Tag: NSA

Categories
Links Quotations Writing

2013.8.23

Neither the GCSB nor a spokesperson for the Embassy of New Zealand in the United States immediately responded to Ars’ request for comment. In June 2013, New Zealand Prime Minister John Key evaded answering whether the GCSB uses or has access to the NSA’s PRISM system.

“I can’t tell you how the United States gather all of their information, what techniques they use, I just simply don’t know,” Key told TV3’s Firstline. “But if the question is do we use the United States or one of our other partners to circumvent New Zealand law then the answer is categorically no. We do exchange—and it’s well known—information with our partners. We do do that. How they gather that information and whether they use techniques or systems like PRISM, I can’t comment on that.”

Cyrus Farivar, “New Zealand appears to have used NSA spy network to target Kim Dotcom”

What’s often missing from reporting about whether intelligence agencies are asking five eyes partners to monitor the agencies’ own citizens is this: rarely would a formal request for such monitoring services be required.

You see, folks in the intelligence and security agencies train with one another. They go to international courses together, just like any other group of professionals. And, as anyone who attends professional events knows, informal networks of information sharing arise. In the context of NSA/CSEC/ASIO/GCHQ/etc this can take the form of one government official complaining about the inability to conduct domestic surveillance on X group(s) that are regarded as a problem and then – independent of a ‘formal’ request! – other partners just might collect information on X given that a problem for the complaining agency just might turn into a problem for all the five eyes partners.

As an example: when a CSEC or NSA official complains that domestic extremists could be plotting a terror attack, but that neither CSEC or NSA can legally conduct the surveillance, a partner might be motivated to conduct the surveillance because, you know, terrorism. And, to turn the intelligence into something that’s actionable the foreign service could turn the collected information to CSEC/NSA/agency that is domestically located.

The great thing about this approach is no formal request needs to have been made. Is this as efficient as “Hey, can you guys spy on X so we don’t break our national laws?” No. But it does have the effect of generating favours and goodwill between the very professionals who are often in close contact with one another. And it also lets information be shared without the clear violation of domestic laws that forbid most intelligence services from spying on their own citizens.

Categories
Quotations

2013.8.16

I suppose everything Alexander said was technically true, since the “congressional review” was different from the “NSA audit”, but it’s still gross deception. He acts with the ethics of the head of a police state. We should either upgrade him to the title he deserves, “Chief of the Secret Police”, or ask for his resignation.

Robert Graham, Errata Security
Categories
Links Writing

Thoughts on the Implications of ‘Secret Surveillance’

In one of Michael Geist’s recent articles on secret surveillance he notes three key issues with the secretive intelligence surveillance actions that are coming to light. Specifically:

First, the element of trust has been severely compromised. Supporters of the current Internet governance model frequently pointed to Internet surveillance and the lack of accountability within countries like China and Russia as evidence of the danger of a UN-led model. With the public now aware of the creation of a massive, secret U.S.-backed Internet surveillance program, the U.S. has ceded the moral high ground on the issue.

This has been a point that academics have warned about for the past decade: when/if it is apparent that the US and other Western governments aren’t ‘fit to govern’ critical Internet infrastructure then foreign states will increasingly agitate to influence network design. Still, while the US government’s mass surveillance systems may accelerate the rate at which governments are ‘interested’ in critical infrastructure design and deployment, this isn’t a novel path or direction: governments throughout the world have been extending their surveillance capacities, often pointing to the US’ previously disclosed behaviours as justifications. The consequence of the recent high-profile articles on NSA surveillance has been to (arguably) ensure that a ‘moral high ground’ cannot be reclaimed; arguably, that ground has actually been lost for quite some time.

Geist continues:

Second, as the scope of the surveillance becomes increasingly clear, many countries are likely to opt for a balkanized Internet in which they do not trust other countries with the security or privacy of their networked communications. This could lead to new laws requiring companies to store their information domestically to counter surveillance of the data as it crosses borders or resides on computer servers located in the U.S. In fact, some may go further by resisting the interoperability of the Internet that we now take for granted.

