This week marks the year of Edward Snowden NSA revelations began. I have covered news on NSA relevations on my blog pretty much (Security trends 2013 and Security trends 2014). Register magazine article NSA: Inside the FIVE-EYED VAMPIRE SQUID of the INTERNET is a good wrap-up of what has been revealed over the years and what it has caused. The evidence Snowden has provided, by the bucketload, has shown that no country, no network, no communications system, no type of communication has been too small or trivial or irrelevant to attract attention and the ingestion of data into huge and enduring archive.
Google, Mozilla and many other online companies and organizations to celebrate the anniversary of the revelations Snowden Reset the Net campaign: Don’t ask for your privacy. Take it back.
“On June 5, I will take strong steps to protect my freedom from government mass surveillance. I expect the services I use to do the same.” Once you pledge, get the privacy pack.
94 Comments
Tomi Engdahl says:
Snowden a ‘traitor’: Andreessen
http://www.cnbc.com/id/101733893
NSA leaker Edward Snowden is a “traitor,” venture capitalist Marc Andreessen told CNBC. The secrets he’s revealed have hurt Silicon Valley by association, and President Barack Obama is doing nothing to change that perception on the world stage.
“The Snowden reveals keep coming out. The [Obama] administration is letting the NSA out to dry. They’re letting the American tech industry out to dry,” Andreessen said in a “Squawk Box” interview that aired Thursday.
The fallout from the Snowden leaks have hurt U.S. technology firms’ ability to sell their products overseas, he added.
“I think I am in the distinct minority out here,”
Tomi Engdahl says:
Twitter and WordPress join tech giants in Reset the Net protest
Edward Snowden, Mozilla and Google swell the ranks
http://www.theinquirer.net/inquirer/news/2348144/google-joins-reset-the-net-offers-end-to-end-mail-encryption
THE RESET THE NET campaign kicks off today with strong support from the technology industry, with Twitter and WordPress the latest to join.
The Reset the Net campaign already has support from parties including Edward Snowden, Reddit, Imgur, Google and Mozilla, and it announced this afternoon that Twitter and WordPress have also signed up.
Tomi Engdahl says:
Security
Google: OK world, make our ‘End-to-End’ crypto tool SPOOK PROOF
Source code released – now you can kick the tyres
http://www.theregister.co.uk/2014/06/03/google_unveils_end_to_end_for_email_encryption/
Google has released the source code for an encryption plugin for Chrome that makes the secure sending of email easier.
The web giant said its End-to-End Chrome plugin, currently in alpha development status, will provide a secure method for transmitting data between users, with data encrypted locally in a user’s browser and decrypted by the recipient using OpenPGP. The code is provided under the Apache 2.0 licence.
While Google offers limited security for its webmail service Gmail – by forcing HTTPS connections for all communication to and from the web server – the search kingpin said its Chrome plugin will expand protections to other services and allow for message information to be secure from endpoint to endpoint (so long as you’re running Chrome with the plugin installed).
In order to assure that the plugin will be reliable for users in sensitive positions (such as activists or human rights workers), the Chocolate Factory is only providing the source code for End-to-End for now. The idea is to have researchers hammer away at the tool to find possible security flaws under Google’s bug bounty program.
Tomi Engdahl says:
F-Secure security expert Mikko Hypponen expects the company’s release that Edward Snowden’s revelations, we are more in a better situation. Companies and consumers are more concerned about their privacy, and what happens to their data.
Furthermore, the complex technology, security and privacy issues in the global conversation taking place.
“I hope that we will have more Snowden from other great powers,” Hypponen said.
Hyppönen believes that the disclosures are also significantly changed the security companies business practices. Outside the United States located in the companies, he said, an obligation to serve worldwide customers who prefer to be dealing with non-US companies.
In particular, companies are Hyppönen, a strongly moving out of U.S. cloud services, for the U.S. authorities to access these services.
Source: http://www.tietoviikko.fi/uutisia/fsecuren+hypponen+toivoo+maailmaan+lisaa+snowdeneita/a992164
Tomi Engdahl says:
Vodafone reveals existence of secret wires that allow state surveillance
Wires allow agencies to listen to or record live conversations, in what privacy campaigners are calling a ‘nightmare scenario’
http://www.theguardian.com/business/2014/jun/06/vodafone-reveals-secret-wires-allowing-state-surveillance
Vodafone, one of the world’s largest mobile phone groups, has revealed the existence of secret wires that allow government agencies to listen to all conversations on its networks, saying they are widely used in some of the 29 countries in which it operates in Europe and beyond.
The company has broken its silence on government surveillance in order to push back against the increasingly widespread use of phone and broadband networks to spy on citizens, and will publish its first Law Enforcement Disclosure Report on Friday
The company said wires had been connected directly to its network and those of other telecoms groups, allowing agencies to listen to or record live conversations and, in certain cases, track the whereabouts of a customer. Privacy campaigners said the revelations were a “nightmare scenario” that confirmed their worst fears on the extent of snooping.
“For governments to access phone calls at the flick of a switch is unprecedented and terrifying,”
Twelve months after revelations about the scale of the US government’s surveillance programs were first published in the Guardian and the Washington Post, Snowden said: “One year ago, we learned that the internet is under surveillance, and our activities are being monitored to create permanent records of our private lives – no matter how innocent or ordinary those lives might be. Today, we can begin the work of effectively shutting down the collection of our online communications, even if the US Congress fails to do the same.”
