Microsoft, Facebook, Google and Yahoo release US surveillance requests

• Tech giants turn over data from tens of thousands of accounts • Limited disclosure part of transparency deal made last month

in Washington and in New York

theguardian.com,    Monday 3 February 2014 16.40 EST

Microsoft, Twitter, Google and Facebook all want to give greater disclosure of Fisa requests
Microsoft, Twitter, Google and Facebook all participate in the NSA’s Prism effort. Photograph: Pichi Chuang/Reuters

Tens of thousands of accounts associated with customers of Microsoft, Google, Facebook and Yahoo have their data turned over to US government authorities every six months as the result of secret court orders, the tech giants disclosed for the first time on Monday. Continue reading “Microsoft, Facebook, Google and Yahoo release US surveillance requests”

Government Told to Explain Need for Secrecy “But says it’s a Secret “

By JACK BOUBOUSHIAN

(CN) – The U.S. government must explain why a Feb. 19 order of the Foreign Intelligence Surveillance Court cannot be released to the public, even in a redacted form, a FISC judge ruled.

In September 2013, Judge F. Dennis Saylor IV, one of the 11 federal judges who sits on the U.S. Foreign Intelligence Surveillance Court (FISC), ruled that the U.S. government must consider publicly releasing classified opinions regarding the National Security Agency’s domestic spying program.

The ruling was issued in response to a complaint filed by the American Civil Liberties Union two years ago seeking the release of FISC opinions interpreting the government’s power to conduct surveillance related to terrorism under Section 215 of the Patriot Act.

Saylor noted the same day in another opinion that the “publication of FISC opinions relating to this provision would contribute to an informed debate.”

On this order, the government conducted a declassification review of a February 19, 2013 FISC opinion, and concluded Monday that, “after careful review of the opinion by senior intelligence officials and the U.S. Department of Justice, the Executive Branch has determined that the opinion should be withheld in full and a public version of the opinion cannot be provided.”

Continue reading “Government Told to Explain Need for Secrecy “But says it’s a Secret “”

Fisa court documents reveal extent of NSA disregard for privacy restrictions

Incensed Fisa court judges questioned NSA’s truthfulness after repeated breaches of rules meant to protect Americans’ privacy
NSA HQ at Fort Meade, Maryland
Fisa court judge John Bates found that the NSA engaged in ‘systemic overcollection’. Photograph: Paul J Richards/AFP

Newly declassified court documents indicate that the National Security Agency shared its trove of American bulk email and internet data with other government agencies in violation of specific court-ordered procedures to protect Americans’ privacy.

The dissemination of the sensitive data transgressed both the NSA’s affirmations to the secret surveillance court about the extent of the access it provided, and prompted incensed Fisa court judges to question both the NSA’s truthfulness and the value of the now-cancelled program to counter-terrorism.

While the NSA over the past several months has portrayed its previous violations of Fisa court orders as “technical” violations or inadvertent errors, the oversharing of internet data is described in the documents as apparent widespread and unexplained procedural violations.

“NSA’s record of compliance with these rules has been poor,” wrote judge John Bates in an opinion released on Monday night in which the date is redacted.

Continue reading “Fisa court documents reveal extent of NSA disregard for privacy restrictions”

NSA paid millions to cover Prism compliance costs for tech companies

• Top-secret files show first evidence of financial relationship • Prism companies include Google and Yahoo, says NSA • Costs were incurred after 2011 Fisa court ruling

 

PRISM: 'really freaky'.

The material provides the first evidence of a financial relationship between the tech companies and the NSA.

The National Security Agency paid millions of dollars to cover the costs of major internet companies involved in the Prism surveillance program after a court ruled that some of the agency’s activities were unconstitutional, according to top-secret material passed to the Guardian.

The technology companies, which the NSA says includes Google, Yahoo, Microsoft and Facebook, incurred the costs to meet new certification demands in the wake of the ruling from the Foreign Intelligence Surveillance (Fisa) court.

The October 2011 judgment, which was declassified on Wednesday by the Obama administration, found that the NSA’s inability to separate purely domestic communications from foreign traffic violated the fourth amendment.

While the ruling did not concern the Prism program directly, documents passed to the Guardian by whistleblower Edward Snowden describe the problems the decision created for the agency and the efforts required to bring operations into compliance. The material provides the first evidence of a financial relationship between the tech companies and the NSA.

The intelligence agency requires the Fisa court to sign annual “certifications” that provide the legal framework for surveillance operations. But in the wake of the court judgment these were only being renewed on a temporary basis while the agency worked on a solution to the processes that had been ruled illegal.

An NSA newsletter entry, marked top secret and dated December 2012, discloses the huge costs this entailed. “Last year’s problems resulted in multiple extensions to the certifications’ expiration dates which cost millions of dollars for Prism providers to implement each successive extension – costs covered by Special Source Operations,” it says.

Fisa 1

An NSA newsletter entry dated December 2012 disclosing the costs of new certification demands. Photograph: guardian.co.ukSpecial Source Operations, described by Snowden as the “crown jewel” of the NSA, handles all surveillance programs, such as Prism, that rely on “corporate partnerships” with telecoms and internet providers to access communications data.

The disclosure that taxpayers’ money was used to cover the companies’ compliance costs raises new questions over the relationship between Silicon Valley and the NSA. Since the existence of the program was first revealed by the Guardian and the Washington Post on June 6, the companies have repeatedly denied all knowledge of it and insisted they only hand over user data in response to specific legal requests from the authorities.

