US ‘kidnaps’ Russian MP’s son to ‘exchange him for Snowden’

http://rt.com/news/171188-russian-hacker-kidnapped-america/

US ‘kidnaps’ Russian MP’s son to ‘exchange him for Snowden’

Published time: July 08, 2014 10:39
Edited time: July 10, 2014 17:25
RIA Novosti / Aleksandr Utkin

RIA Novosti / Aleksandr Utkin

A Russian MP claims the US kidnapped his son from the Maldives on bogus cyber-fraud charges and may be preparing to offer him as bait in a swap deal for Edward Snowden.

Roman Seleznyov, 30, was arrested at Male international airport as he was about to board a flight to Moscow. He was forced by US secret service agents to board a private plane to Guam and was later arrested. The Russian ministry slammed his detention as “a de-facto kidnapping.”

Continue reading

NSA monitored calls of 35 world leaders after US official handed over contacts

http://www.theguardian.com/world/2013/oct/24/nsa-surveillance-world-leaders-calls

NSA monitored calls of 35 world leaders after US official handed over contacts

• Agency given more than 200 numbers by government official
• NSA encourages departments to share their ‘Rolodexes’
• Surveillance produced ‘little intelligence’, memo acknowledges

The NSA memo suggests that such surveillance was not isolated as the agency routinely monitors world leaders. Photograph: Guardian

The NSA memo suggests that such surveillance was not isolated as the agency routinely monitors world leaders. Photograph: Guardian

The National Security Agency monitored the phone conversations of 35 world leaders after being given the numbers by an official in another US government department, according to a classified document provided by whistleblower Edward Snowden.

Continue reading

Everything Is Broken

https://medium.com/message/everything-is-broken-81e5f33a24e1

Everything is Broken

Once upon a time, a friend of mine accidentally took over thousands of computers. He had found a vulnerability in a piece of software and started playing with it. In the process, he figured out how to get total administration access over a network. He put it in a script, and ran it to see what would happen, then went to bed for about four hours. Next morning on the way to work he checked on it, and discovered he was now lord and master of about 50,000 computers. After nearly vomiting in fear he killed the whole thing and deleted all the files associated with it. In the end he said he threw the hard drive into a bonfire. I can’t tell you who he is because he doesn’t want to go to Federal prison, which is what could have happened if he’d told anyone that could do anything about the bug he’d found. Did that bug get fixed? Probably eventually, but not by my friend. This story isn’t extraordinary at all. Spend much time in the hacker and security scene, you’ll hear stories like this and worse.
It’s hard to explain to regular people how much technology barely works, how much the infrastructure of our lives is held together by the IT equivalent of baling wire.
Computers, and computing, are broken.

Continue reading

Hacking Online Polls and Other Ways British Spies Seek to Control the Internet

https://firstlook.org/theintercept/2014/07/14/manipulating-online-polls-ways-british-spies-seek-control-internet/

Hacking Online Polls and Other Ways British Spies Seek to Control the Internet

Hacked poll!

The secretive British spy agency GCHQ has developed covert tools to seed the internet with false information, including the ability to manipulate the results of online polls, artificially inflate pageview counts on web sites, “amplif[y]” sanctioned messages on YouTube, and censor video content judged to be “extremist.” The capabilities, detailed in documents provided by NSA whistleblower Edward Snowden, even include an old standby for pre-adolescent prank callers everywhere: A way to connect two unsuspecting phone users together in a call.

The tools were created by GCHQ’s Joint Threat Research Intelligence Group (JTRIG), and constitute some of the most startling methods of propaganda and internet deception contained within the Snowden archive. Previously disclosed documents have detailed JTRIG’s use of “fake victim blog posts,” “false flag operations,” “honey traps” and psychological manipulation to target online activists, monitor visitors to WikiLeaks, and spy on YouTube and Facebook users.

Continue reading

Edward Snowden condemns Britain’s emergency surveillance bill

http://www.theguardian.com/world/2014/jul/13/edward-snowden-condemns-britain-emergency-surveillance-bill-nsa

Edward Snowden condemns Britain’s emergency surveillance bill

Exclusive: NSA whistleblower says it ‘defies belief’ that bill must be rushed through after government ignored issue for a year

The NSA whistleblower Edward Snowden has condemned the new surveillance bill being pushed through the UK’s parliament this week, expressing concern about the speed at which it is being done, lack of public debate, fear-mongering and what he described as increased powers of intrusion.

In an exclusive interview with the Guardian in Moscow, Snowden said it was very unusual for a public body to pass an emergency law such as this in circumstances other than a time of total war. “I mean we don’t have bombs falling. We don’t have U-boats in the harbour.”

