Panopticon of global surveillance

[Magda Hassan]

Obama's War on Whistleblowers

The president has been accused of allowing the Stuxnet leaks to help in the election, but his overarching policy has been extraordinarily tough on whistleblowing.

By Peter Van Buren
| Tue Jun. 12, 2012 1:30 PM PDT


President Barack Obama and Vice President Joe Biden meet with senior military leadership in the Cabinet Room of the White House. The White House/Flickr
This story first appeared on the TomDispatch website.
White is black and down is up. Leaks that favor the president are shoveled out regardless of national security, while national security is twisted to pummel leaks that do not favor him. Watching their boss, bureaucrats act on their own, freelancing the punishment of whistleblowers, knowing their retaliatory actions will be condoned. The United States rains Hellfire missiles down on its enemies, with the president alone sitting in judgment of who will live and who will die by his hand.
The issue of whether the White House leaked information to support the president's reelection while crushing whistleblower leaks it disfavors shouldn't be seen as just another O'Reilly v. Maddow sporting event. What lies at the nexus of Obama's targeted drone killings, his self-serving leaks, and his aggressive prosecution of whistleblowers is a president who believes himself above the law, and seems convinced that he alone has a preternatural ability to determine right from wrong.

If the President Does It, It's Legal?
In May 2011 the Pentagon declared that another country's cyber-attackscomputer sabotage, against the UScould be considered an "act of war." Then, one morning in 2012 readers of the New York Times woke up to headlines announcing that the Stuxnet worm had been dispatched into Iran's nuclear facilities to shut down its computer-controlled centrifuges (essential to nuclear fuel processing) by order of President Obama and executed by the US and Israel. The info had been leaked to the paper by anonymous "high ranking officials." In other words, the speculation about Stuxnet was at an end. It was an act of war ordered by the president alone.
Similarly, after years of now-you-see-it-now-you-don't stories about drone attacks across the Greater Middle East launched "presumably" by the US, the Times (again) carried a remarkable story not only confirming the drone killingsa technology that had morphed into a policybut noting that Obama himself was the Great Bombardier. He had, the newspaper reported, designated himself the final decision-maker on an eyes-only "kill list" of human beings the United States wanted to destroy. It was, in short, the ultimate no-fly list. Clearly, this, too, had previously been classified top-secret material, and yet its disclosure was attributed directly to White House sources.
Now, everyone is upset about the leaks. It's already a real Red v. Blue donnybrook in an election year. Senate Democratsblasted the cyberattack-on-Iran leaks and warned that the disclosure of Obama's order could put the country at risk of a retaliatory strike. Republican Old Man and former presidential candidate Senator John McCain charged Obama with violating national security,z saying the leaks are "an attempt to further the president's political ambitions for the sake of his re-election at the expense of our national security." He called for an investigation. The FBI, no doubt thrilled to be caught in the middle of all this, dutifully opened a leak investigation, and senators on both sides of the aisle are planning an inquiry of their own.
The high-level leaks on Stuxnet and the kill list, which have finally created such a fuss, actually follow no less self-serving leaked details from last year'sbin Laden raid in Pakistan. A flurry of White House officials vied with each other then to expose ever more examples of Obama's commander-in-chief role in the operation, to the point where Seal Team 6 seemed almost irrelevant in the face of the president's personal actions. There were also "high five" congratulatory leaks over the latest failed underwear bomber from Yemen.
On the Other Side of the Mirror
The Obama administration has been cruelly and unusually punishing in its use of the 1917 Espionage Act to stomp on governmental leakers, truth-tellers, and whistleblowers whose disclosures do not support the president's political ambitions. As Thomas Drake, himself avictim of Obama's crusade against whistleblowers, told me, "This makes a mockery of the entire classification system, where political gain is now incentive for leaking and whistleblowing is incentive for prosecution."
The Obama administration has charged more people (six) under the Espionage Act for the alleged mishandling of classified information than all past presidencies combined. (Prior to Obama, there were only three such cases in American history, one being Daniel Ellsberg, of Nixon-era Pentagon Papers fame.) The most recent Espionage Act case is that of former CIA officer John Kiriakou, charged for allegedly disclosing classified information to journalists about the horrors of waterboarding. Meanwhile, his evil twin, former CIA officer Jose Rodriguez, has a best-selling book out bragging about the success of waterboarding and his own hand in the dirty work.
Obama's zeal in silencing leaks that don't make him look like a superhero extends beyond the deployment of the Espionage Act into a complex legal tangle of retaliatory practices, life-destroying threats, on-the-job harassment, and firings. Lots of firings.
Upside Down Is Right Side Up
In ever-more polarized Washington, the story of Obama's self-serving leaks is quickly devolving into a Democratic/Republican, he-said/she-said contestand it's only bound to spiral downward from there until the story is reduced to nothing but partisan bickering over who can get the most advantage from those leaks.
But don't think that's all that's at stake in Washington. In the ever-skittish Federal bureaucracy, among the millions of men and women who actually are the government, the message has been much more specific, and it's no political football game. Even more frightened and edgy than usual in the post-9/11 era, bureaucrats take their cues from the top. So expect more leaks that empower the Obama Superman myth and more retaliatory, freelance acts of harassment against genuine whistleblowers. After all, it's all been sanctioned.