An earlier newsletter, which is undated, states that the Prism providers were all given new certifications within days of the Fisa court ruling. “All Prism providers, except Yahoo and Google, were successfully transitioned to the new certifications. We expect Yahoo and Google to complete transitioning by Friday 6 October.”

Fisa 2                An earlier undated newsletter after the Fisa court ruling on certifications. Photograph: guardian.co.ukThe Guardian invited the companies to respond to the new material and asked each one specific questions about the scale of the costs they incurred, the form of the reimbursement and whether they had received any other payments from the NSA in relation to the Prism program.

A Yahoo spokesperson said: “Federal law requires the US government to reimburse providers for costs incurred to respond to compulsory legal process imposed by the government. We have requested reimbursement consistent with this law.”

Asked about the reimbursement of costs relating to compliance with Fisa court certifications, Facebook responded by saying it had “never received any compensation in connection with responding to a government data request”.

Google did not answer any of the specific questions put to it, and provided only a general statement denying it had joined Prism or any other surveillance program. It added: “We await the US government’s response to our petition to publish more national security request data, which will show that our compliance with American national security laws falls far short of the wild claims still being made in the press today.”

Microsoft declined to give a response on the record.

The responses further expose the gap between how the NSA describes the operation of its Prism collection program and what the companies themselves say.

Prism operates under section 702 of the Fisa Amendments Act, which authorises the NSA to target without a warrant the communications of foreign nationals believed to be not on US soil.

But Snowden’s revelations have shown that US emails and calls are collected in large quantities in the course of these 702 operations, either deliberately because the individual has been in contact with a foreign intelligence target or inadvertently because the NSA is unable to separate out purely domestic communications.

Last week, the Washington Post revealed documents from Snowden that showed the NSA breached privacy rules thousands of times a year, in the face of repeated assurances from Barack Obama and other senior intelligence figures that there was no evidence of unauthorised surveillance of Americans.

The newly declassified court ruling, by then chief Fisa judge John Bates, also revealed serious issues with how the NSA handled the US communications it was sweeping up under its foreign intelligence authorisations.

The judgment revealed that the NSA was collecting up to 56,000 wholly US internet communications per year in the three years until the court intervened. Bates also rebuked the agency for misrepresenting the true scope of a major collection program for the third time in three years.

The NSA newsletters say the agency’s response to the ruling was to work on a “conservative solution in which higher-risk collection would be sequestered”. At the same time, one entry states, the NSA’s general counsel was considering filing an appeal.

The Guardian informed the White House, the NSA and the office of the director of national intelligence that it planned to publish the documents and asked whether the spy agency routinely covered all the costs of the Prism providers and what the annual cost was to the US.

The NSA declined to comment beyond requesting the redaction of the name of an individual staffer in one of the documents.

UPDATE: After publication, Microsoft issued a statement to the Guardian on Friday afternoon.

A spokesperson for Microsoft, which seeks reimbursement from the government on a case-by-case basis, said: “Microsoft only complies with court orders because it is legally ordered to, not because it is reimbursed for the work. We could have a more informed discussion of these issues if providers could share additional information, including aggregate statistics on the number of any national security orders they may receive.”

 

http://www.theguardian.com/world/2013/aug/23/nsa-prism-costs-tech-companies-paid

Internet Companies Paid Millions for Spying Activity

By NICK DIVITO

 

(CN) – The National Security Agency paid millions of dollars to Internet companies like Google, Yahoo!, Microsoft and Facebook to cover costs of its PRISM surveillance program, according to secret documents obtained by The Guardian and published on its website.

The money was paid even after the agency’s activities were ruled unconstitutional by a secret court known as the Foreign Intelligence Surveillance Court, according the documents provided to the newspaper by Edward Snowden.

The so-called FISC court was to sign annual “certifications” of approval, but such certifications were only renewed temporarily while the agency sought a solution to what was ruled to be the over-collection of information that FISC Judge John Bates ruled unconstitutional on Oct. 3, 2013.

The order and two others by Bates were declassified two days ago.

“Last year’s problems resulted in multiple extensions to the Certifications’ expiration dates which cost millions of dollars for PRISM providers to implement each successive extension — costs covered by Special Source Operations,” said a December 2012 memo posted by the English newspaper.

Special Source Operations oversees the agency’s surveillance programs, including PRISM., to off-set costs associated with accessing Internet providers’ data, the paper reported.

The Internet companies have repeatedly denied any knowledge of the surveillance program.

An undated newsletter, also posted on Friday, says PRISM providers were given new “certifications” within days of the FISC ruling.

“All Prism providers, except Yahoo and Google, were successfully were successfully transitioned to the new certifications,” the memo reads. “We expect Yahoo and Google to complete transitioning by Friday 6 Oct.”

A Yahoo! Spokesman told The Guardian that it has requested reimbursement from the federal government for costs incurred to respond to requests. Google gave the paper only a “general statement” denying it had joined PRISM.

Microsoft told the paper that it only complies with court orders for information because it is ordered to, not because it is reimbursed on a case-by-case basis.

Bates’ October 2011 ruling showed that the NSA had collected up to 56,000 communications a year in three years. He accused the agency of misrepresenting the real scope of the program and collecting data that went beyond what was represented: domestic communications from foreign traffic.

The NSA has disclosed that it gathered 250 million Internet communications a year, and that 9 percent of those come from “upstream channels” of up to 25 million emails a year.

