NSA- FBI tapping directly into the central servers extracting audio, video chats, photographs, e-mai

J. Abizeid

Well-Known Member

The Ghost of Ronald Reagan Authorizes Most NSA Spying


U.S. intelligence agents have broad authority to spy on U.S. companies as long as they are “believed to have some relationship with foreign organizations or persons” — a description that could conceivably apply to any company with foreign shareholders, subsidiaries, or even employees—according to newly released government documents published this morning by the ACLU.
The trove, which includes documents from the NSA, Department of Justice, and Defense Intelligence Agency, confirms long-standing suspicions that the bulk of U.S. foreign surveillance operations are governed not by acts of Congress, but by a 33-year-old executive order issued unilaterally by President Ronald Reagan.
The documents were released in response to a Freedom of Information Act lawsuit filed by the ACLU and the Media Freedom and Information Access Clinic at Yale Law School, and they detail the extent of the order — which is extraordinarily broad and until recently largely obscure — and which underpins expansive U.S. surveillance programs, like siphoning internet traffic from Google and Yahoo’s overseas data centers, recording every call in the Bahamas, and gathering billions of records on cellphone locations around the world.
They also point to a gap in the public reaction to Ed Snowden’s revelations about those programs. Despite that fact that most of the NSA’s spying relies on Reagan’s directive, Executive Order 12333, the vast majority of reform efforts have concentrated on the Foreign Intelligence Surveillance Act (FISA) and other legislative fixes. “Congress’s reform efforts have not addressed the executive order,” notes Alex Abdo of the ACLU, ”and the bulk of the government’s disclosures in response to the Snowden revelations have conspicuously ignored the NSA’s extensive mandate under EO 12333.”
The documents assert that mandate baldly. A legal factsheet from the NSA, dated June 2013, states that the FISA, which requires judicial oversight over spying on Americans, “only regulates a subset of the NSA’s signals intelligence activities. NSA conducts the majority of its SIGINT activities solely pursuant to the authority provided by Executive Order 12333.”
Often referred to as “twelve triple three” or EO 12333, the executive order came into being in 1981 under Reagan. Much of the post-Snowden debate, particularly with respect to the bulk collection of Americans’ phone records, has focused on the interlocking legal authorities of Section 215 of the Patriot Act and the 2008 FISA Amendments Act. But, the ACLU notes, “because the executive branch issued and now implements the executive order all on its own, the programs operating under the order are subject to essentially no oversight from Congress or the courts.” The documents describe procedures for safeguarding the rights of Americans whose information might be “incidentally” collected under 12333, but those procedures are overseen by the director of national intelligence or the attorney general.
Numerous passages in the newly released documents from the Department of Justice’s Office of Legal Counsel are redacted, and dozens of pages are withheld in full. The few sentences left, for instance, in a 2001 memo by Bush counsel John Yoo are all assertions of the president’s inherent power to conduct surveillance to “protect the national security.” (Once such sentence—”intelligence gathering in direct support of military operations does not trigger constitutional rights against illegal searches and seizures”—substantially aligns with King George III’s position on the matter.) The majority of the FBI documents obtained by the ACLU are similarly censored.
Among the stand-out revelations in the documents:

  • The Defense Intelligence Agency permits collection on U.S. persons, a category which includes not just human American citizens, but also American companies, lawful permanent residents of the U.S., and more — so long as the information collected falls into one of 16 broad categories, which include “[c]ommerical organizations believed to have some relationship with foreign organizations or persons” and “[p]otential sources of assistance to intelligence activities.”

  • The order, which was established long before the era of social media, permits collection of “publicly available” information on Americans, opening the door for massive data-mining operations.

  • The Pentagon draws a distinction between information that is “gathered” and information that is “collected.” According to a 2004 DIA intelligence handbook, information is first “gathered” but is not “collected” until “an affirmative act” has been taken “in the direction of use or retention of that information.” In other words, information is not collected until it has been officially retained in a database, a report or elsewhere. “We see that ‘collection of information’ for DoD…purposes is more than ‘gathering’ —it could be described as ‘gathering, plus,’” the handbook reads.

