Cryptography experts pen open letter against NSA surveillance

By Tom Warren

nsa stock

The pressure on the US government to reform the NSA’s surveillance programs is growing. Apple, Google, and Microsoft all called for change last month alongside apetition from international authors calling for an end to mass surveillance. President Obama announced big changes to government surveillance programs, but most of them centered around the NSA’s bulk collection of Americans’ phone records, not its spying on internet communications. In an open letter published on Friday, more than 50 cryptography experts are asking the US government to make more changes to protect privacy.

“The value of society-wide surveillance in preventing terrorism is unclear, but the threat that such surveillance poses to privacy, democracy, and the US technology sector is readily apparent,” the authors of the open letter state. “Because transparency and public consent are at the core of our democracy, we call upon the US government to subject all mass-surveillance activities to public scrutiny and to resist the deployment of mass-surveillance programs in advance of sound technical and social controls.”

MORE PRESSURE ON PRESIDENT OBAMA TO MAKE ADDITIONAL CHANGES

Although the letter doesn’t mention Obama, it’s clear the president’s recent speech has not eased concerns from cryptographers over the weakening of encryption standards. An independent review panel has recommended that the NSA be separated from NIST’s cryptography approval process, and that the NSA should not hold encrypted communication as a way to avoid retention limits. The signatories back the five principles put forth by Apple, Google, Microsoft, and others last month, noting they “provide a good starting point.”

Dr. Ronald Rivest is one of the key signatories on the list of more than 50 cryptographers, alongside MIT professor Hal Abelson, a founding director of the Free Software Foundation. Rivest, also a MIT professor, is one of the inventors of the RSA algorithm and founders of RSA Security. The RSA security firm was forced to deny last month that it entered into a contract it knew would provide the NSA a backdoor into one of its security systems. The controversy sparked concerns around the NSA’s involvement with the NIST cryptography approval process.

Other signatories include former federal employees, and The Washington Post notes that some have received funding from defense agencies for research. “The choice is not whether to allow the NSA to spy,” the authors of the open letter explain. “The choice is between a communications infrastructure that is vulnerable to attack at its core and one that, by default, is intrinsically secure for its users.”

VIA THE WASHINGTON POST
SOURCE MASS SURVEILLANCE OPEN LETTER
full story: http://www.theverge.com/2014/1/26/5347402/cryptography-researchers-open-letter-against-mass-surveillance

This $50 Box Will Cover Your Online Tracks—If You Don’t Mind Waiting Around

The Safeplug box plugs into your router and reroutes its traffic through Tor, helping users escape detection. But be warned, it takes some time.

By Rachel Z. Arndt

The way most of us surf the web now, traffic takes a pretty direct route. The request you make for a website goes directly from your computer to a server and comes back again, delivered in the form of whatever website you’re visiting. And everything is out in the open, which means anyone who wants to catch a glimpse of your location can do so. But when the request is more like an onion, wrapped in layers of encryption and moved around a roundabout route from your computer to the end server, it becomes almost completely anonymous.

That’s the thinking behind online-anonymity-enabling Tor Project (short for The Onion Routing Project), which is now packaged in hardware form in the Safeplug, a device made by Pogoplug. The $49 box plugs directly into an Internet router and reroutes traffic on that network through Tor, which began with funding from the U.S. Naval Research laboratory (and has popped up in the general consciousness this year as the way to get onto the now defunct Bitcoin marketplace Silk Road). Internet traffic that moves through the Tor network passes, encrypted, through a series of relays before it reaches the intended server and is sent back. So instead of taking a straight path, data move in twists and turns, throwing off would-be stalkers.

Until now, the only way to use Tor has been through the Tor browser. It can be unfamiliar and intimidating to the non-tech-savvy (and some won’t find it terribly aesthetically pleasing). Safeplug takes away that barrier to entry and annoyance. Once the Linux-based box is plugged in, it takes about two minutes to configure it through your browser of choice, whether Chrome, Firefox, Safari, or Internet Explorer. And that’s that.

As Safeplug promises, the setup is a breeze. The trouble is in the actual browsing. It’s not the fault of the device, but rather the system it uses. Because it beams your Internet traffic around a twisting path of randomly picked servers on the way to its destination, it’s slow-going. With Safebox plugged in, it took more than a minute to load google.com via an internet connection that runs at about 40 Mbps. There’s some relief in that you can set Safebox to run only on a certain browser and, within that browser, choose websites that bypass Tor. But if you are truly concerned about privacy, you’d want all of your traffic to be encrypted and rerouted, so not running Tor would defeat the purpose.

