Panopticon of global surveillance

[David Guyatt]

Re the above article, this is from Greenwald's new enterprise "The Intercept"

[Peter Lemkin]

As Surveillance Costs Fall, Could the NSA Gain Ability to Record & Replay Every Call, Everywhere?

The latest disclosures from Edward Snowden show the National Security Agency is recording every single phone call made in an undisclosed foreign country. A surveillance system called MYSTIC stores the billions of phone conversations for up to 30 days. Agents are able to rewind and review any conversation within the previous month using a tool codenamed RETRO. One senior manager for the program compared it to a time machine. We speak to Ashkan Soltani, who co-wrote the Washington Post exposé on MYSTIC and has closely studied the cost of surveillance. He has co-written a series of other exposés for the Post that revealed how the NSA uses Google cookies to pinpoint targets for hacking and how the NSA secretly broke into the main communications links that connect Yahoo and Google data centers around the world.

Transcript

This is a rush transcript. Copy may not be in its final form.

JUAN GONZÁLEZ: The latest disclosures from Edward Snowden show the National Security Agency is recording every single phone call made in an undisclosed foreign country. A surveillance system called "MYSTIC" stores billions of phone conversations for up to 30 days. Agents are able to rewind and review any conversation within the previous month using a tool codenamed RETRO. One senior manager for the program compared it to a time machine. Michelle Richardson of the American Civil Liberties Union criticized the MYSTIC program.

MICHELLE RICHARDSON: Well, we're concerned this is another example of U.S. government overreach and that instead of really targeting its very powerful surveillance authorities on terrorists and spies, that they're doing this bulk collection that sweeps up a lot of innocent people. So if they're targeting an entire country's phone calls, collecting and recording all of them and searching through them later, that doesn't violate just the privacy of the people in that country, but the Americans that communicate with them.

AMY GOODMAN: The Washington Post broke the story Tuesday. The paper said it withheld details that could be used to identify the country where the system is being employed at the request of the U.S. government. The paper also revealed last year's secret intelligence budget named five more countries for which the MYSTIC program provides "comprehensive metadata access and content," with a sixth expected to be in place by last October.
Our first guest today is independent privacy and security researcher Ashkan Soltani, who co-wrote the Washington Post piece. He has also co-written a series of other exposés for the Post that revealed how the NSA uses Google cookies to pinpoint targets for hacking and how the NSA secretly broke into the main communications links that connect Yahoo and Google data centers around the world.
Ashkan Soltani, welcome to Democracy Now! Why don't you lay out what you found? One hundred percent of the calls in a particular country are being recorded by the NSA?
ASHKAN SOLTANI: That's right. So our reporting demonstrates the NSA's capability in at least one country to capture the entire communications. And this is not targeted communications; this is communications in bulk. So people's conversations to, from and inside the country are ableare available to the NSA to be kind of retroactively accessed, so they can later go back in time and say who was talking to whom or particularlylook up particular conversations of interest.
JUAN GONZÁLEZ: Now, your article seemed to indicate that the biggest problem the agency had was its storage capacity, its abilityhow to mine this information, just because of the sheer volume involved. Could you talk about that?
ASHKAN SOLTANI: Yeah, that's actually been a common thread in most of the stories that we've come out with, including the data center one. We previously covered the NSA's accessing of address books. This is like whothe address books in your phone. And an often kind ofor a common theme is that the NSA hits up on technology barriers, so limits to storage, limits to bandwidth, limits to processing power. And that's when we see the information in the slides that we have.
And that's really telling, since it highlights a kind of a larger problem, which is that the limitations are not legal or policy restrictions, right? The limitations are technical restrictions. And as technical capacity goes up, I think the NSA will be kind of growing these programs. We're already aware of one large data center being built in Utah, which will have kind of a very large capacity to store this type of communication. And again, we're going to need to look to legal restrictions to kind of minimize this collection, rather than technical ones.
AMY GOODMAN: Ashkan, how does the conversation go with the U.S. government and The Washington Post when they make their case for you not identifying the country that is 100 percent monitored, all the phone calls?
ASHKAN SOLTANI: I can't get too into the details, but typically there's a conversation on both sides, of kind ofthe editors, the writers, the government all kind of weigh in on what they think is and isn't important to cover. We felt that kind of our representation, our highlighting the existence of this programand it is an ongoing program; it's in place stillwe wanted to raise the policy implications or policy issues associated with bulk content collection, without necessarily blowing a capability that the government currently has.
JUAN GONZÁLEZ: Now, were you able to tell to what degree the NSA needed cooperation or complicity by the telecommunications companies that were actually providing this telephone service?
ASHKAN SOLTANI: Again, I can'tI can't kind of get into the how and the where. I can say, again, it's comprehensive access in at least one country.
AMY GOODMAN: At least one country, explain that.
ASHKAN SOLTANI: So, weso, the documents we had were from last year, and they indicated a system up and running. And they would kind of go from, you know, earlier coverage to 100 percent, oncewhen we saw the documents. But they hinted at the expansion of this program in at least one other place by October 2013, October of last year. And there was kind of hints in the documents and in the budget documents that this capacity would be growing to other places as soon as the technical capacity was there.
JUAN GONZÁLEZ: Well, during his recent TED Talk, Edward Snowden referenced you by name and talked about your work on the cost of surveillance.

EDWARD SNOWDEN: There is an argument to be made that the powers of Big Brother have increased enormously. There was a recent legal article at Yale that established something called the Bankston-Soltani principle, which is that our expectation of privacy is violated when the capabilities of government surveillance have become cheaper by an order of magnitude, and each time that occurs, we need to revisit and rebalance our privacy rights. Now, that hasn't happened since the government's surveillance powers have increased by several orders of magnitude, and that's why we're in the problem that we're in today.