Continue reading

Low-level federal judges balking at law enforcement requests for electronic evidence

http://www.washingtonpost.com/local/crime/low-level-federal-judges-balking-at-law-enforcement-requests-for-electronic-evidence/2014/04/24/eec81748-c01b-11e3-b195-dd0c1174052c_story.html

Low-level federal judges balking at law enforcement requests for electronic evidence

Judges at the lowest levels of the federal judiciary are balking at sweeping requests by law enforcement officials for cellphone and other sensitive personal data, declaring the demands overly broad and at odds with basic constitutional rights.

This rising assertiveness by magistrate judges — the worker bees of the federal court system — has produced rulings that elate civil libertarians and frustrate investigators, forcing them to meet or challenge tighter rules for collecting electronic evidence.

Continue reading

Feds Beg Supreme Court to Let Them Search Phones Without a Warrant

http://www.wired.com/?p=774771

Feds Beg Supreme Court to Let Them Search Phones Without a Warrant

Illustration: mattjeacock/Getty ImagesIllustration: mattjeacock/Getty ImagesAmerican law enforcement has long advocated for universal “kill switches” in cellphones to cut down on mobile device thefts. Now the Department of Justice argues that the same remote locking and data-wiping technology represents a threat to police investigations–one that means they should be free to search phones without a warrant.

In a brief filed to the U.S. Supreme Court yesterday in the case of alleged Boston drug dealer Brima Wurie, the Justice Department argues that police should be free to warrantlessly search cellphones taken from suspects immediately at the time of arrest, rather than risk letting the suspect or his associates lock or remotely wipe the phone before it can be searched.

The statement responds to briefs made to the court by the Center for Democracy and Technology and the Electronic Frontier Foundation arguing that warrantless searches of cellphones for evidence represents a serious violation of the suspect’s privacy beyond that of a usual warrantless search of a suspect’s pockets, backpack, or car interior.

“This Court should not deprive officers of an investigative tool that is increasingly important for preserving evidence of serious crimes based on purely imaginary fears that police officers will invoke their authority to review drug dealers’ ‘reading history,’ … ‘appointments with marital counselors,’ or armed robbers’ ‘apps to help smokers quit,’” reads the statement written by DOJ attorney Donald Verrilli Jr., responding to specific examples cited by the CDT.

Continue reading

Fusion Centers: The 78 Local Intelligence Hubs Spying on Us All

Fusion Centers: The 78 Local Intelligence Hubs Spying on Us All

Fusion Centers: The 78 Local Intelligence Hubs Spying on Us AllExpand

While NSA surveillance has been front and center in the news recently, fusion centers are a part of the surveillance state that deserve close scrutiny.

Fusion centers are a local arm of the so-called “intelligence community,” the 17 intelligence agencies coordinated by the National Counterterrorism Center (NCTC). The government documentation around fusion centers is entirely focused on breaking down barriers between the various government agencies that collect and maintain criminal intelligence information.

Barriers between local law enforcement and the NSA are already weak. We know that the Drug Enforcement Agency gets intelligence tips from the NSA which are used in criminal investigations and prosecutions. To make matters worse, the source of these tips is camouflaged using “parallel construction,” meaning that a different source for the intelligence is created to mask its classified source.

This story demonstrates what we called “one of the biggest dangers of the surveillance state: the unquenchable thirst for access to the NSA’s trove of information by other law enforcement agencies.” This is particularly concerning when NSA information is used domestically. Fusion centers are no different.

In fact, in early 2012, the Foreign Intelligence Surveillance Court approved the sharing of raw NSA data with the NCTC. The intelligence community overseen by the NCTC includes the Department of Homeland Security and FBI, the main federal fusion center partners. Thus, fusion centers—and even local law enforcement—could potentially be receiving unminimized NSA data. This runs counter to the distant image many people have of the NSA, and it’s why focusing on fusion centers as part of the recently invigorated conversation around surveillance is important.

What are fusion centers?

Fusion centers are information centers that enable intelligence sharing between local, state, tribal, territorial, and federal agencies. They are actual physical locations that house equipment and staff who analyze and share intelligence.

How many are there?

There are 78 recognized fusion centers listed on the Department of Homeland Security (DHS) website.

Who works at fusion centers?

Fusion centers are staffed by local law enforcement and other local government employees as well as Department of Homeland Security personnel. DHS “has deployed over 90 personnel, including Intelligence Officers and Regional Directors, to the field.” Staffing agreements vary from place to place. Fusion centers are often also colocated with FBI Joint Terrorism Task Forces.

What do fusion centers do?

