The NSAs Hidden Spy Hubs in Eight U.S. Cities

The secrets are hidden behind fortified walls in cities across the United States, inside towering, windowless skyscrapers and fortress-like concrete structures that were built to withstand earthquakes and even nuclear attack. Thousands of people pass by the buildings each day and rarely give them a second glance, because their function is not publicly known. They are an integral part of one of the worlds largest telecommunications networks and they are also linked to a controversial National Security Agency surveillance program.

Atlanta, Chicago, Dallas, Los Angeles, New York City, San Francisco, Seattle, and Washington, D.C. In each of these cities, The Intercept has identified an AT&T facility containing networking equipment that transports large quantities of internet traffic across the United States and the world. A body of evidence including classified NSA documents, public records, and interviews with several former AT&T employees indicates that the buildings are central to an NSA spying initiative that has for years monitored billions of emails, phone calls, and online chats passing across U.S. territory.

The NSA considers AT&T to be one of its most trusted partners and has lauded the companys extreme willingness to help. It is a collaboration that dates back decades. Little known, however, is that its scope is not restricted to AT&Ts customers. According to the NSAs documents, it values AT&T not only because it has access to information that transits the nation, but also because it maintains unique relationships with other phone and internet providers. The NSA exploits these relationships for surveillance purposes, commandeering AT&Ts massive infrastructure and using it as a platform to covertly tap into communications processed by other companies.

Much has previously been reported about the NSAs surveillance programs. But few details have been disclosed about the physical infrastructure that enables the spying. Last year, The Intercept highlighted a likely NSA facility in New York Citys Lower Manhattan. Now, we are revealing for the first time a series of other buildings across the U.S. that appear to serve a similar function, as critical parts of one of the worlds most powerful electronic eavesdropping systems, hidden in plain sight.

Its eye-opening and ominous the extent to which this is happening right here on American soil, said Elizabeth Goitein, co-director of the Liberty and National Security Program at the Brennan Center for Justice. It puts a face on surveillance that we could never think of before in terms of actual buildings and actual facilities in our own cities, in our own backyards.

There are hundreds of AT&T-owned properties scattered across the U.S. The eight identified by The Intercept serve a specific function, processing AT&T customers data and also carrying large quantities of data from other internet providers. They are known as backbone and peering facilities.

While network operators would usually prefer to send data through their own networks, often a more direct and cost-efficient path is provided by other providers infrastructure. If one network in a specific area of the country is overloaded with data traffic, another operator with capacity to spare can sell or exchange bandwidth, reducing the strain on the congested region. This exchange of traffic is called peering and is an essential feature of the internet.

Because of AT&Ts position as one of the U.S.s leading telecommunications companies, it has a large network that is frequently used by other providers to transport their customers data. Companies that peer with AT&T include the American telecommunications giants Sprint, Cogent Communications, and Level 3, as well as foreign companies such as Swedens Telia, Indias Tata Communications, Italys Telecom Italia, and Germanys Deutsche Telekom.

AT&T currently boasts 19,500 points of presence in 149 countries where internet traffic is exchanged. But only eight of the companys facilities in the U.S. offer direct access to its common backbone key data routes that carry vast amounts of emails, internet chats, social media updates, and internet browsing sessions. These eight locations are among the most important in AT&Ts global network. They are also highly valued by the NSA, documents indicate.

The data exchange between AT&T and other networks initially takes place outside AT&Ts control, sources said, at third-party data centers that are owned and operated by companies such as Californias Equinix. But the data is then routed in whole or in part through the eight AT&T buildings, where the NSA taps into it. By monitoring what it calls the peering circuits at the eight sites, the spy agency can collect not only AT&Ts data, they get all the data thats interchanged between AT&Ts network and other companies, according to Mark Klein, a former AT&T technician who worked with the company for 22 years. It is an efficient point to conduct internet surveillance, Klein said, because the peering links, by the nature of the connections, are liable to carry everybodys traffic at one point or another during the day, or the week, or the year.

Christopher Augustine, a spokesperson for the NSA, said in a statement that the agency could neither confirm nor deny its role in alleged classified intelligence activities. Augustine declined to answer questions about the AT&T facilities, but said that the NSA conducts its foreign signals intelligence mission under the legal authorities established by Congress and is bound by both policy and law to protect U.S. persons privacy and civil liberties.

Jim Greer, an AT&T spokesperson, said that AT&T was required by law to provide information to government and law enforcement entities by complying with court orders, subpoenas, lawful discovery requests, and other legal requirements. He added that the company provides voluntary assistance to law enforcement when a persons life is in danger and in other immediate, emergency situations. In all cases, we ensure that requests for assistance are valid and that we act in compliance with the law.

Dave Schaeffer, CEO of Cogent Communications, told The Intercept that he had no knowledge of the surveillance at the eight AT&T buildings, but said he believed the core premise that the NSA or some other agency would like to look at traffic at an AT&T facility. He said he suspected that the surveillance is likely carried out on a limited basis, due to technical and cost constraints. If the NSA were trying to ubiquitously monitor data passing across AT&Ts networks, Schaeffer added, he would be extremely concerned.

Sprint, Telia, Tata Communications, Telecom Italia, and Deutsche Telekom did not respond to requests for comment. CenturyLink, which owns Level 3, said it would not discuss matters of national security.

The maps The Intercept used to identify the internet surveillance hubs.

Maps: NSA/AT&T

The eight locations are featured on a top-secret NSA map, which depicts U.S. facilities that the agency relies upon for one of its largest surveillance programs, code-named FAIRVIEW. AT&T is the only company involved in FAIRVIEW, which was first established in 1985, according to NSA documents, and involves tapping into international telecommunications cables, routers, and switches.

In 2003, the NSA launched new internet mass surveillance methods, which were pioneered under the FAIRVIEW program. The methods were used by the agency to collect within a few months some 400 billion records about peoples internet communications and activity, the New York Times previously reported. FAIRVIEW was also forwarding more than 1 million emails every day to a keyword selection system at the NSAs Fort Meade headquarters.

Central to the internet spying are eight peering link router complex sites, which are pinpointed on the top-secret NSA map. The locations of the sites mirror maps of AT&Ts networks, obtained by The Intercept from public records, which show backbone node with peering facilities in Atlanta, Chicago, Dallas, Los Angeles, New York City, San Francisco, Seattle, and Washington, D.C.

One of the AT&T maps contains unique codes individually identifying the addresses of the facilities in each of the cities.

Among the pinpointed buildings, there is a nuclear blast-resistant, windowless facility in New York Citys Hells Kitchen neighborhood; in Washington, D.C., a fortress-like, concrete structure less than half a mile south of the U.S. Capitol; in Chicago, an earthquake-resistant skyscraper in the West Loop Gate area; in Atlanta, a 429-foot art deco structure in the heart of the citys downtown district; and in Dallas, a cube-like building with narrow windows and large vents on its exterior, located in the Old East district.

Elsewhere, on the west coast of the U.S., there are three more facilities: in downtown Los Angeles, a striking concrete tower near the Walt Disney Concert Hall and the Staples Center, two blocks from the most important internet exchange in the region; in Seattle, a 15-story building with blacked-out windows and reinforced concrete foundations, near the citys waterfront; and in San Franciscos South of Market neighborhood, a building where it was previously claimed that the NSA was monitoring internet traffic from a secure room on the sixth floor.

The peering sites otherwise known in AT&T parlance as Service Node Routing Complexes, or SNRCs were developed following the internet boom in the mid- to late 1990s. By March 2009, the NSAs documents say it was tapping into peering circuits at the eight SNRCs.

The facilities purpose was to bolster AT&Ts network, improving its reliability and enabling future growth. They were developed under the leadership of an Iranian-American innovator and engineer named Hossein Eslambolchi, who was formerly AT&Ts chief technology officer and president of AT&T Labs, a division of the company that focuses on research and development.

Eslambolchi told The Intercept that the project to set up the facilities began after AT&T asked him to help create the largest internet protocol network in the world. He obliged and began implementing his network design by placing large Cisco routers inside former AT&T phone switching facilities across the U.S. When planning the project, he said he divided AT&Ts network into different regions, and in every quadrant I will have what I will call an SNRC.

During his employment with AT&T, Eslambolchi said he had to take a polygraph test, and he obtained a government security clearance. I was involved in very, very top, heavy-duty projects for a few of these three-letter agencies, he said, in an apparent reference to U.S. intelligence agencies. They all loved me.

He would not confirm or deny the exact locations of the eight peering sites identified by The Intercept or discuss the classified work he carried out while with the company. You put a gun to my head, he said, Im not going to tell you.

Other former AT&T employees, however, were more forthcoming.

A former senior member of AT&Ts technical staff, who spoke on condition of anonymity due to the sensitivity of the subject, confirmed with 100 percent certainty the locations of six of the eight peering facilities identified by The Intercept. The source, citing direct knowledge of the facilities and their function, verified the addresses of the buildings in Atlanta, Dallas, Los Angeles, New York City, Seattle, and Washington, D.C.

A second former AT&T employee confirmed the locations of the remaining two sites, in Chicago and San Francisco. I worked with all of them, said Philip Long, who was employed by AT&T for more than two decades as a technician servicing its networks. Longs work with AT&T was carried out mostly in California, but he said his job required him to be in contact with the companys other facilities across the U.S. In about 2005, Long recalled, he received orders to move every internet backbone circuit I had in northern California through the San Francisco AT&T building identified by The Intercept as one of the eight NSA spy hubs. Long said that, at the time, he felt suspicious of the changes, because they were unusual and unnecessary. We thought we were routing our circuits so that they could grab all the data, he said. We thought it was the government listening. He retired from his job with AT&T in 2014.

A third former AT&T employee reviewed The Intercepts research and said he believed it accurately identified all eight of the facilities. The site data certainly seems correct, said Thomas Saunders, who worked as a data networking consultant for AT&T in New York City between 1995 and 2004. Those nodes arent going to move.

Photo: Henrik Moltke

The NSA calls this predicament home field advantage a kind of geographic good fortune. A targets phone call, email, or chat will take the cheapest path, not the physically most direct path, one agency document explains. Your targets communications could easily be flowing into and through the U.S.

Once the internet traffic arrives on U.S. soil, it is processed by American companies. And that is why, for the NSA, AT&T is so indispensable. The company claims it has one of the worlds most powerful networks, the largest of its kind in the U.S. AT&T routinely handles masses of emails, phone calls, and internet chats. As of March 2018, some 197 petabytes of data the equivalent of more than 49 trillion pages of text, or 60 billion average-sized mp3 files traveled across its networks every business day.

The NSA documents, which come from the trove provided to The Intercept by the whistleblower Edward Snowden, describe AT&T as having been aggressively involved in aiding the agencys surveillance programs. One example of this appears to have taken place at the eight facilities under a classified initiative called SAGUARO.

As part of SAGUARO, AT&T developed a strategy to help the NSA electronically eavesdrop on internet data from the peering circuits at the eight sites, which were said to connect to the common backbone, major data routes carrying internet traffic.

The company worked with the NSA to rank communications flowing through its networks on the basis of intelligence value, prioritizing data depending on which country it was derived from, according to a top-secret agency document.

Graphic: NSA

NSA diagrams reveal that after it collects data from AT&Ts access links and peering partners, it is sent to a centralized processing facility code-named PINECONE, located somewhere in New Jersey. Inside the PINECONE facility, there is a secure space in which there is both NSA-controlled and AT&T-controlled equipment. Internet traffic passes through an AT&T distribution box to two NSA systems. From there, the data is then transferred about 200 miles southwest to its final destination: NSA headquarters at Fort Meade in Maryland.

At the Maryland compound, the communications collected from AT&Ts networks are integrated into powerful systems called MAINWAY and MARINA, which the NSA uses to analyze metadata such as the to and from parts of emails, and the times and dates they were sent. The communications obtained from AT&T are also made accessible through a tool named XKEYSCORE, which NSA employees use to search through the full contents of emails, instant messenger chats, web-browsing histories, webcam photos, information about downloads from online services, and Skype sessions.

Top left / right: Mike Osborne. Bottom left: Henrik Moltke. Bottom right: Frank Heath.