Another problem comes from connecting the Safeplug to more than one router. I ran into trouble after I’d activated with one router, disconnected it, and plugged it into a second router. The Safeplug stays attached to whatever router it was connected to during initial setup. So when I went through the setup again, with a different router, everything looked successful until I was supposed to hit the settings screen, the final webpage of configuration. It was blank. To make it work, I had to go to my router’s webpage and find the Safeplug’s IP address in the list of connected DHCP clients. Using that address, I could again access the Safeplug settings.

The best use of this tech might be sparing use: Keep the Safeplug attached to a single router, and keep it running not in your favorite browser but in your second favorite one. That way, when you really want to cover your tracks, you can switch over to the oniony browers, and the rest of the time you can browse happily and speedily in your normal browser.

full story: http://www.popularmechanics.com/technology/gadgets/reviews/cover-your-online-tracks-with-this-50-dollar-box-16417037

US willing to hold talks with Edward Snowden, but only if he pleads guilty first

By Chris Welch

edward snowden (wikileaks)

The US Justice Department says it will hold talks with Edward Snowden’s lawyers, but only under one condition: the NSA contractor-turned-whistleblower must return home and plead guilty to the charges against him. Snowden is currently living under asylum in Russia to avoid charges of espionage after he famously leaked thousands of documents outlining the alarming surveillance practices of the US government. Some lawmakers and civil liberties groups have called for the Obama administration to grant Snowden clemency for his actions, which put a spotlight on controversial data collection and mass snooping tactics of the NSA. President Obama himself recently said he doesn’t have a straight yes or no answer as it relates to clemency for Snowden. “This is an active case, where charges have been brought,” he said during a wide-ranging interview with The New Yorker.

But Attorney General Eric Holder has taken a much firmer stance; he says clemency is off the table, and it was never a plausible option to begin with. “We’ve always indicated that the notion of clemency isn’t something that we were willing to consider,” he said at the University of Virginia on Thursday. “Instead, were he coming back to the US to enter a plea, we would engage with his lawyers.” Holder also makes it clear that Snowden wouldn’t be given any special treatment. Despite the high profile nature of the case, those discussions would be the “same with any defendant who wanted to enter a plea of guilty,” he said.

For his part, Snowden says he isn’t coming back anytime soon — but he realizes it would be the preferred outcome for everyone involved. In an online Q&A yesterday, he said, “Returning to the US, I think, is the best resolution for the government, the public, and myself, but it’s unfortunately not possible in the face of current whistleblower protection laws, which through a failure in law did not cover national security contractors like myself.” Under current laws, Snowden claims there’s “no chance to have a fair trial, and no way I can come home and make my case to a jury.”

Facebook Backdoor Gives Clues To Private Email Addresses

by Adam Tanner, Contributor

If you forget your Facebook profile name, you can enter your name, email or phone number into a page called Find Your Account to find your Facebook profile and some alternative email addresses, which are partially obscured such as j*******s@yahoo.com.

The same technique works if you type in other people’s details. Then Facebook can act as a Caller ID and produce a photo, name or clues about a private email. That could help if someone telephones but does not leave a message, or if you want to find a private email address from a company email.

As a test I looked up Gary King, one of two dozen who hold Harvard’s prestigious title of University Professor. His email address is listed on his public webpage. A search of Find Your Account leads to his Facebook profile photo and revealing clues to his alternative email addresses.

I repeated the process for several other people. It did not find everyone– perhaps the telephone numbers or email addresses were not linked with Facebook — but in many cases it did, including for a well-known private detective in Las Vegas whose photo I was able to see.

“This is an interesting case where a feature aimed at giving users a better service actually exposes their private data,” said Michael Bar-Sinai, a software engineer at Harvard’s Institute for Quantitative Social Science where King serves as director.

He pointed out his privacy settings allowed only friends of friends – not everyone – to look him up with his email address or his phone number. Yet a search finds his photo, name and partial email addresses.

In many cases, “Find Your Address” would not reveal any startling information. However, often a little bit of personal information here and there allows outsiders to gain a far 

facebook2

more intimate portrait of us than we imagine. One chapter in my upcoming book tries to find a woman whose thumbnail-size image is posted on a Yelppage. Tiny clues in obscure places help reveal her double life on the steamier side of the Internet.