Fusion centers enable unprecedented levels of bi-directional information sharing between state, local, tribal, and territorial agencies and the federal intelligence community. Bi-directional means that fusion centers allow local law enforcement to share information with the larger federal intelligence community, while enabling the intelligence community to share information with local law enforcement. Fusion centers allow local cops to get—and act upon—information from agencies like the FBI.

Fusion centers are also key to the National Suspicious Activity Reporting Initiative (NSI), discussed below.

What is suspicious activity reporting?

The government defines suspicious activity reporting (SAR) as “official documentation of observed behavior reasonably indicative of pre-operational planning related to terrorism or other criminal activity.” SARs can be initiated by law enforcement, by private sector partners, or by “see something, say something” tips from citizens. They are then investigated by law enforcement.

What is the National Suspicious Activity Reporting Initiative?

NSI is an initiative to standardize suspicious activity reporting. The NSI was conceived in 2008, and started with an evaluation project that culminated in a January 2010 report describing how NSI would encompass all fusion centers. It appears significant progress has been made towards this goal.

The evaluation project included so-called Building Communities of Trust (BCOT) meetings which focused “on developing trust among law enforcement, fusion centers, and the communities they serve to address the challenges of crime and terrorism prevention.”

BCOT “community” events involved representatives from local fusion centers, DHS, and FBI traveling to different areas and speaking to selected community representatives and civil rights advocates about NSI. These were invite only events with the clear purpose of attempting to engender community participation and garner support from potential opponents such as the ACLU.

So what’s wrong with Suspicious Activity Reporting and the NSI?

SARs do no meet legally cognizable standards for search or seizure under the Fourth amendment. Normally, the government must satisfy reasonable suspicion or probable cause standards when searching a person or place or detaining someone. While SARs themselves are not a search or seizure, they are used by law enforcement to initiate investigations, or even more intrusive actions such as detentions, on the basis of evidence that does not necessarily rise to the level of probable cause or reasonable suspicion. In other words, while the standard for SAR sounds like it was written to comport with the constitutional standards for investigation already in place, it does not.

In fact, the specific set of behaviors listed in the National SAR standards include innocuous activities such as:

taking pictures or video of facilities, buildings, or infrastructure in a manner that would arouse suspicion in a reasonable person,” and “demonstrating unusual interest in facilities, buildings, or infrastructure beyond mere casual or professional (e.g. engineers) interest such that a reasonable person would consider the activity suspicious. Examples include observation through binoculars, taking notes, attempting to measure distances, etc.

These standards are clearly ripe for abuse of discretion.

Do fusion centers increase racial and religious profiling?

The weak standards around SAR are particularly concerning because of the way they can lead to racial and religious profiling. SARs can originate from untrained civilians as well as law enforcement, and as one woman pointed out at a BCOT event people who might already be a little racist who are ‘observing’ a white man photographing a bridge are going to view it a little differently than people observing me, a woman with a hijab, photographing a bridge. The bottom line is that bias is not eliminated by so-called observed behavior standards.

Furthermore, once an investigation into a SAR has been initiated, existing law enforcement bias can come into play; SARs give law enforcement a reason to initiate contact that might not otherwise exist.

Unsurprisingly, like most tools of law enforcement, public records act requests have shown that people of color often end up being the target of SARs:

One review of SARs collected through Public Records Act requests in Los Angeles showed that 78% of SARs were filed on non-whites. An audit by the Los Angeles Police Department’s Inspector General puts that number at 74%, still a shockingly high number.

A review of SARs obtained by the ACLU of Northern California also show that most of the reports demonstrate bias and are based on conjecture rather than articulable suspicion of criminal activity. Some of the particularly concerning SARs include titles like “Suspicious ME [Middle Eastern] Males Buy Several Large Pallets of Water” and “Suspicious photography of Folsom Dam by Chinese Nationals.” The latter SAR resulted in police contact: “Sac[ramento] County Sheriff’s Deputy contacted 3 adult Asian males who were taking photos of Folsom Dam. They were evasive when the deputy asked them for identification and said their passports were in their vehicle.” Both of these SARs were entered into FBI’s eGuardian database.

Not only that, there have been disturbing examples of racially biased informational bulletins coming from fusion centers. A 2009 “North Central Texas Fusion Center Prevention Awareness Bulletin” implies that tolerance towards Muslims is dangerous and that Islamic militants are using methods such as “hip-hop boutiques” and “online social networks” to indoctrinate youths in America.

Do fusion centers facilitate political repression?

Fusion centers have been used to record and share information about First Amendment protected activities in a way that aids repressive police activity and chills freedom of association.