The NSAs primary mission is to gather foreign intelligence. The agency has broad legal powers to monitor emails, phone calls, and other forms of correspondence as they are being transported across the U.S., and it can compel companies such as AT&T to install surveillance equipment within their networks.

Under a Ronald Reagan-era presidential directive Executive Order 12333 the NSA has what it calls transit authority, which it says enables it to eavesdrop on communications which originate and terminate in foreign countries, but traverse U.S. territory. That could include, for example, an email sent by a person in France to a person in Mexico, which on its way to its destination was routed through a server in California. According to the NSAs documents, it was using AT&Ts networks as of March 2013 to gather some 60 million foreign-to-foreign emails every day, 1.8 billion per month.

Without an individualized court order, it is illegal for the NSA to spy on communications that are wholly domestic, such as emails sent back and forth between two Americans living in Texas. However, in the aftermath of the 9/11 attacks, the agency began eavesdropping on Americans international calls and emails that were passing between the U.S. and other countries. That practice was exposed by the New York Times in 2005 and triggered what became known as the warrantless wiretapping scandal.

Critics argued that the surveillance of Americans international communications was illegal, because the NSA had carried it out without obtaining warrants from a judge and had instead acted on the orders of President George W. Bush. In 2008, Congress weighed into the dispute and controversially authorized elements of the warrantless wiretapping program by enacting Section 702 of the Foreign Intelligence and Surveillance Act, or FISA. The new law allowed the NSA to continue sweeping up Americans international communications without a warrant, so long as it did so incidentally while it was targeting foreigners overseas for instance, if it was monitoring people in Pakistan, and they were talking with Americans in the U.S. by phone, email, or through an internet chat service.

Within AT&Ts networks, there is filtering equipment designed to separate foreign and domestic internet data before it is passed to the NSA, the agencys documents show. Filtering technology is often used by internet providers for security reasons, enabling them to keep tabs on problems with their networks, block out spam, or monitor hacking attacks. But the same tools can be used for government surveillance.

You can essentially trick the routers into redirecting a small subset of traffic you really care about, which you can monitor in more detail, said Jennifer Rexford, a computer scientist who worked for AT&T Labs between 1996 and 2005.

According to the NSAs documents, it programs its surveillance systems to focus on particular IP addresses a set of numbers that identify a computer associated with foreign countries. A classified 2012 memo describes the agencys efforts to use IP addresses to home in on internet data passing between the U.S. and particular regions of interest, including Iran, Afghanistan, Israel, Nigeria, Pakistan, Yemen, Sudan, Tunisia, Libya, and Egypt. But this process is not an exact science, as people can use privacy or anonymity tools to change or spoof their IP addresses. A person in Israel could use privacy software to masquerade as if they were accessing the internet in the U.S. Likewise, an internet user in the U.S. could make it appear as if they were online in Israel. It is unclear how effective the NSAs systems are at detecting such anomalies.

In October 2011, the Foreign Intelligence Surveillance Court, which approves the surveillance operations carried out under Section 702 of FISA, found that there were technological limitations with the agencys internet eavesdropping equipment. It was generally incapable of distinguishing between some kinds of data, the court stated. As a consequence, Judge John D. Bates ruled, the NSA had been intercepting the communications of non-target United States persons and persons in the United States, violating Fourth Amendment protections against unreasonable searches and seizures. The ruling, which was declassified in August 2013, concluded that the agency had acquired some 13 million internet transactions during one six-month period, and had unlawfully gathered tens of thousands of wholly domestic communications each year.

The root of the issue was that the NSAs technology was not only targeting communications sent to and from specific surveillance targets. Instead, the agency was sweeping up peoples emails if they had merely mentioned particular information about surveillance targets.

A top-secret NSA memo about the courts ruling, which has not been disclosed before, explained that the agency was collecting peoples messages en masse if a single one were found to contain a selector like an email address or phone number that featured on a target list.

One example of this is when a user of a webmail service accesses her inbox; if the inbox contains one email message that contains an NSA tasked selector, NSA will acquire a copy of the entire inbox, not just the individual email message that contains the tasked selector, the memo stated.

The courts ruling left the agency with two options: shut down the spying based on mentions of targets completely, or ensure that protections were put in place to stop the unlawfully collected communications from being reviewed. The NSA chose the latter option, and created a cautionary banner that warned its analysts not to read particular messages unless they could confirm that they had been lawfully obtained.

But the cautionary banner did not solve the problem. The NSAs analysts continued to access the same data repositories to search, unlawfully, for information on Americans. In April 2017, the agency publicly acknowledged these violations, which it described as inadvertent compliance incidents. It said that it would no longer use surveillance programs authorized under Section 702 of FISA to harvest messages that mentioned its targets, citing technological constraints, United States person privacy interests, and certain difficulties in implementation.

The messages that the NSA had unlawfully collected were swept up using a method of surveillance known as upstream, which the agency still deploys for other surveillance programs authorized under both Section 702 of FISA and Executive Order 12333. The upstream method involves tapping into communications as they are passing across internet networks precisely the kind of electronic eavesdropping that appears to have taken place at the eight locations identified by The Intercept.

Photo: Frank Heath

Photo: Frank Heath

The Atlanta facility is likely of strategic importance for the NSA. The site is the closest major AT&T internet routing center to Miami, according to the NSA and AT&T maps. From undersea cables that come aground at Miami, huge flows of data pass between the U.S. and South America. It is probable that much of that data is routed through the Atlanta facility as it is being sent to and from the U.S. In recent years, the NSA has extensively targeted several Latin American countries such as Mexico, Brazil, and Venezuela for surveillance.

Photo: Henrik Moltke

According to the Chicago Sun-Times, the facility handles much of the citys phone and internet traffic and is equipped with banks of routers, servers, and switching systems. This building touches every single resident of the city, Jim Wilson, an AT&T area manager, told the newspaper in 2016.

Photo: Henrik Moltke

10 South Canal Street originally contained a million-gallon oil tank, turbine generators, and a water well, so that it could continue to function for more than two weeks without electricity or water from the city, according to Illinois broadcaster WBEZ. The building is anchored in bedrock, which helps support the weight of the equipment inside, and gives it extra resistance to bomb blasts or earthquakes, WBEZ reported.

NSA and AT&T maps point to the Chicago facility as being one of the peering hubs, which process internet traffic as part of the NSA surveillance program code-named FAIRVIEW. Philip Long, who was employed by AT&T for more than two decades as a technician servicing its networks, confirmed that the Chicago site was one of eight primary AT&T Service Node Routing Complexes, or SNRCs, in the U.S. NSA documents explicitly describe tapping into flows of data at all eight of these sites.

Photo: Mike Osborne

The 4211 Bryan Street facility is located next to other AT&T-owned buildings, including a towering telephone routing complex that was first built in 1904. A piece about the telephone hub in the Dallas Observer described it as an imposing, creepy building that is known in some circles as The Great Wall of Beige.

Photo: Mike Osborne

NSA and AT&T maps point to the 4211 Bryan Street facility as being one of the peering hubs, which process internet traffic as part of the NSA surveillance program code-named FAIRVIEW. A former AT&T employee confirmed that the site was one of eight primary AT&T Service Node Routing Complexes, or SNRCs, in the U.S. NSA documents explicitly describe tapping into flows of data at all eight of these sites.

Photo: Henrik Moltke

Located between Chinatown and the Staples Center, the fortress-like structure is one of the largest telephone central offices in the U.S. The theoretical number of telephone lines that can be served from this office are 1.3 million and this office also serves as a foreign exchange carrier to neighboring area codes, according to the Central Office, a website that profiles U.S. telecommunications hubs.

Untitled, or Bell Communications Around the Globe. Mural by Anthony Heinsbergen (1961) on the West side of 420 South Grand Ave, La.

Photo: Henrik Moltke

Due to the close proximity of the Madison Complex and One Wilshire, and their shared role as telecommunications hubs, it is likely that the buildings process some of the same data as it is being routed across U.S. networks.

NSA and AT&T maps point to the Madison Complex facility as being one of the peering hubs, which process internet traffic as part of the NSA surveillance program code-named FAIRVIEW. A former AT&T employee confirmed that the site was one of eight primary AT&T Service Node Routing Complexes, or SNRCs, in the U.S. NSA documents explicitly describe tapping into flows of data at all eight of these sites.

Photo: Henrik Moltke

A New York Times article published in 1975 noted that 811 10th Avenue was the first of several windowless equipment buildings to be constructed in the city, and added that its design initially caused considerable controversy.

Aerial shot of 811 10th street, NYC, ca. 1965.

Photo: courtesy of Avery Architectural & Fine Arts Library, Columbia University

Photo: Henrik Moltke

NSA and AT&T documents indicate that 10th Avenue building serves as the NSAs internet equivalent of 33 Thomas Street. While the NSAs surveillance at 33 Thomas Street mainly targets phone calls that pass through the buildings international switching points, at the 10th Avenue site the agency appears to primarily collect emails, online chats, and data from internet browsing sessions.

Photo: Henrik Moltke

NSA and AT&T maps obtained by The Intercept indicate that 611 Folsom Street is one of the eight peering hubs in the U.S. that process internet traffic as part of the NSA surveillance program code-named FAIRVIEW. Philip Long, who was employed by AT&T for more than two decades as a technician servicing its networks, confirmed that the San Francisco site is one of eight primary AT&T Service Node Routing Complexes, or SNRCs, in the U.S. NSA documents explicitly describe tapping into flows of data at all eight of these sites.

Photo: Henrik Moltke

We were getting orders to move backbones and it just grabbed me, said Long. We thought it was government stuff and that they were being intrusive. We thought we were routing our circuits so that they could grab all the data.

It is not the first time the building has been implicated in revelations about electronic eavesdropping. In 2006, an AT&T technician named Mark Klein alleged in a sworn court declaration that the NSA was tapping into internet traffic from a secure room on the sixth floor of the facility.

Klein, who worked at 611 Folsom Street between October 2003 and May 2004, stated that employees from the agency had visited the building and recruited one of AT&Ts management level technicians to carry out a special job. The job involved installing a splitter cabinet that copied internet data as it was flowing into the building, before diverting it into the secure room.

The room at AT&Ts Folsom St. facility that allegedly contained NSA surveillance equipment.

Photo: Mark Klein

He said equipment in the secure room included a semantic traffic analyzer a tool that can be used to search large quantities of data for particular words or phrases contained in emails or online chats. Notably, Klein discovered that the NSA appeared to be specifically targeting internet peering links, which is corroborated by the NSA and AT&T documents obtained by The Intercept.

According to documents provided by Klein, AT&Ts network at Folsom Street peered with other companies like Sprint, Cable & Wireless, and Qwest. It was also linked, he said, to an internet exchange named MAE West, a major data hub in San Jose, California, where other companies connect their networks together.

Sprint did not respond to a request for comment. A spokesperson for Cable & Wireless said the company only discloses data when legally required to do so as a result of a valid warrant or other legal process. In 2011, CenturyLink acquired Qwest as part of a $12.2 billion merger deal. A CenturyLink spokesperson said he could not discuss matters of national security.

Photo: Jovelle Tamayo for The Intercept

Read more from the original source:
The NSAs Hidden Spy Hubs in Eight U.S. Cities

The Trump Administration Is Hiding a Crucial Report on NSA …

Despite requests from a senator and the European Union, the Trump administration is refusing to make public an important report by a federal privacy watchdog about how the U.S. government handles personal information swept up by its surveillance.

The public has a right to know what the government does with the vast troves of private data that American intelligence agencies collect in the course of their spying. On Thursday, we filed a Freedom of Information Act request demanding the release of the report, significant portions of which are unclassified.

The report is from the Privacy and Civil Liberties Oversight Board, which was created by Congress to be an independent, bipartisan agency. Its mission is to help ensure that national security laws and programs dont infringe on individual rights. As part of that mission, the board has issued several significant oversight reports addressing government surveillance. While we have not always agreed with the conclusions of these reports, they have played a vital role in the democratic process by educating the public about the powerful spying tools at the governments disposal. In the wake of Edward Snowdens revelations about the National Security Agencys illegal mass surveillance programs, the boards work informed the public debate by prompting the declassification of additional details about these secret programs.