Asked about the information shown by Find Your Account, a Facebook spokesman who did not want to be named said: “Certain information on Facebook—such as your name, profile photo, and networks (if you choose to add any)—is treated as public because it plays a crucial role in helping your friends and family connect with you. In this case, showing a profile photo helps people avoid accidentally initiating a password reset for the wrong account.”

This page describes what Facebook considers public information. Users can adjust their privacy settings with details given here to mask the name and photo from being visible in the password recovery process.

“If you use the password recovery feature to search for someone who has modified these settings such that you can’t look them up using this information, you will see only ‘Facebook User’ and will not be able to view their name, profile photo, or networks,” the spokesman said.

Still, the partial email address remains visible. So using his phone number, I looked up the spokesman via Find Your Account. His name and photo were not given, but I could easily guess what his private Gmail address is from the partially masked information. It showed the first letter of his first name, stars, and the last letter of his uncommon surname followed by @gmail.com.

“We show obscured email addresses in the password reset flow because our experience with helping many people recover their accounts over the years suggests that this information is important for helping people find the account recovery message we send,” he said. “Many people have multiple email addresses and don’t always remember which one is registered with Facebook.”

In the case of Professor King, his photo is available elsewhere and he posts his university email on his web page. His private email addresses – for which Facebook provided some clues — would be harder to locate. But he is relaxed about this information being visible.

King cited outgoing Microsoft CEO Steve Ballmer as someone who has made his email address public and referred to that fact in interviews. Ballmer “said he does the same and has no problems.  I get a lot of email, but just like he said, people tend to be respectful,” King said. “I sign out of every automated mailing, which cuts things down some.”

full story: http://www.forbes.com/sites/adamtanner/2014/01/17/facebook-backdoor-gives-clues-to-private-email-addresses/

5 Changes President Obama Wants To Make to NSA’s Surveillance Programs

In a major address this morning, President Obama tried to soothe Americans’ fears about NSA spying by promising these changes.

By Davey Alba

President Barack Obama speaks about the National Security Agency (NSA) at the Justice Department, on January 17, 2014 in Washington, DC.
Mark Wilson/Getty Images

Earlier this morning, President Obama spoke about a number of reforms he wants to make to the National Security Agency’s surveillance programs, which have been widely criticized since Edward Snowden’s leaked on the extent of agency’s spying operations. Almost every week now, it seems, new revelations emerge, ranging from the bulk collection of telephone metadata to capturing information from computers that aren’t even connected to the Internet through radio waves sent out by the machines.

With dissent mounting, President Obama took to the podium once more to try to mitigate public concerns. Here are the five crucial things you need to know about the announcement. (You can also read the full text of Obama’s speech here, or read the presidential policy directive on surveillance, which has been posted online.)

1. An End to the NSA’s Bulk Data Collection Program

The biggest reform announced today was the end of the bulk data collection program under section 215 of the Patriot Act. Quick refresher: This was the program that enabled the NSA to review the telephone connections of many Americans‚Äînot the actual content of the phone calls, but the phone numbers and the times and lengths of the calls. That may seem benign, but one can glean a huge amount of information from this metadata, and the revelation was arguably the most important Snowden leak. According to President Obama, this program will come to a halt. It’s unclear how long it will take before bulk data collection is completely overhauled‚Äîthe process could take months if not more‚Äîbut in the meantime, new restrictions will be put into place to limit the government’s access to this data.

2. Continued Access to Call Records Under a New System

President Obama doesn’t want to cut off the government’s access to this data completely, though. The government will establish a new system for holding the phone records, but it’s so far unclear what form that system will take. Some possibilities mentioned included asking the phone companies to hold onto customer data and hand it over to the government whenever a court order mandates it, or creating an entirely new body that would act as the keeper of the massive database of phone records.

3. New Limitations on Spying on U.S. Allies

The Snowden documents revealed that the NSA had digital snooped on foreign leaders, most famously German Chancellor Angela Merkel, whose cell phone was being monitored. Obama has ordered that that the heads of states that are friendly with the United States will be completely off-limits for electronic surveillance by the government. Of course, this measure is a bit murky; why gets to decide who are the “close” allies of the U.S.?

4. A Panel of Public Advocates for Cases in Surveillance Courts

If Obama’s recommendation comes to fruition, third-party public advocates will be present at each request for data in the FISA courts‚Äîthose special federal courts that handle secret requests for surveillance warrants against suspected enemies of the U.S. However, this initiative requires action by Congress before it can become standard procedure.

