Panopticon of global surveillance

[Peter Lemkin]

Apple Says It Has Never Worked With NSA To Create iPhone Backdoors, Is Unaware Of Alleged DROPOUTJEEP Snooping Program

Posted 15 hours ago by Matthew Panzarino (@panzer)

[URL="http://techcrunch.com/2013/12/31/bittorrent-act-of-killing/"]


[/URL]Apple has contacted TechCrunch with a statement about the DROPOUTJEEP NSA program that detailed a system by which the organization claimed it could snoop on iPhone users.
Apple says that it has never worked with the NSA to create any backdoors' that would allow that kind of monitoring, and that it was unaware of any programs to do so.
Here is the full statement from Apple:

Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone. Additionally, we have been unaware of this alleged NSA program targeting our products. We care deeply about our customers' privacy and security. Our team is continuously working to make our products even more secure, and we make it easy for customers to keep their software up to date with the latest advancements. Whenever we hear about attempts to undermine Apple's industry-leading security, we thoroughly investigate and take appropriate steps to protect our customers. We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who's behind them.

The statement is a response to a report in Der Spiegel Sunday that detailed a Tailored Access Operations (TAO) unit within the NSA that is tasked with gaining access to foreign computer systems in order to retrieve data to protect national security. The report also pointed out a division called ANT that was set up to compile information about hacking consumer electronics, networking systems and more.
The story detailed dozens of devices and methods, including prices for deployment, in a catalogue that could be used by the NSA to pick and choose the tools it needed for snooping. The 50-page catalog included a variety of hacking tools that targeted laptops and mobile phones and other consumer devices. Der Spiegel said that these programs were evidence that the NSA had backdoors' into computing devices that many consumers use.
Among these options was a program called DROPOUTJEEP a program by which the NSA could theoretically snoop on any' Apple iPhone with '100% success'. The documents were dated 2008, implying that these methods were for older devices. Still, the program's detailed capabilities are worrisome.
Researcher and hacker Jacob Applebaum the co-author of the articles, coinciding with a speech he gave at a conference about the programs pointed out that the '100% success rate' claimed by the NSA was worrisome as it implied cooperation by Apple. The statement from the company appears to preclude that cooperation.

The program detail indicated that the NSA needed physical access to the devices at the time that the documents were published. It does note that they were working on remote installation capability' but there's no indication whether that was actually successful. The program's other options included physical interdiction of devices like laptops to install snooping devices but there have been security advances like hardware encryption in recent iPhone models that would make modification of devices much more difficult.
Early reports of the DROPOUTJEEP program made it appear as if every iPhone user was vulnerable to this which simply can't be the case. Physical access to a device was required which would preclude the NSA from simply flipping a switch' to snoop on any user. And Apple patches security holes with every version of iOS. The high adoption rate of new versions of iOS also means that those patches are delivered to users very quickly and on a large scale.
The jailbreak community, for instance, knows that once a vulnerability has been used to open up the iPhone's file system for modification, it's been burned' and will likely be patched by Apple quickly. And the process of jailbreaking fits the profile of the capabilities the NSA was detailing in its slide.
Applebaum's talk at the 30th Chaos Communication Congress walked listeners through a variety of the programs including DROPOUTJEEP. He noted that the claims detailed in the slide indicated that either Apple was working with the NSA to give them a backdoor, or the NSA was just leveraging software vulnerabilities to create its own access. The Apple statement appears to clear that up pointing to vulnerabilities in older versions of iOS that have likely since been corrected.
I do also find it interesting that Apple's statement uses extremely strong wording in response to the NSA program. "We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks," the statement reads, "regardless of who's behind them."
Lumping the program in with malicious hackers' certainly makes a clear point. This year has been an eventful one for NSA spying program revelations. Apple joined a host of large companies that denied that they had been willing participants in the PRISM data collection system but later revelations of the MUSCULAR program indicated that the NSA could get its hands on data by monitoring internal company server communications anyway. This spurred targets like Google and Yahoo to implement internal encryption.
Last month, Apple released its first ever report on government information requests, detailing the number of times domestic and foreign governments had asked it for user information. At the time, it also filed a suit with the U.S. Government to allow it to be more transparent about the number and frequency of those requests. It also began employing a warrant canary' to warn users of future compliance with Patriot Act information requests.
Most recently, Apple joined AOL, Yahoo, Twitter, Microsoft, LinkedIn, Google and Facebook inrequesting global government surveillance reform with an open letter. Though the NSA is located in the United States and these programs were largely designed to target foreign threats', these companies have a global customer base making protecting user privacy abroad as well as at home just as important.

