If you read Boing Boing, the NSA considers you a target for deep surveillance
The NSA says it only banks the communications of "targeted" individuals. Guess what? If you follow a search-engine link to Boing Boing's articles about Tor and Tails, you've been targeted. Cory Doctorow digs into Xkeyscore and the NSA's deep packet inspection rules.
In a shocking story on the German site Tagesschau (Google translate), Lena Kampf, Jacob Appelbaum and John Goetz report on the rules used by the NSA to decide who is a "target" for surveillance.
Since the start of the Snowden story in 2013, the NSA has stressed that while it may intercept nearly every Internet user's communications, it only "targets" a small fraction of those, whose traffic patterns reveal some basis for suspicion. Targets of NSA surveillance don't have their data flushed from the NSA's databases on a rolling 48-hour or 30-day basis, but are instead retained indefinitely.
The authors of the Tagesschau story have seen the "deep packet inspection" rules used to determine who is considered to be a legitimate target for deep surveillance, and the results are bizarre.
According to the story, the NSA targets anyone who searches for online articles about Tails -- like this one that we published in April, or this article for teens that I wrote in May -- or Tor (The Onion Router, which we've been posted about since 2004). Anyone who is determined to be using Tor is also targeted for long-term surveillance and retention.
Tor and Tails have been part of the mainstream discussion of online security, surveillance and privacy for years. It's nothing short of bizarre to place people under suspicion for searching for these terms.
More importantly, this shows that the NSA uses "targeted surveillance" in a way that beggars common sense. It's a dead certainty that people who heard the NSA's reassurances about "targeting" its surveillance on people who were doing something suspicious didn't understand that the NSA meant people who'd looked up technical details about systems that are routinely discussed on the front page of every newspaper in the world.
But it's not the first time the NSA has deployed specialized, highly counterintuitive wordsmithing to play games with the public, the law and its oversight. From James Clapper's insistence that he didn't lie to Congress about spying on Americans because he was only intercepting all their data, but not looking at it all; to the internal wordgames on evidence in the original Prism leak in which the NSA claimed to have "direct access" to servers from Google, Yahoo, Microsoft, Apple, etc, even though this "direct access" was a process by which the FBI would use secret warrants to request information from Internet giants without revealing that the data was destined for the NSA.
I have known that this story was coming for some time now, having learned about its broad contours under embargo from a trusted source. Since then, I've discussed it in confidence with some of the technical experts who have worked on the full set of Snowden docs, and they were as shocked as I was.
One expert suggested that the NSA's intention here was to separate the sheep from the goats -- to split the entire population of the Internet into "people who have the technical know-how to be private" and "people who don't" and then capture all the communications from the first group.
Another expert said that s/he believed that this leak may come from a second source, not Edward Snowden, as s/he had not seen this in the original Snowden docs; and had seen other revelations that also appeared independent of the Snowden materials. If that's true, it's big news, as Snowden was the first person to ever leak docs from the NSA. The existence of a potential second source means that Snowden may have inspired some of his former colleagues to take a long, hard look at the agency's cavalier attitude to the law and decency.
Update: Bruce Schneier also believes there is a second leaker.
Update 2: Appelbaum and others have posted an excellent English language article expanding on this in Der Erste.
In the wake of this week's Motherboard scoop that the major US carriers sell customers' location data to marketing companies that sell it on to bounty hunters and other unsavory characters, Google has disclosed that they have told the carriers that supply service for its Google Fi mobile virtual network operator (MVNO) that they expect […]
Vizio exec: we'd have to charge a premium on "dumb" TVs to make up for the money we'll lose by not spying on you
At CES, the Verge's Nilay Patel interviewed Vizio CTO Bill Baxter, who told her that when it comes to the surveillance features of his company's "smart" TVs, "it’s not just about data collection. It’s about post-purchase monetization of the TV...[When it comes to 'dumb' TVs,] we’d collect a little bit more margin at retail to […]
Whistleblower: Amazon Ring stores your doorbell and home video feeds unencrypted and grants broad "unfettered" access to them
Sources "familiar with Ring's practices" have told The Intercept that the company -- a division of Amazon that makes streaming cameras designed to be mounted inside and outside your home -- stores the video feeds from its customers' homes in unencrypted format and allows staff around the world to have essentially unfettered access to these […]
It’s a rude awakening for that rookie vacationer abroad when they try to plug in their gear for the night. Veteran jet-setters know that outlet shapes can vary wildly from country to country, which necessitates that most boring must-have for any world-traveler: A sackful of clunky power adapters. Awkward problem, elegant solution: The Twist Plus […]
Looking for a career in music behind the boards, either as a music producer or DJ? It’s a good bet that you’re going to be working with Ableton Live. Each new iteration of this powerful workstation gives the user more tools to create, and it’s just as well suited for the task of meticulous track […]
The graveyard of failed startups is littered with concepts that just got lost in translation. At its core, that’s what great front-end design is about: Making an app or website usable, translating its best ideas smoothly to the user. It’s a skill so broad there might be no one book or course that covers it […]