5. Privacy Protections for Foreigners

Obama is also calling for a reform of the Section 702 program targeting foreign individuals, which allows the government to snatch up communications of foreigners who have information about national security. The President says that unless there is a major threat to national security, foreigners shouldn’t have a reason to fear being spied on. The rules will be developed and crystallized in the next few months.

Read more: 5 Changes President Obama Wants To Make to NSA’s Surveillance Programs – Popular Mechanics
Follow us: @PopMech on Twitter | popularmechanics on Facebook
Visit us at PopularMechanics.com

NSA collects millions of text messages daily in ‘untargeted’ global sweep

• NSA extracts location, contacts and financial transactions
• ‘Dishfire’ program sweeps up ‘pretty much everything it can’
• GCHQ using database to search metadata from UK numbers

by  in New York

Texting on BlackBerry mobile phone

The NSA has made extensive use of its text message database to extract information on people under no suspicion of illegal activity. Photograph: Dave Thompson/PA

The National Security Agency has collected almost 200 million text messages a day from across the globe, using them to extract data including location, contact networks and credit card details, according to top-secret documents.

The untargeted collection and storage of SMS messages – including their contacts – is revealed in a joint investigation between the Guardian and the UK’s Channel 4 News based on material provided by NSA whistleblower Edward Snowden.

The documents also reveal the UK spy agency GCHQ has made use of the NSA database to search the metadata of “untargeted and unwarranted” communications belonging to people in the UK.

The NSA program, codenamed Dishfire, collects “pretty much everything it can”, according to GCHQ documents, rather than merely storing the communications of existing surveillance targets.

The NSA has made extensive use of its vast text message database to extract information on people’s travel plans, contact books, financial transactions and more – including of individuals under no suspicion of illegal activity.

An agency presentation from 2011 – subtitled “SMS Text Messages: A Goldmine to Exploit” – reveals the program collected an average of 194 million text messages a day in April of that year. In addition to storing the messages themselves, a further program known as “Prefer” conducted automated analysis on the untargeted communications.

sms1

An NSA presentation from 2011 on the agency’s Dishfire program to collect millions of text messages daily. Photograph: Guardian

The Prefer program uses automated text messages such as missed call alerts or texts sent with international roaming charges to extract information, which the agency describes as “content-derived metadata”, and explains that “such gems are not in current metadata stores and would enhance current analytics”.

On average, each day the NSA was able to extract:

• More than 5 million missed-call alerts, for use in contact-chaining analysis (working out someone’s social network from who they contact and when)

• Details of 1.6 million border crossings a day, from network roaming alerts

• More than 110,000 names, from electronic business cards, which also included the ability to extract and save images.

• Over 800,000 financial transactions, either through text-to-text payments or linking credit cards to phone users

The agency was also able to extract geolocation data from more than 76,000 text messages a day, including from “requests by people for route info” and “setting up meetings”. Other travel information was obtained from itinerary texts sent by travel companies, even including cancellations and delays to travel plans.

sms5

A slide on the Dishfire program describes the ‘analytic gems’ of collected metadata. Photograph: Guardian

Communications from US phone numbers, the documents suggest, were removed (or “minimized”) from the database – but those of other countries, including the UK, were retained.

The revelation the NSA is collecting and extracting personal information from hundreds of millions of global text messages a day is likely to intensify international pressure on US president Barack Obama, who on Friday is set to give his response to the report of his NSA review panel.

While US attention has focused on whether the NSA’s controversial phone metadata program will be discontinued, the panel also suggested US spy agencies should pay more consideration to the privacy rights of foreigners, and reconsider spying efforts against allied heads of state and diplomats.

In a statement to the Guardian, a spokeswoman for the NSA said any implication that the agency’s collection was “arbitrary and unconstrained is false”. The agency’s capabilities were directed only against “valid foreign intelligence targets” and were subject to stringent legal safeguards, she said.

The ways in which the UK spy agency GCHQ has made use of the NSA Dishfire database also seems likely to raise questions on the scope of its powers.

While GCHQ is not allowed to search through the content of messages without a warrant – though the contents are stored rather than deleted or “minimized” from the database – the agency’s lawyers decided analysts were able to see who UK phone numbers had been texting, and search for them in the database.

The GCHQ memo sets out in clear terms what the agency’s access to Dishfire allows it to do, before handling how UK communications should be treated. The unique property of Dishfire, it states, is how much untargeted or unselected information it stores.