Recognizing the boards importance as a mechanism for transparency, Congress required that it make its reports public to the greatest extent possible. But now the Trump administration is wrongly trying to keep its findings secret.

The report were seeking concerns the implementation of President Obamas 2014 policy directive on government spying and the handling of personal information, which can include emails, chats, text messages, and more. The directive recognized that all persons have legitimate privacy interests in the handling of their personal information. While Obamas policy changes left much to be desired, they did include improvements, including some very modest protections for the handling of personal information of non-American citizens abroad. The directive also encouraged the Privacy and Civil Liberties Oversight Board to provide the president with a report assessing how the new policies were carried out.

In December 2016, the board delivered its report to the White House and congressional intelligence committees. Two months later, Sen. Ron Wyden (D-Ore.) wrote a letter to Office of the Director of National Intelligence, urging it to make public the unclassified portions of the report and to declassify the rest of it as soon as possible. European Union officials and representatives have also called for the reports release.

In response, the Trump administration has refused to release any of the report, even with redactions, citing executive privilege. By shrouding the report in secrecy, the administration is depriving the public of the ability to understand how the government is applying Obamas efforts to impose even minimal privacy safeguards on highly controversial NSA spying.

The European Union has said that the disclosure of the report is important for its annual assessment of the central U.S.-EU data-sharing agreement, known as Privacy Shield. That agreement allows American tech firms operatingin Europe to easily transfer data to the United States.

Just last week, the European Parliament called for the suspension of the Privacy Shield agreement because the United States is not complying with EU law. Suspending the agreement would be devastating for Silicon Valley. One of parliaments many concerns was Trumps claim of presidential privilege over the boards report, which likely addresses the implementation of privacy protections for Europeans.

In addition to keeping the report secret, the Trump administration appears to be undermining the Privacy and Civil Liberties Oversight Boards proper functioning. Since February 2017, four of the boards five positions have been vacant, preventing it from doing much of its work to investigate government overreach. Three new members have been nominated but are still awaiting Senate confirmation after many months. Even if all three were confirmed, that would leave the board imbalanced, with three Republicans and only one Democrat. In this scenario, the boards rules require that the next member not be a Republican, but Trump has made no nomination.

Given the vacancies and the fact that the current nominee for chair of the board is on the record supporting unconstitutional surveillance programs there are now serious questions regarding whether the board will act as an independent check on surveillance abuses by the executive branch in the future.

Despite questions about the future of the Privacy and Civil Liberties Oversight Board, its reports have shed much-needed light on the governments surveillance practices. By hiding the report that were demanding today, the Trump administration is not only undermining the boards purpose its also undermining democratic accountability.

More:
The Trump Administration Is Hiding a Crucial Report on NSA …

Obama knew of NSA spying on Merkel and approved it, report …

President Barack Obama knew of the organizations spying on German Chancellor Angela Merkel and approved of the efforts, a National Security Agency official has reportedly told a German newspaper.

The Economic Times writes the high-ranking NSA official spoke to Bild am Sonntag on the condition of anonymity, saying the president, not only did not stop the operation, but he also ordered it to continue.

The Economic Times also reports the official told Bild am Sonntag that Obama did not trust Merkel, wanted to know everything about her, and thus ordered the NSA to prepare a dossier on the politician.

The account could mean difficulties for the White House, given another report claiming Obama told Merkel during a telephone conversation last Wednesday he was not aware of the NSAs spying.

The Economic Times cited Frankfuter Allgemeine Zeitung in writing that when Merkel called Obama last week to alternately complain — and get an explanation — about the NSA surveillance, the president assured her he wasnt aware of the campaign regarding her, and would have halted it, had he known.

According to The New York Times, Susan E. Rice, the presidents national security adviser, insisted that Obama did not know about the monitoring of Merkels phone, during a call last week with Christoph Heusgen, Rices German counterpart.

The unnamed NSA official’s allegations delve deeper into a Saturday report, published by the German magazine Der Spiegel, claiming the U.S. spy agency has monitored Merkels phone since 2002, or even before she rose to her countrys chief executive position and was only an opposition leader.

The revelations follow earlier reports of the NSA monitoring phone calls made by French and German citizens, an account prompting both nations foreign ministries to summon the respective American ambassadors to each country for an explanation. Much — if not all — of the reporting on the alleged spying scandal stems from documents leaked by former NSA contractor Edward J. Snowden.

According to the Associated Press, Interior Minister Hans-Peter Friedrich was quoted Sunday as telling newspaper Bild am Sonntag he wants “complete information on all accusations” and that “if the Americans intercepted cellphones in Germany, they broke German law on German soil.” He added wiretapping is a crime and “those responsible must be held accountable.”

The Der Spiegel report also alleges the German leaders mobile phone number had been part of a special surveillance list used by the NSA as late as this past June. Der Spiegel writes the nature of the alleged monitoring isnt clear, or whether Merkel’s conversations were recorded or her contacts scrutinized.

Click for the story from The Economic Times.

Continued here:
Obama knew of NSA spying on Merkel and approved it, report …

AT&T collaborates on NSA spying through a web of secretive …

A new report from The Intercept sheds light on the NSAs close relationship with communications provider AT&T.

The Intercept identified eight facilities across the U.S. that function as hubs for AT&Ts efforts to collaborate with the intelligence agency. The site first identified one potential hub of this kind in 2017 in lower Manhattan.

The report reveals that eight AT&T data facilities in the U.S. are regarded as high-value sites to the NSA for giving the agency direct backbone access to raw data that passes through, including emails, web browsing, social media and any other form of unencrypted online activity. The NSA uses the web of eight AT&T hubs for a surveillance operation code-named FAIRVIEW, a program previously reported by The New York Times. The program, first established in 1985, involves tapping into international telecommunications cables, routers, and switches and only coordinates directly with AT&T and not the other major U.S. mobile carriers.

AT&Ts deep involvement with the NSA monitoring program operated under the code name SAGUARO. Messaging, email and other web traffic accessed through the program was made searchable through XKEYSCORE, one of the NSAs more infamous search-powered surveillance tools.

The Intercept explains how those sites give the NSA access to data beyond just AT&T subscribers:

The data exchange between AT&T and other networks initially takes place outside AT&Ts control, sources said, at third-party data centers that are owned and operated by companies such as Californias Equinix. But the data is then routed in whole or in part through the eight AT&T buildings, where the NSA taps into it. By monitoring what it calls the peering circuits at the eight sites, the spy agency can collect not only AT&Ts data, they get all the data thats interchanged between AT&Ts network and other companies, according to Mark Klein, a former AT&T technician who worked with the company for 22 years.

The NSA describes these locations as peering link router complex sites while AT&T calls them Service Node Routing Complexes (SNRCs). The eight complexes are spread across the nations major cities, with locations in Chicago, Dallas, Atlanta, Los Angeles, New York City, San Francisco, Seattle and Washington, D.C. The Intercept report identifies these facilities:

Among the pinpointed buildings, there is a nuclear blast-resistant, windowless facility in New York Citys Hells Kitchen neighborhood; in Washington, D.C., a fortress-like, concrete structure less than half a mile south of the U.S. Capitol; in Chicago, an earthquake-resistant skyscraper in the West Loop Gate area; in Atlanta, a 429-foot art deco structure in the heart of the citys downtown district; and in Dallas, a cube-like building with narrow windows and large vents on its exterior, located in the Old East district.

in downtown Los Angeles, a striking concrete tower near the Walt Disney Concert Hall and the Staples Center, two blocks from the most important internet exchange in the region; in Seattle, a 15-story building with blacked-out windows and reinforced concrete foundations, near the citys waterfront; and in San Franciscos South of Market neighborhood, a building where it was previously claimed that the NSA was monitoring internet traffic from a secure room on the sixth floor.

While these facilities could allow for the monitoring of domestic U.S. traffic, they also process vast quantities of international traffic as it moves across the globe a fact that likely explains why the NSA would view these AT&T nodes as such high-value sites. The original documents, part of the leaked files provided by Edward Snowden, are available in the original report.

Update: A representative from AT&T provided TechCrunch with the following comment.

Like all companies, we are required by law to provide information to government and law enforcement entities by complying with court orders, subpoenas, lawful discovery requests and other legal requirements. And, we provide voluntary assistance to law enforcement when a persons life is in danger and in other immediate, emergency situations. In all cases, we ensure that requests for assistance are valid and that we act in compliance with the law.

Read this article:
AT&T collaborates on NSA spying through a web of secretive …

Potential NSA spying hub revealed in D.C. AT&T building …

The NSA could be using an AT&T building in the District to spy on peoples digital communications, reported The Intercept earlier today.

The Intercept identified 8 AT&T buildings across the country which collect and sifts throughcommunications for the NSA, based on information the news site gleaned from interviews with former AT&T workers, public records, and classified agency documents.

One building is a concrete multi-story that sits at 30 E Street in Southwest, across the street from the Fairchild Building which houses an office for the Capitol Police.

The Southwest building acts as a peering hub for the NSAs code-named surveillance program FAIRVIEW which processes calls, texts, emails, and other internet communications by tapping into AT&Ts cables, routers, and switches, according to the Intercept.

Internet traffic is often routed through the United States, where it is handled by companies like AT&T. The NSA ran a program code-named SAGUARO to surveil the data passing through AT&T main nodes, such as the building in Southwest. The company helped the agency flag important data and transmit it to a processing facility in New Jersey, all according to The Intercept.

Verizon owns the majority of the D.C. building, with AT&T occupying the fourth, fifth, and sixth floors, according to public records. Representatives from the company and the NSA did not confirm or deny the use of the building for surveillance to The Intercept and stressed their compliance with existing laws.

The Intercept first revealed AT&T buildings may be used for surveillance last year with an investigation into a windowless skyscraper in New York City. Other buildings since identified are located in Washington state, California, Texas, Illinois, and Georgia.

The NSA has legally been allowed to snoop on foreign communications that pass through the U.S. since 1981. In 2008 Congress authorized the NSA to also collect domestic communications if they were being exchanged with a foreigner under agency surveillance.

However, in 2011 the Foreign Intelligence Surveillance Court found the NSA had swept up tens of thousands of wholly domestic communications and ruled a portion of the collection program unlawful. At the time the NSA tried to adapt the program sanctioned by Congress to provide additional measures of privacy, but in 2017 the agency admitted ongoing compliance issues, and scrapped the program.

Information about NSAs mass surveillance programs originally became public knowledge after former government contractor Edward Snowden leaked classified documents to The Guardian in 2013.

View post:
Potential NSA spying hub revealed in D.C. AT&T building …

RNC condemns NSA spying in huge turnaround | MSNBC

In a jarring break from the George W. Bush era, the Republican National Committee voted Friday to adopt a resolution demanding an investigation into the National Security Agencys spy programs.

According to the resolution, the NSA metadata program revealed by former NSA contractor Edward Snowden is deemed an invasion into the personal lives of American citizens that violates the right of free speech and association afforded by the First Amendment of the United States Constitution. In addition, the mass collection and retention of personal data is in itself contrary to the right of privacy protected by the Fourth Amendment of the United States Constitution.

Titled a Resolution To Renounce The National Security Agencys Surveillance Program, it waspassed by a voice vote as part of a package of RNC proposals. Not a single member rose to object or call for further debate, as occurred for other resolutions.

Nevada Committeewoman Diana Orrock told msnbc over the phone that she introduced the resolution at the RNCs summer meeting, but she wasnt able to attract the necessary co-sponsors to advance it until now. The only major change she says she made to secure support was to drop the word unconstitutional from the title.

I have to thank Edward Snowden for bringing forth the blatant trampling of our First and Fourth Amendment rights in the guise of security, she said. Something had to be said. Something had to be done.

This is, to put it mildly, a new position for the Republican National Committee. When the New York Times revealed that the NSA had wiretapped American citizens without warrants in late 2005, the RNC used their 2006 winter meeting to strongly defend the programs national security value.

Do Nancy Pelosi and Howard Dean really think that when the NSA is listening in on terrorists planning attacks on America, they need to hang up when those terrorists dial their sleeper cells inside the United States? Ken Mehlman, then RNC chair, told the RNC gathering in his keynote speech at the time.