[Magda Hassan]

Apple Says It Has Never Worked With NSA To Create iPhone Backdoors, Is Unaware Of Alleged DROPOUTJEEP Snooping Program

But they would say that wouldn't they?

[David Guyatt]

Reading Apple's statement left me with the sense that it was very light on outrage or shock, but heavy on company PR speak and twaddle.

Basically, I find them disbelieve-able.

[Peter Lemkin]

Apple Says It Has Never Worked With NSA To Create iPhone Backdoors, Is Unaware Of Alleged DROPOUTJEEP Snooping Program

But they would say that wouldn't they?

To say otherwise would guarantee a court battle royale [Imagine the monetary damages of a class-action lawsuit involving every iPhone user!] - I still think they'll get one...but they are manning the barricades now. Stonewalling. Many a once mighty intel company and/or manufacturer might soon fall due to Snowden, Appelbaum et al.::beammeup:: The bigger they are, the harder they fall!

[Magda Hassan]

To say otherwise would guarantee a court battle royale [Imagine the monetary damages of a class-action lawsuit involving every iPhone user!] - I still think they'll get one...but they are manning the barricades now. Stonewalling. ::beammeup::

They'll both happily cover for each other like criminals giving each other alibis. Neither one of them want their respective grand scams blown to smithereens. The show must go on.

[Peter Lemkin]

2013 in Review: The Year the NSA Finally Admitted Its "Collect It All" Strategy

As the year draws to a close, EFF is looking back at the major trends influencing digital rights in 2013 and discussing where we are in the fight for free expression, innovation, fair use, and privacy. Click here to read other blog posts in this series.
There is probably no bigger story in 2013 than that the American people having learned about the secret mass spying programs of the National Security Agency (NSA).
While prior to 2013 the NSA's public line was that it was forbidden from spying on Americans in America, but with the Snowden revelations (and help from a wide range of journalists and technologists that helped explain them) the NSA was forced to admit that it secretly expanded its mandate from limited surveillance of specific foreign intelligence targets to a massive "collect it all" strategy where its goal is to ensure that no communication in the world is ever truly private or secure.
With this, EFF's long running lawsuit against key parts of NSA spying came to life, we launchedanother, and both the U.S. and the entire world finally began discussing whether we want to live in a world of general warrants and always-on surveillance or whether we want to regain our basic privacy, rule of law, and freedom of association.
Here's just some of what we've learned, or had confirmed, in 2013:

• The NSA collects virtually every phone call record in the United Statesthat's who you call, who calls you, when, for how long, and sometimes where. (Guardian)
  

• The NSA "is harvesting hundreds of millions of contact lists from personal e-mail and instant messaging accounts around the world, many of them belonging to Americans." (Washington Post)
  

• The NSA is collecting "communications on fiber cables and infrastructure as data flows past," as part of what it calls "upstream" collection, including content and metadata of emails, web activity, chats, social networks, and everything else. (Washington Post)
  

• The NSA "is searching the contents of vast amounts of Americans' e-mail and text communications into and out of the country." (New York Times)
  

• The NSA "is gathering nearly 5 billion records a day on the whereabouts of cellphones around the world." (Washington Post)
  

• NSA "is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age." (New York Times and Pro Publica)
  
• NS "has secretly broken into the main communications links that connect Yahoo and Google data centers around the world" and has "positioned itself to collect at will from hundreds of millions of user accounts, many of them belonging to Americans." (Washington Post)
  