“In contrast to [most] GCHQ equivalents, DISHFIRE contains a large volume of unselected SMS traffic,” it states (emphasis original). “This makes it particularly useful for the development of new targets, since it is possible to examine the content of messages sent months or even years before the target was known to be of interest.”

It later explains in plain terms how useful this capability can be. Comparing Dishfire favourably to a GCHQ counterpart which only collects against phone numbers that have specifically been targeted, it states “Dishfire collects pretty much everything it can, so you can see SMS from a selector which is not targeted”.

The document also states the database allows for broad, bulk searches of keywords which could result in a high number of hits, rather than just narrow searches against particular phone numbers: “It is also possible to search against the content in bulk (e.g. for a name or home telephone number) if the target’s mobile phone number is not known.”

Analysts are warned to be careful when searching content for terms relating to UK citizens or people currently residing in the UK, as these searches could be successful but would not be legal without a warrant or similar targeting authority.

However, a note from GCHQ’s operational legalities team, dated May 2008, states agents can search Dishfire for “events” data relating to UK numbers – who is contacting who, and when.

“You may run a search of UK numbers in DISHFIRE in order to retrieve only events data,” the note states, before setting out how an analyst can prevent himself seeing the content of messages when he searches – by toggling a single setting on the search tool.

Once this is done, the document continues, “this will now enable you to run a search without displaying the content of the SMS, especially useful for untargeted and unwarranted UK numbers.”

A separate document gives a sense of how large-scale each Dishfire search can be, asking analysts to restrain their searches to no more than 1,800 phone numbers at a time.

sms8

An NSA slide on the ‘Prefer’ program reveals the program collected an average of 194 million text messages a day in April 2011. Photograph: Guardian

The note warns analysts they must be careful to make sure they use the form’s toggle before searching, as otherwise the database will return the content of the UK messages – which would, without a warrant, cause the analyst to “unlawfully be seeing the content of the SMS”.

The note also adds that the NSA automatically removes all “US-related SMS” from the database, so it is not available for searching.

A GCHQ spokesman refused to comment on any particular matters, but said all its intelligence activities were in compliance with UK law and oversight.

But Vodafone, one of the world’s largest mobile phone companies with operations in 25 countries including Britain, greeted the latest revelations with shock.

“It’s the first we’ve heard about it and naturally we’re shocked and surprised,” the group’s privacy officer and head of legal for privacy, security and content standards told Channel 4 News.

“What you’re describing sounds concerning to us because the regime that we are required to comply with is very clear and we will only disclose information to governments where we are legally compelled to do so, won’t go beyond the law and comply with due process.

“But what you’re describing is something that sounds as if that’s been circumvented. And for us as a business this is anathema because our whole business is founded on protecting privacy as a fundamental imperative.”

He said the company would be challenging the UK government over this. “From our perspective, the law is there to protect our customers and it doesn’t sound as if that is what is necessarily happening.”

The NSA’s access to, and storage of, the content of communications of UK citizens may also be contentious in the light of earlier Guardian revelations that the agency was drafting policies to facilitate spying on the citizens of its allies, including the UK and Australia, which would – if enacted – enable the agency to search its databases for UK citizens without informing GCHQ or UK politicians.

The documents seen by the Guardian were from an internal Wikipedia-style guide to the NSA program provided for GCHQ analysts, and noted the Dishfire program was “operational” at the time the site was accessed, in 2012.

The documents do not, however, state whether any rules were subsequently changed, or give estimates of how many UK text messages are collected or stored in the Dishfire system, or from where they are being intercepted.

In the statement, the NSA spokeswoman said: “As we have previously stated, the implication that NSA’s collection is arbitrary and unconstrained is false.

“NSA’s activities are focused and specifically deployed against – and only against – valid foreign intelligence targets in response to intelligence requirements.

“Dishfire is a system that processes and stores lawfully collected SMS data. Because some SMS data of US persons may at times be incidentally collected in NSA’s lawful foreign intelligence mission, privacy protections for US persons exist across the entire process concerning the use, handling, retention, and dissemination of SMS data in Dishfire.

“In addition, NSA actively works to remove extraneous data, to include that of innocent foreign citizens, as early as possible in the process.”

The agency draws a distinction between the bulk collection of communications and the use of that data to monitor or find specific targets.

A spokesman for GCHQ refused to respond to any specific queries regarding Dishfire, but said the agency complied with UK law and regulators.

“It is a longstanding policy that we do not comment on intelligence matters,” he said. “Furthermore, all of GCHQ’s work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the Parliamentary Intelligence and Security Committee.”