But there is still hope, because the power of individuals have also been increased by technology. I am living proof that an individual can go head to head against the most powerful adversaries and the most powerful intelligence agencies around the worldand win. And I think that's something that we need to take hope from and we need to build on to make it accessible not just to technical experts, but to ordinary citizens around the world. Journalism is not a crime. Communication is not a crime.

JUAN GONZÁLEZ: Ashkan Soltani, your response to Edward Snowden?
ASHKAN SOLTANI: So, he was highlighting a paper that we wrote, I co-authored with Kevin Bankston, looking at the Supreme Court U.S. v. Jones decision. It was a landmark privacy decision where they found that 28 days of continuous surveillance, location surveillance, of an individual violated the Fourth Amendment. They actually kind of hung it on a particularity with regards to the access of the vehicle, but there was multiple concurring opinions of kind of describing thisthe problem with mass prolonged surveillance. And so, what we tried to do, we tried to kind of figure out what was thewhat was the hook.
There was a followingfollowing that decision, there was a hearing in which, I think, Rep. Dowdy [sic] kind of went through a line of questioning, and saying, "Well, why do we need Fourth Amendment protections around location surveillance? Do I needyou know, is theredo I need a warrant? Do I need kind of probable cause to go and follow someone around on the street? Do I need to do so if I'm a police officer? Do I need todo I need a warrant to follow them around by car, by air, etc.?" And the answer to this is, no, you do not, right? You cana police officer can decide to follow you. He can decide to spend his time following you on the street, and to do his job. And I think the key of that assumption is that the police officer would find it worth his time to follow you. He would be not following someone else that might be kind of more likely to be a suspect, and he would be, you know, spending his own precious time doing it.
Technology has changed that. So what we looked at is we tried to highlight, in terms of just dollars, what would it cost to follow around someone on foot, traditionally, covertly, and what wouldand how has technology changed that calculus. And so, for example, if a police officer wants to follow you around on foot, his averagean average salary of a police officer comes down to something like $50 with benefits, including kind of overtime and all this kind of stuff. And if he wanted to do so, or if theyif the police wanted follow you around covertly, they'd need five or so agents, in what's known as a "floating box formation," so people could swap in and swap out and you wouldn't know who's following you. That's somewhere on the order of $250 an hour to follow an individual throughout the day, right? And there's like human limits to that, but let's just, for the sake of argument, take that as a base number.
Now we compare that to what we know around what telephone providers, or telcos, charge the government for location tracking using your cellphone or using a GPS device. And that comes down to somewhereto like $10 an hour, down to even four cents an hour, for an entire month, to track someone on Sprint's network. So the government can pay a flat rate to Sprint, and it comes down to something around four cents a month tofor cents an hour to track an individual. That's very different than $250 an hour to track an individual. And as such, the calculus is orders of magnitude less, right? They have orders of magnitude less barriers to be able to track you on the street, and therefore they're more likely to do so.
JUAN GONZÁLEZ: So, in other words, the cost-benefit analysis of a total police state, where people are following you around, is just too prohibitively expensive, but now, with technology, the cost-benefit has been reduced dramatically.
ASHKAN SOLTANI: Yeah. I mean, an example that we use at the very end of the paper is, right after the Supreme Court decision, an FBI official kind of announced that they had to request permission to turn on 3,000 devices that were in the field, so that they could go get them. Right after this decision, they had to disable those devices, and they needed permission to turn on those devices, they neededfrom the courts, in order to go retrieve them. What's interesting about that is that it indicates that, at that point in time, there was at least 3,000 devices in the field that they needed to go collect. And if you do the math, again, 3,000 kind of simultaneous targets would require somewhere on the order of 15,000 individuals full-time tracking thosethe location of those targets. The FBI currently has something like 13,000 field agents that would be doing this work. And assuming that they did nothing elsethey didn't sleep, they didn't shower, they didn'tthey did only surveillance, there would still not be enough FBI agents to surveil 3,000 people simultaneously. And I think that's kind of the outcome, is, well, the technology allows a much greater capacity to do surveillance in bulk at a much lower cost, and so we're going to just do it, because the technology can, and not kind of have a bigger policy debate of what is the right balance, right? How many agents should we have per person, per capita?
AMY GOODMAN: We're going to link to your piece in The Yale Law Journal at democracynow.org. I wanted to turn to Deputy Director of National Security Agency Rick Ledgett, who gave a response to Snowden's on-stage, virtual appearance at TED earlier in the week. Ledgett insisted the NSA believes in a right to privacy.

RICK LEDGETT: And we devote an inordinate amount of time and pressureinordinate and appropriate, actually, I should say, amount of time and effort in order to ensure that wethat we protect that privacyand beyond that, the privacy of citizens around the world. It's not just Americans. You know, severalseveral things come into play here. First, we're all on the same network. My communicationsI'm a user of a particular Internet email service that is the number one email service of choice by terrorists around the world, number one, and so I'm there right beside them in email space in the Internet. And so, we need to be able to pick that apart and find the information that's relevant. In doing so, we're going to necessarily encounter Americans and innocent foreign citizens who are just going about their business, and so we have procedures in place that shreds that out, that says, "OK, when you find thatnot if you find it, when you find it, because you're certain to find ithere's how you protect that." These are called minimization procedures. They're approved by the attorney general and constitutionally based. And so, we protect those. And then, for peopleyou know, citizens of the world who are going about their lawful business on a day-to-day basis, the president, in his 17 January speech, laid out some additional protections that we are providing to them. So I think, absolutely, folks do have a right to privacy.