Having once been one of those frightened bureaucrats at the State Department, I now must include myself among the victims of the freelancing attacks on whistleblowers. The Department of State is in the process of firing me, seeking to make me the first person to suffer any sanction over the WikiLeaks disclosures. It's been a backdoor way of retaliating for my book, We Meant Well: How I Helped Lose the Battle for the Hearts and Minds of the Iraqi People, which was an honest account of State's waste and mismanagement in the "reconstruction" of Iraq.
Unlike Bradley Manning, on trial under the Espionage Act for allegedly dumping a quarter million classified documents onto the Internet, my fireable offense was linking to just one of them atmy blog. Just a link, mind you, not a leak. The document, still unconfirmed as authentic by the State Department even as they seek to force me out over it, is on the web and available to anyone with a mouse, from Kabul to Tehran to Des Moines.
That document was discussed in several newspaper articles beforeand afterI "disclosed" it with my link. It was a document that admittedly did make the US government look dumb, and that was evidently reason enough for the State Department to suspend my security clearance and seek to fire me, even after the Department of Justice declined to prosecute. Go ahead and click on a link yourself and commit what State now considers a crime.
This is the sort of thing that happens when reality is suspended in Washington, when the drones take flight, the worms turn, and the president decides that he, and he alone, is the man.
What Happens When Everything Is Classified?
What happens when the very definitions that control life in government become so topsy-turvy that 1984 starts looking more like a handbook than a novel?
I lived in Taiwan when that island was still under martial law. Things that everyone could see, like demonstrations, never appeared in the press. It was illegal to photograph public buildings or bridges, even when you could buy postcards nearby of some of the same structures. And that was a way of life, just not one you'd want.
If that strikes you as familiar in America today, it should. When everything is classifiedaccording to the Information Security Oversight Office, in 2011 American officials classified more than 92,000,000 documentsany attempt to report on anything threatens to become a crime; unless, of course, the White House decides to leak to you in return for a soft story about a heroic war president.
For everyone else working to create Jefferson's informed citizenry, it works very differently, even at the paper that carried the administration's happy leaks. Times reporter Jim Risen is now the subject of subpoenas by the Obama administration demanding he name his sources as part of the Espionage Act case against former CIA officer Jeffery Sterling. Risen was a journalist doing his job, and he raises this perfectly reasonable, but increasingly outmoded question: "Can you have a democracy without aggressive investigative journalism? I don't believe you can, and that's why I'm fighting." Meanwhile, the government calls him their only witness to a leaker's crime.
One thing at stake in the case is the requirement that journalists aggressively pursue information important to the public, even when that means heading into classified territory. If almost everything of importance (and much that isn't) is classified, then journalism as we know it may become… well, illegal.
Sometimes in present-day Washington there's simply too much irony for comfort: the story that got Risen in trouble was about an earlier CIA attempt to sabotage Iran's nuclear program, a plot which failed where Stuxnet sort of succeeded.
The End
James Spione, an Academy Award-nominated director who is currently working on a documentary about whistleblowers in the age of Obama, summed things up to me recently this way: "Beneath the partisan grandstanding, I think what is most troubling about this situation is the sense that the law is being selectively applied. On the one hand, we have the Justice Department twisting the Espionage Act into knots in an attempt to crack down on leaks from 'little guys' like Thomas Drake and John Kiriakou, while at the same time an extraordinarily detailed window into covert drone policy magically appears in the Times.
"Notwithstanding Mr. McCain's outrage, I don't believe this is about security at all. It is the unfair singling out of whistleblowers by a secrecy regime that is more than anything just another weapon in the state's arsenal to bludgeon its enemies while vaunting its supposed successesif you can call blowing up unsuspecting people, their families, and friends with a remote control airplane 'success.'"
Here is the simple reality of our moment: the president has definitively declared himself (and his advisors and those who carry out his orders) above the law, both statutory and moral. It is now for him and him alone to decide who will live and who will die under the drones, for him to reward media outlets with inside information or smack journalists who disturb him and his colleagues with subpoenas, and worst of all, to decide all by himself what is right and what is wrong.
The image Obama holds of himself, and the one his people have been aggressively promoting recently is of a righteous killer, ready to bloody his hands to smite "terrorists" and whistleblowers equally. If that sounds Biblical, it should. If it sounds full of unnerving pride, it should as well. If this is where a nation of laws ends up, you should be afraid.
Peter Van Buren, a 24-year veteran Foreign Service Officer at the State Department, spent a year in Iraq as Team Leader for two State Department Provincial Reconstruction Teams. Now in Washington and a TomDispatch regular, he writes about Iraq, the Middle East, and US diplomacy at his blog, We Meant Well. Since his book, We Meant Well: How I Helped Lose the Battle for the Hearts and Minds of the Iraqi People (The American Empire Project, Metropolitan Books), was published in 2011, the Department of State has begun termination proceedings against him, after reassigning him to a make-work position and stripping him of his security clearance and diplomatic credentials. To listen to Timothy MacBain's latest Tomcast audio interview in which Van Buren discusses how Washington has changed when it comes to both leaking and stifling information, click here or download it to your iPod here.
[Disclaimer: The views here are solely those of the author, expressed in his capacity as a private citizen.]
[URL="http://www.motherjones.com/politics/2012/06/obamas-whistleblowers-stuxnet-leaks-drones"]http://www.motherjones.com/politics/2012/06/obamas-whistleblowers-stuxnet-leaks-drone
s[/URL]