This time around, per Orrocks resolution, the RNC is declaring that unwarranted government surveillance is an intrusion on basic human rights that threatens the very foundations of a democratic society and this program represents a gross infringement of the freedom of association and the right to privacy and goes far beyond even the permissive limits set by the Patriot Act.

The RNCs tidal shift reflects the reality that mass surveillance looks a lot more benign when your own partys leader is in charge of the operation. But the resolution also is a sign of the increasing influence of the libertarian wing of the party, especially supporters of Ron Paul and his son, Rand Paul, who have made government overreach in pursuit of terrorists a top issue. Both Orrock and fellow Nevada Committeeman James Smack, who presented the resolution on her behalf, supported the elder Pauls presidential campaign.

I think it probably does reflect the views of many of the people who really want to turn out the vote and who are viewing the world through the prism of the next election, Stewart Baker, a former Bush-era Homeland Security official, told msnbc in an email. Its a widespread view among Republicans, but I think the ones that know this institution best and for whom national security is a high priority dont share this view.

The resolution somewhat mangles the legal debate over NSA surveillance. The PRISM program mentioned by the RNC is tasked with monitoring foreign targets or conversations where only one of the parties is in the United States. Americans communications are sometimes collected incidentally and lawmakers have accused the agency of overreaching. But the mass acquisition of Americans call details in the resolution appears to refer to the NSAs metadata collection, which is distinct from PRISM. The two programs derive their authority from different laws.

While the details are off, the overall critique is about as pointed as it gets.

There appears to be very little daylight between the RNC and progressive challengers of the phone records program, such as the ACLU, Stephen Vladeck, a professor of law at American University, told msnbc in an e-mail.

The full text of the resolution is below:

RESOLUTION TO RENOUNCE THE NATIONAL SECURITY AGENCYS SURVEILLANCE PROGRAM

WHEREAS, the secret surveillance program called PRISM targets, among other things, the surveillance of communications of U.S. citizens on a vast scale and monitors searching habits of virtually every American on the internet;

WHEREAS, this dragnet program is, as far as we know, the largest surveillance effort ever launched by a democratic government against its own citizens, consisting of the mass acquisition of Americans call details encompassing all wireless and landline subscribers of the countrys three largest phone companies*;

WHEREAS, every time an American citizen makes a phone call, the NSA gets a record of the location, the number called, the time of the call and the length of the conversation; all of which are an invasion into the personal lives of American citizens that violates the right of free speech and association afforded by the First Amendment of the United States Constitution;

WHEREAS, the mass collection and retention of personal data is in itself contrary to the right of privacy protected by the Fourth Amendment of the United States Constitution, which guarantees the right of the people to be secure in their persons, houses, papers, and effects against unreasonable searches and seizures, that warrants shall issue only upon probable cause, and generally prevents the American government from issuing modern-day writs of assistance;

WHEREAS, unwarranted government surveillance is an intrusion on basic human rights that threatens the very foundations of a democratic society and this program represents a gross infringement of the freedom of association and the right to privacy and goes far beyond even the permissive limits set by the Patriot Act; and

WHEREAS, Republican House Representative Jim Sensenbrenner, an author of the Patriot Act and Chairman of the House Judiciary Committee at the time of Section 215s passage, called the Section 215 surveillance program an abuse of that law, writing that, based on the scope of the released order, both the administration and the FISA (Foreign Intelligence Surveillance Act) court are relying on an unbounded interpretation of the act that Congress never intended; therefore be it

RESOLVED, the Republican National Committee encourages Republican lawmakers to enact legislation to amend Section 215 of the USA PATRIOT Act, the state secrets privilege, and the FISA Amendments Act to make it clear that blanket surveillance of the Internet activity, phone records and correspondence electronic, physical, and otherwise – of any person residing in the U.S. is prohibited by law and that violations can be reviewed in adversarial proceedings before a public court;

RESOLVED, the Republican National Committee encourages Republican law makers to call for a special committee to investigate, report, and reveal to the public the extent of this domestic spying and the committee should create specific recommendations for legal and regulatory reform to end unconstitutional surveillance as well as hold accountable those public officials who are found to be responsible for this unconstitutional surveillance; and

RESOLVED, the Republican National Committee calls upon Republican lawmakers to immediately take action to halt current unconstitutional surveillance programs and provide a full public accounting of the NSAs data collection programs.

*AT&T has 107.3 million wireless customers and 31.2 million landline customers.Verizon has 98.9 million wireless customers and 22.2 million landline customers while Sprint has 55 million customers in total.

Adam Serwer contributed reporting.

Correction: An earlier version misattributed a partial quote to Stephen Vladeck. It has since been corrected. MSNBC regrets the error.

All In with Chris Hayes, 1/23/14, 9:35 PM ET

Chris Hayes reports on the power of metadata and a new government watchdog ruling on this controversial practice.

Original post:
RNC condemns NSA spying in huge turnaround | MSNBC

Stop the Expansion of NSA Spying – eff.org

Dear friends,

Today, the United States Congress struck a significant blow against the basic human right to read, write, learn, and associate free of governments prying eyes.

Goaded by those who let fear override democratic principles, some members of Congress shuttered public debate in order to pass a bill that extends the National Security Agencys unconstitutional Internet surveillance for six years.

This means six more years of warrantless surveillance under Section 702 of the FISA Amendments Act. This is a long-abused law marketed as targeting foreigners abroad but whichintentionally and by designsubjects a tremendous amount of our Internet activities to government review, as they pass through key Internet checkpoints, and as they are stored by providers like Google and Facebook. Ultimately, the NSA uses Section 702 to sweep in and retain the communications of countless non-suspect Americans.

Todays action also means six more years of FBI access to giant databases of these NSA-collected communications, for purposes of routine domestic law enforcement that stray far from the original justification of national security.

We offer this response to the NSA and its allies in Congress: enjoy it while you can because it wont last.

It didnt have to be this way. Forward-thinking U.S. legislators from both sides of the aisle negotiated compromise bills that, while far from ideal, would have reined in some of the worst abuses of NSA surveillance powers while ensuring our intelligence agents could still do their jobs. But leadership from both Houses prevented the full Congress from considering these measures. For example, Senators were denied the opportunity to consider the USA Rights Act, and Representatives never had an opportunity to vote on the Poe-Lofgren Amendment during Thursday’s floor vote. Both legislative vehicles offered sensible reforms that would have advanced the privacy of innocent American technology users. This procedural maneuvering also meant that your opportunity to make your voices heard was greatly truncated.

While this debate took place in the halls of Washington, the ramifications are global. Millions of people around the world suffer under the NSAs dragnet data collection. EFF fights for the rights of technology users everywhere, and our mission will not be complete until innocent users worldwide can communicate with dignity and privacy. Today Congress demonstrated its lack of regard for the human rights to privacy and association. And it shirked its duty to protect Americans rights under the Constitution.

We offer this response to the National Security Agency and its allies in Congress: enjoy it while you can because it wont last.

Todays Congressional failure redoubles our commitment to seek justice through the courts and through the development and spread of technology that protects our privacy and security.

First, in the courts. Weve actively litigated against NSA spying since 2005. Our flagship lawsuit against mass surveillance Jewel v. NSA is currently in discovery in the District Court, having survived multiple challenges by the government. The government even sought in October to indefinitely delay responding to demands from the court to turn over documentation of surveillance, but the court refused. Instead, they are facing a looming deadline to produce documents to the court: February 16, 2018. Were also confronting NSA mass spying through use of the Freedom of Information Act, supporting the other cases against mass spying, and participating in the few criminal court cases where the government has admitted using evidence collected under Section 702.

We also continue to search for new cases and arguments to challenge NSA mass spying in courtstepping up to the legal challenge of finding people who have admissible evidence that they have been surveilled and can pass the hurdle of standing that has blocked so many before.

We aim to bring mass surveillance to the Supreme Court. By showcasing the unconstitutionality of the NSAs collect-it-all approach to tapping the Internet, well seek to end the dragnet surveillance of millions of innocent people. We know that the wheels of justice turn slowly, especially when it comes to impact litigation against the NSA, but were in this for the long run.

Second, well continue to harden digital platforms to make them resistant to surveillance and increase the ability of everyone to be digitally secure. We will promote widespread encryption through EFF tools like Certbot and HTTPS Everywhere, and well promote the adoption of security tools through education and outreach. Well stand up to ongoing FBI efforts to block or deter our access to strong encryption. Together, we can make it more difficult and more costly for the NSAs spying eyes to ensnare innocent people. And we will help technology users increase their digital security against bad actors.

Finally, we will continue to work with our allies in Congress to expose and restrain NSA surveillance. There is much to do on Capitol Hill, long before the next reauthorization debate in 2023.

Our vision is for a secure digital world, free from government surveillance and censorship. You deserve to have a private conversation online, just as you can have one offline. You deserve the right to associate and organize with others, as well as to read and research, free of government snooping. While Congress failed the American people today, EFF will not. With the support of our more than 40,000 members, we are stronger and more ready than ever to keep up this fight.

Cindy Cohn Executive DirectorElectronic Frontier FoundationJanuary 16, 2018

Public domain image from Trevor Paglen

See the original post:
Stop the Expansion of NSA Spying – eff.org

Congress demanded NSA spying reform. Instead, they let you …

House majority leader Rep. Kevin McCarthy (left), and Rep. Fred Upton (right), both of whom voted to pass the FISA reauthorization bill. (Image: file photo)

For the first time in five years, since the Edward Snowden disclosures that exposed the NSA’s mass surveillance powers and programs, lawmakers had an opportunity this month to rein in and reform the bulk of the government’s powers.

Instead, they balked — in both the House and Senate, unwilling to make even the most minor reforms that would restore Americans’ constitutional rights — for fear that the intelligence agencies might lose access to data that would one day prevent an act of terror.

The Senate passed the “ugly” FISA Amendments Reauthorization Act in a vote 65-34 on Thursday, reauthorizing the so-called “crown jewels” of the intelligence community’s powers, known as section 702, which was set to expire Friday.

Last week, the House voted 256-164 in favor of passing the bill with almost no changes to the original surveillance laws.

The bill will now pass to President Donald Trump, who will almost certainly sign it into law.

Section 702 allows the NSA to gather intelligence on foreigners overseas by collecting data from chokepoints where fiber optic cables owned by telecom giants enter the US. But that collection also incidentally sweeps up large amounts of data on countless Americans, who are constitutionally protected from warrantless surveillance.

Even though section 702 explicitly prohibits the targeting of Americans, the intelligence community can then search those messages without a warrant.

Research released last year showed that the NSA and the FBI, both of which have access to data collected under 702, had violated its powers hundreds of times by conducting unlawful searches and improperly targeting a person or account for surveillance.

Since then, over 40 privacy and transparency groups have called on Congress to reform the government’s section 702 powers. They argued that compelling the NSA to get a warrant before accessing Americans’ data would have no impact on foreign intelligence gathering efforts. Other legislative efforts would compel the government to reveal the approximate number of Americans surveilled under section 702, a promise made by both the Obama and Trump administrations that was later withdrawn.

That effort failed, after months of waiting and almost no meaningful debate in the Senate.

Privacy advocates decried the move.

Demand Progress, a privacy-focused non-profit, said the bill cedes “tremendous power to the executive branch to engage in mass and warrantless surveillance.” The bill allows so-called “backdoor searches” of Americans’ communications, and it expands the NSA’s powers by codifying the “about” collection, making it easier to restart. The NSA agency had to stop “about” collection after it was found to violate the law.

“The US should not be in the business of warrantless, dragnet surveillance of American citizens,” said Sen. Elizabeth Warren (D-MA) in a tweet last week. She voted to not pass the bill.

Human Rights Watch called the powers “direct threats” to both US democracy and human rights. The Open Technology Institute said in a statement that the bill “codifies and may even expand the government’s most concerning practices.” And, the American Civil Liberties Union, which last week called it a “dangerous” bill, said Thursday the reauthorized law “has been repeatedly abused by law enforcement to spy on the electronic communications of Americans and foreigners without a warrant,” in violation of the constitution.