AMY GOODMAN: That's the deputy director of the National Security Agency, Rick Ledgett, giving a TED Talk, actually, from Fort Meade, Maryland, in response to Edward Snowden's TED Talk earlier this week. Your response to this, Ashkan Soltani?
ASHKAN SOLTANI: Well, the fact that he gave a TED Talk is amazing on a number of levels. But going to the kind of substance of hisof his speech there, one thing to realize is, in fact, yes, the NSA does employ minimization procedures when they encounter U.S. persons' information. For example, in bulk surveillance, if they are to discover that voice communications or email communications belong to an American, and they determine that it is not of foreign intelligence or other kind of national security interestsright, so they could be under counterterrorism, counternarcoticsI think in that speech he describes human trafficking, he describes, you know, money laundering. There's a number of kind of missions that the data could become useful for. But if it's determined that it's a U.S. person and it's not viable to any of those broad missions, then there is minimization in place.
I think what the tension is, what the kind of disconnect is, that thethat kind of that minimization happens on access to the data, but not on collection, right? So in ourin our story, we describe bulk collection or bulk kind of storage of entire countries' worth of communications. That communication will continue as persons' information for that rolling buffer of 30 days, and it's not considered collection, or these minimization procedures don't fall into place, until someone looks at it. But all during this time, your information has been recorded and is accessible, right? So it's one of these things where it's essentially the government saying, "We want to be able to look, but we won't look unlessyou know, unless we really need to, and we'll close our eyes." And I think a lot of people would say, "Well, no, you shouldn't be able to look unless you need to," right? And that's the disconnect.
JUAN GONZÁLEZ: I wanted to ask you about this whole issue of the government's restrictions in terms of collecting material on Americans. In the articles that you did on Google and the ability of the U.S. government to access Google data centers, you raised a particular, I think, issue that most people are not aware of. If I write on a Gmail account an email to Amy here in New York City, that email can appear in a Google server somewhere else in the world. Could you talk about that?
ASHKAN SOLTANI: That's right. So, as we're moving to a cloud-based kind of architecture, as more of our services are cloud-based, what that means is the servers are distributed all over the world, and they replicate, and they're redundant to one another, such that if California fell off the, you know, grid sometime, that your emails and your communications are still accessible, right? And so, what happens is, in the scenario you described, if you're in New York, you might be talking to either a Mountain View data center or somethingor something in North Carolina, a data center in North Carolina. Your emails and your activity, your login, yourkind of the data that you generate will be housed in North Carolina, but it will immediately get replicated to Google's data centers all over the world, the ones in Iceland, the ones in Japan. And as that data gets replicated, the NSA is able to tap that communication, that replication, that transfer of data. And so, even though, under their Executive Order 12333, they're collecting overseas, they're going to be incidentally collecting a large number of U.S. persons' information, given the global architecture that we're moving to, this global cloud architecture that we're moving to.
AMY GOODMAN: And this Executive Order 12333 was signed by Reagan in 1981?
ASHKAN SOLTANI: Yeah, thatwhat's interesting about 12333, it's the kind of president's sole kind of guidance on collection overseas for the intel agencies. And it'snot a lot is known around that particular program. In my opinion, it's actuallyyou know, there's been a lot of talk of Section 215, the bulk metadata program; Section 702, which is essentially the PRISM program, where they go to companies and get data from Google and Yahoo. The bulk kind ofalmost all of our stories, or the ones that I've been involved in, have been focusing around this 12333 kind of international collection, since it allows the government, almost kind of with very few restrictions, to collect data internationally. And there's minimization procedures that apply to U.S. persons' information that is encountered internationally, but those are only after, as I said, the information is accessed or looked at. But in the machine processing of it, they're able to collect, broadly, everyone's data under this executive order.
AMY GOODMAN: Ashkan, very quickly, can you talk about Google cookies?
ASHKAN SOLTANI: Sure, absolutely. So, another one of the stories inin the story we did on location tracking, we kind of highlighted the government collecting information broadly from mobile devices, from cellphone networks, a variety of sources to track people's locationfive billion records a day, I think, was what we described. One of the findings from that particular kind of line of research was that the government was also using or relying on Google cookies to identify individuals. And so, the kind of the purpose might seem strange, but this goes back to the costs of surveillance and the costs to do identification, right?
So, you guys at Democracy Now! might use the Internet, and all of you will be behind the Democracy Now! firewall, and you would appear as the same user, the same IP address, and so the government couldn't identify one of you versus another, right? But because you use Google services, Google will essentially identify you guys individual. They'll set cookies for each user that's unique to that user.
And so, what we found is the government was in fact relying on Google cookies, Yahoo cookies, a bunch of services, to uniquely identify users that they couldn't otherwise doagain, an indication of their growing capacity due to the kind of change in our global telecommunications network. They're benefitting from it or they're able to leverage it in a kind of a really interesting way.

[Magda Hassan]

BY KEVIN COLLIER AND FRAN BERKMAN
Microsoft often charges the FBI's most secretive division hundreds of thousands of dollars a month to legally view customer information, according to documents allegedly hacked by the Syrian Electronic Army.
The SEA, a hacker group loyal to Syrian President Bashar al-Assad, is best known for hijacking Western media companies' social media accounts. (These companies include the Associated Press, CNN, NPR, and even the Daily Dot.) The SEA agreed to let the Daily Dot analyze the documents with experts before the group published them in full.
The documents consist of what appear to be invoices and emails between Microsoft's Global Criminal Compliance team and the FBI's Digital Intercept Technology Unit (DITU), and purport to show exactly how much money Microsoft charges DITU, in terms of compliance costs, when DITU provides warrants and court orders for customers' data.
In December 2012, for instance, Microsoft emailed DITU a PDF invoice for $145,100, broken down to $100 per request for information, the documents appear to show. In August 2013, Microsoft allegedly emailed a similar invoice, this time for $352,200, at a rate of $200 per request. The latest invoice provided, from November 2013, is for $281,000.