A series of public records act requests in Massachusetts showed: “Officers monitor demonstrations, track the beliefs and internal dynamics of activist groups, and document this information with misleading criminal labels in searchable and possibly widely-shared electronic reports.” The documents included intelligence reports addressing issues such internal group discussions and protest planning, and showed evidence of police contact.

For example, one report indicated that “Activists arrested for trespassing at a consulate were interviewed by three surveillance officers ‘in the hopes that these activists may reach out to the officers in the future.’ They were asked about their organizing efforts and for the names of other organizers.”

Who oversees the National Suspicious Activity Reporting Initiative?

The NSI is led by the Program Manager for the Information Sharing Environment (PM-ISE) in collaboration with the DHS and the FBI. The ISE is “the people, projects, systems, and agencies that enable responsible information sharing for national security.” The PM-ISE, currently Kshemendra Paul, oversees the development and implementation of the ISE. The position was created by the Intelligence Reform and Terrorism Prevention Act of 2004.

If this all sounds confusing, that’s because it is: the entire intelligence community is a plethora of duplicative agencies with overlapping areas of responsibility.

What kind of information do fusion centers have?

Staff at fusion centers have access to a variety of databases. Not all staff have the same level of clearances, and the entire extent of what is available to fusion centers is unclear. But we do know certain facts for sure:

Fusion centers have access to the FBI’s eGuardian database, an unclassified companion to the FBI’s Guardian Threat Tracking System. “The Guardian and eGuardian systems . . . have a bi-directional communication ability that facilitates sharing, reporting, collaboration, and deconfliction among all law enforcement agencies.”

Fusion centers also have access to DHS’ Homeland Security Data Network and it’s companion Homeland Security Information Network. These systems provide access to terrorism-related information residing in DoD’s classified network. It is worth noting that HSIN was hacked in 2009 and was considered so problematic that it was briefly decommissioned entirely.

Fusion centers have access to other information portals including the FBI’s Law Enforcement Online portal, Lexis Nexis, the Federal Protective Service portal, and Regional Information Sharing Systems .

Finally, as discussed above, we know that unminimized NSA data can be shared with the National Counterterrorism Center, which means that fusion centers could be in receipt of such data.

What federal laws apply to fusion centers?

Because they are collaborative, legal authority over fusion centers is blurred, perhaps purposefully. However, there are some federal laws that apply. The Constitution applies, and fusion centers arguably interfere with the First and Fourth Amendments.

28 Code of Federal Regulations Part 23 governs certain federal criminal intelligence systems. The “Fusion Center Guidelines . . . call for the adoption of 28 CFR Part 23 as the minimum governing principles for criminal intelligence systems.” 28 CFR 23.20 requires reasonable suspicion to collect and maintain criminal intelligence and prohibits collection and maintenance of information about First Amendment protected activity “unless such information directly relates to criminal conduct or activity and there is reasonable suspicion that the subject of the information is or may be involved in criminal conduct or activity.” Finally, it prohibits inclusion of any information collected in violation of local law.

Section 552(a)(e)(7) of the Privacy Act prohibits federal agencies, in this case DHS personnel who work at fusion centers, from maintaining any “record describing how any individual exercises rights guaranteed by the First Amendment unless expressly authorized by statute or by the individual about whom the record is maintained or unless pertinent to and within the scope of an authorized law enforcement activity.” A 2012 U.S. Senate Permanent Subcommittee on Investigations report on fusion centers stated: “The apparent indefinite retention of cancelled intelligence reports that were determined to have raised privacy or civil liberties concerns appears contrary to DHS’s own policies and the Privacy Act.”

What state or local laws apply to fusion centers?

Fusion centers are sometimes bound by local and state laws. The law enforcement agencies that feed information into centers may also be restricted in terms of what information they can gather.

The Northern California Regional Intelligence Center, located in San Francisco, CA, serves as a good example of how state and local regulations can apply to a fusion center. NCRIC works with law enforcement partners around the region and stores criminal intelligence information. The California constitution has a right to privacy and California has other laws that address privacy and criminal intelligence. These should cover NCRIC.

The San Francisco Police Department’s relationship with NCRIC also serves as a good example of the applicability of local laws. SFPD participates in suspicious activity reporting, but is also bound by a number of restrictions, including Department General Order 8.10, which heavily restricts intelligence gathering by the SFPD, as well as the sanctuary city ordinance, which prohibits working with immigration enforcement. While the fusion center would not be bound by these regulations on its own, the SFPD is.

Who funds fusion centers?

Fusion centers are funded by federal and state tax dollars. Estimates of exactly how much funding fusion centers get from these sources are difficult to obtain. However, there are some numbers available.

