Posts Tagged With ‘privacy&8217

Angry Birds and other “Leaky Apps” Being Targeted by NSA for Collection of Personal Data

The Guardian on the NSA collecting personal data from “leaky apps” like Angry Birds:

The data pouring onto communication networks from the new generation of iPhone and Android apps ranges from phone model and screen size to personal details such as age, gender and location. Some apps, the documents state, can share users’ most sensitive information such as sexual orientation – and one app recorded in the material even sends specific sexual preferences such as whether or not the user may be a swinger.

Many smartphone owners will be unaware of the full extent this information is being shared across the internet, and even the most sophisticated would be unlikely to realise that all of it is available for the spy agencies to collect.

I’m fairly certain Angry Birds isn’t leaking your sexual preference, however there are plenty of other apps that may very well be disclosing information you would otherwise like to keep private.

The Angry Birds revelation isn’t the most interesting tidbit in the latest Snowden disclosure.

One slide from a May 2010 NSA presentation on getting data from smartphones – breathlessly titled “Golden Nugget!” – sets out the agency’s “perfect scenario”: “Target uploading photo to a social media site taken with a mobile device. What can we get?”

The question is answered in the notes to the slide: from that event alone, the agency said it could obtain a “possible image”, email selector, phone, buddy lists, and “a host of other social working data as well as location”.

In practice, most major social media sites, such as Facebook and Twitter, strip photos of identifying location metadata (known as EXIF data) before publication. However, depending on when this is done during upload, such data may still, briefly, be available for collection by the agencies as it travels across the networks.

Even if the EXIF data is stripped from a photo prior to publication, as long as the associated data is uploaded to a social media site then the NSA has the ability to intercept, collect, store, and analyze the data.

Put another way, even if the Twitter app removes the EXIF data before transmitting the picture and tweet to Twitter, if you have location posting enabled then the NSA will still be able to capture that information. If you have location visibility disabled, this substantially minimizes NSA’s capabilities to collect otherwise private information.

This post is part of the thread: Security – an ongoing story on this site. View the thread timeline for more context on this post.

Snowden Calls Proven Liar Mike Rogers’ Allegations of Russian Assistance Absurd

The New Yorker on proven liar, House Intelligence Committee chairman Mike Rogers’ allegation that Edward Snowden was aided by the Russians:

Snowden, in a rare interview that he conducted by encrypted means from Moscow, denied the allegations outright, stressing that he “clearly and unambiguously acted alone, with no assistance from anyone, much less a government.” He added, “It won’t stick…. Because it’s clearly false, and the American people are smarter than politicians think they are.”

If he was a Russian spy, Snowden asked, “Why Hong Kong?” And why, then, was he “stuck in the airport forever” when he reached Moscow? (He spent forty days in the transit zone of Sheremetyevo International Airport.) “Spies get treated better than that.”

House Intelligence Committee Chairman Mike Rogers Heads to TV to Spread Blatant Lies about Snowden’s Motives for Whistle-blowing

NBC News Politics on comments House Intelligence Committee Chairman Mike Rogers made during an interview to be aired Sunday on Meet the Press:

In an interview to be aired Sunday on NBC’s Meet the Press, Rogers said that rather Snowden being a crusader for Americans’ privacy, “the vast majority” of what Snowden stole “had nothing to do with privacy. Our Army, Navy, Air Force, Marines have been incredibly harmed by the data that he has taken with him and we believe now is in the hands of nation states.”

The Michigan Republican added that there are still “certain questions that we have to get answered” about who helped Snowden remove data from the NSA and later make it public in newspapers in the United States and Britain.

“He was stealing information that had to do with how we operate overseas to collect information to keep Americans safe…. And some of the things he did were beyond his technical capabilities” — a fact which Rogers said “raises more questions. How he arranged travel before he left. How he was ready to go, he had a go bag, if you will.”