On Monday, the American Civil Liberties Union, which sued the federal government in Manhattan Federal Court over its alleged spying activities, is expected to provide the court an opening brief for preliminary injunction. The government, meanwhile, is expected to provide a motion to dismiss.

http://www.courthousenews.com/2013/08/23/60564.htm

Members of Congress denied access to basic information about NSA / Suggesting a new Shadow Government

Documents provided by two House members demonstrate how they are blocked from exercising any oversight over domestic surveillance

Morgan Griffith’s requests for NSA information

Alan Grayson’s requests for NSA information

Glenn Greenwald

Capitol Hill

Members of Congress are increasingly frustrated at their inability to obtain even basic information about the NSA and FISA court. Photograph: Alex Wong/Getty Images

Members of Congress have been repeatedly thwarted when attempting to learn basic information about the National Security Agency (NSA) and the secret FISA court which authorizes its activities, documents provided by two House members demonstrate.

From the beginning of the NSA controversy, the agency’s defenders have insisted that Congress is aware of the disclosed programs and exercises robust supervision over them. “These programs are subject to congressional oversight and congressional reauthorization and congressional debate,” President Obama said the day after the first story on NSA bulk collection of phone records was published in this space. “And if there are members of Congress who feel differently, then they should speak up.”

But members of Congress, including those in Obama’s party, have flatly denied knowing about them. On MSNBC on Wednesday night,  Sen. Richard Blumenthal (D-Ct) was asked by host Chris Hayes: “How much are you learning about what the government that you are charged with overseeing and holding accountable is doing from the newspaper and how much of this do you know?” The Senator’s reply:

The revelations about the magnitude, the scope and scale of these surveillances, the metadata and the invasive actions surveillance of social media Web sites were indeed revelations to me.”

But it is not merely that members of Congress are unaware of the very existence of these programs, let alone their capabilities. Beyond that, members who seek out basic information – including about NSA programs they are required to vote on and FISA court (FISC) rulings on the legality of those programs – find that they are unable to obtain it.

Two House members, GOP Rep. Morgan Griffith of Virginia and Democratic Rep. Alan Grayson of Florida, have provided the Guardian with numerous letters and emails documenting their persistent, and unsuccessful, efforts to learn about NSA programs and relevant FISA court rulings.

“If I can’t get basic information about these programs, then I’m not able to do my job”, Rep. Griffith told me. A practicing lawyer before being elected to Congress, he said that his job includes “making decisions about whether these programs should be funded, but also an oath to safeguard the Constitution and the Bill of Rights, which includes the Fourth Amendment.”

Rep. Griffith requested information about the NSA from the House Intelligence Committee six weeks ago, on June 25. He asked for “access to the classified FISA court order(s) referenced on Meet the Press this past weekend”: a reference to my raising with host David Gregory the still-secret 2011 86-page ruling from the FISA court that found substantial parts of NSA domestic spying to be in violation of the Fourth Amendment as well as governing surveillance statutes.

In that same June 25 letter, Rep. Griffith also requested the semi-annual FISC “reviews and critiques” of the NSA. He stated the rationale for his request: “I took an oath to uphold the United States Constitution, and I intend to do so.”

Almost three weeks later, on July 12, Rep. Griffith requested additional information from the Intelligence Committee based on press accounts he had read about Yahoo’s unsuccessful efforts in court to resist joining the NSA’s PRISM program. He specifically wanted to review the arguments made by Yahoo and the DOJ, as well as the FISC’s ruling requiring Yahoo to participate in PRISM.

On July 22, he wrote another letter to the Committee seeking information. This time, it was prompted by press reports that that the FISA court had renewed its order compelling Verizon to turn over all phone records to the NSA. Rep. Griffith requested access to that court ruling.

The Congressman received no response to any of his requests. With a House vote looming on whether to defund the NSA’s bulk collection program – it was scheduled for July 25 – he felt he needed the information more urgently than ever. He recounted his thinking to me: “How can I responsibly vote on a program I know very little about?”

On July 23, he wrote another letter to the Committee, noting that it had been four weeks since his original request, and several weeks since his subsequent ones. To date, six weeks since he first asked, he still has received no response to any of his requests (the letters sent by Rep. Griffith can be seen here).

“I know many of my constituents will ask about this when I go home,” he said, referring to the August recess when many members of Congress  meet with those they represent. “Now that I won’t get anything until at least September, what am I supposed to tell them? How can I talk about NSA actions I can’t learn anything about except from press accounts?”

Congressman Grayson has had very similar experiences, except that he sometimes did receive responses to his requests: negative ones.

On June 19, Grayson wrote to the House Intelligence Committee requesting several documents relating to media accounts about the NSA. Included among them were FISA court opinions directing the collection of telephone records for Americans, as well as documents relating to the PRISM program.

But just over four weeks later, the Chairman of the Committee, GOP Rep. Mike Rogers, wrote to Grayson informing him that his requests had been denied by a Committee “voice vote”.

In a follow-up email exchange, a staff member for Grayson wrote to the Chairman, advising him that Congressman Grayson had “discussed the committee’s decision with Ranking Member [Dutch] Ruppersberger on the floor last night, and he told the Congressman that he was unaware of any committee action on this matter.” Grayson wanted to know how a voice vote denying him access to these documents could have taken place without the knowledge of the ranking member on the Committee, and asked: “can you please share with us the recorded vote, Member-by-Member?” The reply from this Committee was as follows:

Thanks for your inquiry.  The full Committee attends Business Meetings.  At our July 18, 2013 Business Meeting, there were seven Democrat Members and nine Republican Members in attendance.  The transcript is classified.”