[Magda Hassan]

Date July 12, 2013
Telstra agreed more than a decade ago to store huge volumes of electronic communications it carried between Asia and America for potential surveillance by United States intelligence agencies.
Under the previously secret agreement, the telco was required to route all communications involving a US point of contact through a secure storage facility on US soil that was staffed exclusively by US citizens carrying a top-level security clearance.
The data Telstra stored for the US government includes the actual content of emails, online messages and phone calls.
The US Department of Justice and Federal Bureau of Investigation also demanded that Telstra "provide technical or other assistance to facilitate ... electronic surveillance".

In 2001, when the "network security agreement" was signed, Telstra was 50.1 per cent owned by the Commonwealth Government.
The revelations come as the British and US governments reel from the leaking of sensitive intelligence material that has detailed a vast electronic spying apparatus being used against foreign nationals and their own citizens.
This week, Fairfax Media reported that four Australian defence facilities are being used by the US in this intelligence collection regime, including Pine Gap and three secret signals facilities at Darwin, Geraldton and Canberra. The local centres are used in a National Security Agency surveillance program codenamed X-Keyscore.
Now, the latest revelations raise further questions about the extent of the Australian government's co-operation with the US global intelligence effort, as well as its own data collection regime.
The 2001 contract was prompted by Telstra's decision to expand into Asia by taking control of hundreds of kilometres of undersea telecommunications cables.
Telstra had negotiated with a Hong Kong company to launch Reach, which would become the largest carrier of intercontinental telecommunications in Asia. The venture's assets included not just the fibre-optic cables, but also "landing points" and licences around the world.
But when Reach sought a cable licence from the US Federal Communications Commission, the DOJ and the FBI insisted that the binding agreement be signed by Reach, Telstra, and its Hong Kong joint venture partner, Pacific Century CyberWorks Ltd (PCCW).
The contract does not authorise the company or law enforcement agencies to undertake actual surveillance. But under the deed, Telstra must preserve and "have the ability to provide in the United States" all of the following:

• "Wire" or electronic communications involving any customers - including Australians - who make any form of communication with a point of contact in the US;
  
• "Transactional data" and "call associated data" relating to such communications;
  
• "Subscriber information"; and
  
• "Billing records".
  

"All Domestic Communications ... shall pass through a facility ... physically located in the United States, from which Electronic Surveillance can be conducted pursuant to Lawful US Process," the contract says.
"The Domestic Communications Company [Reach] will provide technical or other assistance to facilitate such Electronic Surveillance."
The US facility had to be staffed by US citizens "eligible for appropriate US security clearances", who also "shall be available 24 hours per day, seven days per week, and shall be responsible for accepting service and maintaining the security of Classified Information".
It also makes it incumbent on Reach not to allow data and communications of interest to be destroyed.
Reach and Telstra were required to "take all reasonable measures" to prevent use of their infrastructure for surveillance by a foreign government. "These measures shall take the form of detailed technical, organisational, personnel related policies and written procedures, necessary implementation plans, and physical security measures," the contract says.
The document was signed by Douglas Gration, Telstra's then company secretary and now a Melbourne barrister.
His own webpage describes his responsibilities at the time to have included "liaising with law enforcement and national security agencies".
He told Fairfax he couldn't remember much about the agreement. "Every country has a regime for that lawful interception," he said. "And Australia has got it as well."
"It would be no surprise if you're setting up something like Reach, which I think from memory had a station where they man the traffic in the US. [So] they would need an agreement with the US to do that."
Reach has offices located in Hong Kong, Japan, Korea, Singapore, Taiwan and the UK. It also has two premises in the US, in New Jersey and San Francisco, either of which may house the secure storage facility stipulated by the contract.
In 2011, Telstra and PCCW restructured their partnership, giving Telstra control of the majority of Reach's undersea cables. The corporate restructuring most likely would have triggered a requirement to renegotiate the security deed with the US Government.
Scott Whiffin, a Telstra spokesman, said the agreement was required to "comply with US domestic law".
"It relates to a Telstra joint venture company's operating obligations in the United States under their domestic law. We understand similar agreements would be in place for all network infrastructure in the US."