• NSA has "has been gathering records of online sexual activity and evidence of visits to pornographic websites as part of a proposed plan to harm the reputations of those whom the agency believes are radicalizing others through incendiary speeches." ([URL="http://www.huffingtonpost.com/2013/11/26/nsa-porn-muslims_n_4346128.html"]Washington Post)
  [/URL]
  
• NSA "is secretly piggybacking on the tools that enable Internet advertisers to track consumers, using "cookies" and location data to pinpoint targets for government hacking and to bolster surveillance." (Washington Post)
  
• NSA "officers on several occasions have channeled their agency's enormous eavesdropping power to spy on love interests." (Wall Street Journal)
  
• NSA and GHCQ spied on online games, including World or Warcraft and Second Life. (ProPublica)
  

https://www.eff.org/deeplinks/2013/12/20...s-revealed

[Magda Hassan]

Dogbert's Blog

Saturday, May 2, 2009

BIOS Password Backdoors in Laptops

Synopsis: The mechanics of BIOS password locks present in current generation laptops are briefly outlined. Trivial mechanisms have been put in place by most vendors to bypass such passwords, rendering the protection void. A set of master password generators and hands-on instructions are given to disable BIOS passwords.

When a laptop is locked with password, a checksum of that password is stored to a so-called FlashROM - this is a chip on the mainboard of the device which also contains the BIOS code and other settings, e.g. memory timings.

For most brands, this checksum is displayed after entering an invalid password for the third time:

The dramatic 'System Disabled' message is just scare tactics: when you remove all power from the laptop and reboot it, it will work just as before. From such a checksum (also called "hash"), valid passwords can be found by means of brute-forcing.

The bypass mechanisms of other vendors work by showing a number to the user from which a master password can be derived. This password is usually a sequence of numbers generated randomly.

Some vendors resort to storing the password in plain text onto the FlashROM, and instead of printing out just a checksum, an encrypted version of the password is shown.

Other vendors just derive the master password from the serial number. Either way, my scripts can be used to get valid passwords.

A few vendors have implemented obfuscation measures to hide the hash from the end user - for instance, some FSI laptops require you to enter three special passwords for the hash to show up (e.g. "3hqgo3 jqw534 0qww294e", "enable master password" shifted one up/left on the keyboard). Some HP/Compaq laptops only show the hash if the F2 or F12 key has been pressed prior to entering an invalid password for the last time.

Depending on the "format" of the number code/hash (e.g. whether only numbers or both numbers and letters are used, whether it contains dashes, etc.), you need to choose the right script - it is mostly just a matter of trying all of them and finding the one that fits your laptop. It does not matter on what machine the script are executed, i.e. there is no reason to run them on the locked laptop.
This is an overview of the algorithms that I looked at so far:

[TABLE="class: sample"]
[TR]
[TH]Vendor[/TH]
[TH]Hash Encoding[/TH]
[TH]Example of Hash Code/Serial[/TH]
[TH]Scripts[/TH]
[/TR]
[TR]
[TD="class: s3"]Compaq[/TD]
[TD="class: s4"]5 decimal digits[/TD]
[TD="class: s5"]12345[/TD]
[TD="class: s4, align: center"]pwgen-5dec.py
Windows binary[/TD]
[/TR]
[TR]
[TD="class: s3"]Dell[/TD]
[TD="class: s4"]serial number[/TD]
[TD="class: s5"]1234567-595B
1234567-D35B
1234567-2A7B[/TD]
[TD="class: s4, align: center"]
Windows binary&source[/TD]
[/TR]
[TR]
[TD="class: s7"]Fujitsu-Siemens[/TD]
[TD="class: s8"]5 decimal digits[/TD]
[TD="class: s9"]12345[/TD]
[TD="align: center"]pwgen-5dec.py
Windows binary[/TD]
[/TR]
[TR]
[TD="class: s7"]Fujitsu-Siemens[/TD]
[TD="class: s8"]8 hexadecimal digits[/TD]
[TD="class: s9"]DEADBEEF[/TD]
[TD="class: s8, align: center"]pwgen-fsi-hex.py
Windows binary[/TD]
[/TR]
[TR]
[TD="class: s7"]Fujitsu-Siemens[/TD]
[TD="class: s8"]5x4 hexadecimal digits[/TD]
[TD="class: s9"]AAAA-BBBB-CCCC-DEAD-BEEF[/TD]
[TD="class: s8, align: center"]pwgen-fsi-hex.py[URL="http://sites.google.com/site/dogber1/blag/pwgen-fsi-hex.zip"]
[/URL]Windows binary[/TD]
[/TR]
[TR]
[TD="class: s7"]Fujitsu-Siemens[/TD]
[TD="class: s8"]5x4 decimal digits[/TD]
[TD="class: s9"]1234-4321-1234-4321-1234[/TD]
[TD="class: s8, align: center"]pwgen-fsi-5x4dec.py
Windows binary[/TD]
[/TR]
[TR]
[TD="class: s7"]Hewlett-Packard[/TD]
[TD="class: s8"]5 decimal digits[/TD]
[TD="class: s9"]12345[/TD]
[TD="class: s8, align: center"]pwgen-5dec.py
Windows binary[/TD]
[/TR]
[TR]
[TD="class: s7"]Hewlett-Packard/Compaq Netbooks[/TD]
[TD="class: s8"]10 characters[/TD]
[TD="class: s9"]CNU1234ABC[/TD]
[TD="class: s8, align: center"]pwgen-hpmini.py
Windows binary[/TD]
[/TR]
[TR]
[TD="class: s11"]Insyde H20 (generic)[/TD]
[TD="class: s8"]8 decimal digits[/TD]
[TD="class: s9"]03133610[/TD]
[TD="class: s8, align: center"]pwgen-insyde.py
Windows binary[/TD]
[/TR]
[TR]
[TD="class: s11"]Phoenix (generic)[/TD]
[TD="class: s8"]5 decimal digits[/TD]
[TD="class: s9"]12345[/TD]
[TD="class: s8, align: center"]pwgen-5dec.py
Windows binary[/TD]
[/TR]
[TR]
[TD="class: s7"]Sony[/TD]
[TD="class: s8"]7 digit serial number[/TD]
[TD="class: s9"]1234567[/TD]
[TD="class: s8, align: center"]pwgen-sony-serial.py
Windows binary[/TD]
[/TR]
[TR]
[TD="class: s7"]Samsung[/TD]
[TD="class: s8"]12 hexadecimal digits[/TD]
[TD="class: s9"]07088120410C0000[/TD]
[TD="class: s8, align: center"]pwgen-samsung.py
Windows binary[/TD]
[/TR]
[/TABLE]


The .NET runtime libraries are required for running the Windows binary files (extension .exe). If the binary files (.exe) don't work out for you, install Python 2.6 (not 3.x) and run the .py script directly by double-clicking them. Make sure that you correctly read each letter (e.g. number '1' vs letter 'l').

Вячеслав Бачериков has also converted my scripts to javascript so you can calculate the passwords with your browser: http://bios-pw.org/ (sources).

Please leave a comment below on what make/model the scripts work. Also, be aware that some vendors use different schemes for master passwords that require hardware to be reset - among them are e.g. IBM/Lenovo. If you find that your laptop does not display a hash or the scripts do not work for you for whatever reason, try to:

• use a USB keyboard for entering the password for avoiding potential defects of the built-in keyboard,
  
• run CmosPwd to remove the password if you can still boot the machine,
  
• overwrite the BIOS using the emergency recovery procedures. Usually, the emergency flash code is activated by pressing a certain key combination while powering on the machine. You also need a specially prepared USB memory stick containing the BIOS binary. The details are very much dependent on your particular model. Also, be aware that this can potentially brick your device and should only be done as a last measure.
  
• Some dell service tags are missing the suffix - just try the passwords for all suffices by adding -595B, -2A7B and -D35B to your service tags.
  
• The passwords for some HP laptops are breakable with this script.
  
• Unlocking methods for some Toshiba laptops are described here.
  
• Some older laptop models have service manuals that specify a location of a jumper / solder bridge that can be set for removing the password.
  