For 2014, the Homeland Security Grant Program, which is the federal grant program that funds fusion centers, has $401,346,000 available in grant funds. The grant announcement emphasizes that funding fusion centers and integrating them nationally is a high priority. This is an approximately $50 million increase over last year’s allocation—somewhat shocking in light of the critiques around fusion center funding that have been raised by Congress.

A 2008 Congressional Research Service report states that the average fusion center derives 31% of its budget from the federal government. Those numbers may have changed now.

Has there been any discussion about fusion centers at the federal level?

Yes, but not enough. In October of 2012, fusion centers were the subject of an extremely critical report from the U.S. Senate Permanent Subcommittee on Investigations. The bipartisan report focused on the waste, ineptitude, and civil liberties violations at fusion centers. The report revealed that fusion centers spent tax dollarson “gadgets such as ‘shirt button cameras, $6,000 laptops and big-screen televisions. One fusion center spent $45,000 on a decked-out SUV…” Regarding the information produced by fusion centers, the report noted that fusion centers produced “‘intelligence’ of uneven quality – oftentimes shoddy, rarely timely, sometimes endangering citizens’ civil liberties and Privacy Act protections, occasionally taken from already-published public sources, and more often than not unrelated to terrorism.”

This report recommended a hard look at fusion center funding, but that clearly has not happened. They are still operating across the country with federal funding. In fact, their funding has even been increased.

What about at the local level?

There are grassroots privacy advocates in multiple cities fighting to get more information about fusion centers and how their local law enforcement participates in them. These efforts have been frustrated by stonewalling of public records act requests and uneducated, or at times dishonest, public officials.

Have any regulations been passed or proposed?

To date, only one place has passed regulations around fusion centers. Berkeley, CA, passed a policy in September 2012 that the Berkeley Police Department can only submit suspicious activity reports after establishing reasonable suspicion of criminal behavior, and put in place an audit of SARs.

Massachusetts is also considering changes to fusion centers. SB 642 would strictly limit collection and dissemination of criminal intelligence information and would require a yearly audit of the Massachusetts Commonwealth Fusion Center.

What can I do?

Fusion centers are an area ripe for grassroots organizing. Groups like the StopLAPD Spying Coalition, which put together a “People’s Audit” of SARs in LA, provide excellent examples of how this can happen. Public records act requests can be leveraged to get information about what your local law enforcement is doing. Grassroots organizing and education can get people and elected officials talking about this issue.

On April 10, activists across the country will be participating in “Stop the Spy Centers: a national day of action against fusion centers.” These activists have three demands: 1. Shut down fusion centers, 2. De-fund fusion centers, and 3. Release all suspicious activity reports and secret files.

While April 10 is one day of action, the conversation around fusion centers must continue hand in hand with our national discourse around NSA, CIA, and FBI surveillance.

Where can I get more information about fusion centers?

This article first appeared on Electronic Frontier Foundation and is republished under Creative Commons license. Image by Tischenko Irina/Shutterstock.

Metadata Is More Intrusive Than Direct Listening Of Phone Calls Says Snowden

Metadata Is More Intrusive Than Direct Listening Of Phone Calls Says Snowden

http://www.countercurrents.org/cc070414A.htm

07 April, 2014
Countercurrents.org

Government monitoring of “metadata” is more intrusive than directly listening to phone calls or reading emails, cautioned Edward Snowden, the US NSA whistleblower, and Glenn Greenwald, the reporter who disclosed leaks by Snowden about mass US government surveillance last year.

Moreover, on the “Cuban Twitter” campaign, the USAID program to topple Cuban government, citing top-secret documents Greenwald writes: “This sort of operation is frequently discussed at western intelligence agencies, which have plotted ways to covertly use social media for ‘propaganda’, ‘deception’, ‘mass messaging’, and ‘pushing stories’.” The top-secret documents have now been published by The Intercept.

A Reuter’s report [1] said:

“Snowden and Greenwald …appeared together via video link from opposite ends of the earth on [April 5, 2014] for what was believed to be the first time since Snowden sought asylum in Russia.”

In the video conference, they made the caution.

“Metadata includes which telephone number calls which other numbers, when the calls were made and how long they lasted. Metadata does not include the content of the calls.

“Amnesty International is campaigning to end mass surveillance by the US government and calling for Congressional action to further rein in the collection of information about telephone calls and other communications.”

“Snowden and Greenwald said that such data is in fact more revealing than outright government spying on phone conversations and emails.

“‘Metadata is what allows an actual enumerated understanding, a precise record of all the private activities in all of our lives. It shows our associations, our political affiliations and our actual activities,’ said Snowden, dressed in a jacket with no tie in front of a black background.

“‘My hope and my belief is that as we do more of that reporting and as people see the scope of the abuse as opposed to just the scope of the surveillance they will start to care more,’ he said.