None of the technologists or lawyers consulted for this story thought that Microsoft would be in the wrong to charge the FBI for compliance, especially considering it's well within the company's legal right to charge "reasonable expenses." Instead, they said, the documents are more of an indication of just how frequently the government wants information on customers. Some of the DITU invoices show hundreds of requests per month.
For ACLU Principal Technologist Christopher Soghoian, the documents reiterated his stance that charging a small fee is a positive, in part because it creates more of a record of government tracking. In 2010, Soghoian actually chided Microsoft for not charging the Drug Enforcement Agency for turning over user records when instructed to by courts, noting that companies like Google and Yahoo did.
Nate Cardozo, a staff attorney for the Electronic Frontier Foundation, agreed, and told the Daily Dot the government should be transparent about how much it pays.
"Taxpayers should absolutely know how much money is going toward this," he said.
Compared with the National Security Agency, which has seen many of its programs exposed by former systems analyst Edward Snowden, DITU has a low profile. But it runs in the same circles. Multiple law enforcement and technology industry representatives described DITU to Foreign Policy as the FBI's liaison to the U.S.'s tech companies, and the agency's equivalent to the NSA.
To that note, DITU is mentioned as a little-noticed detail from Snowden slides that detail the NSA's notorious PRISM program, which allows it to collect users' communications from nine American tech companies, including Microsoft. One slide explicitly mentions DITU's role in getting data from those companies.

PRISM screengrab via freesnowden.is

It's impossible to fully verify the documents' authenticity without confirmation from someone with direct knowledge of Microsoft and DITU compliance practices, and those parties refused to comment. But there are multiple signs that indicate the documents are legitimate.
"I don't see any indication that they're not real," Cardozo said. "If I was going to fake something like this, I would try to fake it up a lot more sensational than this."
That the SEA twice attacked Microsoft with a phishing attack before leaking these documents is well documented. On Jan. 11, the day of the second attack, the SEA hijacked the company's blog and Twitter account. One representative told the Verge that day that it was part of a bigger plan: "We are making some distraction for Microsoft employees so we can success in our main mission," the hacker said.
In a blog post nearly two weeks later, Microsoft admitted: "[W]e have learned that there was unauthorized access to certain employee email accounts, and information contained in those accounts could be disclosed. It appears that documents associated with law enforcement inquiries were stolen."
A source familiar with several of the email addresses of the Microsoft employees in the emails confirmed the addresses were authentic.
When reached for comment, the company reiterated its stance that it complies with government demands as required by law. A spokesperson added that "as pursuant to U.S. law, Microsoft is entitled to seek reimbursement for costs associated with compliance with a valid legal demands. ... To be clear, these reimbursements cover only a portion of the costs we actually incur to comply with legal orders."
A spokesperson for the FBI declined to comment and deferred questions to Microsoft, "given that SEA claims to have stolen the documents" from there.
Indeed, there's plenty of history for communications companies charging compliance costs for cooperating with intelligence agencies' request for people's information. The CIA pays AT&T more than $10 million annually for access to its phone records, government officials told the New York Times. The Guardian, referencing other documents provided by Snowden, has reported that the NSA paid millions to Microsoft and the other eight companies used in PRISM for compliance costs.
Only the earliest of the Microsoft invoices provided by the SEA, dated May 10, 2012, breaks down requests by type of legal request, and it shows them to all explicitly come legally, though nothing in the documents indicates the later invoices refer to illegal surveillance. User information by a subpoena costs $50, a court order $75, and a search warrant $100. The requests come from FBI offices all around the U.S.


Later invoices to DITU don't break down requests to subpoena and court order, though the format is otherwise similar, and costs begin to rise to $100 and $200 per request.
And though the costs vacillate slightly depending on the invoice, they appear to be roughly in line with industry standards. Ashkan Soltani, who coauthored a Yale study on how much it costs agencies like the FBI to track targets by tapping phone companies for their cellphone locations, said that the range of costs seen in the SEA documents$50 to $200 per order to Microsoft"did seem a fair cost."
The invoices don't make explicit the exact type of information Microsoft charges DITU to provide, which may account for the price changes.
The biggest suspicion espoused by the experts we spoke with was just how apparently easy it was for the SEA to acquire this sort of information. If the documents aren't forged, that means Microsoft and the FBI simply email invoices and references to a presumably classified process.
"I'm surprised that they're doing it by email," Soltani said. "I thought it would be a more secure system."
Illustration by Jason Reed

http://www.dailydot.com/news/microsoft-c...-fbi-ditu/

[Peter Lemkin]

