparing this to germ warfare.

Read the rest

Zuckerberg phones Obama to complain about NSA spying


The day after a Snowden leak revealed that the NSA builds fake versions of Facebook and uses them to seed malicious software in attacks intended to hijack "millions" of computers, Facebook CEO and founder Mark Zuckerberg telephoned President Obama to complain about the NSA's undermining of the Internet's integrity.

As many have pointed out, it would have been nice to hear Zuckerberg taking the Internet's side before his own stock portfolio was directly affected, but better late than never. Zuckerberg's post on his conversation excoriates the US government for its Internet sabotage campaign, and calls on the USG to "be the champion for the internet, not a threat." Curiously, Zuckerberg calls for "transparency" into the NSA's attacks on the Internet, but stops short of calling for an end to government-sponsored attacks against the net.

In the end, though, Zuckerberg calls on companies to do a better job of securing themselves and their users against intrusive spying. It's not clear how that will work for Facebook, though: its business model is predicated on tricking, cajoling, and siphoning personal data out of its users and warehousing it forever in a neat package that governments are unlikely to ignore. I'm told that 90% of US divorce proceedings today include Facebook data; this is a microcosm of the wider reality when you make it your business to stockpile the evidentiary chain of every human being's actions.

Read the rest

How the NSA plans to automatically infect "millions" of computers with spyware




A new Snowden leak, detailed in a long, fascinating piece in The Intercept, explains the NSA's TURBINE initiative, intended to automate malicious software infections. These infections -- called "implants" in spy jargon -- have historically been carried out on a narrow, surgical scale, targeted at people of demonstrated value to spies, due to the expense and difficulty of arranging the attacks.

But TURBINE, which was carried out with other "Five Eyes" spy agencies as part of the NSA's $67.6M "Owning the Net" plan, is intended to automate the infection process, allowing for "millions" of infections at once.

The article mentions an internal NSA message-board posting called "I hunt sys admins," sheds some light on the surveillance practices at the NSA. In the post, an NSA operative explains that he targets systems administrators at companies, especially telecoms companies, as a "means to an end" -- that is, infiltrating the companies' networks. As Glenn Greenwald and Ryan Gallagher point out, this admission shows that malware attacks are not targeted solely or even particularly at people suspected of terrorism or other crimes -- rather, they are aimed at the people who maintain the infrastructure of critical networks and systems to allow the NSA to control those systems.

The malware that TURBINE implants can compromise systems in a variety of ways, including hijacking computer cameras and microphones, harvesting Web-browsing history and email traffic, logging passwords and other keystrokes, etc.

Read the rest

Snowden at SXSW: immediate impressions


Yesterday at SXSW, Barton Gellman and I did a one-hour introductory Q&A before Edward Snowden's appearance. Right after Snowden and his colleagues from the ACLU wrapped up, I sat down and wrote up their event for The Guardian, who've just posted my impressions:

Read the rest

Livestream: Edward Snowden at SXSW

I'm at SXSW, having just done the panel introducing Edward Snowden's first live address to the USA. He will be appearing momentarily. The livestream is provisioned for 1M simultaneous sessions -- watch above.

Read the rest

Kansas Rep Pompeo wants to cancel Snowden's SXSW appearance

Edward Snowden is speaking at SXSW on Monday at an event that I'm also part of.Rep Mike Pompeo (R-KS), who sits on the House Intelligence Committee (and on whose watch the abuses that Snowden has detailed occurred) has demanded that his appearance be cancelled. Pompeo says that Snowden lacks credibility in the area of "privacy, surveillance, and online monitoring." Pompeo demonstrably lacks credibility in the area of the First Amendment. Cory 23

Videos of individual Trustycon talks

I linked to the seven-hour video file from Trustycon, the convention held as an alternative to RSA's annual security event, inspired by the revelation that RSA took money from the NSA to sabotage its own products.

Now Al has broken down the video into the individual talks, uploading them to Youtube. This is very handy -- thanks, Al!

TrustyCon Videos Available (Thanks, Al!)

Edward Snowden's magnificent testimony to the EU

NSA whistleblower Edward Snowden has submitted written testimony [PDF] to an EU committee investigating mass surveillance. Glyn Moody's Techdirt post gives a great tl;dr summary of the document, but you should really read it for yourself. It's ten single-spaced pages, but Snowden turns out to be an extremely talented writer who beautifully lays out his arguments, managing the trick of being dispassionate while simultaneously conveying the import of his subject matter.

Snowden makes the point that his testimony doesn't disclose anything that the press hasn't already published, but there's been so much that it's worth reviewing some of it. He directs our attention to something I'd missed: the NSA's Foreign Affairs Division (FAD) spends an extraordinary amount of time lobbying EU nations (and other countries) to change their laws so that the NSA can legally spy on everyone in the country. What's more, they cook these deals -- for example, they'll get German permission to listen in on everything by non-Germans and get a Danish deal that covers all the non-Danes, but since the Internet backbones traverse both countries, they can spy on Germans in Denmark and Danes in Germany. As Snowden says, "The surest way for any nation to become subject to unnecessary surveillance is to allow its spies to dictate its policy."

Read the rest

Middle schooler wins C-SPAN prize for doc about NSA spying

Dave from the Electronic Frontier Foundation sez, "Remember when Rep. Mike Rogers likened opponents of pernicious cybersecurity legislation to 14-year-olds? It turns out that middle-school-age students are also well-prepared to debate him on the NSA's programs as well. EFF congratulates students from two middle schools who took home top prizes in the C-SPAN StudentCam 2014 competition for young filmmakers with their documentaries on the debate over mass surveillance."

Read the rest

Edward Snowden to speak at SXSW


The ACLU and SXSW will host a video chat with Edward Snowden on Monday, during the day's civil-liberties-focused program track. I'll be speaking immediately before Snowden, with Barton Gellman, and we will be staying for the Snowden event. Snowden will be interviewed by ACLU technologist Christopher Soghoian, and the event is moderated by the ACLU's Ben Wizner. I hope to see you there -- it's why I'm flying to Austin.

Read the rest

Trustycon: how to redesign NSA surveillance to catch more criminals and spy on a lot fewer people

The Trustycon folks have uploaded over seven hours' worth of talks from their event, an alternative to the RSA security conference founded by speakers who quit over RSA's collusion with the NSA. I've just watched Ed Felten's talk on "Redesigning NSA Programs to Protect Privacy" (starts at 6:32:33), an absolutely brilliant talk that blends a lucid discussion of statistics with practical computer science with crimefighting, all within a framework of respect for privacy, liberty and the US Bill of Rights.

Felten's talk lays out how the NSA's mass-collection program works, what its theoretical basis is for finding terrorists in all that data, and then explains how this is an incredibly inefficient and risky and expensive way of actually fighting crime. Then he goes on to propose an elegant alternative that gets better intelligence while massively reducing the degree of surveillance and the risk of disclosure.

I'm using Vid to MP3 to convert the whole seven hours' worth of talks to audio and plan on listening to them over the next couple of days.

Update: Here's that MP3 -- it's about 1GB. Thanks to the Internet Archive for hosting it!

TrustyCon - Live from San Francisco