Suffice to say, there was plenty of pushback from civil liberties groups, rights organizations, and privacy and national security lawyers and attorneys, who called for greater protections for Americans.

There were once lawmakers in the House and Senate who called the Snowden disclosures a turning point for the surveillance debate. Five years ago, Congress called for reform. Yet this week, many of the same lawmakers voted for a clean reauthorization of the laws they once criticized.

To name a few:

Rep. Gregory Meeks (D-NY, 5th) said in a bicameral letter in late-2013, months after several significant stories from the Snowden disclosures were first reported and had already sunk in:

“While there is no issue more important than protecting our people and our country from harm, recent revelations have made clear that U.S. surveillance programs have not been conducted with the appropriate degree of restraint and oversight,” he said.

In spite of that, Meeks voted in favor of the bill this week. (By contrast, Sen. Chris Murphy (D-CT), who also signed the letter, did not vote for the bill.)

Rep. Eric Swalwell (D-CA, 15th), who was at the time a member of the Homeland Security Committee, supported an amendment to limit the bulk collection of data by the NSA. He wrote:

“My vote for the bipartisan amendment does not mean I want to abandon our surveillance programs,” he said. “I recognize the important role they have in counterterrorism efforts. But, rather I believe we can limit the scope of our surveillance while still protecting our country. This might require more resources to create a revised program, but it is worthwhile for the sake of our national security and the protections granted in the Fourth Amendment.”

Yet, Swalwell voted to reauthorized the NSA’s surveillance this week.

Rep. Dutch Ruppersberger (D-MD, 2nd) represents the district of NSA headquarters in Fort Meade, and has received donations from the defense and intelligence agencies and industries. He was one of the most outspoken critics of Snowden, and said some of the NSA’s programs were “legal” and “constitutional. A year later, Ruppersberger had a “change of heart” and proposed legislative changes to rein in some of the NSA’s powers.

Yet, Ruppersberger voted to reauthorize the NSA’s surveillance this week.

Rep. Louise Slaughter (D-NY, 25th) said the day after news of the NSA’s bulk phone records collection program was revealed, ensnaring Verizon and other phone giants, that she has “consistently opposed reauthorizations of the USA PATRIOT Act and the Foreign Intelligence Surveillance Act precisely because they grant overly-broad powers that could infringe on our civil liberties.”

“We do not need to choose between security and civil liberties. I am eager to get to the bottom of this and finally enact new laws that protect Americans from the threat of terrorism while also safeguarding privacy rights,” she said in remarks on her website.

Yet, Slaughter voted to reauthorize the NSA’s surveillance this week.

Sen. Mike Enzi (R-WY) pulled no punches when he said in remarks that the NSA’s spying “got completely out of hand” and “disregarded the law.” He said in comments, months after the Snowden leaks first hit the papers, that some of the NSA’s programs “shouldn’t happen in America.”

“We’ve got to stop that,” he said.

Yet, Enzi still voted to reauthorize the NSA’s surveillance.

Rep. Pete Olson (R-TX, 22nd), a former Navy pilot, has long said on his website that he has concerns “about the legality of the government’s ability to collect bulk data on its own citizens without due process.” He voted for the Freedom Act, and later co-sponsored the End Warrantless Surveillance of Americans Act.

“This bill would prohibit warrantless searches of government databases for information that pertains to U.S. citizens,” he said. The bill didn’t make it past committee.

Yet, Olson voted to reauthorize the NSA’s surveillance this week.

Rep. Mike Quigley (D-IL, 5th) said several months after the Snowden disclosures were released — with new stories still coming out daily — that it is “clear that substantial changes to the NSA’s surveillance programs are required to ensure the constitutional rights of the American people are protected.”

Yet, Quigley voted to reauthorize the NSA’s surveillance this week.

Rep. David Schweikert (R-AZ, 6th) said that recommendations made a White House review of NSA powers at the time “fall short” of his expectations. In a statement on his website, he said: “While efforts to reform the collection of metadata and increased oversight on the government’s ability to retain, search, and disseminate private communications is a positive step, it is up to Congress to guarantee the Constitutional rights and civil liberties of Americans are protected from potential fraud and misuse.”

Yet, Schweikert voted to reauthorize the NSA’s surveillance this week.

And finally, Sen. Dianne Feinstein (D-CA), a long-serving member of the Senate Intelligence Committee that gave her far more access to the government’s surveillance and intelligence programs than other lawmakers, has always expressed support for the intelligence community. She also expressed interest in reforming the NSA’s surveillance powers, even this week.

During Wednesday’s brief debate before a cloture vote was called, ending all debate on the bill, Feinstein said she would “like to see more reforms in this program, and perhaps that is something those of us on the Intelligence Committee can strive for.”

Yet, Feinstein still voted to reauthorize the NSA’s surveillance.

The FISA Act will sunset in six years.

Contact me securely

Zack Whittaker can be reached securely on Signal and WhatsApp at 646-7558849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Read More

View post:
Congress demanded NSA spying reform. Instead, they let you …

National Security Agency – Wikipedia

National Security Agency

Seal of the National Security Agency

Flag of the National Security Agency

The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence. The NSA is responsible for global monitoring, collection, and processing of information and data for foreign intelligence and counterintelligence purposes, specializing in a discipline known as signals intelligence (SIGINT). The NSA is also tasked with the protection of U.S. communications networks and information systems.[8][9] The NSA relies on a variety of measures to accomplish its mission, the majority of which are clandestine.[10]

Originating as a unit to decipher coded communications in World War II, it was officially formed as the NSA by President Harry S. Truman in 1952. Since then, it has become one of the largest U.S. intelligence organizations in terms of personnel and budget.[6][11] The NSA currently conducts worldwide mass data collection and has been known to physically bug electronic systems as one method to this end.[12] The NSA has also been alleged to have been behind such attack software as Stuxnet, which severely damaged Iran’s nuclear program.[13][14] The NSA, alongside the Central Intelligence Agency (CIA), maintains a physical presence in many countries across the globe; the CIA/NSA joint Special Collection Service (a highly classified intelligence team) inserts eavesdropping devices in high value targets (such as Presidential palaces or embassies). SCS collection tactics allegedly encompass “close surveillance, burglary, wiretapping, [and] breaking and entering”.[15][16]

Unlike the CIA and the Defense Intelligence Agency (DIA), both of which specialize primarily in foreign human espionage, the NSA does not publicly conduct human-source intelligence gathering. The NSA is entrusted with providing assistance to, and the coordination of, SIGINT elements for other government organizations – which are prevented by law from engaging in such activities on their own.[17] As part of these responsibilities, the agency has a co-located organization called the Central Security Service (CSS), which facilitates cooperation between the NSA and other U.S. defense cryptanalysis components. To further ensure streamlined communication between the signals intelligence community divisions, the NSA Director simultaneously serves as the Commander of the United States Cyber Command and as Chief of the Central Security Service.

The NSA’s actions have been a matter of political controversy on several occasions, including its spying on anti-Vietnam-war leaders and the agency’s participation in economic espionage. In 2013, the NSA had many of its secret surveillance programs revealed to the public by Edward Snowden, a former NSA contractor. According to the leaked documents, the NSA intercepts and stores the communications of over a billion people worldwide, including United States citizens. The documents also revealed the NSA tracks hundreds of millions of people’s movements using cellphones metadata. Internationally, research has pointed to the NSA’s ability to surveil the domestic Internet traffic of foreign countries through “boomerang routing”.[18]

The origins of the National Security Agency can be traced back to April 28, 1917, three weeks after the U.S. Congress declared war on Germany in World War I. A code and cipher decryption unit was established as the Cable and Telegraph Section which was also known as the Cipher Bureau. It was headquartered in Washington, D.C. and was part of the war effort under the executive branch without direct Congressional authorization. During the course of the war it was relocated in the army’s organizational chart several times. On July 5, 1917, Herbert O. Yardley was assigned to head the unit. At that point, the unit consisted of Yardley and two civilian clerks. It absorbed the navy’s Cryptanalysis functions in July 1918. World War I ended on November 11, 1918, and the army cryptographic section of Military Intelligence (MI-8) moved to New York City on May 20, 1919, where it continued intelligence activities as the Code Compilation Company under the direction of Yardley.[19][20]

After the disbandment of the U.S. Army cryptographic section of military intelligence, known as MI-8, in 1919, the U.S. government created the Cipher Bureau, also known as Black Chamber. The Black Chamber was the United States’ first peacetime cryptanalytic organization.[21] Jointly funded by the Army and the State Department, the Cipher Bureau was disguised as a New York City commercial code company; it actually produced and sold such codes for business use. Its true mission, however, was to break the communications (chiefly diplomatic) of other nations. Its most notable known success was at the Washington Naval Conference, during which it aided American negotiators considerably by providing them with the decrypted traffic of many of the conference delegations, most notably the Japanese. The Black Chamber successfully persuaded Western Union, the largest U.S. telegram company at the time, as well as several other communications companies to illegally give the Black Chamber access to cable traffic of foreign embassies and consulates.[22] Soon, these companies publicly discontinued their collaboration.

Despite the Chamber’s initial successes, it was shut down in 1929 by U.S. Secretary of State Henry L. Stimson, who defended his decision by stating, “Gentlemen do not read each other’s mail”.[23]

During World War II, the Secret Intelligence Service (SIS) was created to intercept and decipher the communications of the Axis powers.[24] When the war ended, the SIS was reorganized as the Army Security Agency (ASA), and it was placed under the leadership of the Director of Military Intelligence.[24]

On May 20, 1949, all cryptologic activities were centralized under a national organization called the Armed Forces Security Agency (AFSA).[24] This organization was originally established within the U.S. Department of Defense under the command of the Joint Chiefs of Staff.[25] The AFSA was tasked to direct Department of Defense communications and electronic intelligence activities, except those of U.S. military intelligence units.[25] However, the AFSA was unable to centralize communications intelligence and failed to coordinate with civilian agencies that shared its interests such as the Department of State, Central Intelligence Agency (CIA) and the Federal Bureau of Investigation (FBI).[25] In December 1951, President Harry S. Truman ordered a panel to investigate how AFSA had failed to achieve its goals. The results of the investigation led to improvements and its redesignation as the National Security Agency.[26]

The agency was formally established by Truman in a memorandum of October 24, 1952, that revised National Security Council Intelligence Directive (NSCID) 9.[27] Since President Truman’s memo was a classified document,[27] the existence of the NSA was not known to the public at that time. Due to its ultra-secrecy the U.S. intelligence community referred to the NSA as “No Such Agency”.[28]

In the 1960s, the NSA played a key role in expanding U.S. commitment to the Vietnam War by providing evidence of a North Vietnamese attack on the American destroyer USSMaddox during the Gulf of Tonkin incident.[29]

A secret operation, code-named “MINARET”, was set up by the NSA to monitor the phone communications of Senators Frank Church and Howard Baker, as well as major civil rights leaders, including Martin Luther King, Jr., and prominent U.S. journalists and athletes who criticized the Vietnam War.[30] However, the project turned out to be controversial, and an internal review by the NSA concluded that its Minaret program was “disreputable if not outright illegal”.[30]

The NSA mounted a major effort to secure tactical communications among U.S. forces during the war with mixed success. The NESTOR family of compatible secure voice systems it developed was widely deployed during the Vietnam War, with about 30,000 NESTOR sets produced. However a variety of technical and operational problems limited their use, allowing the North Vietnamese to exploit and intercept U.S. communications.[31]:Vol I, p.79

In the aftermath of the Watergate scandal, a congressional hearing in 1975 led by Sen. Frank Church[32] revealed that the NSA, in collaboration with Britain’s SIGINT intelligence agency Government Communications Headquarters (GCHQ), had routinely intercepted the international communications of prominent anti-Vietnam war leaders such as Jane Fonda and Dr. Benjamin Spock.[33] Following the resignation of President Richard Nixon, there were several investigations of suspected misuse of FBI, CIA and NSA facilities.[34] Senator Frank Church uncovered previously unknown activity,[34] such as a CIA plot (ordered by the administration of President John F. Kennedy) to assassinate Fidel Castro.[35] The investigation also uncovered NSA’s wiretaps on targeted U.S. citizens.[36]