  • The materials also confirm that EO 12333 information on Americans that has been “incidentally” collected can be passed to other agencies if the collector has reason to believe the information points to evidence of a crime or may contain information pertinent to understanding foreign intelligence. In August, an Intercept investigation revealed extensive information sharing between federal law enforcement and in the intelligence community—including DEA, FBI, CIA and the DIA—through a Google-like search engine known as ICREACH.
A review group appointed by Obama recommended last December that the government should be more cautious with the American data gathered under 12333. Those proposals were rejected, The New York Times recently reported. In July, John Napier Tye, a departing section chief for internet freedom in the State Department’s Bureau of Democracy, Human Rights, and Labor, came forward to publicly to raise concerns about the government’s reliance on 12333.
“Public debate about the bulk collection of U.S. citizens’ data by the NSA has focused largely on Section 215 of the Patriot Act, through which the government obtains court orders to compel American telecommunications companies to turn over phone data,” Tye wrote in an op-ed for The Washington Post. “But Section 215 is a small part of the picture and does not include the universe of collection and storage of communications by U.S. persons authorized under Executive Order 12333.”
“I believe that Americans should be even more concerned about the collection and storage of their communications under Executive Order 12333 than under Section 215,” Tye added.
Explore the documents in full here.

J. Abizeid

Well-Known Member

The NSA and Me

By James Bamford

The tone of the answering machine message was routine, like a reminder for a dental appointment. But there was also an undercurrent of urgency. “Please call me back,” the voice said. “It’s important.”
What worried me was who was calling: a senior attorney with the Justice Department’s secretive Office of Intelligence Policy and Review. By the time I hung up the payphone at a little coffee shop in Cambridge, Mass., and wandered back to my table, strewn with yellow legal pads and dog-eared documents, I had guessed what he was after: my copy of the Justice Department’s top-secret criminal file on the National Security Agency. Only two copies of the original were ever made. Now I had to find a way to get it out of the country—fast.
It was July 8, 1981, a broiling Wednesday in Harvard Square, and I was in a quiet corner of the Algiers Coffee House on Brattle Street. A cool, souk-like basement room, with the piney aroma of frankincense, it made for a perfect hideout to sort through documents, jot down notes, and pore over stacks of newspapers while sipping bottomless cups of Arabic coffee and espresso the color of dark chocolate.

For several years I had been working on my first book, The Puzzle Palace, which provided the first in-depth look at the National Security Agency. The deeper I dug, the more troubled I became. Not only did the classified file from the Justice Department accuse the NSA of systematically breaking the law by eavesdropping on American citizens, it concluded that it was impossible to prosecute those running the agency because of the enormous secrecy that enveloped it. Worse, the file made clear that the NSA itself was effectively beyond the law—allowed to bypass statutes passed by Congress and follow its own super-classified charter, what the agency called a “top-secret birth certificate” drawn up by the White House decades earlier.
Knowing the potential for such an unregulated agency to go rogue, I went on to write two more books about the NSA, Body of Secrets, in 2001, and The Shadow Factory, in 2008. My goal was to draw attention to the dangers the agency posed if it is not closely watched and controlled—dangers that would be laid bare in stark detail by Edward Snowden years later.

“You Want to Hear Something Interesting?”