Edward Snowden exposes NSA spying against Chinese telecom firm Huawei

By Tom Carter
24 March 2014

Documents released by National Security Agency (NSA) whistleblower Edward Snowden and published in the New York Times over the weekend confirm that the US spy agency has been engaged for years in a campaign of industrial espionage against Huawei, the giant Chinese telecommunications firm. The documents expose a broad range of espionage activities, from spying on company executives to creating "back doors" into the company's servers, routers and switches.
The documents, which date from 2010, reveal that a major spying operation against Huawei had been underway since at least 2007 under the codename "Shotgiant." While the Times reported the existence of the program and published some of the PowerPoint slides provided by Snowden, the Times has "withheld technical details of the operation at the request of the Obama administration, which cited national security concerns." The "newspaper of record" has once again bowed to the demands of the military-intelligence apparatus.
The NSA issued a statement claiming that the release of the PowerPoint slides "is detrimental to the security of the United States and our alliesand places at risk those we are sworn to protect." Reuters reported the response of Huawei's global cyber security officer John Suffolk: "If the actions in the report are true, Huawei condemns such activities that invaded and infiltrated into our internal corporate network and monitored our communications."
In 2012, Huawei became the world's largest telecommunications equipment maker. Its products are in use in as many as 145 countries. For years, Washington has termed Huawei a "national security" concern, alleging that Huawei grants the Chinese government unauthorized access to its telecommunications infrastructure (i.e., exactly what the American telecommunications companies allow the NSA to do).
The Times quoted Huawei executive William Plummer as saying, "The irony is that exactly what they are doing to us is what they have always charged that the Chinese are doing through us."
One PowerPoint slide released by Snowden and titled "Why We Care" explains that the NSA hacks into Huawei's infrastructure in order to spy on its products' users. "Many of our targets communicate over Huawei produced products, [so] we want to make sure that we know how to exploit these productswe also want to ensure that we retain access to these communication lines, etc."
Notes accompanying another slide include a list of "what we are trying to accomplish." One of the items on this list is to "[d]etermine if Huawei is doing SIGINT [signals intelligence, spying] for PRC [China]." In other words, the NSA's own internal documents make clear that the NSA does not have any evidence that Huawei is engaged in the conduct for which American political functionaries routinely denounce the company.
The documents name the NSA's "high priority targets" as "Iran, Afghanistan, Pakistan, Kenya, [and] Cuba." The NSA PowerPoint slide defines "success" as the following: "Obtaining actionable intelligence of Huawei's (and potentially PRC's) leadership plans and intentions" and "Enabl[ing] SIGINT collection through CNE tools."
"CNE" or "Computer Network Exploitation" refers to the legion of malware programs with which the NSA has infected more than 50,000 computer networks around the world. (See: "New Snowden document reveals NSA's international malware operation.") These malware programs allow the NSA to take over networks and computers and use them to spy on their users.
The recently released PowerPoint slides feature the now-familiar concept of "intelligence gaps." As far as the NSA is concerned, if anyone anywhere in the world is engaged in any kind of activity and the NSA does not know about it, then this represents an "intelligence gap" the spy agency is determined to close.
In the final analysis, the NSA spying campaign against Huawei has two fundamental purposes. First, Huawei (unlike the American telecommunications companies) does not allow the NSA free access to its infrastructure to conduct spying on its products' users. Accordingly, as part of its mission of spying on the entire world's population, the NSA hacked into Huawei's systems in order to gather information traveling through its infrastructure.
Second, the spying campaign against Huawei is part of broader efforts to protect the profits and interests of American telecommunications companies at the expense of Huawei. This is the purpose of the NSA's particular interest in Huawei's executives and their "leadership plans and intentions."
Indeed, the latest Snowden revelations cast fresh light on the US government's repeated interventions around the world to undermine Huawei's business. In 2008, the United States blocked Huawei's participation in the purchase of 3Com Corporation, citing "national security" concerns. In 2012, the US government intervened in Australia to block Huawei from constructing a broadband network there. (See:"Australian government bars Chinese telco on ‛security' grounds." ) Also in 2012, Symantec ended a four-year partnership with Huawei under pressure from the US government, which threatened to cut off Symantec's access to classified information. US Vice President Joseph Biden personally intervened in South Korea in 2013 to block Huawei from building a broadband telecommunications network in Seoul.
According to Der Spiegel, the German news magazine, the fruits of the NSA spying program against Huawei included a list of 1,400 of the firm's clients, as well as internal engineering documents. One of the documents released by Snowden reads, "If we can see how Huawei is marketing itself, and working to expand this will help us to understand the company's plans and intentions."
Among the PowerPoint slides just published, one sentence in particular stands out. Among the tasks the NSA is "hoping to accomplish" in its campaign against Huawei is to "[d]ocument processes to be used later for targeting other non-partnerable companies." The description of Huawei as a "non-partnerable" company, together with the expressed intention of targeting other "non-partnerable" companies for spying, is full of significance.
Translated into plain English, what "non-partnerable" means is that Huawei does not "partner" with the NSA to carry out illegal spying. Companies that are "partnerable" are presumably those such as Microsoft, Apple, Google, Facebook, Yahoo!, AOL, Verizon, AT&T and others around the world, which are willing "partners" of the US government in its illegal spying on their users and customers.
The new revelation about Huawei is one of the many devastating exposures by Snowden of different features of the spying architecture that has been built up behind the backs of the American and world population. The cumulative effect of these disclosures is to paint a picture of a massive military-corporate-intelligence complex, totalitarian in its implications, loosed from all constitutional and democratic controls.
This apparatuswith the integral participation of its "partners" in the business and financial sphereshas for years been quietly working its tentacles into virtually every corner of the world. The purpose of this spying apparatus is to protect the profits and wealth of the American ruling class at any costfrom international rivals and, above all, from a movement from below.

[Lauren Johnson]

The recently released PowerPoint slides feature the now-familiar concept of "intelligence gaps." As far as the NSA is concerned, if anyone anywhere in the world is engaged in any kind of activity and the NSA does not know about it, then this represents an "intelligence gap" the spy agency is determined to close.

The corollary to 'intelligence gaps' would be 'control gaps.'

[Peter Lemkin]

Canadian Rights Advocates: Payout Warranted for Spying

By Global News / April 6th, 2014

• 
  

VANCOUVER Anyone who has used a cellphone, smartphone, laptop or tablet in Canada over the past 13 years deserves payment or other remedies for potentially having their privacy rights violated, says a proposed class-action lawsuit filed Tuesday in federal court.