If none of the above methods work, please use the vendor support. Please understand that my motivation for reverse-engineering comes from a personal interest - I will not accept offers to look at the specifics of certain models.

http://dogber1.blogspot.com.au/2009/05/t...-bios.html

[Peter Lemkin]

[TABLE="width: 100%"]
[TR]
[TD="width: 84%"]

A History of 'Fear'

By Joe Lauria [TABLE="width: 100%"]
[TR]
[TD="width: 60%"][/TD]
[TD="width: 40%"] 1/1/14[/TD]
[/TR]
[/TABLE]
[/TD]
[TD="width: 16%"]

[URL="http://www.opednews.com/author/author16373.html"]
[/URL]

[/TD]
[/TR]
[/TABLE]

NSA Headquarters, Fort Meade, Maryland

By Joe Lauria



Despite the deep embarrassment and outrage caused by continuing revelations of the National Security Agency's abuse of power, meaningful reform is unlikely because at heart the Edward Snowden story is about money - and political power. And Snowden has threatened both.


President Obama is considering adopting some NSA reforms recommended by a White House panel. But don't bet on him going too far.


Federal District Court Judge Richard Leon's ruling that the controversial NSA programs are "almost Orwellian" and may be unconstitutional was as encouraging as the judge in the ACLU case was discouraging. Most telling in Leon's judgement was his statement that the abusive NSA practices have not stopped one terrorist attack. But don't count on the government to suddenly start telling the truth about the real level of the terrorist threat.


False fear is what their operation is built on. If the disturbing NSA programs are ultimately judged unjustified and unconstitutional and have to be shut down or curtailed, billions of dollars in contracts and careers would be at stake. And that's why the government will continue to exaggerate the terrorism threat while pursuing Snowden.


It is the government's last line of defense: that the NSA must do these things to protect the American people from what is really a minimal threat. "National security" is the justification to collect every American's phone records, emails and Internet traffic and millions of other people's around the globe.


But is it the nation's security Snowden has risked, or the interests of a relatively few wealthy and powerful contractors and government officials? Terrorism exists. But are false fears of a rare attack whipped up to link those powerful interests with the entire population's to win their support for programs that protect wealth and power from the American public and the elites of other nations?


First there was the color-coded terror alerts. Obama did away with that. But we still take our shoes off at the airport and get x-rayed. Tom Ridge, the first Homeland Security chief, said he was pressured to raise the terrorism alert for political reasons. He ran an entirely new $40 billion-a-year department, with its own security force and private contracts, created because of a single major attack.


When Boston was hit - only the second significant attack in decades - paramilitary police terrorized the whole city, marching innocent people out of their homes at gunpoint. Many of what the government trumpets as disrupted plots over the past few years have been actually engineered by FBI informants, stoking more unnecessary fear. And politicians, law enforcement and the media constantly chatter about terrorism, as if the next attack could happen any minute.


A device goes off every day in Iraq, Pakistan and Syria. Britain endured an IRA bombing campaign. But there's nothing like that in the U.S. In fact you are nine times more likely to choke to death, eight times more likely to be killed by a cop, 1,048 times more likely to die in a car crash and 87 times more likely to drown than die in a terrorist attack.


Put another way, your risk of dying from a fireworks accident is 1 in 652,046. The risk from dying from terrorism is 14 times smaller. The State Department says only 17 Americans were killed by terrorists in 2011, and that includes in Iraq and Afghanistan.


A History of Hype


Hyping fear that results in profit and political power unfortunately has a long history in the United States. Mass hysteria against imagined threats for the gain of a few is ingrained in American culture.


Playwright Arthur Miller criticized the anti-communist hype of McCarthyism in The Crucible, showing that orchestrated fear about phantom threats in order to benefit a select group of people reaches back to America's Puritan past.


To get the people behind a war that was of no concern to them but instead to a powerful and wealthy few, President Woodrow Wilson created the Creel Committee. It was a propaganda ministry that became the precursor of modern public relations. It whipped up American fear and hatred of Germans and anyone who opposed the war.


Wilson's repressive 1918 Seditions Act then made it a crime to use "disloyal, profane, scurrilous, or abusive language" about the government, the flag or armed services during World War I.