“‘Mark my words. Put stars by it and in two months or so come back and tell me if I didn’t make good on my word.’”

A Reuters/Ipsos poll this week showed the majority of Americans were concerned that Internet companies were encroaching on too much of their lives.

The Chicago datelined report said:

“A sympathetic crowd of nearly 1,000 packed a downtown Chicago hotel ballroom at Amnesty International USA’s annual human rights meeting and gave Greenwald, who dialed in from Brazil, a raucous welcome before Snowden was patched in 15 minutes later to a standing ovation.”

The leaks of secret documents made by Snowden, who had been working at a NSA facility revealed a vast US government system for monitoring phone and Internet data. It deeply embarrassed the Obama administration, which in January banned US eavesdropping on the leaders of friendly countries and allies. However, Snowden faces arrest if he steps foot on US soil.

Greenwald has promised further revelations of government abuses of power at his new media venture the Intercept.

More on “Cuban Twitter”

The Associated Press has recently exposed a secret program run by the US Agency for International Development to create “a Twitter-like Cuban communications network” run through “secret shell companies” in order to create the false appearance of being a privately owned operation with the aim of toppling the Cuban government through a “Cuban Spring” like event.

On this campaign for toppling the Cuban government Glenn Greenwald writes:

“Unbeknownst to the service’s Cuban users was the fact that ‘American contractors were gathering their private data in the hope that it might be used for political purposes’–specifically, to manipulate those users in order to foment dissent in Cuba and subvert its government. According to top-secret documents published today [April 4, 2014] by The Intercept [3], this sort of operation is frequently discussed at western intelligence agencies, which have plotted ways to covertly use social media for ‘propaganda’, ‘deception’, ‘mass messaging’, and ‘pushing stories’.

“These ideas – discussions of how to exploit the internet, specifically social media, to surreptitiously disseminate viewpoints friendly to western interests and spread false or damaging information about targets – appear repeatedly throughout the archive of materials provided by NSA whistleblower Edward Snowden. Documents prepared by NSA and its British counterpart GCHQ – and previously published by The Intercept as well as some by NBC News – detailed several of those programs, including a unit devoted in part to “discrediting” the agency’s enemies with false information spread online.

“The documents in the archive show that the British are particularly aggressive and eager in this regard, and formally shared their methods with their US counterparts. One previously undisclosed top-secret document – prepared by GCHQ for the 2010 annual ‘SIGDEV’ gathering of the ‘Five Eyes’ surveillance alliance comprising the UK, Canada, New Zealand, Australia, and the US – explicitly discusses ways to exploit Twitter, Facebook, YouTube, and other social media as secret platforms for propaganda.

“The document was presented by GCHQ’s Joint Threat Research Intelligence Group (JTRIG). The unit’s self-described purpose is ‘using online techniques to make something happen in the real or cyber world’, including ‘information ops (influence or disruption).’ The British agency describes its JTRIG and Computer Network Exploitation operations as a ‘major part of business’ at GCHQ, conducting ‘5% of Operations.’

“The annual SIGDEV conference, according to one NSA document published today [April 4, 2014] by The Intercept, ‘enables unprecedented visibility of SIGINT Development activities from across the Extended Enterprise, Second Party and US Intelligence communities.’ The 2009 Conference, held at Fort Meade, included ‘eighty-six representatives from the wider US Intelligence Community, covering agencies as diverse as CIA (a record 50 participants), the Air Force Research Laboratory and the National Air and Space Intelligence Center.’

“Defenders of surveillance agencies have often insinuated that such proposals are nothing more than pipe dreams and wishful thinking on the part of intelligence agents. But these documents are not merely proposals or hypothetical scenarios. As described by the NSA document published today, the purpose of SIGDEV presentations is ‘to synchronize discovery efforts, share breakthroughs, and swap knowledge on the art of analysis.’
For instance: One of the programs described by the newly released GCHQ document is dubbed ‘Royal Concierge’, under which the British agency intercepts email confirmations of hotel reservations to enable it to subject hotel guests to electronic monitoring. It also contemplates how to ‘influence the hotel choice’ of travelers and to determine whether they stay at ‘SIGINT friendly’ hotels. The document asks: ‘Can we influence the hotel choice? Can we cancel their visit?’

“Previously, der Spiegel and NBC News both independently confirmed that the ‘Royal Concierge’ program has been implemented and extensively used. The German magazine reported that ‘for more than three years, GCHQ has had a system to automatically monitor hotel bookings of at least 350 upscale hotels around the world in order to target, search, and analyze reservations to detect diplomats and government officials.’ NBC reported that ‘the intelligence agency uses the information to spy on human targets through “close access technical operations”, which can include listening in on telephone calls and tapping hotel computers as well as sending intelligence officers to observe the targets in person at the hotels.’”