Rogers added that he believes “there’s a reason he ended up in the hands, the loving arms, of an FSB (Russian security service) agent in Moscow. I don’t think that’s a coincidence….I don’t think it was a gee-whiz luck event that he ended up in Moscow under the handling of the FSB.”

What an utter joke. I don’t even know where to begin.

That has got to be one of the weakest arguments I have ever read about Snowden and his motivation for blowing the whistle on NSA activities. If Mike Rogers, who has a penchant for lying about anything he dislikes, truly believes Snowden had help from the Russians in copying sensitive documents off of NSA file servers then the U.S. intelligence apparatus has more to be concerned with than the mere disclosure of secrets.

How would Mike Rogers, a Congressman who has absolutely no clue about technology, have any clue about what technical capabilities Snowden wields, much less how easy it is to copy data from file servers to USB thumb drives if you are a systems administrator?

It’s not like this is rocket science: to move necessary operating system and security patches from the internet to other networks, USB drives are a necessity, and the only personnel authorized to use them are those with elevated privileges so they can perform their job functions. This is expressly why Snowden was able to do what he did; his position of trust allowed him special access, and he abused it in the pursuit of whistle-blowing.

I suggest the questions Mike Rogers, as the ostensible House Intelligence Committee Chairman, should be focused on getting answers to are the following:

  1. Why is the NSA violating the privacy of American citizens when these programs have been proven ineffective?
  2. Why has the NSA failed to provide straightforward answers to questions to Congress so they do not have to seek the consultation of private citizens to understand the context of the Snowden disclosures?
  3. Why has the Director of National Intelligence James Clapper been allowed to lie to Congress without any repercussions whatsoever?
  4. Why does the intelligence apparatus always get a free pass from illegal behavior while ordinary citizens who are not doing anything illegal get terrorized with false accusations and threats of long-term incarceration for seemingly petty charges?

Lastly, it is rather apparent Representative Rogers forgot it was the United States government who revoked Snowden’s passport while he was mid-air, which left him stranded in a Russian airport for weeks before finally being granted temporary asylum in Russia.

How we, as Americans, allow ourselves to be represented by blatant liars like Mike Rogers is unfathomable. Of course, President Obama remains one of the worst acts of lying in recent history, campaigning against everything he has done while in office. People like these two – which admittedly is the majority of our elected officials – need to be voted off the island and removed from office forever.

It is time for our government to get back to being one of the people, working for the people, rather than one only interested in maintaining the status quo and pushing the boundaries of constitutionally acceptable behavior because terrorism.

This post is part of the thread: Security – an ongoing story on this site. View the thread timeline for more context on this post.

Obama Announces “Changes” That Do Absolutely Nothing to Curb Unnecessary, Overly Broad Data Collection on U.S. Citizens

The New York Times on a speech by Obama earlier today announcing changes to NSA’s bulk collection of U.S. citizen’s data:

“The most interesting part of this speech was not how the president weighed individual privacy against the N.S.A.,” said Fred H. Cate, the director of the Center of Applied Cybersecurity Research at Indiana University, “but that he said little about what to do about the agency’s practice of vacuuming up everything it can get its hands on.”

Professor Cate, who also advises the Department of Homeland Security on cyber issues, noted that Mr. Obama “took a report that had 46 recommendations, and touched on three or four of them.”

In fact, he did more than that: Mr. Obama reminded the country that it was not only the government that was monitoring users of the web, it was also companies like Apple, Facebook, Twitter and Yahoo that had complained so loudly, as members of an industry group called Reform Government Surveillance.

Is anyone really surprised President Obama would try and equate the unnecessary, unwarranted, and undesired NSA encroachment upon civil liberties through bulk data collection in just about every way imaginable, with American citizens handing over information to corporations like Apple, Facebook, and Twitter in exchange for services rendered?

Yes, the President of the United States of America believes the American public is so stupid that we are unable to see through his – and the out of control intelligence apparatus’ – subterfuge.

This post is part of the thread: Security – an ongoing story on this site. View the thread timeline for more context on this post.