Tomi Engdahl says:
Mathematicians Urge Colleagues To Refuse To Work For The NSA
http://www.forbes.com/sites/kashmirhill/2014/06/05/mathematicians-urge-colleagues-to-refuse-to-work-for-the-nsa/
“Many mathematicians work for the NSA or organizations with ties to it. They’re involved in facial recognition development and big data aspects of mass surveillance. If privacy disappears from the face of the Earth, mathematicians will be some of the primary culprits.”
Tomi Engdahl says:
Internet Giants Erect Barriers to Spy Agencies
http://www.nytimes.com/2014/06/07/technology/internet-giants-erect-barriers-to-spy-agencies.html?_r=0
As fast as it can, Google is sealing up cracks in its systems that Edward J. Snowden revealed the N.S.A. had brilliantly exploited. It is encrypting more data as it moves among its servers and helping customers encode their own emails. Facebook, Microsoft and Yahoo are taking similar steps.
After years of cooperating with the government, the immediate goal now is to thwart Washington — as well as Beijing and Moscow. The strategy is also intended to preserve business overseas in places like Brazil and Germany that have threatened to entrust data only to local providers.
Google, for example, is laying its own fiber optic cable under the world’s oceans, a project that began as an effort to cut costs and extend its influence, but now has an added purpose: to assure that the company will have more control over the movement of its customer data.
A year after Mr. Snowden’s revelations, the era of quiet cooperation is over. Telecommunications companies say they are denying requests to volunteer data not covered by existing law. A.T.&T., Verizon and others say that compared with a year ago, they are far more reluctant to cooperate with the United States government in “gray areas” where there is no explicit requirement for a legal warrant.
Tomi Engdahl says:
EU ministers decided today that companies with outside the EU headquarters must act with EU data protection legislation.
The ministers’ decision to force, including Google and Facebook to operate according to EU legislation. The decision is the first step to strengthen the protection of privacy legislation.
- For all enterprises operating in Europe must comply with the rules, EU Justice Commissioner Viviane Reding told reporters in Luxembourg.
- The European ministers now is the time to say yes to Snowden’s wake-up call in, Reding said at a briefing.
However, ministers have disagreed as to how companies are forced to comply with the law. Ministers did not agree, for example, about how large companies are having to deal to a separate all of the 28-member state data protection authorities.
Source: http://www.digitoday.fi/yhteiskunta/2014/06/06/eu-ottaa-facebookia-ja-googlea-niskasta–mutta-pitaako-ote/20148066/66
Tomi Engdahl says:
Ex-KGB Major: The Russians Tricked Snowden Into Going To Moscow
http://www.businessinsider.com/ex-kgb-spy-the-russians-tricked-snowden-2014-6
Ex-KGB Major Boris Karpichko told Nigel Nelson of The Mirror that spies from Russia’s SVR intelligence service, posing as diplomats in Hong Kong, convinced Snowden to fly to Moscow last June.
“It was a trick and he fell for it,”
“Now the Russians are extracting all the intelligence he possesses.”
Snowden flew from Hawaii to Hong Kong on May 20, 2013 and identified himself to the world on June 9. The 30-year-old American became stranded in Moscow on June 23 after he landed with a void U.S. passport and an unsigned travel Ecuadorian document obtained by WikiLeaks founder Julian Assange.
Snowden has been living under the protection of the post-Soviet security services (FSB) since at least receiving asylum on Aug. 1. Karpichko told The Mirror that Snowden lives in an FSB-controlled neighborhood in Moscow’s suburbs.
The U.S. government believes Snowden, who had a web presence from 2001 until May 2012, began downloading documents in the summer of 2012 and eventually stole around 1.5 million documents — about 200,000 of which he gave to journalists.
Tomi Engdahl says:
SNOWDEN: Here’s Everything We’ve Learned In One Year Of Unprecedented Top-Secret Leaks
Read more: http://www.businessinsider.com/snowden-leaks-timeline-2014-6#ixzz349Lb1Y2t
Tomi Engdahl says:
Snowden’s Big Brother isn’t as Orwellian as you’d think
Secrets & lies: Spies & GCHQ
http://www.theregister.co.uk/2014/06/11/snowden_whistleblowing_big_brother_state_not_1984_just_yet/
Snowden Anniversary Few will forget learning the truth about Santa Claus. Many also felt deep shock on realising that a hitherto ultra-secret NSA/GCHQ programme, revealed in documents leaked by whistleblower Edward Snowden, was constantly rating everyone on a naughty-nice metric based on indiscriminate covert surveillance all their online activity – or that GCHQ’s “Cheltenham Doughnut” HQ was shaped like an enormous hard disc for a reason.
A year after the first Snowden revelations – or rather, after a year of Snowden revelations – we know that our surveillance agencies get hold of as much digital material as they can, doing so in some ways that are morally dubious although apparently inside the law… then apparently use only tiny pieces of what they gather
Tomi Engdahl says:
Tech companies are raising their game (and pants) post-Snowden
Is everything fatally borked? Not quite, say security godheads
http://www.theregister.co.uk/2014/06/12/safe_in_our_hands_security_industry_takes_a_hit_from_snowdens_year/
Snowden anniversary If there’s a positive to the disclosures by ex-National Security Contractor (NSA) contractor Edward Snowden, it’s that it’s been a disaster for technology and internet firms.
Yes, a positive.