GCHQ also directed the Guardian towards a statement made to the House of Commons in June 2013 by foreign secretary William Hague, in response to revelations of the agency’s use of the Prism program.

“Any data obtained by us from the US involving UK nationals is subject to proper UK statutory controls and safeguards, including the relevant sections of the Intelligence Services Act, the Human Rights Act and the Regulation of Investigatory Powers Act,” Hague told MPs.

full story: http://www.theguardian.com/world/2014/jan/16/nsa-collects-millions-text-messages-daily-untargeted-global-sweep

NSA review panel casts doubt on bulk data collection claims

Panel members said phone data had limited role preventing terrorism in testimony before Senate judiciary committee

by 

Patrick Leahy, Dianne Feinstein NSA hearing

Senators Patrick Leahy and Dianne Feinstein heard testimony regarding the NSA’s efficacy in counter-terrorism. Photograph: J Scott Applewhite/AP

The members of president Barack Obama’s surveillance review panel on Tuesday rejected some of the central contentions offered by the National Security Agency for its bulk collection of phone records, including the program’s potential usefulness in preventing the 9/11 attacks.

Testifying before the Senate judiciary committee, members of the panel said that restricting the NSA is necessary in order to rebalance the competing values of liberty and security.

Richard Clarke, who was the White House’s counter-terrorism czar on 9/11, echoed the 9/11 Commission in saying that the biggest obstacle to preventing the terrorist attack was not the NSA collecting an insufficient amount of data, but a failure to share information already collected.

“If the information that the federal agencies had at the time had been shared among the agencies, then one of them, the FBI, could have gone to the Fisa Court and could have in a very timely manner gotten a warrant to monitor” US-based al-Qaida conspirators, Clarke told the Senate judiciary committee.

Similarly, Michael Morell, a former deputy CIA director, told the committee that so-called “metadata” about a phone conversation inherently entailed information about the substance of the communication. “There is quite a bit of content in metadata,” Morrell said. “There’s not a sharp distinction between metadata and content. It’s more of a continuum.”

Morrell added that the bulk collection of domestic phone data “has not played a significant role in preventing any terrorist attacks to this point,” further undercutting a major rationale offered by the NSA since the Guardian first revealed the bulk phone-data collection in June, thanks to leaks by Edward Snowden.

But, Morell added, “that is a different statement than saying the program has not been important.” Morrell said that bulk collection can provide a reassurance that there is no domestic nexus to foreign terrorist plots detected by other NSA efforts.

“It is absolutely true that 215 has not by itself disrupted prevented terrorist attacks in the United States, but that doesn’t mean it’s not important going forward, said Morell, using a shorthand for the bulk phone metadata collection. “Many of us have never suffered a fire in our homes but many of us have homeowners insurance.”

The recommendations that the panel made in December recast the Washington debate over the NSA’s mass surveillance activities and gave reform efforts crucial political momentum. Obama will likely announce some curbs to surveillance, heavily influenced by the panel’s work, in a speech at the Justice Department scheduled for Friday.

CIA director Michael Morell

Former CIA deputy director Michael Morell said ‘There’s not a sharp distinction between metadata and content.’ Photograph: Mark Wilson/Getty Images

 

“We’re really having a debate about Americans’ fundamental relationship with their government,” said Patrick Leahy, the Vermont Democrat who chairs the Senate judiciary committee and is the co-author of a bill, the USA Freedom Act, to restrict NSA bulk surveillance.

The panel has also prompted fierce behind-the-scenes jockeying between the NSA and its critics surrounding the scope of its highest-profile recommendation: ending the NSA’s collection of data on every phone call made in the United States.

Several senators at the hearing expressed skepticism at the panel’s recommendations, including intelligence committee chairwoman Dianne Feinstein and South Carolina Republican Lindsey Graham, who both seemed to confuse the review group by pressing them on the bulk collection of metadata’s relationship to preventing terrorism.

Both sides are awaiting Obama’s thoughts on the subject, particularly concerning the legal standards and procedures by which NSA would be allowed to access records kept by phone companies for discovering terrorism connections, and how long companies or a private entity would be required to retain customer information. Those details will determine whether the mass surveillance actually ends or, as critics have warned, is simply outsourced.