Greenwald writes:

“The GCHQ document we are publishing today expressly contemplates exploiting social media venues such as Twitter, as well as other communications venues including email, to seed state propaganda–GHCQ’s word, not mine–across the internet:

“(The GCHQ document also describes a practice called ‘credential harvesting’, which NBC described as an effort to ‘select journalists who could be used to spread information’ that the government wants distributed. According to the NBC report, GCHQ agents would employ ‘electronic snooping to identify non-British journalists who would then be manipulated to feed information to the target of a covert campaign’. Then, ‘the journalist’s job would provide access to the targeted individual, perhaps for an interview’. Anonymous sources that NBC didn’t characterize claimed at the time that GCHQ had not employed the technique.)

“Whether governments should be in the business of publicly disseminating political propaganda at all is itself a controversial question. Such activities are restricted by law in many countries, including the US. In 2008, The New York Times’ David Barstow won a Pulitzer Prize for exposing a domestic effort coordinated by the Pentagon whereby retired US generals posed as ‘independent analysts’ employed by American television networks and cable news outlets as they secretly coordinated their messaging with the Pentagon.

“Because American law bars the government from employing political propaganda domestically, that program was likely illegal, though no legal accountability was ever brought to bear (despite all sorts of calls for formal investigations). Barack Obama, a presidential candidate at the time, pronounced himself in a campaign press release ‘deeply disturbed’ by the Pentagon program, which he said ‘sought to manipulate the public’s trust.’

“Propagandizing foreign populations has generally been more legally acceptable. But it is difficult to see how government propaganda can be segregated from domestic consumption in the digital age. If American intelligence agencies are adopting the GCHQ’s tactics of ‘crafting messaging campaigns to go “viral”,’ the legal issue is clear: A ‘viral’ online propaganda campaign, by definition, is almost certain to influence its own citizens as well as those of other countries.

“For its part, GCHQ refused to answer any specific questions on the record, instead providing its standard boilerplate script which it provides no matter the topic of the reporting: ‘all of GCHQ’s work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight.’ The NSA refused to comment.

“But these documents, along with the AP’s exposure of the sham ‘Cuban Twitter’ program, underscore how aggressively western governments are seeking to exploit the internet as a means to manipulate political activity and shape political discourse.”

At the conclusion, he writes:

“Those programs, carried out in secrecy and with little accountability (it seems nobody in Congress knew of the ‘Cuban Twitter’ program in any detail) threaten the integrity of the internet itself, as state-disseminated propaganda masquerades as free online speech and organizing. There is thus little or no ability for an internet user to know when they are being covertly propagandized by their government, which is precisely what makes it so appealing to intelligence agencies, so powerful, and so dangerous.”

Source:

[1] April 6, 2014, “Snowden, Greenwald urge caution of wider government monitoring at Amnesty event”

[2] April 4, 2014, “The ‘Cuban Twitter’ Scam Is a Drop in the Internet Propaganda Bucket”, © First Look Productions

[3] The documents are: 1. “Full-Spectrum Cyber Effects”, and 2. “2009 SigDev Conference”

Silicon Valley could force NSA reform, tomorrow. What’s taking so long?

Silicon Valley could force NSA reform, tomorrow. What’s taking so long?

Tech CEOs are complaining, but bills are languishing. Time for internet companies to pull an OKCupid and call out the NSA, on every homepage

CEOs from Yahoo to Dropbox and Microsoft to Zynga met at the White House, but are they just playing for the cameras?

With Glenn Greenwald and Laura Poitras triumphantly returning to the US to accept the Polk Award with Barton Gellman and Ewan MacAskill yesterday, maybe it’s time we revisit one of their first and most important stories: how much are internet companies like Facebook and Google helping the National Security Agency, and why aren’t they doing more to stop it?

The CEOs of the major tech companies came out of the gate swinging 10 months ago, complaining loudly about how NSA surveillance has been destroying privacy and ruining their business. They still are. Facebook founder Mark Zuckerberg recently called the US a “threat” to the Internet, and Eric Schmidt, chairman of Google, called some of the NSA tactics “outrageous” and potentially “illegal”. They and their fellow Silicon Valley powerhouses – from Yahoo to Dropbox and Microsoft to Apple and more – formed a coalition calling for surveillance reform and had conversations with the White House.

But for all their talk, the public has come away empty handed. The USA Freedom Act, the only major new bill promising real reform, has been stalled in the Judiciary Committee. The House Intelligence bill may be worse than the status quo. Politico reported on Thursday that companies like Facebook and are now “holding fire” on the hill when it comes to pushing for legislative reform.