"When operating in any jurisdiction, here or overseas, carriers are legally required to provide various forms of assistance to Government agencies."
http://www.smh.com.au/it-pro/security-it...hv0w4.html

[Magda Hassan]

How the U.S. forces Net firms to cooperate on surveillance

Officially, Uncle Sam says it doesn't interfere. But behind the scenes, the feds have been trying to browbeat Internet firms into helping with surveillance demands.
by Declan McCullagh
July 12, 2013 12:30 PM PDT
Russian supporters of Edward Snowden, who leaked classified National Security Agency surveillance documents, rally today in central Moscow.
(Credit: Getty Images)
By wielding a potent legal threat, the U.S. government is often able to force Internet companies to aid its surveillance demands. The threat? Comply or we'll implant our own eavesdropping devices on your network.
Under federal law, the National Security Agency can serve real-time "electronic surveillance" orders on Internet companies for investigations related to terrorism or national security.
These orders, authorized by the Foreign Intelligence Surveillance Act, are used to feed data into the NSA's PRISM software program that was revealed last month by former intelligence analyst Edward Snowden. PRISM documents indicate that the NSA can receive "real-time notifications" of user log-ins.
Some Internet companies have reluctantly agreed to work with the government to conduct legally authorized surveillance on the theory that negotiations are less objectionable than the alternative -- federal agents showing up unannounced with a court order to install their own surveillance device on a sensitive internal network. Those devices, the companies fear, could disrupt operations, introduce security vulnerabilities, or intercept more than is legally permitted.
"Nobody wants it on-premises," said a representative of a large Internet company who has negotiated surveillance requests with government officials. "Nobody wants a box in their network...[Companies often] find ways to give tools to minimize disclosures, to protect users, to keep the government off the premises, and to come to some reasonable compromise on the capabilities."
Precedents were established a decade or so ago when the government obtained legal orders compelling companies to install custom eavesdropping hardware on their networks.
One example, which has not been previously disclosed, arose out of a criminal investigation in which the Drug Enforcement Administration suspected a woman of trafficking in 1,4-Butanediol. The butane-derived chemical is used industrially as a solvent and recreationally as a date rape drug or sedative.
The DEA's Special Operations Division, which includes FBI representatives, obtained a real-time intercept order -- sometimes called a Title III order -- against EarthLink and WorldCom, a network provider that's now part of Verizon Business. Both companies were targeted by the order because EarthLink routed outgoing e-mail messages through equipment leased from WorldCom.
WorldCom technicians were required to help the DEA install surveillance equipment that the agency had purchased and provided. Over the course of the wiretap, the government's hardware vacuumed up over 1,200 e-mail messages from the targeted account. EarthLink did not respond to a request for comment this week.
FISA gives the government a powerful club to wield against Internet companies. The lawrequires the firms to "furnish all information, facilities, or technical assistance necessary to accomplish the electronic surveillance" as long as it can be done with a "minimum of interference" with other users.
In another case that was closely watched within the industry, the FBI invoked similar language to force EarthLink to install a Carnivore network monitoring device, over the company's strenuous objections. EarthLink challenged the surveillance order in court because it was concerned that Carnivore would vacuum up more user metadata than the court order authorized.
It lost. A federal magistrate judge sided with the government, despite the fact that "Carnivore would enable remote access to the ISP's network and would be under the exclusive control of government agents,"

Robert Corn-Revere, an attorney for EarthLink, told Congress at the time.
Those legal victories allowed the government to strong-arm Internet companies into reworking their systems to aid in surveillance -- under the threat of having the FBI install NarusInsight or similar devices on their networks. "The government has a lot of leverage," including contracts and licenses, said a representative for an Internet company. "There is a lot of pressure from them. Nobody is willingly going into this."
Jennifer Granick, director of civil liberties at Stanford University's Center for Internet and Society, said, referring to the government's pressure tactics:

They can install equipment on the system. And I think that's why companies are motivated to cooperate [and] use their own equipment to collect for the government. They would rather help than let any government equipment on their service, because then they lose oversight and control.