A Vancouver-based civil rights group is suing Canada's national electronic spy agency on behalf of anyone who used a wireless device in the country since 2001.
The suit targets Communications Security Establishment Canada, or CSEC, which the association claims has been violating the constitutional rights of millions of Canadians.
"It's certainly a large class of people, that's for sure, but we also can't be entirely sure who in Canada, which specific people have been targeted by this kind of electronic spying," said Josh Paterson, B.C. Civil Liberties Association executive director.
"If this injustice has been committed … there does need to be some kind of remedy."
The association filed the lawsuit as a companion to an earlier legal action it began in October. The primary suit aims to have laws struck down that the group claims allows CSEC to read emails, text messages and listen to calls with people outside Canada.
Such legislation violates Canadians' Charter Rights, the group argues, by infringing on privacy.
Money, the funding of educational programming or any other tangible fixes should be considered as a potential remedy if the first court case is proven, Paterson said.
"Really, it's up to the courts to decide, it could include money," he said, noting history shows a host of other examples. "There's actually quite a lot of scope to what it could be."
But Paterson suggested specifics of the redress are less important than the lawsuit's key intention of ensuring that Canadians' constitutional rights are protected.
Although CSEC is not allowed to intentionally collect or analyze communications information from its citizens, the federal defence minister can give written authorization for unintentional interception. The provision for collecting foreign-signals intelligence falls under the National Defence Act.
The class action uses 2001 as its baseline because in December of that year, just months after the 9/11 terrorist attacks in New York City, Canada changed the anti-terrorism laws to which the group now objects.
The class action must be approved by the federal court before it can proceed.
CSEC, on the other hand, maintains that its activities are legal.
"CSE's activities are reviewed by the independent CSE Commissioner who has never found CSE to have acted unlawfully," wrote CSEC spokesman Ryan Foreman in an email. "In fact, he has specifically noted CSE's culture of lawful compliance and genuine concern for protecting the privacy of Canadians."
"Under the law, this organization is prohibited from targeting Canadians," the organization said in a previous statement.
The federal government has faced pressure to provide details about CSEC's spying activities following debate over electronic privacy that's been a hot issue south of the border.
The legal action resembles other cases by rights advocates in the United States launched after revelations of mass spying activity there by former National Security Agency contractor Edward Snowden.
http://globalnews.ca/news/1244790/payout...advocates/

[Peter Lemkin]

Snowden's Email Provider Loses Appeal Over Encryption Keys

• 
  

Lavabit founder Ladar Levison. Image: Gage Skidmore/Flickr

A federal appeals court has upheld a contempt citation against the founder of the defunct secure e-mail company Lavabit, finding that the weighty internet privacy issues he raised on appeal should have been brought up earlier in the legal process.
The decision disposes of a closely watched privacy case on a technicality, without ruling one way or the other on the substantial issue: whether an internet company can be compelled to turn over the master encryption keys for its entire system to facilitate court-approved surveillance on a single user.
The case began in June, when Texas-based Lavabit was served with a "pen register" order requiring it to give the government a live feed of the email activity on a particular account. The feed would include metadata like the "from" and "to" lines on every message, and the IP addresses used to access the mailbox.
Because pen register orders provide only metadata, they can be obtained without probable cause that the target has committed a crime. But in this case the court filings suggest strongly that the target was indicted NSA leaker Edward Snowden, Lavabit's most famous user.
Levison resisted the order on the grounds that he couldn't comply without reprogramming the elaborate encryption system he'd built to protect his users' privacy. He eventually relented and offered to gather up the email metadata and transmit it to the government after 60 days. Later he offered to engineer a faster solution. But by then, weeks had passed, and the FBI was determined to get what it wanted directly and in real time.
So in July the government served Levison with a search warrant striking at the Achilles' heel of his system: the private SSL key that would allow the FBI to decrypt traffic to and from the site, and collect Snowden's metadata directly. The government promised it wouldn't use the key to spy on Lavabit's other 400,000 users, which the key would technically enable them to do.
Levison turned over the keys as a nearly illegible computer printout in 4-point type. In early August, Hilton who once served on the top-secret FISA court ordered Levison to provide the keys instead in the industry-standard electronic format, and began fining him $5,000 a day for noncompliance.
After two days, Levison complied, but then immediately shuttered Lavabit altogether.
Levison appealed the contempt order to the 4th Circuit, and civil rights groups, including the ACLU and the EFF, filed briefs in support of his position.
But the appeals court today said that the bulk of Levison's arguments couldn't be considered, because he hadn't clearly raised them in the lower court, where he represented himself without a lawyer for much of the proceedings.
Prior to appeal, Levison's only voiced objection to turning over the SSL keys was this statement in court: "I have only ever objected to turning over the SSL keys because that would compromise all of the secure communications in and out of my network, including my own administrative traffic."
"We cannot refashion this vague statement of personal preference into anything remotely close to the argument that Lavabit now raises on appeal: a statutory-text-based challenge to the district court's fundamental authority under the Pen/Trap Statute," wrote Judge G. Steven Agee, for the three appellate panel.
"Levison's statement to the district court simply reflected his personal angst over complying with the Pen/Trap Order, not his present appellate argument that questions whether the district court possessed the authority to act at all," wrote Agee.
The Lavabit case is the only publicly documented instance where a district judge ordered an internet company to hand over its SSL key to the U.S. government. If the practice had been given the imprimatur of the U.S. 4th Circuit Court of Appeals, it could have opened a new avenue for U.S. spies to expand their surveillance against users of U.S. internet services like Gmail and Dropbox.
"The court focused its decision on procedural aspects of the case unrelated to the merits of Lavabit's claims," says ACLU attorney Brian Hauss, in a statement. "On the merits, we believe it's clear that there are limits on the government's power to coerce innocent service providers into its surveillance activities."
The 4th Circuit panel wasn't terribly sympathetic to the privacy issues during oral arguments in the case. So today's ruling on a procedural technicality is probably for the best. And the next time a secure e-mail provider tangles with the feds, you can bet it will get a lawyer earlier on in the process.