As Brigadier General Smedley Butler said about the First World War: "Beautiful ideals were painted for our boys who were sent out to die. This was the 'war to end wars.' This was the 'war to make the world safe for democracy.' No one told them that dollars and cents were the real reasons. No one mentioned to them, as they marched away, that their going and their dying would mean huge war profits." About American motives for entering the war, Butler said:


"The normal profits of a business concern in the United States are six, eight, ten, and sometimes twelve per cent. But wartime profits -- ah! that is another matter -- twenty, sixty, one hundred three hundred, and even eighteen hundred percent -- the sky is the limit. All the traffic will bear. Uncle Sam has the money. Let's get it. Of course, it isn't put that crudely in wartime. It is dressed into speeches about patriotism, love of country, and 'we must all put our shoulder to the wheel,' but the profits jump and leap and skyrocket -- and are safely pocketed."


Butler said the du Pont's average 1910-1914 profit of $6 million a year soared to $58 million a year from 1914 to 1918. "Take one of our little steel companies that so patriotically shunted aside the making of rails and girders and bridges to manufacture war materials," he wrote of Bethlehem Steel, whose average annual profits soared from $6 million to $49 million. Profits soared for a host of other industries, feasting on the taxpayers.


After the Second World War, careers were built on the same kind of hysteria about communism that we are now seeing about terrorism. The Soviet Union was devastated by the war. Yet U.S. administrations inflated Moscow's military capabilities to get more military spending from Congress. That enriched a military industry that had pulled the U.S. out of the Depression.


Once the war was over the economy tanked again and there was widespread fear of a new Depression. Overblowing the Soviet threat saved the aircraft industry and military spending jumpstarted the post-war economy.


To build up this new, lucrative national security state, Truman instituted the first peacetime draft and transformed the Executive Branch, giving it much more power than the Constitution intended. In July 1947, Truman changed the country probably for good by signing the National Security Act. It set up the Defense Department, the National Security Council and the CIA. In 1952 he wrote a classified letter establishing the NSA.


A phony "missile gap," with the Soviets, bogus claims to Congress admitted by Gen. Lucius Clay that Moscow was planning war, and McCarthy's communist witch hunt were among the tactics used. They cemented the surveillance state at home and Cold War abroad, both yielding power for politicians and profits for military contractors.


With the end of the Cold War, the exaggerated terrorist threat became a convenient replacement for the Soviet Union. False fears of Saddam Hussein's links to the 9/11 attack whipped up support for the illegal 2003 invasion of Iraq, which also did not threaten the U.S., creating a boondoggle for a plethora of new military contractors.


We saw hysterical attacks on French culture -- including pouring wine down sewers - hyped by the news media because France opposed the war.


Tragedy and Shame of Our Time


James Bamford, the country's most experienced writer on the National Security Agency, points out that when you drive down the Baltimore-Washington Parkway past Fort Meade, behind the trees on your right is the vast campus of the NSA. But across the street on your left are the offices of the handful of private-sector contractors that have a made a bundle off the so-called War on Terror.


An estimated 80 percent of the NSA's approximate $10 billion annual budget goes to these contractors. Personnel changes hands too. James Clapper, the current director of national intelligence, was an executive at Snowden's former employer, Booz Allen Hamilton. Mike McConnell left Booz Allen to be the first DNI and then returned to it after he left government. Ex-CIA director James Woolsey works at the firm. The company is owned by the Carlyle Group, one of the biggest military contractors. Their incomes depend on the programs Snowden is exposing.


It is no surprise then, that Woolsey was quoted as saying: "I think giving him amnesty is idiotic. He should be prosecuted for treason. If convicted by a jury of his peers, he should be hanged by the neck until he is dead."


That stretch of the Parkway and a collection of military contractors near the Pentagon in northern Virginia form the nexus of the military- industrial cooperation fueled by exaggerated fear that President Dwight Eisenhower warned could threaten American democracy.


Less well known is President Truman's astounding admission. The man who was as responsible as anyone for hyping the Cold War wrote after reflecting on his life:


"The demagogues, crackpots and professional patriots had a field day pumping fear into the American people. ... Many good people actually believed that we were in imminent danger of being taken over by the Communists and that our government in Washington was Communist riddled. So widespread was this campaign that it seemed no one would be safe from attack. This was the tragedy and shame of our time."