After the Church Committee hearings, the Foreign Intelligence Surveillance Act of 1978 was passed into law. This was designed to limit the practice of mass surveillance in the United States.[34]

In 1986, the NSA intercepted the communications of the Libyan government during the immediate aftermath of the Berlin discotheque bombing. The White House asserted that the NSA interception had provided “irrefutable” evidence that Libya was behind the bombing, which U.S. President Ronald Reagan cited as a justification for the 1986 United States bombing of Libya.[37][38]

In 1999, a multi-year investigation by the European Parliament highlighted the NSA’s role in economic espionage in a report entitled ‘Development of Surveillance Technology and Risk of Abuse of Economic Information’.[39] That year, the NSA founded the NSA Hall of Honor, a memorial at the National Cryptologic Museum in Fort Meade, Maryland.[40] The memorial is a, “tribute to the pioneers and heroes who have made significant and long-lasting contributions to American cryptology”.[40] NSA employees must be retired for more than fifteen years to qualify for the memorial.[40]

NSA’s infrastructure deteriorated in the 1990s as defense budget cuts resulted in maintenance deferrals. On January 24, 2000, NSA headquarters suffered a total network outage for three days caused by an overloaded network. Incoming traffic was successfully stored on agency servers, but it could not be directed and processed. The agency carried out emergency repairs at a cost of $3 million to get the system running again. (Some incoming traffic was also directed instead to Britain’s GCHQ for the time being.) Director Michael Hayden called the outage a “wake-up call” for the need to invest in the agency’s infrastructure.[41]

In the aftermath of the September 11 attacks, the NSA created new IT systems to deal with the flood of information from new technologies like the Internet and cellphones. ThinThread contained advanced data mining capabilities. It also had a “privacy mechanism”; surveillance was stored encrypted; decryption required a warrant. The research done under this program may have contributed to the technology used in later systems. ThinThread was cancelled when Michael Hayden chose Trailblazer, which did not include ThinThread’s privacy system.[42]

Trailblazer Project ramped up in 2002 and was worked on by Science Applications International Corporation (SAIC), Boeing, Computer Sciences Corporation, IBM, and Litton Industries. Some NSA whistleblowers complained internally about major problems surrounding Trailblazer. This led to investigations by Congress and the NSA and DoD Inspectors General. The project was cancelled in early 2004.

Turbulence started in 2005. It was developed in small, inexpensive “test” pieces, rather than one grand plan like Trailblazer. It also included offensive cyber-warfare capabilities, like injecting malware into remote computers. Congress criticized Turbulence in 2007 for having similar bureaucratic problems as Trailblazer.[43] It was to be a realization of information processing at higher speeds in cyberspace.[44]

The massive extent of the NSA’s spying, both foreign and domestic, was revealed to the public in a series of detailed disclosures of internal NSA documents beginning in June 2013. Most of the disclosures were leaked by former NSA contractor, Edward Snowden.

NSA’s eavesdropping mission includes radio broadcasting, both from various organizations and individuals, the Internet, telephone calls, and other intercepted forms of communication. Its secure communications mission includes military, diplomatic, and all other sensitive, confidential or secret government communications.[45]

According to a 2010 article in The Washington Post, “[e]very day, collection systems at the National Security Agency intercept and store 1.7billion e-mails, phone calls and other types of communications. The NSA sorts a fraction of those into 70 separate databases.”[46]

Because of its listening task, NSA/CSS has been heavily involved in cryptanalytic research, continuing the work of predecessor agencies which had broken many World War II codes and ciphers (see, for instance, Purple, Venona project, and JN-25).

In 2004, NSA Central Security Service and the National Cyber Security Division of the Department of Homeland Security (DHS) agreed to expand NSA Centers of Academic Excellence in Information Assurance Education Program.[47]

As part of the National Security Presidential Directive 54/Homeland Security Presidential Directive 23 (NSPD 54), signed on January 8, 2008, by President Bush, the NSA became the lead agency to monitor and protect all of the federal government’s computer networks from cyber-terrorism.[9]

The NSA intercepts telephone and Internet communications of over a billion people worldwide, seeking information on foreign politics, military developments, terrorist activity, pertinet economic developments,[48] and “commercial secrets”.[49] A dedicated unit of the NSA locates targets for the CIA for extrajudicial assassination in the Middle East.[50] The NSA has also spied extensively on the European Union, the United Nations and numerous governments including allies and trading partners in Europe, South America and Asia.[51][52]

In the United States, at least since 2001,[53] there has been legal controversy over what signal intelligence can be used for and how much freedom the National Security Agency has to use signal intelligence.[54] The government has made, in 2015, slight changes in how it uses and collects certain types of data,[55] specifically phone records.

On December 16, 2005, The New York Times reported that, under White House pressure and with an executive order from President George W. Bush, the National Security Agency, in an attempt to thwart terrorism, had been tapping phone calls made to persons outside the country, without obtaining warrants from the United States Foreign Intelligence Surveillance Court, a secret court created for that purpose under the Foreign Intelligence Surveillance Act (FISA).[56]

One such surveillance program, authorized by the U.S. Signals Intelligence Directive 18 of President George Bush, was the Highlander Project undertaken for the National Security Agency by the U.S. Army 513th Military Intelligence Brigade. NSA relayed telephone (including cell phone) conversations obtained from ground, airborne, and satellite monitoring stations to various U.S. Army Signal Intelligence Officers, including the 201st Military Intelligence Battalion. Conversations of citizens of the U.S. were intercepted, along with those of other nations.[57]

Proponents of the surveillance program claim that the President has executive authority to order such action, arguing that laws such as FISA are overridden by the President’s Constitutional powers. In addition, some argued that FISA was implicitly overridden by a subsequent statute, the Authorization for Use of Military Force, although the Supreme Court’s ruling in Hamdan v. Rumsfeld deprecates this view. In the August 2006 case ACLU v. NSA, U.S. District Court Judge Anna Diggs Taylor concluded that NSA’s warrantless surveillance program was both illegal and unconstitutional. On July 6, 2007, the 6th Circuit Court of Appeals vacated the decision on the grounds that the ACLU lacked standing to bring the suit.[58]

On January 17, 2006, the Center for Constitutional Rights filed a lawsuit, CCR v. Bush, against the George W. Bush Presidency. The lawsuit challenged the National Security Agency’s (NSA’s) surveillance of people within the U.S., including the interception of CCR emails without securing a warrant first.[59][60]

In September 2008, the Electronic Frontier Foundation (EFF) filed a class action lawsuit against the NSA and several high-ranking officials of the Bush administration,[61] charging an “illegal and unconstitutional program of dragnet communications surveillance,”[62] based on documentation provided by former AT&T technician Mark Klein.[63]

As a result of the USA Freedom Act passed by Congress in June 2015, the NSA had to shut down its bulk phone surveillance program on November 29 of the same year. The USA Freedom Act forbids the NSA to collect metadata and content of phone calls unless it has a warrant for terrorism investigation. In that case the agency has to ask the telecom companies for the record, which will only be kept for six months.

In May 2006, Mark Klein, a former AT&T employee, alleged that his company had cooperated with NSA in installing Narus hardware to replace the FBI Carnivore program, to monitor network communications including traffic between U.S. citizens.[64]

NSA was reported in 2008 to use its computing capability to analyze “transactional” data that it regularly acquires from other government agencies, which gather it under their own jurisdictional authorities. As part of this effort, NSA now monitors huge volumes of records of domestic email data, web addresses from Internet searches, bank transfers, credit-card transactions, travel records, and telephone data, according to current and former intelligence officials interviewed by The Wall Street Journal. The sender, recipient, and subject line of emails can be included, but the content of the messages or of phone calls are not.[65]

A 2013 advisory group for the Obama administration, seeking to reform NSA spying programs following the revelations of documents released by Edward J. Snowden.[66] mentioned in ‘Recommendation 30’ on page 37, “…that the National Security Council staff should manage an interagency process to review on a regular basis the activities of the US Government regarding attacks that exploit a previously unknown vulnerability in a computer application.” Retired cyber security expert Richard A. Clarke was a group member and stated on April 11 that NSA had no advance knowledge of Heartbleed.[67]

In August 2013 it was revealed that a 2005 IRS training document showed that NSA intelligence intercepts and wiretaps, both foreign and domestic, were being supplied to the Drug Enforcement Administration (DEA) and Internal Revenue Service (IRS) and were illegally used to launch criminal investigations of US citizens. Law enforcement agents were directed to conceal how the investigations began and recreate an apparently legal investigative trail by re-obtaining the same evidence by other means.[68][69]

In the months leading to April 2009, the NSA intercepted the communications of U.S. citizens, including a Congressman, although the Justice Department believed that the interception was unintentional. The Justice Department then took action to correct the issues and bring the program into compliance with existing laws.[70] United States Attorney General Eric Holder resumed the program according to his understanding of the Foreign Intelligence Surveillance Act amendment of 2008, without explaining what had occurred.[71]

Polls conducted in June 2013 found divided results among Americans regarding NSA’s secret data collection.[72]Rasmussen Reports found that 59% of Americans disapprove,[73]Gallup found that 53% disapprove,[74] and Pew found that 56% are in favor of NSA data collection.[75]

On April 25, 2013, the NSA obtained a court order requiring Verizon’s Business Network Services to provide metadata on all calls in its system to the NSA “on an ongoing daily basis” for a three-month period, as reported by The Guardian on June 6, 2013. This information includes “the numbers of both parties on a call… location data, call duration, unique identifiers, and the time and duration of all calls” but not “[t]he contents of the conversation itself”. The order relies on the so-called “business records” provision of the Patriot Act.[76][77]

In August 2013, following the Snowden leaks, new details about the NSA’s data mining activity were revealed. Reportedly, the majority of emails into or out of the United States are captured at “selected communications links” and automatically analyzed for keywords or other “selectors”. Emails that do not match are deleted.[78]

The utility of such a massive metadata collection in preventing terrorist attacks is disputed. Many studies reveal the dragnet like system to be ineffective. One such report, released by the New America Foundation concluded that after an analysis of 225 terrorism cases, the NSA “had no discernible impact on preventing acts of terrorism.”[79]

Defenders of the program said that while metadata alone can’t provide all the information necessary to prevent an attack, it assures the ability to “connect the dots”[80] between suspect foreign numbers and domestic numbers with a speed only the NSA’s software is capable of. One benefit of this is quickly being able to determine the difference between suspicious activity and real threats.[citation needed] As an example, NSA director General Keith Alexander mentioned at the annual Cybersecurity Summit in 2013, that metadata analysis of domestic phone call records after the Boston Marathon bombing helped determine that[clarification needed] another attack in New York was baseless.[80]

In addition to doubts about its effectiveness, many people argue that the collection of metadata is an unconstitutional invasion of privacy. As of 2015[update], the collection process remains legal and grounded in the ruling from Smith v. Maryland (1979). A prominent opponent of the data collection and its legality is U.S. District Judge Richard J. Leon, who issued a report in 2013[81] in which he stated: “I cannot imagine a more ‘indiscriminate’ and ‘arbitrary invasion’ than this systematic and high tech collection and retention of personal data on virtually every single citizen for purposes of querying and analyzing it without prior judicial approval…Surely, such a program infringes on ‘that degree of privacy’ that the founders enshrined in the Fourth Amendment”.