Bruce Schneier Briefs Congress on NSA Activities Because True Intelligence Community Oversight Does Not Exist and Probably Never Will

Security expert Bruce Schneier on having briefed Congress on NSA capabilities:

This morning I spent an hour in a closed room with six Members of Congress: Rep. Logfren, Rep. Sensenbrenner, Rep. Scott, Rep. Goodlate, Rep Thompson, and Rep. Amash. No staffers, no public: just them. Lofgren asked me to brief her and a few Representatives on the NSA. She said that the NSA wasn’t forthcoming about their activities, and they wanted me — as someone with access to the Snowden documents — to explain to them what the NSA was doing. Of course I’m not going to give details on the meeting, except to say that it was candid and interesting. And that it’s extremely freaky that Congress has such a difficult time getting information out of the NSA that they have to ask me. I really want oversight to work better in this country.

How amazing is it that Congress has to ask a private citizen – one without a security clearance yet who is familiar with and understands the NSA capabilities thanks to the Snowden disclosures – about NSA activities rather than hearing the answers from NSA Director, General Keith Alexander?

This is not supposed to happen in the United States. Soviet Russia maybe, but not in America. If you still think what the NSA is doing is ok, and necessary to keep America safe, I suggest you reevaluate your stance after reading all the available information released since the first Snowden revelation.

If this meeting is not evidence enough of an intelligence agency run amok then I don’t know what is.

This post is part of the thread: Security – an ongoing story on this site. View the thread timeline for more context on this post.

NSA Collecting Millions of Text Messages Daily in Untargeted Global Sweep

The Guardian on yet another NSA revelation, Dishfire, a program bulk collecting millions of global text messages daily:

The NSA program, codenamed Dishfire, collects “pretty much everything it can”, according to GCHQ documents, rather than merely storing the communications of existing surveillance targets.

The NSA has made extensive use of its vast text message database to extract information on people’s travel plans, contact books, financial transactions and more – including of individuals under no suspicion of illegal activity.

An agency presentation from 2011 – subtitled “SMS Text Messages: A Goldmine to Exploit” – reveals the program collected an average of 194 million text messages a day in April of that year. In addition to storing the messages themselves, a further program known as “Prefer” conducted automated analysis on the untargeted communications.

I am fascinated each time a new story is published based on documents from the Snowden disclosure treasure trove. However, lately, I rarely find myself surprised. Instead, I shake my head and think, this is pretty damn obvious and seems like a capability I would expect the NSA to wield.

What scares me more than anything is how blind and inconsiderate the NSA is to the dangerous rabbit hole they’ve taken the United States down. The NSA seems to think they’re being chivalrous when in fact it’s quite the opposite.

This post is part of the thread: Security – an ongoing story on this site. View the thread timeline for more context on this post.

Is the NSA Review Panel Really Casting Doubts on Bulk Data Collection?

The Guardian on the NSA review panel testifying against bulk phone data collection before the Senate:

Richard Clarke, who was the White House’s counter-terrorism czar on 9/11, echoed the 9/11 Commission in saying that the biggest obstacle to preventing the terrorist attack was not the NSA collecting an insufficient amount of data, but a failure to share information already collected.

“If the information that the federal agencies had at the time had been shared among the agencies, then one of them, the FBI, could have gone to the Fisa Court and could have in a very timely manner gotten a warrant to monitor” US-based al-Qaida conspirators, Clarke told the Senate judiciary committee.

Similarly, Michael Morell, a former deputy CIA director, told the committee that so-called “metadata” about a phone conversation inherently entailed information about the substance of the communication. “There is quite a bit of content in metadata,” Morrell said. “There’s not a sharp distinction between metadata and content. It’s more of a continuum.”

This is well known and something I’ve discussed previously. Had the NSA shared data with the FBI and other law enforcement agencies then good old fashioned police quite possibly could have opened up new leads, potentially even putting enough pressure on the hijackers to thwart 9/11. NSA bulk data collection alone does not automatically make the intelligence apparatus capable of foiling every terrorist plot.