The Soviet Union at least had a massive standing army and a nuclear arsenal. It fought proxy wars with the U.S., mostly in Africa and Asia. Terrorists do not have such capabilities.


Yet the government and established media (there are media careers at stake too, evidenced by the attacks on Glenn Greenwald) hammer into us that terrorists pose an existential threat to the United States and that unconstitutional surveillance and perpetual war are therefore justified.


The rare public figure will admit the hype. Zbigniew Brzezinski, President Jimmy Carter's national security adviser, testified to Congress in 2007 that it was a "simplistic and demagogic narrative" to compare the threat of Islamist terrorism to either Nazism or Stalinism. "Most Muslims are not embracing Islamic fundamentalism;" he said, "al Qaeda is an isolated fundamentalist Islamist aberration."


A more realistic danger than terrorism to Americans is other Americans with guns. There are nearly 3,000 deaths by gunfire every month in the United States. That is one 9/11 every 30 days. Yet terrorism is hyped and gun violence is explained away.


That's because of money too. As the bodies from Columbine, Aurora and Newtown pile up, the gun manufacturer's lobby, the National Rifle Association, plays down the role of guns because it is bad for business.


Orchestrated 'Plots'


NSA director General Keith Alexander says the reason there are so few terrorists attacks is due to the very NSA programs Snowden has exposed. He testified before Judge Leon's ruling that at least 50 terrorist plots have been disrupted since 9/11 because of NSA surveillance. Alexander gave details only about a handful. What isn't known is how many of these plots were actually FBI sting operations, initiated and carried out by the feds using informants.


As Federal Judge Colleen McMahon said about one of these stings: "The essence of what occurred here is that a government, understandably zealous to protect its citizens from terrorism, came upon a man [the supposed terrorism ringleader] both bigoted and suggestible, one who was incapable of committing an act of terrorism on his own. ...


"It [the F.B.I.] created acts of terrorism out of his fantasies of bravado and bigotry, and then made those fantasies come true. ... The government did not have to infiltrate and foil some nefarious plot - there was no nefarious plot to foil."


Having covered Susan Rice when she was U.S. ambassador at the U.N. since 2009, I asked her through her spokesman the following question as she prepared to leave to become National Security Advisor last summer:


"A country like Pakistan suffers a terrorist attack nearly every day but terrorism inside the U.S. has fortunately been very rare before and after 9/11. Do you believe the U.S. exaggerates the threat of terrorism, which has justified controversial NSA programs, and if so, in your new job will you work for a more realistic assessment of the terrorism threat?"


It is not surprising she wouldn't answer. It is hard to know how many of the elite who benefit financially and politically from the surveillance state and perpetual war believe the terrorism hype themselves.


But one thing is certain. They have to keep the fear going and get Snowden to make an example of him and stop future leaks. Their careers may depend on it.

[Peter Lemkin]

[TABLE="width: 100%"]
[TR]
[TD="width: 84%"]

Bernie Sanders Asks: "Is the NSA Spying on Congress?"

By Bernie Sanders [/TD]
[TD="width: 16%"][/TD]
[/TR]
[/TABLE]
U.S. Sen. Bernie Sanders (I-Vt.) today asked the National Security Agency director whether the agency has monitored the phone calls, emails and Internet traffic of members of Congress and other elected officials.
"Has the NSA spied, or is the NSA currently spying, on members of Congress or other American elected officials?" Sanders asked in a letter to Gen. Keith Alexander, the NSA director. " "Spying' would include gathering metadata on calls made from official or personal phones, content from websites visited or emails sent, or collecting any other data from a third party not made available to the general public in the regular course of business?"