To date, neither Griffith nor Grayson has received any of the documents they requested. Correspondence between Grayson and the Committee – with names of staff members and email addresses redacted – can be read here.

Denial of access for members of Congress to basic information about the NSA and the FISC appears to be common. Justin Amash, the GOP representative who, along with Democratic Rep. John Conyers, co-sponsored the amendment to ban the NSA’s bulk collection of Americans’ phone records, told CNN on July 31: “I, as a member of Congress, can’t get access to the court opinions. I have to beg for access, and I’m denied it if I – if I make that request.”

It is the Intelligence Committees of both the House and Senate that exercise primary oversight over the NSA. But as I noted last week, both Committees are, with the exception of a handful of members, notoriously beholden to the NSA and the intelligence community generally.

Its members typically receive much larger contributions from the defense and surveillance industries than non-Committee members. And the two Committee Chairs – Democrat Dianne Feinstein in the Senate and Republican Mike Rogers in the House – are two of the most steadfast NSA loyalists in Congress. The senior Democrat on the House Committee is ardent NSA defender Dutch Ruppersberger, whose district not only includes NSA headquarters in Fort Meade, but who is also himself the second-largest recipient of defense/intelligence industry cash.

Moreover, even when members of the Intelligence Committee learn of what they believe to be serious abuses by the NSA, they are barred by law from informing the public. Two Democratic Committee members in the Senate, Ron Wyden and Mark Udall, spent years warning Americans that they would be “stunned to learn” of the radical interpretations of secret law the Obama administration had adopted in the secret FISA court to vest themselves with extremist surveillance powers.

Yet the two Senators, prohibited by law from talking about it, concealed what they had discovered. It took Edward Snowden’s whistleblowing for Americans to learn what those two Intelligence Committee members were so dramatically warning them about.

Finally, all members of Congress – not just those on the Intelligence Committees – are responsible for making choices about the NSA and for protecting the privacy rights and other Constitutional guarantees of Americans. “I did not take an oath to defer to the Intelligence Committee,” Rep. Griffith told me. “My oath is to make informed decisions, and I can’t do my job when I can’t get even the most basic information about these programs.”

In early July, Grayson had staffers distribute to House members several slides published by the Guardian about NSA programs as part of Grayson’s efforts to trigger debate in Congress. But, according to one staff member, Grayson’s office was quickly told by the House Intelligence Committee that those slides were still classified, despite having been published and discussed in the media, and directed Grayson to cease distribution or discussion of those materials in the House, warning that he could face sanctions if he continued.

It has been widely noted that the supremely rubber-stamping FISA court constitutes NSA “oversight” in name only, and that the Intelligence Committees are captured by the agency and constrained to act even if they were inclined to. Whatever else is true, members of Congress in general clearly know next to nothing about the NSA and the FISA court beyond what they read in the media, and those who try to rectify that are being actively blocked from finding out.

http://www.theguardian.com/commentisfree/2013/aug/04/congress-nsa-denied-access

How the NSA is still harvesting your online data

Files show vast scale of current NSA metadata programs, with one stream alone celebrating ‘one trillion records processed’

and

guardian.co.uk,    Thursday 27 June 2013 11.03 EDT

The semantic web: some markup code showing built-in metadata

The NSA collects and analyzes significant amounts of data from US communications systems in the course of monitoring foreign targets. Photograph: guardian.co.uk

A review of top-secret NSA documents suggests that the surveillance agency still collects and sifts through large quantities of Americans’ online data – despite the Obama administration’s insistence that the program that began under Bush ended in 2011.

Shawn Turner, the Obama administration’s director of communications for National Intelligence, told the Guardian that “the internet metadata collection program authorized by the Fisa court was discontinued in 2011 for operational and resource reasons and has not been restarted.”

But the documents indicate that the amount of internet metadata harvested, viewed, processed and overseen by the Special Source Operations (SSO) directorate inside the NSA is extensive.

While there is no reference to any specific program currently collecting purely domestic internet metadata in bulk, it is clear that the agency collects and analyzes significant amounts of data from US communications systems in the course of monitoring foreign targets.

On December 26 2012, SSO announced what it described as a new capability to allow it to collect far more internet traffic and data than ever before. With this new system, the NSA is able to direct more than half of the internet traffic it intercepts from its collection points into its own repositories. One end of the communications collected are inside the United States.

The NSA called it the “One-End Foreign (1EF) solution”. It intended the program, codenamed EvilOlive, for “broadening the scope” of what it is able to collect. It relied, legally, on “FAA Authority”, a reference to the 2008 Fisa Amendments Act that relaxed surveillance restrictions.

This new system, SSO stated in December, enables vastly increased collection by the NSA of internet traffic. “The 1EF solution is allowing more than 75% of the traffic to pass through the filter,” the SSO December document reads. “This milestone not only opened the aperture of the access but allowed the possibility for more traffic to be identified, selected and forwarded to NSA repositories.”

It continued: “After the EvilOlive deployment, traffic has literally doubled.”

The scale of the NSA’s metadata collection is highlighted by references in the documents to another NSA program, codenamed ShellTrumpet.

On December 31, 2012, an SSO official wrote that ShellTrumpet had just “processed its One Trillionth metadata record”.