That will never happen. Ever.

Morrell added that the bulk collection of domestic phone data “has not played a significant role in preventing any terrorist attacks to this point,” further undercutting a major rationale offered by the NSA since the Guardian first revealed the bulk phone-data collection in June, thanks to leaks by Edward Snowden.

But, Morell added, “that is a different statement than saying the program has not been important.” Morrell said that bulk collection can provide a reassurance that there is no domestic nexus to foreign terrorist plots detected by other NSA efforts.

“It is absolutely true that 215 has not by itself disrupted prevented terrorist attacks in the United States, but that doesn’t mean it’s not important going forward, said Morell, using a shorthand for the bulk phone metadata collection. “Many of us have never suffered a fire in our homes but many of us have homeowners insurance.”

Notice the disingenuous false equivalency? Homeowners insurance does not spy on Americans unlike NSA bulk data collection. Why would Morell bother with this analogy?

This post is part of the thread: Security – an ongoing story on this site. View the thread timeline for more context on this post.

NSA Using Custom Malware and Special Radio Wave Networks for Surveillance

The New York Times on an NSA program using surreptitiously installed USB cards with radio frequency transceivers in conjunction with custom written malware which then provides them access to the asset via radio waves:

While most of the software is inserted by gaining access to computer networks, the N.S.A. has increasingly made use of a secret technology that enables it to enter and alter data in computers even if they are not connected to the Internet, according to N.S.A. documents, computer experts and American officials. The technology, which has been used by the agency since at least 2008, relies on a covert channel of radio waves that can be transmitted from tiny circuit boards and USB cards inserted surreptitiously into the computers. In some cases, they are sent to a briefcase-size relay station that intelligence agencies can set up miles away from the target.

The radio frequency technology has helped solve one of the biggest problems facing American intelligence agencies for years: getting into computers that adversaries, and some American partners, have tried to make impervious to spying or cyberattack. In most cases, the radio frequency hardware must be physically inserted by a spy, a manufacturer or an unwitting user.

This type of spying should not be a surprise to anyone. It’s fairly reminiscent of the types of attacks purported to have been used during the height of the Cold War. The combination of NSA-custom designed malware and traditional RF transmissions may sound novel to the layman but it’s actually a very obvious use of current technology.

The important question is this: is NSA, or any of the other intelligence or law enforcement agency, using this at home in the U.S. to spy on our own citizens?

There is no evidence that the N.S.A. has implanted its software or used its radio frequency technology inside the United States. While refusing to comment on the scope of the Quantum program, the N.S.A. said its actions were not comparable to China’s.

“N.S.A.’s activities are focused and specifically deployed against — and only against — valid foreign intelligence targets in response to intelligence requirements,” Vanee Vines, an agency spokeswoman, said in a statement. “We do not use foreign intelligence capabilities to steal the trade secrets of foreign companies on behalf of — or give intelligence we collect to — U.S. companies to enhance their international competitiveness or increase their bottom line.”

With all the information disclosures from the Snowden leaks, I find it pretty difficult to believe the FBI has never asked the NSA to use this technology in the states. It is not unprecedented for law enforcement to launder the information gleaned from these types of programs through other means, and then use that information against a potential defendant while pretending they found it via other avenues.

This post is part of the thread: Security – an ongoing story on this site. View the thread timeline for more context on this post.

Old Fashion Police-work Said to be “No Burden” for the Intelligence Community But A Lot of Work Remains to Reign in the NSA

Chris Strohm of Bloomberg reporting on members of an investigation panel testifying before the Senate Judiciary Committee yesterday defending their recommendation that the NSA be required to obtain warrants for collecting and storing bulk phone records:

Requiring a U.S. spy agency to get a warrant each time it wants customer records from phone companies won’t hinder terrorism probes, members of a White House advisory panel said days before President Barack Obama plans to announce changes to surveillance programs.