The effect of all this should be a raising of these companies’ games and a shaking of users’ complacency in relying on “free” products and in being too accepting of what they’re given and of standard “solutions.”
Already, tech and web companies are coming back. Caught with their pants down, they are now being given the time and money to pull them back up again.
Pre-Snowden it was generally assumed the government was carrying out some sorts of surveillance against key targets and that the bright boys and girls at the National Security Agency (NSA) could subvert security systems if they really wanted to.
Snowden’s leaks showed not only that security weaknesses are being built into software but also that the large companies to whom we entrust our data are helping in this – and they have been criminally lax about the security of users’ data within their own organizations.
As any security expert knows, intentionally introducing flaws into your products is a stupid move. Sure, it gives the intelligence community a backdoor into software, but there’s no guarantee that someone else won’t discover the same flaw and start using it. In fact, the way code examination is these days, it’s a virtual certainty that someone will do this.
“The problem isn’t that we know the NSA is doing these things,” added privacy expert Bruce Schneier. “The real problem is that we don’t know what else the NSA is doing. Internet companies – hardware, software, service – simply cannot be trusted anymore.”
“The leaks caused a lot of anger in these companies, and in particular with the security teams in these companies. These security teams have had a list of things they’ve wanted to do for years but budgets are limited and so they focus resources on the biggest threats,” he told us.
“Now, it’s my understanding that in the wake of the Snowden disclosures, that security teams have been given pretty much a blank check and can spend whatever they want to spend to protect the link between the user and the company.”
RSA has consistently denied that it accepted any money to include a weakened security protocol, but that didn’t stop some key members of the security community from boycotting the security company’s annual show this year and setting up a rival TrustyCon get-together.
“The encryption vetting process is working fine. AES and SHA-3 are both stellar examples of a public process to choose a new encryption standard. I trust them both, and will continue to trust them,”
“There are a lot of people in the security industry who are taking a fresh look at the security technology we use and asking ‘can we make this better?’,”
Go with the industry standard, though, and you’re a sitting duck. “The default crypto used by everyone will blind bulk surveillance,”
Tomi Engdahl says:
A Crisis of Accountability
A global analysis of the impact of the Snowden revelations
http://www.privacysurgeon.org/blog/wp-content/uploads/2014/06/Snowden-final-report-for-publication.pdf
The Snowden disclosures have triggered a noticeable shift in thinking across the world toward increased awareness of the importance of accountability, transparency and the rule of law with regard to both the activities of security agencies and the value of privacy. This shift – in many parts of the world – has empowered civil society, created a resurgence of interest in legal protections and sensitised media to key issues that have hitherto escaped public scrutiny at any substantial level.
This shift notwithstanding, the overwhelming majority of countries assessed in this report have not responded in any tangible, measurable way to the Snowden disclosures that began in June 2013.
The operational relationship between security services, law enforcement agencies and global police organisations such as INTERPOL remains largely unknown and – in terms of data policy – continues to be largely unaccountable.
A significant number of corporations have responded to the disclosures by introducing a range of accountability and security measures (transparency reports, end – to – end encryption etc). Nonetheless, while acknowledging that these reforms are “a promising start” nearly sixty percent of legal and IT professionals surveyed for this report believe that they do not go far enough, with more than a third of respondents reporting that they felt the measures were “little more than window dressing” or are of “little value” outside the US.
Civil society and the tech community have not adequately adapted to the challenges raised by the Snowden revelations.
Anyone following the US and English – language media in the wake of the Snowden revelations might be forgiven for believing that the disclosures have created a vast impact on the world’s security services. The US, in particular, has engaged in a high – profile national debate of sufficient scale to bring some of the US – based intelligence entities to the brink of greater accountability.
Nonetheless, while being the most widely reported of all the elements of Snowden’s legacy, the US developments do not in any way represent the international situation.
Tomi Engdahl says:
Web giants encrypt their services—but leaks remain
Ars surveys SSL use at major cloud providers and finds some holes.
http://arstechnica.com/information-technology/2014/06/a-year-after-snowden-internet-crypto-remains-spotty/
It’s been a year since Edward Snowden’s leak of National Security Agency documents triggered a firestorm around cloud service providers’ privacy protections (or lack thereof). Since last summer, the giants of the Internet have pledged to do more to encrypt their Internet traffic—and in some cases, their internal network traffic—to protect it from both government surveillance and other prying eyes. But an Ars investigation reveals that data continues to leak.
Tomi Engdahl says:
Inside Edward Snowden’s Life as a Robot
http://www.wired.com/2014/06/inside-edward-snowdens-life-as-a-robot/
Since he first became a household name a year ago, Edward Snowden has been a modern Max Headroom, appearing only as a face on a screen broadcast from exile in Hong Kong or Russia. But in the age of the telepresence robot, being a face on a screen isn’t as restrictive as it used to be.
Tomi Engdahl says:
U.S. officials scrambled to nab Snowden, hoping he would take a wrong step. He didn’t.
http://www.washingtonpost.com/world/national-security/us-officials-scrambling-to-nab-snowden-hoped-he-would-take-a-wrong-step-he-didnt/2014/06/14/057a1ed2-f1ae-11e3-bf76-447a5df6411f_story.html
Tomi Engdahl says:
Microsoft: NSA security fallout ‘getting worse’ … ‘not blowing over’
‘Double-digit declines in people’s trust in American tech companies’ is bad for business
http://www.theregister.co.uk/2014/06/19/microsoft_nsa_fallout/
Microsoft’s top lawyer says the fallout of the NSA spying scandal is “getting worse,” and carries grim implications for US tech companies.