It is not clear how much of this collection concerns foreigners’ online records and how much concerns those of Americans. Also unclear is the claimed legal authority for this collection.

Explaining that the five-year old program “began as a near-real-time metadata analyzer … for a classic collection system”, the SSO official noted: “In its five year history, numerous other systems from across the Agency have come to use ShellTrumpet’s processing capabilities for performance monitoring” and other tasks, such as “direct email tip alerting.”

Almost half of those trillion pieces of internet metadata were processed in 2012, the document detailed: “though it took five years to get to the one trillion mark, almost half of this volume was processed in this calendar year”.

Another SSO entry, dated February 6, 2013, described ongoing plans to expand metadata collection. A joint surveillance collection operation with an unnamed partner agency yielded a new program “to query metadata” that was “turned on in the Fall 2012”. Two others, called MoonLightPath and Spinneret, “are planned to be added by September 2013.”

A substantial portion of the internet metadata still collected and analyzed by the NSA comes from allied governments, including its British counterpart, GCHQ.

An SSO entry dated September 21, 2012, announced that “Transient Thurible, a new Government Communications Head Quarters (GCHQ) managed XKeyScore (XKS) Deep Dive was declared operational.” The entry states that GCHQ “modified” an existing program so the NSA could “benefit” from what GCHQ harvested.

“Transient Thurible metadata [has been] flowing into NSA repositories since 13 August 2012,” the entry states.

 

http://www.guardian.co.uk/world/2013/jun/27/nsa-online-metadata-collection

Spy program shows just how well US knows its people

 

They're watching you <i>(Image: Lucas Jackson/Reuters)</i>They’re watching you (Image: Lucas Jackson/Reuters)

The US government is watching every digital move that Americans make. More than 115 million people use Verizon’s cellphone service in the US, making billions of calls every year. A top-secret document revealed this week shows that the US government, through the National Security Agency, is collecting the details of every single one of those calls on a daily basis. To make matters worse, The Washington Post and The Guardian newspapers today claimed that the NSA also has direct access to the search history, email and even live chats of all customers of the world’s biggest technology firms, including Google, Apple and Facebook.

By turning over what surely amounts to billions of call logs to the US government, Verizon is enabling what is likely to be the broadest surveillance scheme in history. And the likelihood is that it is not the only one.

The secret court order was granted by the Foreign Intelligence Surveillance Court in Washington DC, which oversees surveillance requests. It forces Verizon to turn over its data. But while the order makes it clear that content – the words exchanged during calls – is not collected, that’s little comfort from a privacy perspective. Using network science, it is easy to manipulate large databases like this to figure out exactly who is behind every phone number, who they’ve talked to, when, where and for how long. The NSA probably doesn’t care to track the movements and activities of every person in the Verizon database, but the possibility is just a mouse click away.

Four calls to find you

We don’t know exactly how the NSA analyses these huge lists of records, but we do know what kinds of insights can be drawn from data sets on this scale. Yves-Alexandre de Montjoye from the Massachusetts Institute of Technology and Vincent Blondel from the Université Catholique de Louvain (UCL) in Belgium and colleagues analysed 1.5 million anonymised call records from a Western cell carrier. They showed that it takes just four calls or text messages, each made at a different time and place, to distinguish one person’s movements from everyone else’s (Nature Scientific Reports, doi.org/msd).

Patterns of communication form a digital fingerprint in time, and finding every thing, person and place you have interacted with becomes easy. Such records are exactly the kind of information we now know that Verizon, and likely every other US carrier, is handing over to the NSA on a daily basis.

Judge Roger Vinson, at the Foreign Intelligence Surveillance Court, signed an order on 25 April obliging Verizon to hand data “including but not limited to session identifying information, trunk identifier… and time and duration of call” over to the NSA on a daily basis. In a news conference on Thursday morning (6 June), Senator Dianne Feinstein confirmed that this is just a monthly renewal of a secret order which has been in effect for seven years.

Identifying information refers to the phone numbers of those making and receiving a call or text. The trunk identifier shows which cell towers the calling and receiving phones talked to – the callers’ locations, in other words. Blondel says that datasets like those Verizon is handing over could be used to build up a precise picture of different communities.

Chris Clifton, who works on data privacy at Purdue University in Indiana, says he expects the NSA doesn’t always know exactly what it’s looking for in the call metadata, but rather uses software to sort the records into groups by similarity – people who make lots of calls, for example, or people who never call abroad. Patterns in time could be useful too. If one call appears to spark off a whole flurry of other calls, that might conceivably mean the first phone number belongs to an authority figure in a criminal organisation, for instance.

They know everything

“You’re trusting the phone companies with this data like you’re trusting your bank with your financial transactions,” Blondel says. “They know when you go for surgery, divorce – they know everything.”

“Any sensible question you can ask about the call metadata would be answered in a fraction of a second by five-year-old supercomputers,” says cryptographer Daniel Bernstein from the University of Illinois, Chicago. This means the NSA’s giant supercomputing centre in Utah is massive overkill for analysing measly Verizon call logs. Perhaps it would be more useful for crunching internet data.

An NSA Powerpoint presentation discovered by The Guardian newspaper in London and the Washington Post claims that the NSA is gaining direct access to the servers of the world’s biggest tech firms to spy on internet activity. According to the slides, Google, Yahoo, Apple, Facebook and more are all signed up to a scheme, known as PRISM, which lets the NSA access their customers’ search history, chat logs and emails. The presentation says that data gained from PRISM is used to create nearly 1 in 7 of all intelligence reports. Executives of all the firms implicated have denied knowledge of any such programme and refute the allegation that they have been handing over their customers’ data in this way.