[Peter Lemkin]

Google's Deep CIA and NSA Connections

By Eric Sommer / April 25th, 2014

• 
  

As Robert Steele, a former CIA case officer, has put it: Google is in bed with' the CIA. …"

By Eric Sommer

The Western media are currently full of articles reporting Google's denial that it cooperated in a government program to massively spy on American and foreign citizens by accessing data from Googles servers and those of other U.S. software companies.

The mainstream media has, however, almost completely failed to report that Google's denial, and its surface concern over human rights', is historically belied by its their deep involvement with some of the worst human rights abuses on the planet:
Google is, in fact, is a key participant in U.S. military and CIA intelligence operations involving torture; subversion of foreign governments; illegal wars of aggression; military occupations of countries which have never attacked the U.S. and which have cost hundreds of thousands of lives in Afghanistan, Iraq, Pakistan, and elsewhere.
To begin with, as reported previously in the Washington Post and elsewhere, Google is the supplier of the customized core search technology for Intellipedia, a highly-secured online system where 37,000 U.S. spies and related personnel share information and collaborate on their devious errands.
Agencies such as the so-called National Security Agency', or NSA, which is implicated in the current spying on Americans' scandal, have also purchased servers using Google-supplied search technology which processes information gathered by U.S. spies operating all over the planet.
In addition, Google is linked to the U.S. spy and military systems through its Google Earth software venture. The technology behind this software was originally developed by Keyhole Inc., a company funded by In-Q-Tel, a venture capital firm which is in turn openly funded and operated on behalf of the CIA.
Google acquired Keyhole Inc. in 2004. The same base technology is currently employed by U.S. military and intelligence systems in their quest, in their own words, for "full-spectrum dominance" of the planet.
Moreover, Googles' connection with the CIA and its venture capital firm extends to sharing at least one key member of personnel. In 2004, the Director of Technology Assessment at In-Q-Tel, Rob Painter, moved from his old job directly serving the CIA to become Senior Federal Manager' at Google.
As Robert Steele, a former CIA case officer has put it: Google is "in bed with" the CIA.

Googles Friends spy on millions of Internet Users

Given Google's supposed concern with human rights' and with user-privacy, it's worth noting that Wired magazine reported some time ago that Google's friends at In-Q-Tel, the investment arm of the CIA, invested in Visible Technologies, a software firm specialized in monitoring social media'.
The Visible' technology can automatically examine more than a million discussions and posts on blogs, online forums, Flickr, YouTube, Twitter, Amazon, and so forth each day. The technology also scores' each online item, assigning it a positive, negative or mixed or neutral status, based on parameters and terms set by the technology operators. The information, thus boiled down, can then be more effectively scanned and read by human operators.
The CIA venture capitalists at In-Q-Tel previously said they will use the technology to monitor social media operating in other countries and give U.S. spies ¡°early-warning detection on how issues are playing internationally,¡± according to spokesperson Donald Tighe. There is every possibility that the technology can also be used by the U.S. intellligence operatives to spy on domestic social movements and individuals inside the U.S.
Finally, Obama during his recent meeting with Chinese president Xi, again more-or-less accused China of cyber intrusions into U.S. government computers. There has, however, been a curious absence from the statements emanating from Google, from U.S. government sources, and from U.S. media reports of truely substantive evidence linking the Chinese government with the alledged break-in attempts. Words like sophisticated' and suspicion' have appeared in the media to suggest that the Chinese government is responsible for the break-ins. That may be so. But it is striking that the media has seemingly asked no tough questions as to what the evidence behind the suspicions' might be.
It should be noted that the U.S. government and its intelligence agencies have a long history of rogue operations intended to discredit governments or social movements with whom they happen to disagree. To see how far this can go, one need only recall the sordid history of disinformation, lies, and deceit used to frighten people into supporting the Iraq war.
Whether the past attacks on U.S. government systems, Google email, et al originated from the Chinese government, from the U.S. intelligence operatives, or from elsewhere, one thing is clear: A company that supplies the CIA with key intelligence technology; supplies mapping software which can be used for barbarous wars of aggression and drone attacks which kill huge numbers of innocent civilians; and which in general is deeply intertwined with the CIA and the U.S. military machines, which spy on millions, the company cannot be motivated by real concern for the human rights and lives of the people in the U.S. and on the planet.
http://english.pravda.ru/opinion/columni...cia_nsa-0/

From the Archive: Google, CIA Invest in Future' of Web Monitoring

BY NOAH SHACHTMAN

Wired, July 28, 2010

The investment arms of the CIA and Google are both backing a company that monitors the web in real time and says it uses that information to predict the future.

The company is called Recorded Future, and it scours tens of thousands of websites, blogs and Twitter accounts to find the relationships between people, organizations, actions and incidents both present and still-to-come. In a white paper, the company says its temporal analytics engine "goes beyond search" by "looking at the invisible links' between documents that talk about the same, or related, entities and events."
The idea is to figure out for each incident who was involved, where it happened and when it might go down. Recorded Future then plots that chatter, showing online "momentum" for any given event.
"The cool thing is, you can actually predict the curve, in many cases," says company CEO Christopher Ahlberg, a former Swedish Army Ranger with a PhD in computer science.
Which naturally makes the 16-person Cambridge, Massachusetts, firm attractive to Google Ventures, the search giant's investment division, and to In-Q-Tel, which handles similar duties for the CIA and the wider intelligence community.
It's not the very first time Google has done business with America's spy agencies. Long before it reportedly enlisted the help of the National Security Agency to secure its networks, Google sol dequipment to the secret signals-intelligence group. In-Q-Tel backed the mapping firm Keyhole, which was bought by Google in 2004 and then became the backbone for Google Earth.
This appears to be the first time, however, that the intelligence community and Google have funded the same startup, at the same time. No one is accusing Google of directly collaborating with the CIA. But the investments are bound to be fodder for critics of Google, who already see the search giant as overly cozy with the U.S. government, and worry that the company is starting to forget its "don't be evil" mantra.