As of May 7, 2015, the U.S. Court of Appeals for the Second Circuit ruled that the interpretation of Section 215 of the Patriot Act was wrong and that the NSA program that has been collecting Americans’ phone records in bulk is illegal.[82] It stated that Section 215 cannot be clearly interpreted to allow government to collect national phone data and, as a result, expired on June 1, 2015. This ruling “is the first time a higher-level court in the regular judicial system has reviewed the N.S.A. phone records program.” [83] The replacement law known as the U.S.A. Freedom Act, which will enable the NSA to continue to have bulk access to citizens’ metadata but with the stipulation that the data will now be stored by the companies themselves.[83] This change will not have any effect on other Agency procedures – outside of metadata collection – which have purportedly challenged Americans’ Fourth Amendment rights;,[84] including Upstream collection, a mass of techniques used by the Agency to collect and store American’s data/communications directly from the Internet backbone.[85]

Under programs like PRISM, the NSA paid billions of dollars to telecommunications companies in order to collect data from them.[86] While companies such as Google and Yahoo! claim that they do not provide “direct access” from their servers to the NSA unless under a court order,[87] the NSA had access to emails, phone calls and cellular data users.[88] Under this new ruling, telecommunications companies maintain bulk user metadata on their servers for at least 18 months, to be provided upon request to the NSA.[83] This ruling made the mass storage of specific phone records at NSA datacenters illegal, but it did not rule on Section 215’s constitutionality.[83]

In a declassified document it was revealed that 17,835 phone lines were on an improperly permitted “alert list” from 2006 to 2009 in breach of compliance, which tagged these phone lines for daily monitoring.[89][90][91] Eleven percent of these monitored phone lines met the agency’s legal standard for “reasonably articulable suspicion” (RAS).[89][92] The NSA tracks the locations of hundreds of millions of cellphones per day, allowing it to map people’s movements and relationships in detail.[93] The NSA has been reported to have access to all communications made via Google, Microsoft, Facebook, Yahoo, YouTube, AOL, Skype, Apple and Paltalk,[94] and collects hundreds of millions of contact lists from personal email and instant messaging accounts each year.[95] It has also managed to weaken much of the encryption used on the Internet (by collaborating with, coercing or otherwise infiltrating numerous technology companies to leave “backdoors” into their systems), so that the majority of encryption is inadverently vulnerable to different forms of attack.[96][97]

Domestically, the NSA has been proven to collect and store metadata records of phone calls,[98] including over 120 million US Verizon subscribers,[99] as well as intercept vast amounts of communications via the internet (Upstream).[94] The government’s legal standing had been to rely on a secret interpretation of the Patriot Act whereby the entirety of US communications may be considered “relevant” to a terrorism investigation if it is expected that even a tiny minority may relate to terrorism.[100] The NSA also supplies foreign intercepts to the DEA, IRS and other law enforcement agencies, who use these to initiate criminal investigations. Federal agents are then instructed to “recreate” the investigative trail via parallel construction.[101]

The NSA also spies on influential Muslims to obtain information that could be used to discredit them, such as their use of pornography. The targets, both domestic and abroad, are not suspected of any crime but hold religious or political views deemed “radical” by the NSA.[102]

According to a report in The Washington Post in July 2014, relying on information provided by Snowden, 90% of those placed under surveillance in the U.S. are ordinary Americans, and are not the intended targets. The newspaper said it had examined documents including emails, text messages, and online accounts that support the claim.[103]

Despite White House claims that these programs have congressional oversight, many members of Congress were unaware of the existence of these NSA programs or the secret interpretation of the Patriot Act, and have consistently been denied access to basic information about them.[104] The United States Foreign Intelligence Surveillance Court, the secret court charged with regulating the NSA’s activities is, according to its chief judge, incapable of investigating or verifying how often the NSA breaks even its own secret rules.[105] It has since been reported that the NSA violated its own rules on data access thousands of times a year, many of these violations involving large-scale data interceptions.[106] NSA officers have even used data intercepts to spy on love interests;[107] “most of the NSA violations were self-reported, and each instance resulted in administrative action of termination.”[108]

The NSA has “generally disregarded the special rules for disseminating United States person information” by illegally sharing its intercepts with other law enforcement agencies.[109] A March 2009 FISA Court opinion, which the court released, states that protocols restricting data queries had been “so frequently and systemically violated that it can be fairly said that this critical element of the overall … regime has never functioned effectively.”[110][111] In 2011 the same court noted that the “volume and nature” of the NSA’s bulk foreign Internet intercepts was “fundamentally different from what the court had been led to believe”.[109] Email contact lists (including those of US citizens) are collected at numerous foreign locations to work around the illegality of doing so on US soil.[95]

Legal opinions on the NSA’s bulk collection program have differed. In mid-December 2013, U.S. District Judge Richard Leon ruled that the “almost-Orwellian” program likely violates the Constitution, and wrote, “I cannot imagine a more ‘indiscriminate’ and ‘arbitrary invasion’ than this systematic and high-tech collection and retention of personal data on virtually every single citizen for purposes of querying and analyzing it without prior judicial approval. Surely, such a program infringes on ‘that degree of privacy’ that the Founders enshrined in the Fourth Amendment. Indeed, I have little doubt that the author of our Constitution, James Madison, who cautioned us to beware ‘the abridgement of freedom of the people by gradual and silent encroachments by those in power,’ would be aghast.”[112]

Later that month, U.S. District Judge William Pauley ruled that the NSA’s collection of telephone records is legal and valuable in the fight against terrorism. In his opinion, he wrote, “a bulk telephony metadata collection program [is] a wide net that could find and isolate gossamer contacts among suspected terrorists in an ocean of seemingly disconnected data” and noted that a similar collection of data prior to 9/11 might have prevented the attack.[113]

At a March 2013 Senate Intelligence Committee hearing, Senator Ron Wyden asked Director of National Intelligence James Clapper, “does the NSA collect any type of data at all on millions or hundreds of millions of Americans?” Clapper replied “No, sir. … Not wittingly. There are cases where they could inadvertently perhaps collect, but not wittingly.”[114] This statement came under scrutiny months later, in June 2013, details of the PRISM surveillance program were published, showing that “the NSA apparently can gain access to the servers of nine Internet companies for a wide range of digital data.”[114] Wyden said that Clapper had failed to give a “straight answer” in his testimony. Clapper, in response to criticism, said, “I responded in what I thought was the most truthful, or least untruthful manner.” Clapper added, “There are honest differences on the semantics of what — when someone says collection to me, that has a specific meaning, which may have a different meaning to him.”[114]

NSA whistler-blower Edward Snowden additionally revealed the existence of XKeyscore, a top secret NSA program that allows the agency to search vast databases of “the metadata as well as the content of emails and other internet activity, such as browser history,” with capability to search by “name, telephone number, IP address, keywords, the language in which the internet activity was conducted or the type of browser used.”[115] XKeyscore “provides the technological capability, if not the legal authority, to target even US persons for extensive electronic surveillance without a warrant provided that some identifying information, such as their email or IP address, is known to the analyst.”[115]

Regarding the necessity of these NSA programs, Alexander stated on June 27 that the NSA’s bulk phone and Internet intercepts had been instrumental in preventing 54 terrorist “events”, including 13 in the US, and in all but one of these cases had provided the initial tip to “unravel the threat stream”.[116] On July 31 NSA Deputy Director John Inglis conceded to the Senate that these intercepts had not been vital in stopping any terrorist attacks, but were “close” to vital in identifying and convicting four San Diego men for sending US$8,930 to Al-Shabaab, a militia that conducts terrorism in Somalia.[117][118][119]

The U.S. government has aggressively sought to dismiss and challenge Fourth Amendment cases raised against it, and has granted retroactive immunity to ISPs and telecoms participating in domestic surveillance.[120][121] The U.S. military has acknowledged blocking access to parts of The Guardian website for thousands of defense personnel across the country,[122][123] and blocking the entire Guardian website for personnel stationed throughout Afghanistan, the Middle East, and South Asia.[124]

An October 2014 United Nations report condemned mass surveillance by the United States and other countries as violating multiple international treaties and conventions that guarantee core privacy rights.[125]

The Wikimedia Foundation and several other plaintiffs filed suit against the NSA in 2015, Wikimedia Foundation v. NSA, for the violation of their user’s First and Fourth Amendement rights by the Agency’s mass surveillance programs like Upstream.[126] The suit was initially dismissed, but was later found to have plausible and legal standing to its complaints by the US Court of Appeals for the Fourth Circuit and was remanded. The case is currently awaiting further proceedings at the United States District Court for the District of Maryland.[127]

An exploit, EternalBlue, which is believed to have been created by the NSA, was used in the unprecedented worldwide WannaCry ransomware attack in May 2017. The exploit had been leaked online by a hacking group, The Shadow Brokers, nearly a month prior to the attack. A number of experts have pointed the finger at the NSA’s non-disclosure of the underlying vulnerability, and their loss of control over the EternalBlue attack tool that exploited it. Edward Snowden said that if the NSA had “privately disclosed the flaw used to attack hospitals when they found it, not when they lost it, [the attack] might not have happened”.[128] Wikipedia co-founder, Jimmy Wales, stated that he joined “with Microsoft and the other leaders of the industry in saying this is a huge screw-up by the government … the moment the NSA found it, they should have notified Microsoft so they could quietly issue a patch and really chivvy people along, long before it became a huge problem.”[129]

Operations by the National Security Agency can be divided in three types:

CAPRI OS is a National Security Agency codename for a project that is sent SSH and SSL intercepts for post-processing.[130]

“Echelon” was created in the incubator of the Cold War.[131] Today it is a legacy system, and several NSA stations are closing.[132]

NSA/CSS, in combination with the equivalent agencies in the United Kingdom (Government Communications Headquarters), Canada (Communications Security Establishment), Australia (Defence Signals Directorate), and New Zealand (Government Communications Security Bureau), otherwise known as the UKUSA group,[133] was reported to be in command of the operation of the so-called ECHELON system. Its capabilities were suspected to include the ability to monitor a large proportion of the world’s transmitted civilian telephone, fax and data traffic.[134]

During the early 1970s, the first of what became more than eight large satellite communications dishes were installed at Menwith Hill.[135] Investigative journalist Duncan Campbell reported in 1988 on the “ECHELON” surveillance program, an extension of the UKUSA Agreement on global signals intelligence SIGINT, and detailed how the eavesdropping operations worked.[136] On November 3, 1999 the BBC reported that they had confirmation from the Australian Government of the existence of a powerful “global spying network” code-named Echelon, that could “eavesdrop on every single phone call, fax or e-mail, anywhere on the planet” with Britain and the United States as the chief protagonists. They confirmed that Menwith Hill was “linked directly to the headquarters of the US National Security Agency (NSA) at Fort Meade in Maryland”.[137]

NSA’s United States Signals Intelligence Directive 18 (USSID 18) strictly prohibited the interception or collection of information about “… U.S. persons, entities, corporations or organizations….” without explicit written legal permission from the United States Attorney General when the subject is located abroad, or the Foreign Intelligence Surveillance Court when within U.S. borders. Alleged Echelon-related activities, including its use for motives other than national security, including political and industrial espionage, received criticism from countries outside the UKUSA alliance.[138][139]

The NSA was also involved in planning to blackmail people with “SEXINT”, intelligence gained about a potential target’s sexual activity and preferences. Those targeted had not committed any apparent crime nor were they charged with one.[140]

In order to support its facial recognition program, the NSA is intercepting “millions of images per day”.[141]

The Real Time Regional Gateway is a data collection program introduced in 2005 in Iraq by NSA during the Iraq War that consisted of gathering all electronic communication, storing it, then searching and otherwise analyzing it. It was effective in providing information about Iraqi insurgents who had eluded less comprehensive techniques.[142] This “collect it all” strategy introduced by NSA director, Keith B. Alexander, is believed by Glenn Greenwald of The Guardian to be the model for the comprehensive worldwide mass archiving of communications which NSA is engaged in as of 2013.[143]

Edward Snowden revealed in June 2013 that between February 8 and March 8, 2013, the NSA collected about 124.8billion telephone data items and 97.1billion computer data items throughout the world, as was displayed in charts from an internal NSA tool codenamed Boundless Informant. It was reported that some of these data reflected eavesdropping on citizens in countries like Germany, Spain and France.[144]

BoundlessInformant employs big data databases, cloud computing technology, and Free and Open Source Software (FOSS) to analyze data collected worldwide by the NSA.[145]

In 2013, reporters uncovered a secret memo that claims the NSA created and pushed for the adoption of the Dual EC DRBG encryption standard that contained built-in vulnerabilities in 2006 to the United States National Institute of Standards and Technology (NIST), and the International Organization for Standardization (aka ISO).[146][147] This memo appears to give credence to previous speculation by cryptographers at Microsoft Research.[148]Edward Snowden claims that the NSA often bypasses encryption altogether by lifting information before it is encrypted or after it is decrypted.[147]

XKeyscore rules (as specified in a file xkeyscorerules100.txt, sourced by German TV stations NDR and WDR, who claim to have excerpts from its source code) reveal that the NSA tracks users of privacy-enhancing software tools, including Tor; an anonymous email service provided by the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) in Cambridge, Massachusetts; and readers of the Linux Journal.[149][150]

Linus Torvalds, the founder of Linux kernel, joked during a LinuxCon keynote on September 18, 2013, that the NSA, who are the founder of SELinux, wanted a backdoor in the kernel.[151] However, later, Linus’ father, a Member of the European Parliament (MEP), revealed that the NSA actually did this.[152]

When my oldest son was asked the same question: “Has he been approached by the NSA about backdoors?” he said “No”, but at the same time he nodded. Then he was sort of in the legal free. He had given the right answer, everybody understood that the NSA had approached him.