But even if the NSA does not have full internet access, it’s still relatively easy for it to access private data on the internet. Details are scarce, but there is one confirmed case where the NSA was caught in the act. An AT&T engineer named Mark Klein provided evidence that the NSA was skimming a copy of all internet traffic that passed through an AT&T data centre in San Francisco in 2003.

Now Andrew Clement and a team of information scientists at Toronto University in Canada is using that model of surveillance to try and give internet users a sense of whether and where their internet activities are being logged by the NSA. Clement’s system, called IXMaps, has aggregated thousands of traceroutes – information trails which map the paths taken by packets of data as they are directed through the routers and exchanges which make up the internet in the US.

Internet monitoring

A paper due to be presented at the International Symposium on Technology and Society in Toronto at the end of June shows that 99 per cent of internet traffic passing through the US goes through one of just 18 US cities. The paper notes that this shows it is completely feasible for the NSA to be monitoring the majority of US internet traffic with just a handful of warrantless listening posts. These would use ‘splitters’ that split the beam of light in fibre-optic cables to siphon off information. “It is powerful confirmation that it is technically feasible for the NSA to install splitters in relatively few strategic internet choke points from where it could intercept a very large proportion of internet traffic,” it says.

Nancy Paterson, who works on IXMaps with Clement, says the internet is not a random collection of network links, routing data in the most efficient way possible. Instead, the way data moves across the net is tightly controlled according to the business interests that run the subnetworks within it. This control makes blanket monitoring feasible.

“Routing isn’t what you used to call it. The best-effort internet has changed to a highly centralised, controlled space,” she says. “It’s not your grandmother’s internet.”

Although privacy protection may not seem to be on the NSA’s priority list, Clifton says he knows the organisation has people actively working on techniques which would let it analyse data effectively while not breaching privacy. “If they get too intrusive on the data people will be up in arms and they will lose access,” he says. “If they protect privacy they can get more data. They view it as part of their mission.”

De Montjoye says the NSA revelations emphasise the need for new systems which allow rich datasets like mobile phone data to be used while protecting privacy at the same time. An ongoing project in MIT, called openPDS, aims to do exactly this. OpenPDS works by only allowing third parties to ask questions of a customer dataset, never actually getting their hands on the raw data. De Montjoye says this, combined with legal systems which notify individuals when their data has been searched, and auditing systems that record who is searching for what information and when, could change the privacy debate. “I think that such a ‘mixed approach’ to privacy is the way forward,” he says.

http://www.newscientist.com/article/dn23669-spy-program-shows-just-how-well-us-knows-its-people.html?full=true&print=true

 

Foreign Intelligence Surveillance Court order / Verizon forced to hand over telephone data – full court ruling

Verizon forced to hand over telephone data – full court ruling

The US government is collecting the phone records of millions of US customers of Verizon under a top secret court order. Read the Foreign Intelligence Surveillance Court order

TOP SECRET//SI//NOFORN

UNITED STATES
FOREIGN INTELLIGENCE SURVEILLANCE COURT
WASHINGTON, D.C.

IN RE APPLICATION OF THE
FEDERAL BUREAU OF INVESTIGATION
Docket Number: BR ?
FOR AN ORDER REQUIRING THE
PRODUCTION OF TANGIBLE THINGS
FROM VERIZON BUSINESS NETWORK SERVICES,
15-80
INC. ON BEHALF OF MCI COMMUNICATION
SERVICES, INC. D/B/A VERIZON
BUSINESS SERVICES.

SECONDARY ORDER
This Court having found that the Application of the Federal Bureau of
Investigation (FBI) for an Order requiring the production of tangible things from
Verizon Business Network Services, Inc. on behalf of MCI Communication Services
Inc., d/b/a Verizon Business Services (individually and collectively "Verizon")
satisfies the requirements of 50 U.S.C. ? 1861,
IT IS HEREBY ORDERED that, the Custodian of Records shall produce to the
National Security Agency (NSA) upon service of this Order, and continue production

TOP SECRET//SI//NOFORN
Derived from:
Declassify on:

Pleadings in the above-captioned docket
12 April 2038
p. 1
 TOP SECRET//SI//NOFORN
on an ongoing daily basis thereafter for the duration of this Order, unless otherwise
ordered by the Court, an electronic copy of the following tangible things: all call detail
records or “telephony metadata” created by Verizon for communications (i) between
the United States and abroad; or (ii) wholly within the United States, including local
telephone calls. This Order does not require Verizon to produce telephony metadata
for communications wholly originating and terminating in foreign countries.
Telephony metadata includes comprehensive communications routing information,.
including but not limited to session identifying information (e.g., originating and
terminating telephone number, International Mobile Subscriber Identity (IMSI) number,
International Mobile station Equipment Identity (IMEI) number, etc.), trunk identifier,
telephone calling card numbers, and time and duration of call. Telephony metadata
does not include the substantive content of any communication, as defined by 18 U.S.C.
? 2510(8), or the name, address, or financial information of a subscriber or customer.
IT IS FURTHER ORDERED that no person shall disclose to any other person that
the FBIor NSA has sought or obtained tangible things under this Order, other than to:
(a) those persons to whom disclosure is necessary to comply with such Order; (b) an
attorney to obtain legal advice or assistance with respect to the production of things in
response to the Order; or (c) other persons as permitted by the Director of the FBI or the
Director’s designee. A person to whom disclosure is made pursuant to (a), (b), or (c)
TOP SECRET//SI//NOFORN
shall be subject to the nondisclosure requirements applicable to a person to whom an
Order is directed in the same manner as such person. Anyone who discloses to a
person described in (a), (b), or (c) that the FBI or NSA has sought or obtained tangible
things pursuant to this Order shall notify such person of the nondisclosure
requirements of this Order. At the request of the Director of the FBI or the designee of
the Director, any person making or intending to make a disclosure under (a) or (c)
above shall identify to the Director or such designee the person to whom such
disclosure will be made or to whom such disclosure was made prior to the request.
IT IS FURTHER ORDERED that service of this Order shall be by a method
agreed upon by the Custodian of Records of Verizon and the FBI, and if no agreement is
reached, service shall be personal.– Remainder of page intentionally left blank. —