America's spy services have become increasingly interested in mining "open source intelligence" information that's publicly available, but often hidden in the daily avalanche of TV shows, newspaper articles, blog posts, online videos and radio reports.
"Secret information isn't always the brass ring in our profession," then CIA-director General Michael Hayden told a conference in 2008. "In fact, there's a real satisfaction in solving a problem or answering a tough question with information that someone was dumb enough to leave out in the open."
U.S. spy agencies, through In-Q-Tel, have invested in a number of firms to help them better find that information. Visible Technologies crawls over half a million web 2.0 sites a day, scraping more than a million posts and conversations taking place on blogs, YouTube, Twitter and Amazon. Attensity applies the rules of grammar to the so-called "unstructured text" of the web to make it more easily digestible by government databases. Keyhole (now Google Earth) is a staple of the targeting cells in military-intelligence units.
Recorded Future strips from web pages the people, places and activities they mention. The company examines when and where these events happened ("spatial and temporal analysis") and the tone of the document ("sentiment analysis"). Then it applies some artificial-intelligence algorithms to tease out connections between the players. Recorded Future maintains an index with more than 100 million events, hosted on Amazon.com servers. The analysis, however, is on the living web.
"We're right there as it happens," Ahlberg told Danger Room as he clicked through a demonstration. "We can assemble actual real-time dossiers on people."
Recorded Future certainly has the potential to spot events and trends early. Take the case of Hezbollah's long-range missiles. On March 21, Israeli President Shimon Peres leveled the allegation that the terror group had Scud-like weapons. Scouring Hezbollah leader Hassan Nasrallah's past statements, Recorded Future found corroborating evidence from a month prior that appeared to back up Peres' accusations.
That's one of several hypothetical cases Recorded Future runs in its blog devoted to intelligence analysis. But it's safe to assume that the company already has at least one spy agency's attention. In-Q-Tel doesn't make investments in firms without an "end customer" ready to test out that company's products.
Both Google Ventures and In-Q-Tel made their investments in 2009, shortly after the company was founded. The exact amounts weren't disclosed, but were under $10 million each. Google's investment came to light earlier this year online. In-Q-Tel, which often announces its new holdings in press releases, quietly uploaded a brief mention of its investment a few weeks ago.
Both In-Q-Tel and Google Ventures have seats on Recorded Future's board. Ahlberg says those board members have been "very helpful," providing business and technology advice, as well as introducing him to potential customers. Both organizations, it's safe to say, will profit handsomely if Recorded Future is ever sold or taken public. Ahlberg's last company, the corporate intelligence firm Spotfire, was acquired in 2007 for $195 million in cash.
Google Ventures did not return requests to comment for this article. In-Q-Tel Chief of Staff Lisbeth Poulos e-mailed a one-line statement: "We are pleased that Recorded Future is now part of IQT's portfolio of innovative startup companies who support the mission of the U.S. Intelligence Community."
Just because Google and In-Q-Tel have both invested in Recorded Future doesn't mean Google is suddenly in bed with the government. Of course, to Google's critics including conservative legal groups, and Republican congressmen the Obama Administration and the Mountain View, California, company slipped between the sheets a long time ago.
Google CEO Eric Schmidt hosted a town hall at company headquarters in the early days of Obama's presidential campaign. Senior White House officials like economic chief Larry Summers give speeches at the New America Foundation, the left-of-center think tank chaired by Schmidt. Former Google public policy chief Andrew McLaughlin is now the White House's deputy CTO, and was publicly (if mildly) reprimanded by the administration for continuing to hash out issues with his former colleagues.
In some corners, the scrutiny of the company's political ties have dovetailed with concerns about how Google collects and uses its enormous storehouse of search data, e-mail, maps and online documents. Google, as we all know, keeps a titanic amount of information about every aspect of our online lives. Customers largely have trusted the company so far, because of the quality of their products, and because of Google's pledges not to misuse the information still ring true to many.
But unease has been growing. Thirty seven state Attorneys General are demanding answers from the company after Google hoovered up 600 gigabytes of data from open Wi-Fi networks as it snapped pictures for its Street View project. (The company swears the incident was an accident.)
"Assurances from the likes of Google that the company can be trusted to respect consumers' privacy because its corporate motto is don't be evil' have been shown by recent events such as the Wi-Spy' debacle to be unwarranted," long-time corporate gadfly John M. Simpson told a Congressional hearing in a prepared statement. Any business dealings with the CIA's investment arm are unlikely to make critics like him more comfortable.
But Steven Aftergood, a critical observer of the intelligence community from his perch at the Federation of American Scientists, isn't worried about the Recorded Future deal. Yet.
"To me, whether this is troublesome or not depends on the degree of transparency involved. If everything is aboveboard from contracts to deliverables I don't see a problem with it," he told Danger Room by e-mail. "But if there are blank spots in the record, then they will be filled with public skepticism or worse, both here and abroad, and not without reason."

[Magda Hassan]

Google did evil by joining with ALEC.

[Peter Lemkin]

Google did evil by joining with ALEC.

I'd like to know if Google 'turned' or if some [or all] of the main people were already 'turned' when they started it.....::darthvader::