Two of the NSA's mass surveillance programs revealed by Edward Snowden are Prism (which give the NSA "bulk data" access to the servers of Apple, Facebook, Google, Microsoft, Yahoo and others) and Upstream (through which the NSA taps the internet's fiber optic backbones). Both are possible because of Section 702 of the Foreign Intelligence Surveillance Act, which expires this year. Read the rest
Tony Fullman is one of the only people that we know to have been targeted by Prism, the NSA's signature mass-surveillance tool: he's a Fijian-born expatriate with New Zealand citizenship, and had his passport seized and his name added to terrorism watchlists after the NSA helped their New Zealand counterparts spy on him, intercepting his bank statements, Facebook posts, Gmail messages, recorded phone conversations, and more. Read the rest
Historically, US companies have been able to get around the (relatively stringent) European data-protection rules thanks to a "Safe Harbor" agreement between the US and the EU -- but Max Schrems, an Austrian privacy activist, has successfully argued that the NSA's mass surveillance programs violate European law and invalidates the Safe Harbor. Read the rest
We've known since the start that Yahoo fought the NSA's Prism surveillance program tooth-and-nail; but as unsealed court docs show, the Feds made the process into a harrowing ordeal, and sweet-talked gullible judges into dropping the hammer on Y. Read the rest
This is huge news: the European Court of Human Rights has
agreed to hear a challenge to bulk Internet surveillance by the UK spy agency GCHQ. The case was brought by Big Brother Watch, the Open Rights Group and English PEN, and German Internet activist Constanze Kurz. This is a rare instance of "impact litigation" in the UK, where a bad law or practice can be ended swiftly and decisively by having a court hear a test-case about the law and rule on its constitutionality. This tactic has been incredibly effective in the US -- EFF's famous Bernstein victory, which legalized strong cryptography, is a good example -- but has been less available to UK activists. Read the rest
The forthcoming report of the Privacy and Civil Liberties Oversight Board, the arm's-length body established by the Congress to investigate NSA spying, has leaked, with details appearing in The New York Times and The Washington Post.
From its pages, we learn that the board views the NSA's metadata collection program -- which was revealed by Edward Snowden -- as illegal, without "a viable legal foundation under Section 215, implicates constitutional concerns under the First and Fourth Amendments, raises serious threats to privacy and civil liberties as a policy matter, and has shown only limited value…As a result, the board recommends that the government end the program."
The report goes farther than the President's Review Group on Intelligence and Communications Technologies (whose recommendations Obama ignored) and even farther than the policies announced by the President himself.
The Board also found that NSA metadata collection didn't stop any terrorist attacks, and would not have been useful in preventing the 9/11 attacks. Read the rest
Congress has grown so weary of the NSA's duck-and-weave routine when asked to explain its spying that yesterday, six members of Congress called in Bruce Schneier to give it the answers that the NSA can't or won't give. Schneier, who's seen some of the Snowden leaks, called the meeting "surreal" and "extremely freaky." Read the rest
During an NPR interview, the NSA's outgoing deputy director John C Inglis -- the top civilian official in the NSA hierarchy -- admitted that the NSA's mass surveillance program had foiled a total of one terrorist plot (an attempt to wire some money to al-Shabaab in Somalia) in its entire history. But he doesn't want to get rid of his agency's program of spying on everything every American does, because it's an "insurance policy" in case someone tries the kind of terrorist attack that it might foil. Read the rest
The Electronic Frontier Foundation's Kurt Opsahl -- a brillliant digital civil liberties attorney who has been suing the US government and the NSA over spying since 2006 -- took to the stage at the 30th Chaos Communications Congress in Hamburg this week to explain in clear and simple language the history of NSA spying. Kurt lays out the tortured legal history of American bulk surveillance, showing how an interlocking set of laws, policies, lies and half-truths have been used to paper over an obviously, grossly unconstitutional program of spying without court oversight or particular suspicion.