TOP SECRET//SI//NOFORN
3

This authorization requiring the production of certain call detail records or
t~
“telephony metadata” created by Verizon expires on the I~ day of July, 2013, at
5:00 p.m., Eastern Time.
?013 P09 :’p6

Signed
Date

I, Beverly C. Queen, Chief Deputy
Clerk, FISC, certify that this document
is a true and correct copy of the
original~,~

Eastern Time

Time

TOP SECRET//SI//NOFORN
4

p. 2

p. 3


NSA collecting phone records of millions of Americans daily – revealed

Exclusive: Top secret court order requiring Verizon to hand over all call data shows scale of domestic surveillance under Obama

Read the court order in full here

 

 The Guardian,    Wednesday 5 June 2013

    Phone records data

    Under the terms of the order, the numbers of both parties on a call are handed over, as is location data and the time and duration of all calls. Photograph: Matt Rourke/AP

    The National Security Agency is currently collecting the telephone records of millions of US customers of Verizon, one of America’s largest telecoms providers, under a top secret court order issued in April.

    The order, a copy of which has been obtained by the Guardian, requires Verizon on an “ongoing, daily basis” to give the NSA information on all telephone calls in its systems, both within the US and between the US and other countries.

    The document shows for the first time that under the Obama administration the communication records of millions of US citizens are being collected indiscriminately and in bulk – regardless of whether they are suspected of any wrongdoing.

    The secret Foreign Intelligence Surveillance Court (Fisa) granted the order to the FBI on April 25, giving the government unlimited authority to obtain the data for a specified three-month period ending on July 19.

    Under the terms of the blanket order, the numbers of both parties on a call are handed over, as is location data, call duration, unique identifiers, and the time and duration of all calls. The contents of the conversation itself are not covered.

    The disclosure is likely to reignite longstanding debates in the US over the proper extent of the government’s domestic spying powers.

    Under the Bush administration, officials in security agencies had disclosed to reporters the large-scale collection of call records data by the NSA, but this is the first time significant and top-secret documents have revealed the continuation of the practice on a massive scale under President Obama.

    The unlimited nature of the records being handed over to the NSA is extremely unusual. Fisa court orders typically direct the production of records pertaining to a specific named target who is suspected of being an agent of a terrorist group or foreign state, or a finite set of individually named targets.

    The Guardian approached the National Security Agency, the White House and the Department of Justice for comment in advance of publication on Wednesday. All declined. The agencies were also offered the opportunity to raise specific security concerns regarding the publication of the court order.

    The court order expressly bars Verizon from disclosing to the public either the existence of the FBI’s request for its customers’ records, or the court order itself.

    “We decline comment,” said Ed McFadden, a Washington-based Verizon spokesman.

    The order, signed by Judge Roger Vinson, compels Verizon to produce to the NSA electronic copies of “all call detail records or ‘telephony metadata’ created by Verizon for communications between the United States and abroad” or “wholly within the United States, including local telephone calls”.

    The order directs Verizon to “continue production on an ongoing daily basis thereafter for the duration of this order”. It specifies that the records to be produced include “session identifying information”, such as “originating and terminating number”, the duration of each call, telephone calling card numbers, trunk identifiers, International Mobile Subscriber Identity (IMSI) number, and “comprehensive communication routing information”.

    The information is classed as “metadata”, or transactional information, rather than communications, and so does not require individual warrants to access. The document also specifies that such “metadata” is not limited to the aforementioned items. A 2005 court ruling judged that cell site location data – the nearest cell tower a phone was connected to – was also transactional data, and so could potentially fall under the scope of the order.

    While the order itself does not include either the contents of messages or the personal information of the subscriber of any particular cell number, its collection would allow the NSA to build easily a comprehensive picture of who any individual contacted, how and when, and possibly from where, retrospectively.

    It is not known whether Verizon is the only cell-phone provider to be targeted with such an order, although previous reporting has suggested the NSA has collected cell records from all major mobile networks. It is also unclear from the leaked document whether the three-month order was a one-off, or the latest in a series of similar orders.

    The court order appears to explain the numerous cryptic public warnings by two US senators, Ron Wyden and Mark Udall, about the scope of the Obama administration’s surveillance activities.

    For roughly two years, the two Democrats have been stridently advising the public that the US government is relying on “secret legal interpretations” to claim surveillance powers so broad that the American public would be “stunned” to learn of the kind of domestic spying being conducted.