The keepers of the everyday internet seem to care more about PR than helping their users. The truth is, if the major tech companies really wanted to force meanginful surveillance reform, they could do so tomorrow. Just follow the example of OKCupid from last week.

Mozilla, the maker of the popular Firefox browser, was under fire for hiring Brendan Eich as CEO because of his $1,000 donation in support of Prop 8 six years ago, and OKCupid decided to make a political statement of its own by splashing a message criticizing Mozilla before would-be daters could get to OKCupid’s front page. The site even encouraged users to switch to another browser. The move made the already smoldering situation explode. Two days later, Mozilla’s CEO was out of a job, and OKCupid got partial credit for the reversal.

The leading internet companies could easily force Congress’ hand by pulling an OKCupid: at the top of your News Feed all next week, in place of Monday’s Google doodle, a mobile push alert, an email newsletter: CALL YOUR MEMBER OF CONGRESS. Tell them to SUPPORT THE USA FREEDOM ACT and tell the NSA to stop breaking common encryption.

We know it’s worked before. Three years ago, when thousands of websites participated in an unprecedented response to internet censorship legislation, the Stop Online Piracy Act (Sopa), the public stopped a once-invincible bill in its tracks. If they really, truly wanted to do something about it, the online giants of Silicon Valley and beyond could design their systems so that even the companies themselves could not access their users’ messages by making their texting and instant messaging clients end-to-end encrypted.

But the major internet outfits were noticeably absent from this year’s similar grassroots protest – dubbed The Day We Fight Back – and refused to alter their websites à la Sopa. If they really believed the NSA was the threat so many of them have claimed, they’d have blacked out their websites in protest already.

In an emblematic moment for the nonchalance at the executive level of tech companies, Dropbox named former Secretary of State Condoleezza Rice to its board of directors this week. Besides being an Iraq war architect and torture advocate, Rice notoriously defended George W Bush’s outright illegal NSA warrantless wiretapping program when it first was revealed in 2005. Not exactly a vote of confidence to users worried about government intrusion. Rice actually had to the gall to say she would help Dropbox “navigate” the national debate about privacy.

Among the rank-and-file engineers in Silicon Valley, there is widespread affinity for Edward Snowden and genuine anger at the US government. One of the most indelible anecdotes in all the NSA reporting came when the Washington Post reported the NSA had broken into the links between their overseas data centers:

Two engineers with close ties to Google exploded in profanity when they saw the drawing. “I hope you publish this,” one of them said.

“The initial reaction from employees and engineers at big companies like Google after the NSA leaks was sort of a resounding ‘how dare you?,'” security expert Chet Wisniewski told Buzzfeed on Friday. “I imagine now that there’s the possibility companies like Yahoo, Akamai, Amazon might have been vulnerable, there will be a very similar reaction.”

Turns out they were. Millions of websites have been affected by the OpenSSL so-called Heartbleed bug that was revealed this week, putting billions of people’s personal information at risk. Now Bloomberg is reporting that the NSA has secretly been exploiting the bug for two years. (The US government denies this claim.)

It’s amazing that entire internet, including big companies like Google and Facebook rely on this tiny OpenSSL foundation, which manages the free encryption library. They have four developers working on the project, and only one full time. Maybe these multi-billion dollar companies could throw in some money to help preserve the future of the internet. As cryptographer Matthew Green told the New York Times, ‘If we could get $500,000 kicked back to OpenSSL and teams like it, maybe this kind of thing won’t happen again.”

To be sure, Snowden’s revelations have sparked these companies to dramatically improve their security, which protects customers against not only the NSA but also other governments and criminals. “For that reason alone, we owe Edward Snowden our thanks,” the ACLU’s principal technologist has said.

But many of the companies were also just implementing practices that security experts had been advocating for years – and as the Heartbleed bug showed, they were not enough.

And what about that Edward Snowden, the man who brought us all this of information? Many of these CEOs can’t bring themselves to praise him in public, despite being “outraged” by the government’s “illegal” activity. Only Zynga’s founder – Marc Pincus, the man seated next to President Obama in that photo above – was brave enough to advocate for a pardon of Snowden after he and some of his fellow CEOS went to the White House in December.

Both Greenwald and Poitras made clear at the Polk awards here in New York on Friday: without Snowden, we’d have known exactly none of this.

Many of the billion-dollar companies involved in the NSA mess have faced allegations that they are more than willing participants in at least some of the surveillance programs, and a recent poll showed people trust them even less than the IRS. Which is saying something. If they want to say to us that they’re serious, it’s time that they took some serious action.