Most members of Congress, whom the White House concedes will take the fore in codifying any new surveillance approach that Obama proposes, have not yet taken firm positions on what the scope of a privately-held phone records database should be. On Tuesday, Representative Adam Schiff, a member of the House intelligence committee, introduced a bill he said would “restructure” the phone data collection, without requiring companies to hold customer data longer than they currently do, and forcing the NSA to obtain a Fisa Court order for searching through the data in all but emergency cases.

Dianne Feinstein and intelligence chiefs

Dianne Feinstein speaks with director of national intelligence James Clapper, NSA director general Keith Alexander. Photograph: Jason Reed/Reuters

“This idea gained new momentum last month, with the president’s NSA review panel’s endorsement that restructuring the program is both technically feasible and more protective of the privacy interests of the American people,” Schiff, a California Democrat, said in a statement.

The members of the surveillance review panel testified on Tuesday that they were not advocating that the government no longer examine the metadata, but only that it should have to obtain court orders based on specific suspicions of wrongdoing before they do so in non-emergency cases.

“There’s no reason why getting a court order to query the metadata is any more impossible than getting a search warrant to search a home,” Geoffrey Stone, a University of Chicago law professor, told the Senate panel on Tuesday.

Panel members praised what they described as robust safeguards surrounding the bulk metadata program, but added that they were insufficient to maintain public confidence in it after the revelation of its existence.

The NSA argues that it needs “the haystack” of all domestic phone records in order to spot connections to terrorism, as outgoing deputy NSA director John Inglis said Friday. But telecommunication and internet firms are balking at any requirement for holding customer data longer than the current 18 month average maximum, fearing increased legal and financial liability.

“Our members would oppose the imposition of data retention obligations that would require them to maintain customer data for longer than necessary,” a spokesman for CTIA-The Wireless Association, the cellular phone trade group, told the Associated Press Friday.

The phone companies “obviously rather would not hold the data”, Stone conceded.

“The concern of the fourth amendment, the concern of our constitutional history is that government can do far more harm if it abuses information in its hands than private entities can,” Stone told the panel.

But Senator Chuck Grassley of Iowa, the ranking Republican on the committee, warned that the private sector would have a difficult time securing the data, citing the recent massive breach of customer information from Target.

Clarke later replied that there was a “very significant information compromise at NSA,” and that he was unaware of “people’s phone records going into the public record when they were stolen from phone companies.” But major phone companies overseas, like Deutsche Telekom in Germany and Vodafone in Greece, have experienced major data break-ins.

Brough Turner, the chief technology officer of broadband company NetBlazr, noted that the private sector itself has similar concerns. “As an internet service provider, the best possible thing is to keep the absolute minimum data necessary to track the functioning of your infrastructure and service outages and complaints, because you lay yourself open for excess legal expenses. It’s a liability issue,” he told the Guardian.

Turner was part of a lobbying push that tech firms made on Capitol Hill on Monday and Tuesday in an attempt to convince legislators to back the USA Freedom Act. Participants said they warned senators and members of Congress against handing over a program functionally similar to the NSA’s to the phone companies.

“We delivered a very clear message that [that action] doesn’t solve the problem at all,” said Matthew Simons of software firm ThoughtWorks. “Certainly in the global sphere, to tell our customers in Brazil, ‘Don’t worry, it’s not the government anymore, AT&T has got your back’ … it doesn’t fly, it doesn’t fix the problem.”

Barack Obama speaks at the Oval Office.

Barack Obama is expected to state his stance on surveillance reforms this week. Photograph: Carolyn Kaster/AP

Simons said the tech coalition, which primarily targeted members of the Senate and House judiciary committees, which are considering the USA Freedom Act, argued that the broad reach of the NSA’s foreign surveillance was hurting US tech competitiveness overseas – a contention he said caused cognitive dissonance on Capitol Hill.

“A lot of the people that have been the biggest champions of business interests are also the same people who see a terrorist behind every bush,” he said. “Those people have a really strong values conflict, because when businesses come to you and say, ‘Stop surveilling entire countries, the entire population of the world, because it’s killing our business,’ I think they just kind of freeze up. People are really wrestling with this.”

Among those wrestling with surveillance reforms is John Bates, a federal judge and former presiding judge of the Fisa Court. In a rare moment of policy advocacy from a sitting federal judge, Bates sent a letter to Feinstein, released Tuesday, in which he rejected several reforms to the secret surveillance court proposed by Obama’s review group, citing the “burden” they would place on the judiciary.

Creating a permanent privacy advocate to argue before the Fisa Court is “unnecessary – and could prove counterproductive – in the vast majority of Fisa matters”, wrote Bates, who did say that the appointment of one in certain cases at the court’s discretion is “likely to be helpful”.