    Because those activities are classified, the senators, both members of the Senate intelligence committee, have been prevented from specifying which domestic surveillance programs they find so alarming. But the information they have been able to disclose in their public warnings perfectly tracks both the specific law cited by the April 25 court order as well as the vast scope of record-gathering it authorized.

    Julian Sanchez, a surveillance expert with the Cato Institute, explained: “We’ve certainly seen the government increasingly strain the bounds of ‘relevance’ to collect large numbers of records at once — everyone at one or two degrees of separation from a target — but vacuuming all metadata up indiscriminately would be an extraordinary repudiation of any pretence of constraint or particularized suspicion.” The April order requested by the FBI and NSA does precisely that.

    The law on which the order explicitly relies is the so-called “business records” provision of the Patriot Act, 50 USC section 1861. That is the provision which Wyden and Udall have repeatedly cited when warning the public of what they believe is the Obama administration’s extreme interpretation of the law to engage in excessive domestic surveillance.

    In a letter to attorney general Eric Holder last year, they argued that “there is now a significant gap between what most Americans think the law allows and what the government secretly claims the law allows.”

    “We believe,” they wrote, “that most Americans would be stunned to learn the details of how these secret court opinions have interpreted” the “business records” provision of the Patriot Act.

    Privacy advocates have long warned that allowing the government to collect and store unlimited “metadata” is a highly invasive form of surveillance of citizens’ communications activities. Those records enable the government to know the identity of every person with whom an individual communicates electronically, how long they spoke, and their location at the time of the communication.

    Such metadata is what the US government has long attempted to obtain in order to discover an individual’s network of associations and communication patterns. The request for the bulk collection of all Verizon domestic telephone records indicates that the agency is continuing some version of the data-mining program begun by the Bush administration in the immediate aftermath of the 9/11 attack.

    The NSA, as part of a program secretly authorized by President Bush on 4 October 2001, implemented a bulk collection program of domestic telephone, internet and email records. A furore erupted in 2006 when USA Today reported that the NSA had “been secretly collecting the phone call records of tens of millions of Americans, using data provided by AT&T, Verizon and BellSouth” and was “using the data to analyze calling patterns in an effort to detect terrorist activity.” Until now, there has been no indication that the Obama administration implemented a similar program.

    These recent events reflect how profoundly the NSA’s mission has transformed from an agency exclusively devoted to foreign intelligence gathering, into one that focuses increasingly on domestic communications. A 30-year employee of the NSA, William Binney, resigned from the agency shortly after 9/11 in protest at the agency’s focus on domestic activities.

    In the mid-1970s, Congress, for the first time, investigated the surveillance activities of the US government. Back then, the mandate of the NSA was that it would never direct its surveillance apparatus domestically.

    At the conclusion of that investigation, Frank Church, the Democratic senator from Idaho who chaired the investigative committee, warned: “The NSA’s capability at any time could be turned around on the American people, and no American would have any privacy left, such is the capability to monitor everything: telephone conversations, telegrams, it doesn’t matter.”

    Additional reporting by Ewen MacAskill and Spencer Ackerman

     

    http://www.guardian.co.uk/world/2013/jun/06/nsa-phone-records-verizon-court-order?guni=Network

    New Philippines law bans ‘cybersex’

    By Stephen C. Webster Wednesday, September 19, 2012 13:01 EDT

    Two senior citizens are shocked at what they find on the Internet. Photo: Shutterstock.com, all rights reserved.

    The president of the Philippines signed a cyber crime bill into law on Tuesday that, much to the chagrin of Internet freedom activists, outlaws “cybersex,” bans “unsolicited commercial communications” online and imposes criminal penalties on people convicted of libel.

    Activists with the Electronic Frontier Foundation (EFF), an Internet policy group in the U.S., said they are “gravely concerned” that the law infringes upon free expression by even criminalizing consensual sex acts that are recorded by a computer

    The law defines “cybersex” as: “The willful engagement, maintenance, control, or operation, directly or indirectly, of any lascivious exhibition of sexual organs or sexual activity, with the aid of a computer system, for favor or consideration.”

    The Philippines is a well known haven for human trafficking by prostitution rings that force women and girls to perform sex acts for audiences over the Internet. The law’s prohibition of “cybersex” appears to be a legislative attempt to either stamp that industry out entirely or drive it further underground.

    With regards to “unsolicited commercial communications,” the law requires that all online advertisements let users clearly see who sent it and opt-out if they wish. It also prohibits “misleading information” in ads that “induce the recipients to read the message.”

    It also imposed severe penalties for the commission of more traditional cyber crimes like hacking secured computer systems and obtaining private or otherwise secret information.

    The EFF also warned that the new law threatens criminal sanctions against people accused of libel, which was previously a civil crime. Similarly, “cybersquatting” is also illegal under the law, especially in cases where the owner of a web domain has acquired it “in bad faith to profit, mislead, destroy reputation, and deprive others from registering the same.”

    The law prescribes prison time or “a fine of at least two hundred thousand pesos” (about $4,806 U.S. dollars) for listed offenses. Individuals working full time in the Philippines averaged about 29,460 pesos (about $707 U.S. dollars) per year in 2003, according to Philippine government census figures.

    The penalties are “at least double” if a corporation is found to be liable of crimes covered by the law, with a maximum fine of 10 million pesos (about $240,298 U.S. dollars).

    Raw Story (http://s.tt/1nNZL)