In a speech at the GigaOm Structure conference in San Francisco on Thursday, Microsoft general counsel Brad Smith warned attendees that unless the US political establishment figures out how to rein in its spy agencies, there could be heavy repercussions for tech companies
“What we’ve seen since last June is a double-digit decline in people’s trust in American tech companies in key places like Brussels and Berlin and Brasilia. This has put trust at risk,” Smith said.
“The longer we wait or the less we do the worse the problem becomes,” he explained. “We are seeing other governments consider new procurement rules – procurement rules that could effectively freeze out US-based companies.”
If the US government does not work to clear up the rules around how it intercepts data both at home and abroad, how deeply its spy agencies penetrate tech from its domestic companies, and how it accesses overseas data held by American companies, then there’s a real danger that US companies could suffer, Smith implied.
Tomi Engdahl says:
New N.S.A. Chief Calls Damage From Snowden Leaks Manageable
http://www.nytimes.com/2014/06/30/us/sky-isnt-falling-after-snowden-nsa-chief-says.html?_r=0
The newly installed director of the National Security Agency says that while he has seen some terrorist groups alter their communications to avoid surveillance techniques revealed by Edward J. Snowden, the damage done over all by a year of revelations does not lead him to the conclusion that “the sky is falling.”
In an hourlong interview Friday in his office here at the heart of the country’s electronic eavesdropping and cyberoperations, Adm. Michael S. Rogers, who has now run the beleaguered spy agency and the military’s Cyber Command for just short of three months, described the series of steps he was taking to ensure that no one could download the trove of data that Mr. Snowden gathered — more than a million documents.
Tomi Engdahl says:
Germany dumps Verizon for Deutsche Telekom over NSA spying
Nein, danke, we need ‘a very high level of security’
http://www.theregister.co.uk/2014/06/26/germany_boots_verizon/
The German government has said it will cancel its contract with US telecoms provider Verizon, citing spying fears.
“The pressures on networks as well as the risks from highly-developed viruses or Trojans are rising,” the country’s Interior Ministry told Reuters on Thursday. “Furthermore, the ties revealed between foreign intelligence agencies and firms in the wake of the US National Security Agency (NSA) affair show that the German government needs a very high level of security for its critical networks.”
Germans aren’t alone in their outrage. Upon hearing about the Merkel affair, US senator John McCain (R-AZ) called for the resignation of then-NSA chief General Keith Alexander. That was largely for show, though; Alexander retired from military service in March, to be replaced by Navy Vice Admiral Michael Rogers.
German carrier Deutsche Telekom will reportedly pick up where Verizon leaves off after getting the boot, and Reuters notes that DT already has a contract with the German government for carrying its most sensitive phone calls and data.
Tomi Engdahl says:
The NSA Revelations All in One Chart
http://projects.propublica.org/nsa-grid/
This is a plot of the NSA programs revealed in the past year according to whether they are bulk or targeted, and whether the targets of surveillance are foreign or domestic. Most of the programs fall squarely into the agency’s stated mission of foreign surveillance, but some – particularly those that are both domestic and broad-sweeping – are more controversial.
Tomi Engdahl says:
Remaining Snowden docs will be released to avert ‘unspecified US war’ – Cryptome
Not by us, though, says coy leaker tweet
http://www.theregister.co.uk/2014/06/30/remaining_snowden_documents_will_be_release_to_avert_war_cryptome/
All the remaining Snowden documents will be released next month, according to whistle-blowing site Cryptome, which said in a tweet that the release of the info by unnamed third parties would be necessary to head off an unnamed “war”.
Cryptome said it would “aid and abet” the release of “57K to 1.7M” new documents that had been “withheld for national security-public debate [sic]“.
The site clarified that will not be publishing the documents itself.
Transparency activists would welcome such a release but such a move would be heavily criticised by intel experts and military officials, who argue the dump of intelligence documents have set intelligence efforts back years.
Tomi Engdahl says:
Court gave NSA broad leeway in surveillance, documents show
http://www.washingtonpost.com/world/national-security/court-gave-nsa-broad-leeway-in-surveillance-documents-show/2014/06/30/32b872ec-fae4-11e3-8176-f2c941cf35f1_story.html
Virtually no foreign government is off-limits for the National Security Agency, which has been authorized to intercept information “concerning” all but four countries, according to top-secret documents.
Tomi Engdahl says:
Use Tor or ‘EXTREMIST’ Tails Linux? Congrats, you’re on an NSA list
Penguinista mag readers, privacy-conscious netizens and more targeted, claims report
http://www.theregister.co.uk/2014/07/03/nsa_xkeyscore_stasi_scandal/
Alleged leaked documents about the NSA’s XKeyscore snooping software appear to show the paranoid agency is targeting Tor and Tails users, Linux Journal readers – and anyone else interested in online privacy.
We already know from leaked Snowden documents that Western intelligence agents hate Tor for its anonymizing abilities.
not only is the NSA targeting the anonymizing network Tor specifically, it is also taking digital fingerprints of any netizens who are remotely interested in privacy.
These include readers of the Linux Journal site, anyone visiting the website for the Tor-powered Linux operating system Tails
Tomi Engdahl says:
Edward Snowden applies to extend his stay in Russia
http://www.bbc.com/news/world-europe-28230285
US whistleblower Edward Snowden has officially asked to extend his stay in Russia after his visa expires, his lawyer has told the BBC.