The idea of writing a book about the NSA had occurred to me several years earlier. During the war in Vietnam, I spent three years in the Navy at Pacific Fleet Headquarters in Hawaii. It was a nice venue a long way from the bloody battlefields, where the only dangers were rogue surfboards on Waikiki Beach and bar fights on Hotel Street. Assigned to an NSAunit, I experienced the war vicariously: One of my jobs every morning was reading a foot-high stack of overnight messages from the war zone, mostly NSAreports classified top secret and higher, and passing them on to whichever project officer had responsibility to simply read or take action.
Later, in law school and running low on cash, I decided to rejoin the Naval Reserve to help pay for living expenses. The Navy was very accommodating, allowing me to pick not only when I wanted to do my two weeks of active duty, but also where. So I decided to request two weeks in October 1974, which coincided with a school break. And for location I chose Puerto Rico—a nice warm island far from chilly Boston. Although I had NSA clearances, I had never worked at an actual NSA intercept site. Nevertheless, the Navy decided to send me down to Sabana Seca, one of the agency’s key listening posts, which focused on Cuba, the Caribbean, and Central and South America.
Like most listening posts at the time, Sabana Seca consisted of a gigantic circular antenna about half a mile wide and a hundred or so feet high, an odd structure that closely resembled its nickname—the “elephant cage.” Known as a Wullenweber antenna, it was used not only to intercept communications, but also to assist in triangulating where the transmissions were coming from. At the center of the elephant cage was the operations building, a windowless, two-story, gray cement Rubik’s cube. Inside were tall racks of receivers with blinking lights, big black dials, oval-shaped gauges, and silver toggle switches facing rows of earphone-clad men and women in blue Navy-issue dungarees.
Unfamiliar with the technology and unable to speak more than rudimentary Spanish, I spent my two weeks pushing a few papers and staying out of the way, hoping to avoid work as much as possible. But one day an intercept operator with whom I had downed a few beers at the base club the night before spotted me and waved me over. “You want to hear something interesting?” he said as he took off his earphones. I thanked him but explained I didn’t speak Spanish. “No, no,” he said, “It’s English.” So I put on the earphones and listened in to what appeared to be several Americans carrying on a conversation. I only heard a few snippets, not enough to get a sense of the topic, but I was surprised. “Interesting,” I said. “You get many Americans speaking?” He said they did on certain channels they were assigned to target. I thanked him, said something about getting another beer later that night, and wandered off to watch some other intercept operators pulling in long reams of blue teletype paper covered in Spanish.
It was only when I was back in Boston, where I had a part-time job as a student prosecutor with the Suffolk County district attorney’s office, that the conversation came back to me. I was working on a case in which the topic of a wiretap came up, and there was a long discussion about procedures for a warrant. I suddenly wondered what legal authority the intercept operators at Sabana Seca had to target American conversations. I did a little research in the law library, but could find nothing that gave the military any powers for warrantless eavesdropping on Americans.
A few weeks later, just before Christmas, The New York Times broke a series of stories by Seymour Hersh outlining Operation Chaos, the program by which the FBI, CIA, and other intelligence agencies targeted U.S. citizens involved in anti-war protests. The articles caused widespread public outrage, followed by a high-profile congressional investigation led by Senator Frank Church. I felt certain that whatever it was I saw—and heard—in Sabana Seca would soon be discovered.
But during the summer of 1975, as reports began leaking out from the Church Committee, I was surprised to learn that the NSA was claiming that it had shut down all of its questionable operations a year and a half earlier. Surprised because I knew the eavesdropping on Americans had continued at least into the prior fall, and may have still been going on. After thinking for a day or so about the potential consequences of blowing the whistle on the NSA—I was still in the Naval Reserve, still attending drills one weekend a month, and still sworn to secrecy with an active NSA clearance—I nevertheless decided to call the Church Committee.
It was July 1, and at first the staffer with whom I spoke sounded skeptical—someone calling out of the blue and accusing the NSA of lying. But after I mentioned my work at Sabana Seca, he asked how soon I could come down to Washington to testify. At 8:40 the next morning, I boarded American Airlines Flight 605 and took seat 13A—an unlucky number, I thought. It would be the first of numerous trips. The committee agreed to keep my name confidential and allowed me to testify in executive session in Sen. Church’s private office. Soon after, committee staffers flew down to Sabana Seca for a surprise inspection. Surprise, indeed. They were shocked to discover the program had never been shut down, despite the NSA’s claims.

Sebana Seca “elephant cage” site, 1994

“Just Because the Information Has Been Published Doesn’t Mean it Should No Longer Be Classified”

The discovery that the NSA had been lying to the Church Committee shocked me. But it also gave me the idea to write the first book about the agency. As more and more revelations came out about the NSA’s widespread, illegal eavesdropping activities, I found myself filled with questions. Where did the agency come from? What did it do? How did it operate? Who was watching it? In the summer of 1979, after a year of research, I submitted a proposal to Houghton Mifflin for The Puzzle Palace, and within a few months was awarded a book contract. It was the start of wild ride, taking on an agency so secret that even New Jersey Sen. Bill Bradley told me, at the time, that he had never heard of it.
I soon learned that there was one major advantage to being first: The NSA had grown so confident that no one would ever dare to write about it that it had let its guard down. I would occasionally drive up to the agency, park in the executive parking lot, walk in the front door to the lobby, get some coffee and have a seat. All around me were employees from the CIA and foreign intelligence agencies, all waiting to be processed for their NSA visitor’s badge. As I read my paper and sipped my coffee, I quietly listened to them chat away about signals intelligence operations, new listening posts, cooperative agreements, and a host of other topics. No one ever asked who I was or why I was there. In the parking lot, I copied the license plate numbers of the dozen cars parked closest to the front entrance, then ran the numbers at the registry of motor vehicles. The result was a Who’s Who of the NSA’s leadership, as well as the liaison officers from America’s so-called Five Eyes surveillance partners: England, Canada, Australia, and New Zealand.