IBM Notes was the first widely adopted software product to use public key cryptography for clientserver and serverserver authentication and for encryption of data. Until US laws regulating encryption were changed in 2000, IBM and Lotus were prohibited from exporting versions of Notes that supported symmetric encryption keys that were longer than 40 bits. In 1997, Lotus negotiated an agreement with the NSA that allowed export of a version that supported stronger keys with 64 bits, but 24 of the bits were encrypted with a special key and included in the message to provide a “workload reduction factor” for the NSA. This strengthened the protection for users of Notes outside the US against private-sector industrial espionage, but not against spying by the US government.[154][155]

While it is assumed that foreign transmissions terminating in the U.S. (such as a non-U.S. citizen accessing a U.S. website) subject non-U.S. citizens to NSA surveillance, recent research into boomerang routing has raised new concerns about the NSA’s ability to surveil the domestic Internet traffic of foreign countries.[18] Boomerang routing occurs when an Internet transmission that originates and terminates in a single country transits another. Research at the University of Toronto has suggested that approximately 25% of Canadian domestic traffic may be subject to NSA surveillance activities as a result of the boomerang routing of Canadian Internet service providers.[18]

Intercepted packages are opened carefully by NSA employees

A “load station” implanting a beacon

A document included in NSA files released with Glenn Greenwald’s book No Place to Hide details how the agency’s Tailored Access Operations (TAO) and other NSA units gain access to hardware. They intercept routers, servers and other network hardware being shipped to organizations targeted for surveillance and install covert implant firmware onto them before they are delivered. This was described by an NSA manager as “some of the most productive operations in TAO because they preposition access points into hard target networks around the world.”[156]

Computers seized by the NSA due to interdiction are often modified with a physical device known as Cottonmouth.[157] Cottonmouth is a device that can be inserted in the USB port of a computer in order to establish remote access to the targeted machine. According to NSA’s Tailored Access Operations (TAO) group implant catalog, after implanting Cottonmouth, the NSA can establish Bridging (networking) “that allows the NSA to load exploit software onto modified computers as well as allowing the NSA to relay commands and data between hardware and software implants.”[158]

NSA’s mission, as set forth in Executive Order 12333 in 1981, is to collect information that constitutes “foreign intelligence or counterintelligence” while not “acquiring information concerning the domestic activities of United States persons”. NSA has declared that it relies on the FBI to collect information on foreign intelligence activities within the borders of the United States, while confining its own activities within the United States to the embassies and missions of foreign nations.[159] The appearance of a ‘Domestic Surveillance Directorate’ of the NSA was soon exposed as a hoax in 2013.[160][161]

NSA’s domestic surveillance activities are limited by the requirements imposed by the Fourth Amendment to the U.S. Constitution. The Foreign Intelligence Surveillance Court for example held in October 2011, citing multiple Supreme Court precedents, that the Fourth Amendment prohibitions against unreasonable searches and seizures applies to the contents of all communications, whatever the means, because “a person’s private communications are akin to personal papers.”[162] However, these protections do not apply to non-U.S. persons located outside of U.S. borders, so the NSA’s foreign surveillance efforts are subject to far fewer limitations under U.S. law.[163] The specific requirements for domestic surveillance operations are contained in the Foreign Intelligence Surveillance Act of 1978 (FISA), which does not extend protection to non-U.S. citizens located outside of U.S. territory.[163]

George W. Bush, president during the 9/11 terrorist attacks, approved the Patriot Act shortly after the attacks to take anti-terrorist security measures. Title 1, 2, and 9 specifically authorized measures that would be taken by the NSA. These titles granted enhanced domestic security against terrorism, surveillance procedures, and improved intelligence, respectively. On March 10, 2004, there was a debate between President Bush and White House Counsel Alberto Gonzales, Attorney General John Ashcroft, and Acting Attorney General James Comey. The Attorney Generals were unsure if the NSA’s programs could be considered constitutional. They threatened to resign over the matter, but ultimately the NSA’s programs continued.[164] On March 11, 2004, President Bush signed a new authorization for mass surveillance of Internet records, in addition to the surveillance of phone records. This allowed the president to be able to override laws such as the Foreign Intelligence Surveillance Act, which protected civilians from mass surveillance. In addition to this, President Bush also signed that the measures of mass surveillance were also retroactively in place.[165]

Under the PRISM program, which started in 2007,[166][167] NSA gathers Internet communications from foreign targets from nine major U.S. Internet-based communication service providers: Microsoft,[168]Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube and Apple. Data gathered include email, video and voice chat, videos, photos, VoIP chats such as Skype, and file transfers.

In June 2015, Wikileaks published documents, which showed that NSA spied on French companies.[169]

In July 2015, WikiLeaks published documents, which showed that NSA spied on federal German ministries since the 1990s.[170][171] Even Germany’s Chancellor Angela Merkel’s cellphones and phone of her predecessors had been intercepted.[172]

Former NSA director General Keith Alexander claimed that in September 2009 the NSA prevented Najibullah Zazi and his friends from carrying out a terrorist attack.[173] However, this claim has been debunked and no evidence has been presented demonstrating that the NSA has ever been instrumental in preventing a terrorist attack.[174][175][176][177]

Besides the more traditional ways of eavesdropping in order to collect signals intelligence, NSA is also engaged in hacking computers, smartphones and their networks. These operations are conducted by the Tailored Access Operations (TAO) division.

According to the Foreign Policy magazine, “… the Office of Tailored Access Operations, or TAO, has successfully penetrated Chinese computer and telecommunications systems for almost 15 years, generating some of the best and most reliable intelligence information about what is going on inside the People’s Republic of China.”[178][179]

In an interview with Wired magazine, Edward Snowden said the Tailored Access Operations division accidentally caused Syria’s internet blackout in 2012.[180]

The NSA is led by the Director of the National Security Agency (DIRNSA), who also serves as Chief of the Central Security Service (CHCSS) and Commander of the United States Cyber Command (USCYBERCOM) and is the highest-ranking military official of these organizations. He is assisted by a Deputy Director, who is the highest-ranking civilian within the NSA/CSS.

NSA also has an Inspector General, head of the Office of the Inspector General (OIG), a General Counsel, head of the Office of the General Counsel (OGC) and a Director of Compliance, who is head of the Office of the Director of Compliance (ODOC).[181]

Unlike other intelligence organizations such as CIA or DIA, NSA has always been particularly reticent concerning its internal organizational structure.

Read more from the original source:
National Security Agency – Wikipedia

Dont Reauthorize NSA Spying in a Must-Pass Funding Bill …

The next two weeks will be a flurry of activity in Congress. Before they can leave for the holidays, our government mustat minimumpass at least one bill to keep the government running and also decide what to do about a controversial NSA spying authority called Section 702. Some legislators want to reauthorize Section 702, without meaningful reform, by attaching it to must-pass spending legislation. This is a terrible idea. The legislative process surrounding Section 702 already lacks necessary transparency and deliberation.

The new legislative stratagem gets complicated very quickly. Heres what you need to know.

On December 8th, Congress passed a temporary funding bill, or a Continuing Resolution (CR) to keep the government running until December 22. To prevent a government shutdown, Congress must either pass another CR by the new deadline, or ideally, finish writing the final funding bill for the rest of Fiscal Year 2018. This final funding bill is known as the omnibus.

Even though the Republican Party controls the House, the Senate,and the White House, GOP leadership has struggled to find enough consensus among their members to pass the omnibus. Instead, the government is limping along with a series of short-term CRs while avoiding hard decisions on longer term funding priorities. This constant negotiation on funding between the White House and Congressional leaders from both parties means that there is less time to negotiate other issues, like necessary reforms on Section 702 NSA spying program, which is scheduled to sunset at the end of this month.

Faced with multiple looming deadlines, legislators may be tempted to include Section 702 reauthorization in one of the funding bills. The allure of killing two (or more) birds with one stone often becomes overwhelming this time of year. Instead of taking the time to negotiate and navigate multiple difficult votes on various contentious bills, leadership finds it easier to find a majority only once.

After consulting with the various Chairmen of Committees of jurisdiction (in this case, the Intelligence and Judiciary Committees), Congressional leadership, along with the White House, will decide what will help them get the votes they need.

For example, a member who is not inclined to support a spending bill on its own may decide to vote yes on a spending bill that includes language to prohibit the NSAs controversial about searching. Of course, the reverse can also be true, which is why such discussions will happen behind closed doors.

Yes and no. Individual members or groups of members (often called Caucuses) would have to tell their leadership that they would not vote for any spending package that contains language they dont like. If the numbers work in their favor, and leadership believes them, this will keep the language out of the bill.

However, leadership may choose to call the members bluff. If the language is added over members objections, the members can still vote no on the whole bill. But that could cause the bill to fail and shut down the government. Government shutdowns are highly disruptive to many people, and thus politically risky. The members and the leadership take that into consideration. Its a high-risk game of chickenwith very real and long-term consequences.

Practically speaking, no. All the language in the CR is carefully negotiated behind closed doors, so leadership does not usually allow any amendments in case something accidentally passes that would cost them votes.

Once again, practically speaking, no.

In theory, no spending bill CR or omnibus should contain language that isnt related to funding the government. Of course, how we fund the government often has policy implications, which is why these bills are often so contentious and so tightly negotiated. For example, earlier this year Rep. Kevin Yoder (R-KS) sponsored language in a funding bill that would prevent law enforcement from using any taxpayer dollars to seize cloud-hosted documents (email, photos, etc) without a warrant. In practice, the policy impact of this language would have been quite similar to the Email Privacy Commutations Act, but Rep. Yoders language actually only prohibits funding these actions. Adding language that has nothing to do with government funding at all, like reauthorization of the Section 702 program, does happen, but it is rare.

A CR is even less appropriate than an omnibus as a vehicle to make new policy. As it is designed only to be a temporary, short-term measure, a CR is theoretically only a continuation of current funding levels, with no major funding changes and no major policy changes. In practice, this rule gets waived (at the discretion of the leadership), especially when pushed up against a deadline and when the added language brings in needed votes.

Follow us on Twitter!

In normal circumstances, all legislation is supposed to be public for at least a day before Congress votes on it. Unfortunately, these are not normal circumstances.

When there is a difficult, tightly negotiated bill and a looming deadline (like with both the CR and Section 702 reauthorization), the House of Representatives may enact something called martial law, allowing leadership to move quickly through debate and final passage as soon as they have an agreement – before the media or the public have an opportunity to comment.

EFF is in constant communication with members interested in reforming Section 702, and were fighting alongside them to make sure Section 702 reauthorization does not sneak through in the dead of night. Well make sure to let you know when we know!

No! While the legislative calendar may pose a challenge, it is completely unacceptable for Congressional leadership to shove Section 702 reauthorization into an end-of-year funding bill. This program invades the privacy of an untold number of Americans. Before it can be reauthorized, Congress must undertake a transparent and deliberative process to consider the impact this NSA surveillance has on Americans privacy.

It is troubling that a secretive NSA surveillance program may be reauthorized in a secret legislative backroom deal. But this program is too important to be hidden in a big funding bill, and members shouldnt be forced to choose between shutting down the federal government or violating the Fourth Amendment.

See the original post here:
Dont Reauthorize NSA Spying in a Must-Pass Funding Bill …