Anatoly Kucherena confirmed that paperwork had been submitted to Russia’s Federal Migration Service.
The current document granting him temporary asylum expires on 31 July.
Mr Snowden fled the US in May 2013 and has been living under temporary asylum in Russia.
Tomi Engdahl says:
Building the NSA’s Tools
http://hackaday.com/2014/08/01/building-the-nsas-tools/
Back in 2013, the NSA ANT Catalog was leaked. This document contained a list of devices that are available to the NSA to carry out surveillance.
[Michael Ossmann] took a look at this, and realized that a lot of their tools were similar to devices the open source hardware community had built. Based on that, he gave a talk on The NSA Playset at Toorcamp 2014. This covered how one might implement these devices using open hardware.
Tomi Engdahl says:
How Al-Qaeda Uses Encryption Post-Snowden (Part 2) – New Analysis in Collaboration With ReversingLabs
https://www.recordedfuture.com/al-qaeda-encryption-technology-part-2/
Tomi Engdahl says:
Snowden Granted 3 More Years of Russian Residency
http://politics.slashdot.org/story/14/08/07/1234203/snowden-granted-3-more-years-of-russian-residency
Tomi Engdahl says:
Is there Another NSA Leaker? Updated
http://www.securitycurrent.com/en/writers/richard-stiennon/is-there-another-nsa-leaker
“Another expert said that s/he believed that this leak may come from a second source, not Edward Snowden, as s/he had not seen this in the original Snowden docs; and had seen other revelations that also appeared independent of the Snowden materials. If that’s true, it’s big news, as Snowden was the first person to ever leak docs from the NSA. The existence of a potential second source means that Snowden may have inspired some of his former colleagues to take a long, hard look at the agency’s cavalier attitude to the law and decency.”
Schneier posted on his site:
“And, since Cory said it, I do not believe that this came from the Snowden documents. I also don’t believe the TAO catalog came from the Snowden documents. I think there’s a second leaker out there.”
Tomi Engdahl says:
Does The XKeyscore Source Code Leak Point To Another NSA Leaker?
https://www.techdirt.com/articles/20140706/11292827794/does-xkeyscore-source-code-leak-point-to-another-nsa-leaker.shtml
Tomi Engdahl says:
Crypto Daddy Phil Zimmerman says surveillance society is DOOMED
We’ve been here before when we defeated slavery and the absolute monarchy
http://www.theregister.co.uk/2014/08/09/technology_and_market_forces_will_defeat_surveillance_society_claims_crypto_king/
Defcon 22 A killer combination of rapidly advancing technology and a desire for greater privacy among the public should condemn current surveillance state to an historical anachronism, according to PGP creator Phil Zimmermann.
Zimmermann praised the release of information by NSA whistleblower Edward Snowden, saying his efforts have alerted the populace to the real state of affairs and made people much more concerned about privacy. The revelations had also forced the technology industry to “up its game” and provide products to meet that demand, he opined.
Once people get used to the practice of privacy they will rebel if politicians try to take it away from them, Zimmermann opined. He pointed out that if the government decided that everyone using SSL for internet banking had to be routed through a surveillance proxy people wouldn’t stand for it.
Tomi Engdahl says:
Russia, China could ban western tech if they want to live in the PAST
Top apps and hardware don’t appear overnight
http://www.theregister.co.uk/2014/08/07/russia_china_could_ban_western_tech_if_they_want_to_live_in_the_past/
Russia and China have both, of late, threatened western IT companies with difficult trading conditions or banishment if they can’t prove their products are secure.
The reason for their ire is, of course, Edward Snowden’s many revelations about US intelligence activities.
The response to his leaks have been widespread and fierce.
China has banished Windows 8, booted Symantec and Kaspersky from its approved vendor list, probed Microsoft, done nasty things to Qualcomm and pondered a ban on IBM.
Russia’s been belligerent too.
“It is likely that there will be much stringent requirements when it comes to government procurement,”
Those regulations won’t just be about security. “One thing becoming clear is that countries are beginning to use technology as a political tool,”
Tomi Engdahl says:
Snowden is FREE to ESCAPE FROM RUSSIA, say officials
But he can stay put for another 3 years if he really wants to
http://www.theregister.co.uk/2014/08/07/snowden_gets_russia_residency_permit_three_years/
Russia has given fugitive NSA whistleblower Edward Snowden a three year residency permit after his previous visa expired at the end of July.
Snowden’s lawyer, Anatoly Kucherena, told journalists that Snowden’s request for a residence permit had been granted.
“He will be able to travel freely within the country and go abroad,” said Kucherena, according to Russia Today. “He’ll be able to stay abroad for not longer than three months.”
Tomi Engdahl says:
Crypto Daddy Phil Zimmerman says surveillance society is DOOMED
We’ve been here before when we defeated slavery and the absolute monarchy
http://www.theregister.co.uk/2014/08/09/technology_and_market_forces_will_defeat_surveillance_society_claims_crypto_king/
A killer combination of rapidly advancing technology and a desire for greater privacy among the public should condemn current surveillance state to an historical anachronism, according to PGP creator Phil Zimmermann.
Zimmermann praised the release of information by NSA whistleblower Edward Snowden, saying his efforts have alerted the populace to the real state of affairs and made people much more concerned about privacy. The revelations had also forced the technology industry to “up its game” and provide products to meet that demand, he opined.