In 1994, then-President Bill Clinton signed into law the Communications Assistance for Law Enforcement Act, or CALEA, which required telephone companies to configure their systems to perform court-authorized lawful intercepts in a standard way. In 2004, that requirement wasextended to cover broadband providers, but not Web companies.
A survey of earlier litigation shows, however, that the Justice Department was able to convince courts to force companies to take steps to permit surveillance through their networks long before CALEA became law.
In 1977, the U.S. Supreme Court ruled that surveillance law is a "direct command to federal courts to compel, upon request, any assistance necessary to accomplish an electronic interception."
Other courts followed suit. The U.S. Court of Appeals for the Third Circuit concluded in 1979 that the Bell Telephone Company of Pennsylvania must comply with a surveillance order because it would cause only "a minimal disruption of normal operations." The Ninth Circuit ruled against Mountain Bell a year later, saying a surveillance order "recognized the practical fact that the actions ordered were technical ones which only that company could perform."

Edward Snowden speaks earlier today after meeting with leading Russian rights activists and lawyers at Moscow's Sheremetyevo airport, where he has been stuck in transit for the last three weeks.
(Credit: Getty Images)
If an Internet company offers encryption designed in such a way that even its engineers can't access users' files or communications, it would be unable to comply with a FISA or other surveillance order.
But with a few exceptions, such as SpiderOak and Fogpad, nearly all companies use encryption only in transit, meaning data stored on servers remains unencrypted.
That's why Microsoft could be compelled to work with the NSA and the FBI's Data Intercept Technology Unit to aid in surveillance of Outlook.com and Hotmail messages, a situation the Guardian disclosed yesterday, citing documents provided by Snowden.
Internet companies have, on occasion, created "teams of in-house experts" to figure out how to respond to FISA surveillance orders, The New York Times reported last month.
Microsoft's engineers have quietly designed a system to comply with government orders, which manages to avoid having a surveillance device implanted on a internal network. (Microsoft declined to comment for this article.)
One case that used it arose out of a probe into illegal drug sales in Philadelphia. As part of that investigation, the government obtained a court order for a real-time wiretap against a Hotmail account.
Microsoft's wiretap compliance system worked by forwarding a copy of two suspects' e-mail messages to a "shadow account" located elsewhere on Hotmail's servers. Each address under surveillance had a separate "shadow account" associated with it.
Every 15 minutes, an automated process logged in to these shadow accounts and transferred the retrieved e-mails into "case folders" on computers at a DEA office in Lorton, Va.
Homeland Security agents separately obtained a real-time wiretap of a Hotmail account used by a man suspected of possessing pornography involving minors. A case associated with that criminal prosecution, which might reveal more about surveillance techniques used by Immigration and Customs Enforcement, remains under seal in a New Jersey federal court.
A Google spokesman declined to say this week whether the company could comply with a wiretap order targeting a Google Hangout or Google Talk conversation.
The government's ability to perform surveillance even when armed with a court order depends in large part on the decisions engineers made when designing a product. "Many implementations include an ability to monitor sessions as a debugging tool," one government official said this week. "Depending on how things have been built, a real-time wiretap may be nothing more than turning that on. As an example, all enterprise-grade Ethernet switches include a monitor port -- not because the FBI demands it, but because sysadmins need it."
Christopher Soghoian, principal technologist for the ACLU's Speech, Privacy and Technology Project, said the PRISM disclosures show Internet companies should embrace strong encryption for their users. "This is a place where the companies have an opportunity to do something that doesn't hurt their ability to make money and [that wins] them praise," he said.
http://news.cnet.com/8301-13578_3-575935...veillance/

[Magda Hassan]

[URL="http://www.guardian.co.uk/commentisfree/cartoon/2013/jul/04/steve-bell-if-hague-queen-all-american-subjects"]

http://www.guardian.co.uk/commentisfree/...n-subjects[/URL]

Some one thinks this is a disgraceful slur on the foreign secretary. He only shared his hotel rooms with a young man to save money.
Wonder what GCHQ recorded of their conversations. Not that it would affect his judgement in any way.

[Magda Hassan]

Travellers' mobile phone data seized by police at border

Thousands of innocent holidaymakers and travellers are having their phones seized and personal data downloaded and stored by the police, The Telegraph can disclose.

A police officer can stop any passenger at random, scour their phone and download and retain data, even of the individual is then immediately allowed to proceed Photo: ALAMY
By Tom Whitehead, and David Barrett









Officers use counter-terrorism laws to remove a mobile phone from any passenger they wish coming through UK air, sea and international rail ports and then scour their data.

The blanket power is so broad they do not even have to show reasonable suspicion for seizing the device and can retain the information for "as long as is necessary".

Data can include call history, contact books, photos and who the person is texting or emailing, although not the contents of messages.

David Anderson QC, the independent reviewer of terrorism laws, is expected to raise concerns over the power in his annual report this week.

He will call for proper checks and balances to ensure it is not being abused.