Again, we’ve been seeing these kinds of law crop up for the past many years. However, the countries that have been engaging in such actions are all (generally) regarded as ‘foreign’ by individuals in North America. So, when Iran, India, China, or other countries have imposed localization laws those nations are seen as ‘rogue’; missing from much of the critique, however, has been how ‘domestic’ governments have sought to contain or delimit the flow of information. Admittedly, most of Canada, the UK, and America lacks ‘data localization’ laws, but all of those jurisdictions do have ‘data limitation’ laws, insofar as some information is blocked at an ISP level. In effect, while a hardware balkanization of the Internet might accelerate, the content balkanization of the Internet has been ongoing for over a decade.

Geist concludes:

Third, some of those same countries may demand similar levels of access to personal information from the Internet giants. This could create a “privacy race to the bottom”, where governments around the world create parallel surveillance programs, ensuring that online privacy and co-operative Internet governance is a thing of the past.

This is an area that will be particularly interesting to watch for. In terms of content localization, there are laws around the world limiting what citizens in various nations can access. While such localization laws were initially seen as heralding the end of the Internet this has not been the case: save for in particularly censorious regimes, local norms have guided what should(n’t) be accessible (e.g. child pornography, nazi symbology and paraphernalia, etc). At issue is that efforts to ‘block’ certain content tends to often not work well, and also tends to reduce efforts to legally punish those responsible for the content in the first place. In effect, the former problem speaks to the limitations of blocking any content effectively and without accidental overreach, and the latter with poor international cooperation between policing agencies to actually act against the producers of obviously nefarious content (e.g. child pornography).

The ability for nations to demand strong data/server/service localization requirements will, I suspect, be predicated on economic size and relative ‘value’ of a nation’s citizens to a particular company. So, if you have a very large multinational, with ‘boots on the ground’ and a large subscriber base in a profitable nation-state, then the multinational may be more likely to comply with localization requirements compared to a similar demand from a small/economically insignificant state in which the company lacks ‘boots’. Moreover, the potential for certain services to no longer be accessible – say, GMail, if Google refused to comply with a given nations’ localization laws – could lead citizens to turn on their own government on the basis that the services are needed for ongoing, daily, commercial or personal activity.

In effect, I think that while Geist’s third point is arguably the most significant, it’s also the one that we’re furthest off from necessarily crossing over to. Admittedly there are some isolated cases of localization requirements now (e.g. India), but the ability to successfully impose such requirements is as much based on the attractiveness of a given market as anything else. So, there could actually be a division between the ‘localization countries’: ones that are ‘big enough’ to commercially demand compliance versus ones that are ‘too small’ to successfully impose their sovereign wills on Internet multinationals. How any such division were to line up, and the political and economic rationales for all involved, will be fascinating to watch, document, and explore in the coming years!

Categories
Aside Quotations

2013.8.10

All four of Obama’s proposed reforms are useful. The second is adding an adversary to proceedings of the Foreign Intelligence Surveillance Act court, which has the power to approve secret warrants. Another is to assemble a committee that would issue a report about the balance between liberty and security. And then there’s a call to increase transparency. Some of this area’s elements are cosmetic—a new Web site for the N.S.A., for example, for which one hopes there is a better graphic designer than whoever puts together the agency’s classified PowerPoint presentations—and others are important but fragmentary. Obama said he’d make public the “legal rationale for the government’s collection activities under Section 215.” That is good, but legal rationales, for this and all other collection activities, are not things that should ever be fully classified in the first place. How an agency proceeds in a given case is one thing, but what it and we understand our rights to be should never be secret.

Source: http://m.newyorker.com/online/blogs/closeread/2013/08/nsa-dirty-dishes-obama-press-conference.html

You’ll forgive me if thinking that releasing details of how laws are secretly interpreted constitutes ‘transparency’ to any reasonable degree. Though I’m well aware that a vast portion of American jurisprudence is effectively withheld from the public (you have to pay for access to PACER to see how legislation has actually been interpreted by courts, thus excluding individuals from understanding their laws and court processes) it is inexcusable that POTUS thinks that making their rationales public is sufficient. What is legal is not necessarily right nor constitutional, and dragnet surveillance of the world’s communications is an inexcusable affront to basic human freedoms and liberties in today’s digital era.