Sanders said he was "deeply concerned" by revelations that American intelligence agencies harvested records of phone calls, emails and web activity by millions of innocent Americans without any reason to even suspect involvement in illegal activities. He also cited reports that the United States eavesdropped on the leaders of Germany, Mexico, Brazil and other allies.
Sanders emphasized that the United States "must be vigilant and aggressive in protecting the American people from the very real danger of terrorist attacks," but he cited U.S. District Court Judge Richard Leon's recent ruling that indiscriminate dragnets by the NSA were probably unconstitutional and "almost Orwellian."
Sanders has introduced legislation to put strict limits on sweeping powers used by the National Security Agency and Federal Bureau of Investigation to secretly track telephone calls by millions of innocent Americans who are not suspected of any wrongdoing.
The measure would put limits on records that may be searched. Authorities would be required to establish a reasonable suspicion, based on specific information, in order to secure court approval to monitor business records related to a specific terrorism suspect. Sanders' bill also would put an end to open-ended court orders that have resulted in wholesale data mining by the NSA and FBI. Instead, the government would be required to provide reasonable suspicion to justify searches for each record or document that it wants to examine.

[Peter Lemkin]

[TABLE="width: 100%"]
[TR]
[TD="width: 84%"]

New Decision Shows How Businesses Can Challenge Warrantless Records Collection, Even if You Can't

By Electronic Frontier Foundation [/TD]
[TD="width: 16%"][/TD]
[/TR]
[/TABLE]

BY HANNI FAKHOURY

We're the NSA
(image by KAZVorpal)

Much of the debate over modern surveillance--including the NSA mass spying controversy--has centered around whether people can reasonably expect that records about their telephone and Internet activity can remain private when those records belong to someone else: the service providers. Courts have disagreed on whether the 1979 Supreme Court case Smith v. Maryland, which ruled people have no expectation of privacy in the phone numbers they dial, should be extended to cover newer, more invasive forms of technology. But a decision released on December 24th by the Ninth Circuit Court of Appeals looks at the issue from the point of view of businesses, providing a glimpse into how service providers and technology companies could challenge the government's unconstitutional surveillance.
In Patel v. City of Los Angeles, the Ninth Circuit found a city ordinance that required hotels and motels to turn over guest records without any judicial process violated the Fourth Amendment. The ordinance mandated hotels and motels keep a record for 90 days containing things like a guest's name and address, the make, model and license plate number of the guest's car, and the room number assigned and rate charged. The ordinance allowed police to inspect guest records without a search warrant or the hotel's consent at any time. The city believed that collecting the records would deter drug dealing and prostitution, as people would be less inclined to rent a room if police could get access to guest information at any time. Failure to turn the records over was a misdemeanor crime.
The court found that the hotels and motels had an expectation of privacy in their business records, even if those records didn't contain anything of great personal value to the hotel. This was true even if the users themselves didn't have an expectation of privacy in the records. Because the ordinance didn't have a mechanism to allow the hotels and motels to obtain judicial review of whether the demand was reasonable before applying criminal penalties for non-compliance, the Ninth Circuit ruled the ordinance violated the Fourth Amendment. This procedural requirement--obtaining judicial review--is important, so that companies aren't at the mercy of the "unbridled discretion" of officers in the field, who would be free to arbitrarily choose when, whom, and how frequently to inspect a particular business.
This decision provides ammunition for companies to challenge receipt of other forms of surveillance requests, including National Security Letters which are issued without any oversight or judicial review and require the recipient to remain silent about the fact it even received a request.
More broadly, Patel shows yet again that the Fourth Amendment doesn't die once you turn information over to a business. If courts are going to reject user challenges to government demands for their data, then it's up to the companies to step up to safeguard not only the data entrusted to them by their users, but the data that presumably belong to the companies themselves. As major tech companies have called for NSA reform and have taken steps to implement technological protections to safeguard their users' data, this decision shows that they can also make legal challenges in court. While Yahoo! unsuccessfully challenged an order requiring it turn over data to the NSA under the PRISM program, the phone companies themselves have made no legal challenges to the NSA's bulk collection of phone records, which at least one judge has found to be unconstitutional. This must change so that the public can take advantage of the conveniences of new technologies without having to sacrifice privacy.






Related Cases


Jewel v. NSA
First Unitarian Church of Los Angeles v. NSA


Reprinted from eff.org/deeplinks