It echoes concerns surrounding an almost identical power police can use on the streets of the UK, which is being reviewed by the Information Commissioner.
However, in those circumstances police must have grounds for suspicion and the phone can only be seized if the individual is arrested.
Mr Anderson said: "Information downloaded from mobile phones seized at ports has been very useful in disrupting terrorists and bringing them to justice.
"But ordinary travellers need to know that their private information will not be taken without good reason, or retained by the police for any longer than is necessary."
Up to 60,000 people a year are "stopped and examined" as they enter or return to the UK under powers contained in the Terrorism Act 2000.
It is not known how many of those have their phone data taken.
Dr Gus Hosein, of the campaign group Privacy International, said: "We are extremely concerned by these intrusive tactics that have been highlighted by the independent terrorism reviewer.
"These practices have been taking place under the radar for far too long and if Mr Anderson calls for reform and new safeguards we would be very supportive of that."
He added: "Seizing and downloading your phone data is the modern equivalent of searching your home and office, searching through family albums and business records alike, and identifying all your friends and family, then keeping this information for years.
"If you were on the other side of the border, the police would rightly have to apply for warrants and follow strict guidelines. But nowhere in Britain do you have less rights than at the border.
"Under law, seizing a mobile phone should be only when the phone is essential to an investigation, and then even certain rules should apply. Without these rules, everyone should be worried."
Under the Act, police or border staff can question and even hold someone while they ascertain whether the individual poses a terrorism risk.
But no prior authorization is needed for the person to be stopped and there does not have to be any suspicion.
It means a police officer can stop any passenger at random, scour their phone and download and retain data, even of the individual is then immediately allowed to proceed.
It has been a grey area as to whether the act specifically allowed for phone data to be downloaded and recorded.
But last month, Damian Green, the policing minister, laid an amendment to the anti-social behaviour, crime and policing bill, which is currently going through Parliament.
It makes the express provision for the copying and retention of information from a seized item.
The ability to potentially retain the data indefinitely could also spark a fresh row over civil liberties similar to the controversy around DNA sample.
Laws had to be changed to end the retention of the DNA of innocent people after the European Court of Human Rights ruled in 2008 that keeping them was unlawful.
Mr Anderson is expected to stress he is not against the power and that it is a useful tool in the fight against terrorism but that it must be used appropriately.
In his report last year Mr Anderson said the general power to stop people under the terror laws were "formidable" and "among the strongest of all police powers".
Christopher Graham, the Information Commissioner, is already investigating whether the use of similar powers by police who arrest people are appropriate.
It emerged last year that seven police forces had installed technology that allowed officers to download data from suspects' phones but one industry expert suggested at least half of forces in England and Wales could be extracting mobile phone data in police stations.
A spokesman for Scotland Yard, which has national responsibilities for counter-terrorism, said: "Under the Terrorism Act 2000 a person may be detained and questioned for up to nine hours to determine if that individual is a person concerned in the commission, preparation or instigation of acts of terrorism as outlined in the Act.
"As with any power to detain an individual it is used appropriately and proportionally and is always subject to scrutiny by an independent reviewer of UK anti-terror laws.
"Holding and properly using intelligence gained from such stops is a key part of fighting crime, pursuing offenders and protecting the public."
http://www.telegraph.co.uk/technology/10...order.html

[Peter Lemkin]

How NSA access was built into Windows

Duncan Campbell 04.09.1999

Careless mistake reveals subversion of Windows by NSA.

A CARELESS mistake by Microsoft programmers has revealed that special access codes prepared by the US National Security Agency have been secretly built into Windows. The NSA access system is built into every version of the Windows operating system now in use, except early releases of Windows 95 (and its predecessors). The discovery comes close on the heels of the revelations earlier this year that another US software giant, Lotus, had built an NSA "help information" trapdoor into its Notes system, and that security functions on other software systems had been deliberately crippled.
The first discovery of the new NSA access system was made two years ago by British researcher Dr Nicko van Someren. But it was only a few weeks ago when a second researcher rediscovered the access system. With it, he found the evidence linking it to NSA.
Computer security specialists have been aware for two years that unusual features are contained inside a standard Windows software "driver" used for security and encryption functions. The driver, called ADVAPI.DLL, enables and controls a range of security functions. If you use Windows, you will find it in the C:\Windows\system directory of your computer.
[TABLE="class: img, width: 100%"]
[TR]
[TD]ADVAPI.DLL works closely with Microsoft Internet Explorer, but will only run cryptographic functions that the US governments allows Microsoft to export. That information is bad enough news, from a European point of view. Now, it turns out that ADVAPI will run special programmes inserted and controlled by NSA. As yet, no-one knows what these programmes are, or what they do.
[/TD]
[/TR]
[/TABLE]