Tomi Engdahl says:
Naughty NSA was so drunk on data it forgot collection rules
Declassified court docs show systematic breaches over [REDACTED] years
http://www.theregister.co.uk/2014/08/13/nsa_overstepped_fisc_collection_rules/
Declassified documents from America’s Foreign Intelligence Surveillance Court (FISC) shows that even the NSA didn’t know the limits of what it was supposed to collect, and overstepped its authorisations for years.
The documents were released to the Electronic Privacy Information Centre in response to an FOI request, and record FISC judges’ disquiet about the program.
The court says NSA’s overcollection of metadata was “systematic” over a number of years.
“Those conducting oversight at NSA failed to do so effectively”, the documents state.
Tomi Engdahl says:
Edward Snowden is extensively interviewed in Moscow by NSA whistleblower James Bamford
http://www.wired.com/2014/08/edward-snowden/
Tomi Engdahl says:
Meet MonsterMind, the NSA Bot That Could Wage Cyberwar Autonomously
http://www.wired.com/2014/08/nsa-monstermind-cyberwarfare/
Edward Snowden has made us painfully aware of the government’s sweeping surveillance programs over the last year. But a new program, currently being developed at the NSA, suggests that surveillance may fuel the government’s cyber defense capabilities, too.
The NSA whistleblower says the agency is developing a cyber defense system that would instantly and autonomously neutralize foreign cyberattacks against the US, and could be used to launch retaliatory strikes as well. The program, called MonsterMind, raises fresh concerns about privacy and the government’s policies around offensive digital attacks.
Tomi Engdahl says:
By the time he went to work for Booz Allen in the spring of 2013, Snowden was thoroughly disillusioned, yet he had not lost his capacity for shock. One day an intelligence officer told him that TAO—a division of NSA hackers—had attempted in 2012 to remotely install an exploit in one of the core routers at a major Internet service provider in Syria, which was in the midst of a prolonged civil war. This would have given the NSA access to email and other Internet traffic from much of the country. But something went wrong, and the router was bricked instead—rendered totally inoperable. The failure of this router caused Syria to suddenly lose all connection to the Internet—although the public didn’t know that the US government was responsible.
Inside the TAO operations center, the panicked government hackers had what Snowden calls an “oh shit” moment. They raced to remotely repair the router, desperate to cover their tracks and prevent the Syrians from discovering the sophisticated infiltration software used to access the network. But because the router was bricked, they were powerless to fix the problem.
joke that contained more than a little truth: “If we get caught, we can always point the finger at Israel.”
Source: http://www.wired.com/2014/08/edward-snowden/
Tomi Engdahl says:
Snowden on NSA’s MonsterMind TERROR: It may trigger cyberwar
Plus: Syria’s internet going down? That was a US cock-up
http://www.theregister.co.uk/2014/08/13/snowden_warns_the_nsas_monstermind_software_could_trigger_cyberwar/
Rogue NSA sysadmin Edward Snowden says his former employer has developed software that will automatically attack foreign computers deemed to be a threat – without checking in with a human first.
The system, dubbed MonsterMind, is designed to detect strikes against key US servers and block the assaults as quickly as possible. But it is also designed to fire back to take out the perceived attacker without anyone giving it specific authorization.
Snowden, an ex-NSA techie, also spoke of the spying agency’s vast warehouse of documents, phone calls, emails and other highly personal information, all collected from everyone on the planet.
That data is stored in the NSA’s million-square-foot data center in Bluffdale, Utah.
Snowden said it was learning about systems like MonsterMind that helped persuade him that a whistleblower was needed to bring the subject to the American people. But he said the trigger that decided the issue was the Congressional hearings in March last year when the US director of national intelligence James Clapper denied putting US citizens under mass surveillance by “collecting” their online data. That denial has since been challenged.
Tomi Engdahl says:
The NSA’s Patents, in One Searchable Database
http://complex.foreignpolicy.com/posts/2014/07/30/the_nsas_patents_in_one_searchable_database_0
What do a voice identifier, an automated translator, a “tamper-indicating” document tube, and a supersecure manhole cover have in common? They’re all technologies for which the secretive National Security Agency (NSA) has been granted patents by the U.S. government, giving the agency the exclusive rights to its inventions.
The four technologies represent a tiny fraction of the more than 270 sleuthy devices, methods, and designs for which the nation’s biggest intelligence agency has been granted a patent since 1979
The NSA’s cryptologists and computer scientists have been busy over the years inventing
Tomi Engdahl says:
NSA-patents-list
https://docs.google.com/spreadsheets/d/1HHtqLMlgpEYxLrE4gjb8C2JGSK9Q1uzZjqRcNhnL3pk/edit?pli=1#gid=0
Tomi Engdahl says:
How the NSA Almost Killed the Internet
http://www.wired.com/2014/01/how-the-us-almost-killed-the-internet/
Google, Facebook, Microsoft, and the other tech titans have had to fight for their lives against their own government. An exclusive look inside their year from hell—and why the Internet will never be the same.
It wasn’t just revenue at stake. So were the very ideals that had sustained the TECH WORLD since the birth of the INTERNET.
Silicon Valley was reeling, collateral damage in the war on terror. And it was only going to get worse.
The NSA acknowledges that news of its activities has put US technology companies in a bind. But the solutions are elusive, even for a seemingly easy problem like letting companies share more detail about the national security requests they receive. “We have a shared interest in transparency,” says general counsel De, who adds that the NSA is preparing its own report to disclose the total number of requests and user accounts from all companies combined.