Panel members testifying before the Senate Judiciary Committee yesterday defended their recommendation that Obama bar the National Security Agency from collecting and storing bulk phone records, such as numbers dialed and call durations.

“I do not believe that we’re going to add a substantial burden to the government,” said Michael Morell, a former deputy CIA director and member of the panel. The government also could have emergency authority to obtain the records and then seek a court warrant at a later time, Morell said.

There is absolutely no exigent circumstances requiring the NSA to be able to bulk collect data. Obtaining a warrant is generally fairly easy for law enforcement, so their complaints about needing this capability rings hollow. Pre-9/11, NSA had all the information about the hijackers. They merely failed to share that information with other agencies, instead – in true intelligence community fashion – opting to hold onto the valuable data for no articulable reason.

However, not all was sunshine and roses during the testimony:

The advisory group has also recommended that a special advocate be established to represent privacy interests before the secret court that oversees NSA spying under the Foreign Intelligence Surveillance Act. While Obama has signaled that he favors having such an advocate, at least one former judge on the court is critical of the proposal.

In a letter released by Senator Dianne Feinstein yesterday, U.S. District Judge John D. Bates wrote that the participation of a public advocate in the court’s proceedings “is unnecessary” and could “prove counterproductive.”

“Advocate involvement in run-of-the-mill FISA matters would substantially hamper the work of the courts without providing any countervailing benefit in terms of privacy protection or otherwise,” wrote Bates, who was assigned by Chief Justice John Roberts to act as a liaison for the federal judiciary on the issue.

A privacy advocate, or at least someone who is fully capable of raising the bullshit flag when the NSA pitches something designed to thwart privacy or fourth amendment protections is critical in ensuring Americans’ rights are not trampled over like the Spanish running of the bulls. There has to be more than the FISA court, NSA counsel, and Justice Department personnel present for these cases to ensure the American people are adequately represented.

It is blatantly obvious that has not happened since the inception of these programs otherwise we would not be in this precarious situation.

This post is part of the thread: Security – an ongoing story on this site. View the thread timeline for more context on this post.

The Fantasy that Obama Will Implement NSA Surveillance Reforms

Mick Meany on ostensible upcoming NSA surveillance reforms to be announced by President Obama:

Another reason to doubt that the White House is planning anything remotely close to an “overhaul” is the fact that, according to David Nakamura, the White House is tired of being preoccupied with the issue of NSA surveillance. They are eager to “move past the NSA controversy”–so eager Obama almost delivered a speech on NSA reforms before his own NSA review group presented their recommendations on what should be reformed.

Even though Obama claimed in June, “I welcome this debate,” the truth is this was never the case. The administration fought in the courts against the very information that has fueled debate. This has all been an awfully distressing distraction to the administration.

Additionally, there’s former CIA deputy director Mike Morell, who the president picked to lead his review group (which was placed under the supervision of Director of National Intelligence James Clapper). Morell has been concerned that people misinterpreted the review report the group put out.

It is “incorrect,” he said, that the report was “sweeping” and called for a “roll back” of capabilities. The report did not call for an end to the bulk data collection program. While it found the program had not been “essential to preventing attacks,” that did not also mean it was “not important to national security.” (Figure that one out.)

“Personally, I would expand the Section 215 program to include all telephone metadata (the program covers only a subset of the total calls made) as well as e-mail metadata (which is not in the program) to better protect the United States. This is a personal view; it is not something the review group opined on or even discussed. Such an expansion should, of course, fall under the same constraints recommended by the review group,” Morell shared.

This should concern everyone.

If Obama is paying lip service, which I have long suspected, then it’s going to take a brave Congress to do the right thing and legislate repeals to NSA authorities.

Is there a person on the planet who believes Congress has the cajones to do what’s right?

This post is part of the thread: Security – an ongoing story on this site. View the thread timeline for more context on this post.