Categories
Links Writing

The Significance of a ‘Three Hop’ Analysis

Washington’s Blog has an excellent, if somewhat long, post that outlines the significance of the NSA’s ‘three hop’ analysis. It collects and provides some numbers behind basic communications network analyses, and comes to the conclusion that upwards to 2.5 million Americans could be “caught up in dragnet for each suspected terrorist, means that a mere 140 potential terrorists could lead to spying on all Americans. There are tens of thousands of Americans listed as suspected terrorists … including just about anyone who protests anything that the government or big banks do.”

Go read the full post. Some of the numbers are a bit speculative, but on the whole it does a good job showing why ‘three hop’ analyses are so problematic: such analyses disproportionately collect data on American citizens the basis of the most limited forms of suspicion. Such surveillance should be set aside because it constitutes an inappropriate infringement on individuals’ and communities’ reasonable expectations of privacy; it runs counter to how a well ordered and properly functioning democracy should operate in theory and in practice.

Categories
Links

A handy guide to the hidden meaning behind all those NSA and government statements

A very helpful resource for deciphering ‘government-speak’ surrounding national security surveillance practices.

Categories
Links

Prism threatens ‘sovereignty’ of all EU data

Caspar Bowden has been aggressively lobbying the EU Parliament over the implications of the FISA Amendments Act for some time. In short, the Act authorizes capturing data from ‘Electronic Communications Service Providers’ when the data possesses foreign intelligence value. The result is that business and personal information, in addition to information directly concerning ‘national security’, can be legitimately collected by the Agency. (For more, see pages 33-35 of this report.)

Caspar’s most recent article outlines the unwillingness of key members of the EU Parliament to take seriously the implications of American surveillance … until it ceases to be an issue for policy wonks, and one of politics. Still, the Parliament has yet to retract recent amendments that would detrimentally affect the privacy rights of European citizens: it will be interesting to see whether the politics of the issue reverse the parliamentarians’ decisions or if lobbying by corporate interests win the day.

Categories
Links

James Clapper, EU play-acting, and political priorities

Greenwald has an excellent piece pointing out just some of the hypocrisy surrounding the Snowden revelations. A taste:

The first NSA story to be reported was our June 6 articlewhich exposed the bulk, indiscriminate collection by the US Government of the telephone records of tens of millions of Americans. Ever since then, it has been undeniably clear that James Clapper, the Director of National Intelligence, outright lied to the US Senate– specifically to the Intelligence Committee, the body charged with oversight over surveillance programs – when he said “no, sir” in response to this question from Democratic Sen. Ron Wyden: “Does the NSA collectany type of data at all on millions or hundreds of millions of Americans?”

That Clapper fundamentally misled Congress is beyond dispute. The DNI himself has now been forced by our storiesto admit that his statement was, in his words, “clearly erroneous” and to apologize. But he did this only once our front-page revelations forced him to do so: in other words, what he’s sorry about is that he got caught lying to the Senate. And as Salon’s David Sirota adeptly documented on Friday, Clapper is still spouting falsehoods as he apologizes and attempts to explain why he did it.

There has been a considerable amount of ‘flak’ – efforts to discredit organizations or individuals who disagree with or cast doubt on the prevailing assumptions that are favourable to established power – exhibited throughout the Snowden affair. It demonstrates quite powerfully that the Propaganda Model, written about in the 1988 book Manufacturing Consent remains a powerful tool of media analysis.

Categories
Aside Humour

It’s A-OK, Right?

azspot:

Matt Bors

If he’s smiling, it must be OK. Right? Right?

Categories
Aside Quotations

2013.6.7

Privacy advocates have long warned that allowing the government to collect and store unlimited “metadata” is a highly invasive form of surveillance of citizens’ communications activities. Those records enable the government to know the identity of every person with whom an individual communicates electronically, how long they spoke, and their location at the time of the communication. Such metadata is what the US government has long attempted to obtain in order to discover an individual’s network of associations and communication patterns. The request for the bulk collection of all Verizon domestic telephone records indicates that the agency is continuing some version of the data-mining program begun by the Bush administration in the immediate aftermath of the 9/11 attack.

Glenn Greenwald (via azspot)

Anyone trying to convince people “it’s only metadata” should be discounted as a fool or a government shill. Or perhaps as being both.