“We applaud the use of encryption,” Neuberger says. “We support better security.” But they imply that if the techniques make the NSA’s job more difficult, the agency might miss vital clues.
And the NSA insists that, despite the implications of those Snowden-leaked documents, it does not engage in weakening encryption standards. “The same standards we recommend are the standards we use,” Ledgett says. “We would not use standards we thought were vulnerable. That would be insane.” The officials won’t deny the NSA’s use of software vulnerabilities but portray their general behavior as protective.
NSA employees see themselves as dealing with genuine deadly threats to the nation, and it makes them crazy when people assume that spooks at Fort Meade are intent on stealing their privacy.
“It’s almost delusional,” Ledgett says. “I wish I could get to the high mountaintop to scream, ‘You’re not a target!’”
“I was naive,” says Ray Ozzie, who as the inventor of Lotus Notes was an early industry advocate of strong encryption. “I always felt that the US was a little more pure. Our processes of getting information were upfront. There were requests, and they were narrow. But then came the awakening,” he says. “We’re just like everybody else.”
Tomi Engdahl says:
The Surveillance Engine: How the NSA Built Its Own Secret Google
https://firstlook.org/theintercept/article/2014/08/25/icreach-nsa-cia-secret-google-crisscross-proton/
Tomi Engdahl says:
The executive order that led to mass spying, as told by NSA alumni
Feds call it “twelve triple three”; whistleblowers says it’s the heart of the problem.
http://arstechnica.com/tech-policy/2014/08/a-twisted-history-how-a-reagan-era-executive-order-led-to-mass-spying/
One thing sits at the heart of what many consider a surveillance state within the US today.
The problem does not begin with political systems that discourage transparency or technologies that can intercept everyday communications without notice. Like everything else in Washington, there’s a legal basis for what many believe is extreme government overreach—in this case, it’s Executive Order 12333, issued in 1981.
“12333 is used to target foreigners abroad, and collection happens outside the US,” whistleblower John Tye, a former State Department official, told Ars recently. “My complaint is not that they’re using it to target Americans, my complaint is that the volume of incidental collection on US persons is unconstitutional.”
The document, known in government circles as “twelve triple three,” gives incredible leeway to intelligence agencies sweeping up vast quantities of Americans’ data. That data ranges from e-mail content to Facebook messages, from Skype chats to practically anything that passes over the Internet on an incidental basis. In other words, EO 12333 protects the tangential collection of Americans’ data even when Americans aren’t specifically targeted—otherwise it would be forbidden under the Foreign Intelligence Surveillance Act (FISA) of 1978.
Tomi Engdahl says:
For $3,500, a Spy-Resistant Smartphone
March 18, 2014
Prime ministers, business executives, and ordinary citizens clamor for phones that can’t be snooped on.
http://www.technologyreview.com/news/525556/for-3500-a-spy-resistant-smartphone/
Ever since Edward Snowden came forward with a trove of secret documents about the National Security Agency, business has been booming for Les Goldsmith, CEO of ESD America.
Goldsmith’s company sells a $3,500 “cryptophone” that scrambles calls so they can’t be listened in on. Until recently, the high-priced smartphone was something of a James Bond–style novelty item. But news of extensive U.S. eavesdropping on people including heads of state has sent demand from wary companies and governments soaring. “We’re producing 400 a week and can’t really keep up,” says Goldsmith.
The Las Vegas–based company prepares and packages the device, called the GSMK CryptoPhone, by first wiping the software from an ordinary $350 Samsung Galaxy S3 handset. It then adds a version of Google’s Android operating system, licensed from the German company GSMK, that has been tweaked to add call encryption and fix security flaws.
Sales have tripled since Snowden’s revelations began last June, and close to 100,000 of the handsets are in use worldwide, according to Goldsmith. Secure calls work only between two cryptophones. To set up a secure connection, each handset creates a cryptographic key based on a sample of random background noise. Everything takes place on the handsets, so no unprotected data leaves the device.
Secure phones aren’t new. In the 1970s, the NSA developed a “secure telephone unit”
Handsets can be infected by malware that listens to calls, copies data, or transmits a device’s location. Some spies even employ fake base stations, known as interceptors, that harvest calls and text messages.
That’s reason enough for politicians, dissidents, and top executives to worry.
The CryptoPhone’s $3,500 price tag (which pays for three years of service, not including calling charges) puts the device beyond the reach of most individuals and small businesses. A competing device, the Hoox m2 smartphone that French IT contractor Bull began selling in January, sells for 2,000 euros ($2,740) and is also aimed at corporate users.
For the most part, consumers haven’t joined the security rush. According to Gartner, a firm that tracks technology trends, few have even purchased antivirus software for their phones. Sales of mobile security software are about $1 billion a year, a fraction what’s spent on desktops, even though mobile devices now outnumber PCs.
Yet secure communication products could eventually have mass appeal as consumers tire of being tracked online. Some of the most successful apps of the past year have featured self-destructing messages or anonymous bulletin boards.
Companies on a budget could turn to the $629 Blackphone handset, which launched in February and also offers encrypted calling. The device is the product of a joint venture between Spanish smartphone startup Geeksphone and Silent Circle, a company that markets apps for encrypted calling and e-mail on Apple and Android devices.