Dr Nicko van Someren reported at last year's Crypto 98 conference that he had disassembled the ADVADPI driver. He found it contained two different keys. One was used by Microsoft to control the cryptographic functions enabled in Windows, in compliance with US export regulations. But the reason for building in a second key, or who owned it, remained a mystery.
A second key
Two weeks ago, a US security company came up with conclusive evidence that the second key belongs to NSA. Like Dr van Someren, Andrew Fernandez, chief scientist with Cryptonym of Morrisville, North Carolina, had been probing the presence and significance of the two keys. Then he checked the latest Service Pack release for Windows NT4, Service Pack 5. He found that Microsoft's developers had failed to remove or "strip" the debugging symbols used to test this software before they released it. Inside the code were the labels for the two keys. One was called "KEY". The other was called "NSAKEY".
Fernandes reported his re-discovery of the two CAPI keys, and their secret meaning, to "Advances in Cryptology, Crypto'99" conference held in Santa Barbara. According to those present at the conference, Windows developers attending the conference did not deny that the "NSA" key was built into their software. But they refused to talk about what the key did, or why it had been put there without users' knowledge.
A third key?!
But according to two witnesses attending the conference, even Microsoft's top crypto programmers were astonished to learn that the version of ADVAPI.DLL shipping with Windows 2000 contains not two, but three keys. Brian LaMachia, head of CAPI development at Microsoft was "stunned" to learn of these discoveries, by outsiders. The latest discovery by Dr van Someren is based on advanced search methods which test and report on the "entropy" of programming code.
Within the Microsoft organisation, access to Windows source code is said to be highly compartmentalized, making it easy for modifications to be inserted without the knowledge of even the respective product managers.
Researchers are divided about whether the NSA key could be intended to let US government users of Windows run classified cryptosystems on their machines or whether it is intended to open up anyone's and everyone's Windows computer to intelligence gathering techniques deployed by NSA's burgeoning corps of "information warriors".
According to Fernandez of Cryptonym, the result of having the secret key inside your Windows operating system "is that it is tremendously easier for the NSA to load unauthorized security services on all copies of Microsoft Windows, and once these security services are loaded, they can effectively compromise your entire operating system". The NSA key is contained inside all versions of Windows from Windows 95 OSR2 onwards.
"For non-American IT managers relying on Windows NT to operate highly secure data centres, this find is worrying", he added. "The US government is currently making it as difficult as possible for "strong" crypto to be used outside of the US. That they have also installed a cryptographic back-door in the world's most abundant operating system should send a strong message to foreign IT managers".
"How is an IT manager to feel when they learn that in every copy of Windows sold, Microsoft has a 'back door' for NSA - making it orders of magnitude easier for the US government to access your computer?" he asked.
Can the loophole be turned round against the snoopers?
Dr van Someren feels that the primary purpose of the NSA key inside Windows may be for legitimate US government use. But he says that there cannot be a legitimate explanation for the third key in Windows 2000 CAPI. "It looks more fishy", he said.
Fernandez believes that NSA's built-in loophole can be turned round against the snoopers. The NSA key inside CAPI can be replaced by your own key, and used to sign cryptographic security modules from overseas or unauthorised third parties, unapproved by Microsoft or the NSA. This is exactly what the US government has been trying to prevent. A demonstration "how to do it" program that replaces the NSA key can be found on Cryptonym's website.
According to one leading US cryptographer, the IT world should be thankful that the subversion of Windows by NSA has come to light before the arrival of CPUs that handles encrypted instruction sets. These would make the type of discoveries made this month impossible. "Had the next-generation CPU's with encrypted instruction sets already been deployed, we would have never found out about NSAKEY."

[Peter Lemkin]

WASHINGTON The National Security Agency has backdoor access to all Windows software since the release of Windows 95, according to informed sources, a development that follows the insistence by the agency and federal law enforcement for backdoor "keys" to any encryption, according to Joseph Farah's G2 Bulletin.
Having such "keys" is essential for the export of any encryption under U.S. export control laws.
The NSA plays a prominent role in deliberations over whether such products can be exported. It routinely turns down any requests above a megabyte level that exceeds NSA's technical capacity to decrypt it. That's been the standard for years for NSA, as well as the departments of Defense, Commerce and State.
Computer security specialists say the Windows software driver used for security and encryption functions contains unusual features the give NSA the backdoor access.