If you're mystified by the legal shenanigans that led up to the Snowden and Manning leaks, this is where you should start. And even if you've been following the story closely, Opsahl gives badly needed coherence to the disjointed legal struggle, connecting the dots and revealing the whole picture.
30c3: Through a PRISM, Darkly - Everything we know about NSA spying
Read the rest
In a heartfelt and personal blog-post, Google security engineer Brandon Downey discusses his feelings on the discovery that the NSA had tapped Google's private fiber links. In three words: "Fuck these guys." But you should read the rest, too. Read the rest
Ios jailbreaker and security researcher Cyril Cattiaux presented his work on Apple's Imessage software at the Hack in the Box conference in Kuala Lumpur. Apple had previously stated that its messaging software was resistant to Prism-style surveillance because of its secure key-handling, through which the company itself could not see what its users were saying. Cattiaux called this "basically lies" and showed that there was scope for undetectably swapping out keys, allowing the company (or anyone it cooperates with) to spy on users. Cattiaux worked with other researchers, including Moxie Marlinspike, and showed that there were ways of designing Imessage such that users could detect key-substitutions and other attacks on the integrity of their messages, but that Apple had chosen to implement their system in a less secure way. Read the rest
Writing in Wired, Richard Stallman -- founder of the Free Software Foundation, which puts the GNU in GNU/Linux -- writes about the relationship between software freedom and a free society. Proprietary software -- opaque to its users, liable to subversion for the purposes of governments and corporations -- is incompatible with a free, democratic society. The temptation to collect data, and, once collect it, to abuse it, is irresistible for the fallible humans who make up the state. Systems have to be designed to keep their users free and private -- there is no way to make people secure unless their tools are secure, too. Stallman sets out the various forms of surveillance and control, from no-fly lists to web-tracking, and proposes ways to make them safe for a free society. Read the rest
Jim Killock from the UK Open Rights Group sez, "The Open Rights group, Big Brother Watch, Constanze Kurz and English PEN are challenging the legality of the mass data hoovering by the Uk government revealed by Edward Snowden. They need £20,000 to mount the challenge in the EU Court of Human Rights. They've raised over £3,000 in less than a day: please donate!"
This is very exciting, and looks like the kind of "impact litigation" we see a lot of in the USA, where activist groups can use high courts to strike down bad laws. It's a very effective way of conducting an asymmetrical battle against entrenched, incumbent authorities. Even though I've already made my annual donation to ORG, I've kicked in another £100 for this. Read the rest
Ever since whistleblower Mark Klein revealed that he'd build a secret wiretapping room for the NSA at AT&T's San Francisco switching center, we've known that the NSA was illegally wiretapping the Internet's backbone. But the government has steadfastly denied it. However, as Bruce Schneier documents, Senator Diane Feinstein has let slip that the NSA is tapping the backbone on several occasions, though president Obama continues to deny it. Read the rest
Jacob Appelbaum of the Tor Project and Wikileaks addressed the European Parliament on the issue of surveillance and freedom. It was a remarkable speech, even by Appelbaum's high standards. An amateur transcript gives you a sense of what's going on, but the video is even better: "Is it used for coercion? Is data passed to autocratic regimes? Is it used to study groups? Is it used to disrupt? Yes, yes, and yes. Might they force or forge data? Absolutely." Read the rest
David Burnham, in 1983: THE SILENT POWER OF THE N.S.A.
Read the rest
No laws define the limits of the N.S.A.'s power. No Congressional committee subjects the agency's budget to a systematic, informed and skeptical review. With unknown billions of Federal dollars, the agency purchases the most sophisticated communications and computer equipment in the world. But truly to comprehend the growing reach of this formidable organization, it is necessary to recall once again how the computers that power the N.S.A. are also gradually changing lives of Americans - the way they bank, obtain benefits from the Government and communicate with family and friends. Every day, in almost every area of culture and commerce, systems and procedures are being adopted by private companies and organizations as well as by the nation's security leaders that make it easier for the N.S.A. to dominate American society should it ever decide such action is necessary.