Tomi Engdahl says:
Before Snowden, There Was Huawei
March 18, 2014
The travails of a Chinese telecom company show how spying charges could hurt U.S. firms.
http://www.technologyreview.com/news/525596/before-snowden-there-was-huawei/
How’s this for a tough sales job? The American sales reps of Huawei offer top-notch telecom gear at a 35 percent discount. But anytime they get near to closing a sale, their customers get a visit from the FBI or the U.S. Department of Commerce.
The message from the feds isn’t subtle: buy something else.
Huawei, based in Shenzhen, China, is the world’s largest seller of telecom equipment, commanding 20 percent of the market. Yet it is barely a factor in North America. Here its market share in optical equipment is just 1.4 percent, and in switches and routers it’s just 0.1 percent.
Just as Huawei has been shut out of the American market, leaks about the pervasiveness of spying by the NSA and other U.S. intelligence agencies might now hurt American companies abroad. Businesses are starting to talk of a “Snowden effect” of lost sales, dimmed prospects, and growing uncertainty, as they too come under a cloud of mistrust
In 2012, partly at the Chinese company’s request, the U.S. House Intelligence Committee investigated and released a report. It offered no real proof of spying, yet it still concluded that the United States must “view with suspicion” progress by Chinese companies in the North America telecommunications market.
The irony now is that leaked National Security Agency documents suggest the U.S. was doing everything it suspected China of. The documents indicate that the U.S. may have compromised routers from Cisco, Juniper, and Huawei. It’s also believed to have weakened encryption products so the ciphers used by commercial software could be broken.
But the bigger fallout may be a rise in protectionism.
“It’s been mostly open competition since the beginning of the Internet, and the companies that did well are the ones that won the competitions,” says Lewis. Now, with escalating security worries, countries may take the chance to stack the deck against foreign competitors or build up their own industries.
“The overall effect will be bad for the whole global economy,” says Lewis.
Tomi Engdahl says:
Snowden shouldn’t be extradited to US if he testifies about NSA spying, says Swiss gov
Extradition could be off the cards, says attorney general
http://www.theregister.co.uk/2014/09/08/edward_snowden_should_not_be_extradited_to_us_he_testfies_about_surveillance_in_switzerland_says_attorney_general/
Master spook blabbermouth Edward Snowden should be granted safe passage to and from Switzerland if he testifies about surveillance, the country’s attorney general has reportedly said.
Last year, the one-time NSA sysadmin leaked files revealing some of the secret spying tactics of UK and US spooks.
Snowden currently has temporary residency in Russia, where he has been living for more than a year now.
The top Swiss lawyer added that any US efforts to extradite Snowden if he were to testify in Switzerland would be considered “political” and thereby rejected by authorities in the country.
Tomi Engdahl says:
Show us your Five-Eyes SECRETS says Privacy International
Refusal to disclose GCHQ canteen menus and prices triggers Euro Human Rights Court action
http://www.theregister.co.uk/2014/09/10/show_us_your_fiveeyes_secrets_says_privacy_international/
Privacy International has taken the “Five-Eyes” spying issue to court, filing a demand that the agreements between participant countries – the US, the (currently) UK, Canada, Australia and New Zealand – be made public.
As the group explains, “Privacy International has asked the European Court of Human Rights to rule that intelligence agencies should not be entitled to keep the details of such arrangements hidden from the public.”
Tomi Engdahl says:
U.S. threatened massive fine to force Yahoo to release data
http://www.washingtonpost.com/business/technology/us-threatened-massive-fine-to-force-yahoo-to-release-data/2014/09/11/38a7f69e-39e8-11e4-9c9f-ebb47272e40e_story.html
The U.S. government threatened to fine Yahoo $250,000 a day in 2008 if it failed to comply with a broad demand to hand over user communications — a request the company believed was unconstitutional — according to court documents unsealed Thursday that illuminate how federal officials forced American tech companies to participate in the National Security Agency’s controversial PRISM program.
The ruling by the Foreign Intelligence Surveillance Court of Review became a key moment in the development of PRISM, helping government officials to convince other Silicon Valley companies that unprecedented data demands had been tested in the courts and found constitutionally sound. Eventually, most major U.S. tech companies, including Google, Facebook, Apple and AOL, complied. Microsoft had joined earlier, before the ruling, NSA documents have shown.
Tomi Engdahl says:
New Details About NSA’s Exhaustive Search of Edward Snowden’s Emails
http://yro.slashdot.org/story/14/09/15/0059206/new-details-about-nsas-exhaustive-search-of-edward-snowdens-emails
Last year, the National Security Agency (NSA) reviewed all of Edward Snowden’s available emails in addition to interviewing NSA employees and contractors in order to determine if he had ever raised concerns internally about the agency’s vast surveillance programs. According to court documents the government filed in federal court September 12, NSA officials were unable to find any evidence Snowden ever had.
Tomi Engdahl says:
Snowden’s Leaks Didn’t Help Terrorists
http://politics.slashdot.org/story/14/09/18/1454224/snowdens-leaks-didnt-help-terrorists
The Interecept reports that contrary to lurid claims made by U.S. officials, a new independent analysis of Edward Snowden’s revelations on NSA surveillance that examined the frequency of releases and updates of encryption software by jihadi groups has found no correlation in either measure to Snowden’s leaks about the NSA’s surveillance techniques. According to the report “well prior to Edward Snowden, online jihadists were already aware that law enforcement and intelligence agencies were attempting to monitor them.” In fact, concerns about terrorists’ use of sophisticated encryption technology predates even 9/11.