The security specialists have identified the driver as ADVAPI.DLL. It enables and controls a variety of security functions. The specialists say that in Windows, it is located at C:\\Windows\system.
Specialist Nicko van Someren says the driver contains two different keys. One was used by Microsoft to control cryptographic functions in Windows while another initially remained a mystery.
Then, two weeks ago, a U.S. security firm concluded that the second key belonged to NSA. Analysis of the driver revealed that one was labeled KEY while the other was labeled NSAKEY, according to sources. The NSA key apparently had been built into the software by Microsoft, which Microsoft sources don't deny.
This has allowed restricted access to Microsoft's source code software that enables such programming.
Access to Windows source code is supposed to be highly compartmentalized, actually making such actions easier because many of the people working on the software wouldn't see the access.
Such access to the encryption system of Windows can allow NSA to compromise a person's entire operating system. The NSA keys are said to be contained inside all versions of Windows from Windows 95 OSR2 onwards.
Having a secret key inside the Windows operating system makes it "tremendously easier for the NSA to load unauthorized security services on all copies of Microsoft Windows, and once these security services are loaded, they can effectively compromise your entire operating system," according to Andrew Fernandez, chief scientist with Cryptonym Corporation of North Carolina.

Read more at http://www.wnd.com/2013/06/nsa-has-total...eQAEFzm.99

[Peter Lemkin]

Undersea cables and the NSA

I'd like to offer a follow-up to yesterday's must-read super-post (not written by me; it came fromthis blog). One section that did not find its way into yesterday's Cannonfire reads as follows...

The NSA not only accesses data directly from the largest internet companies, it also sucks up huge amounts of data straight from undersea cables providing telephone and Internet service to the United States.

We've discussed this matter before. Does anyone else recall the "cable cut" mystery of 2008? In fairly rapid order, five undersea cables were mysteriously severed in the Middle East, leading to lots of theories as to why these mutilations occurred. My own humble offering ran thus:

My instincts tell me that the purpose of inflicting this kind of damage would be to have the "right" people conduct the repair operations. The NSA may find it a whole lot easier to tap into the data stream once the patch job is complete.

With that bit of history in mind, let's take another look at a small mystery which this blog mentioned a couple of days ago...

Differing slide syndrome. This catch by Cryptome gets more interesting the closer one looks at it. Both the WP and the Guardian published the same "liberated" slide concerning Prism. But it's not really the same -- there are slight differences. See for yourself.

Are the differences significant? You tell me.

It seems that the two papers worked from two different pdfs, which purported show the same report. Here are the two versions of that slide:

I think you can spot the most important difference: The Guardian focused on undersea cablesaround the world -- including cables in the area affected by the 2008 mystery -- while the WP version (the "revised" version?) shows cables off the coast of the United States.

[Magda Hassan]

And remember this? Surely just a coincidence.....
[URL="http://www.wired.com/threatlevel/2008/12/mediterranean-c/"]

Undersea Cables Cut; 14 Countries Lose Web Updated

• BY KIM ZETTER
  
• 12.19.08
  
• 11:39 AM
  

Reports from the Mediterranean indicate that two of the undersea cables severed and repaired earlier this year have been cut again, disrupting internet access and phone service between the Middle East, Europe, and parts of Asia. An additional third cable is down in the same region.
The cuts are causing traffic to be re-routed through the United States and elsewhere.
Egypt's communications ministry tells the Associated Press that the outage has almost completely killed internet services throughout Egypt.
A second report indicates that the three cables that are out include the SEA-ME-WE 4 cable (also known as SMW4), which went out at 7:28 a.m. local time Friday morning; SEA-ME-WE 3, which went down at 7:33 a.m.; and the FLAG EA cable, which went out at 8:06 a.m. The cables were cut in the region where they run under the sea between Egypt and Italy. They carry an estimated 90 percent of all data traffic between Europe and the Middle East. SMW 3 and SMW 4 are owned by groups of phone companies; FLAG is owned by Reliance Globalcom.
The SMW 4 and FLAG cables were among five undersea cables damaged earlier this year in January and February in the Mediterranean, launching a flurry of conspiracy theories before investigations revealed that at least one of the cuts was caused by a ship's anchor. When those cables went down, SMW 3 was used to re-route traffic. But this time, SMW 3 is reportedly involved in the outage as well.
A France Telecom report listed 14 countries affected by the current problem. The Maldives are 100 percent down, followed by India, which has 82 percent disruption. Qatar, Djibouti and the United Arab Emirates were the next most widely affected areas with about 70 percent service interrupted. Disruptions for Saudi Arabia, Egypt and Pakistan range from 51 percent to 55 percent.

[/url]UPDATE: As reader Julian Borg Barthet notes in the comments section, a fourth undersea cable went out Thursday evening in the same region. The cable, the Seabone, is operated by GO and runs between Malta and Sicily. According to the Times of Malta, GO transferred traffic to a second cableoperated by Vodafone. It was the second time in four months that the Seabone cable had failed.

http://www.wired.com/threatlevel/2008/12...rranean-c/

[Peter Lemkin]

The NSA and Navy have special submarines that have some secret manipulator arms and 'gadgets' that can splice into undersea cables and tap into them permanently. This is established fact....which the US Govt. denies.