Bates also warned against placing a controversial FBI administrative subpoena known as a National Security Letter under the court’s purview, saying it would “fundamentally transform the nature of the [court] to the detriment of its current responsibilities.”

Expanding the declassification of the secret court’s rulings as a transparency measure, Bates wrote, “is likely to promote confusion and misunderstanding”.

Cass Sunstein, a former Obama White House adviser and surveillance advisory panel member, said he disagreed with Bates about judicial discretion for appointing a privacy advocate on a case-by-case basis on the grounds that it afforded judges too much power in cases with significant privacy interests at stake.

“We think that’s not consistent with our traditions,” Sunstein testified.

full story: http://www.theguardian.com/world/2014/jan/14/nsa-review-panel-senate-phone-data-terrorism

Edward Snowden Joins Freedom Of The Press Foundation

By 

edward snowden press freedom

MOSCOW, RUSSIA – DECEMBER 2013: (EXCLUSIVE ACCESS; PREMIUM RATES (3X) APPLY) Former intelligence contractor Edward Snowden poses for a photo during an interview in an undisclosed location in December 2013 in Moscow, Russia. Snowden who exposed extensive details of global electronic surveillance by the National Security Agency has been in Moscow since June 2012 after getting temporary asylum in order to evade prosecution by authorities in the U.S. (Photo by Barton Gellman/Getty Images) | Getty

Edward Snowden is joining the board of the Freedom of the Press Foundation, the press freedom group launched by Daniel Ellsberg, Glenn Greenwald and others, the group announced Tuesday.

Snowden’s leaks to Greenwald and others in 2013 prompted one of the most intense debates over press freedom in recent memory.

In a press release, Ellsberg—who has said that Snowden’s leaks were the most important in American history—called Snowden “the quintessential American whistleblower, and a personal hero of mine.”

Snowden remains in Moscow, where he has been granted asylum by the Russian government.

The Freedom of the Press Foundation was launched in 2012 with the intention of aiding investigative journalism and combating government secrecy. Besides Ellsberg and Greenwald, other board members include John Cusack, Laura Poitras and Xeni Jardin.

CORRECTION: An earlier version of this story misspelled Xeni Jardin’s name.

full story: http://www.huffingtonpost.com/2014/01/14/edward-snowden-press-freedom-daniel-ellsberg_n_4597833.html

DuckDuckGo’s Popularity Exploded In 2013 Following The NSA/PRISM Leaks

by  (@grg)

DDG

See that graph up there? Thats a chart of how many queries the privacy-minded search engine DuckDuckGo has seen each day since early 2010.

See that massive growth near the end? That’s when details of the NSA’s PRISM program first leaked. Pretty much overnight, DuckDuckGo more than doubled its traffic.

I don’t think there’s a better way to portray the sudden and massive surge in the public’s desire for Internet privacy than that graph and the accompanying stats. The month before Snowden’s revelations, DuckDuckGo saw 54.4 million requests. The month after, it saw 105.6 million. Incredible.

Wondering what the heck DuckDuckGo is? That’s okay. But once you know, be sure to tell your friends.

DuckDuckGo is sometimes portrayed as the “anti-Google”, but that’s not quite right. It’s more like bizarro-world Google. It looks similar, it acts similar — but in the end, it has totally different motives. DuckDuckGo aims to offer up the simplicity and functionality of the big search engines, minus all the creepy tracking stuff. The company outlines everything they do/don’t store right here, but most importantly: it doesn’t use tracking cookies, and it doesn’t save a record of your IP.
DDG Logo

All in all, DuckDuckGo’s total search count for 2013 came in at just over 1 billion – more than double what it saw in 2012.

There’s still room to grow, though — lots, and lots of room. Even after their monstrous mid-year spike, DuckDuckGo’s numbers are a tiny drop in the worlds biggest bucket when put up against the likes of giants. Google pulled in over 1.2 trillion searches in 2012, for example. That’s 3.2 billion searches, or roughly 3X all of DuckDuckGo’s annual traffic, eachday.

DuckDuckGo last raised money ($3M) at the end of 2011, long before Edward Snowden was a household name. With these numbers and the ever-growing demand for privacy online, raising another round would probably be like a walk in the park.

full story: http://techcrunch.com/2014/01/12/duckduckgos-popularity-exploded-in-2013-following-the-nsaprism-leaks/