By the summer of 1981, I had also won several significant legal battles with the agency. As a result of an out-of-court settlement, the NSA was forced to give me a tour of the agency, detail the entire structure of its internal organization to me, and provide me interviews with senior officials. Even though the agency was virtually immune from the Freedom of Information Act, I managed to find a loophole that allowed me access to more than 6,000 pages of internal documents. I even worked out an agreement whereby they would provide me with an office in the agency for a week to go through the 6,000 pages. But then the NSA got its revenge—when they handed me the 6,000 pages, they were all out of order, as if they had been shuffled like a new deck of cards. Nothing in the Freedom of Information Act, it turns out, requires collation. The hostility became so intense that the director, Adm. Bobby Ray Inman, accused me of using a “hostage approach” in my battle to force the agency to give me documents and interviews.
But the NSA knew nothing about one of my biggest finds, which took place on the campus of the Virginia Military Institute. Nicknamed “the West Point of the South,” VMI housed the papers of William F. Friedman, a founder of both the NSA and of American cryptology. The NSA’s own auditorium is named after him. Yet Friedman had soured on the agency by the time he retired, and deliberately left his papers to a research library at VMI to get them as far away from the NSA as possible.
After Friedman’s death, and without his permission, agency officials traveled to the library, pulled out hundreds of his personal letters, and ordered them locked away in a secure vault. When I discovered what the NSA had done, I persuaded the library’s archivist to give me access to the letters, all of which were unclassified. Many were embarrassingly critical of the agency, describing its enormous paranoia and obsession with secrecy. Others contained clues to a secret trips that Friedman had made to Switzerland, where he helped the agency gain backdoor access into encryptionsystems that a Swiss company was selling to foreign countries.
I also discovered that a former NSA director, Lt. Gen. Marshall Carter, had left his papers – including reams of unclassified documents from his NSA office – to the same research library at VMI. They included personal, handwritten correspondence from Carter’s British counterpart about listening posts, cooperative agreements, and other sensitive topics. Later, Carter gave me a long and detailed interview about the NSA. The agency knew nothing about either the documents or the interview.

Following the publication of my book, the NSA raided the research library, stamped many of the Friedman documents secret, and ordered them put back into the vault. “Just because information has been published,” NSA director Lincoln Faurer explained to The New York Times, “doesn’t mean it should no longer be classified.” Faurer also flew to Colorado, where Gen. Carter was living in retirement, met with him at the NSA listening post at Buckley Air Force Base, and threatened him with prosecution if he ever gave another interview or allowed anyone else access to his papers.

NSA Ft. Meade campus, 1966

“Prima Facie Questions of Criminality”

But my biggest battle with the NSA came before my book was even published. Without the agency’s knowledge, I had obtained the criminal file that the Justice Department had opened on the NSA. Marked as Top Secret, the file was so sensitive that only two original copies existed. Never before or since has an entire agency been the subject of a criminal investigation. Senior officials at the NSA were even read their Miranda rights.
The secret investigation grew out of the final report by the Rockefeller Commission, a panel that had been set up by President Gerald Ford to parallel the Church Committee. Issued on June 6, 1975, the report noted that both the NSA and CIA had engaged in questionable and possibly illegal electronic surveillance. As a result, Attorney General Edward Levi established a secret internal task force to look into the potential for criminal prosecution. Focusing particularly on NSA, the task force probed more deeply into domestic eavesdropping than any part of the executive branch had ever done before.
I had heard rumors from several sources about such a probe, so I thought it would be worth requesting a copy of the file under FOIA. Nevertheless, I was surprised when the documents, with relatively few redactions, turned up at my door 10 months later. They included a lengthy, detailed “Report on Inquiry into CIA-Related Surveillance Activities” that laid out the investigation in stark detail, as well as a shorter draft “prosecutive summary” evaluating the potential for criminal prosecution. I was shocked that the Justice Department had released them to me without notifying the NSA. An official at Justice later told me that it was standard procedure not to notify the object of a criminal investigation (think John Gotti) once it is completed and requested under FOIA.
It turned out that just as with its investigations into organized crime, the Justice Department had received little cooperation from the potential criminal defendant – in this case, the NSA. Noting that the attitude of agency officials “ranged from circumspection to wariness,” the file made clear that the NSA had stonewalled investigators at every step. “One typically had to ask the right question to elicit the right answer or document,” an attorney for the Justice Department reported. “It is likely, therefore, that we had insufficient information on occasion to frame the ‘magic’ question.”
But the agency’s obstructionism didn’t prevent the Justice Department from finding evidence of serious wrongdoing. The draft prosecutive summary of the Justice Department’s investigative task force, dated March 4, 1977, and classified top secret detailed 23 categories of questionable eavesdropping operations. Five of the illegal activities were immune from prosecution because the statute of limitations had passed, and seven were found to “clearly possess no prosecutive potential.” The rest, however, were fair game for criminal prosecution. Discussing the agency’s Operation Minaret, for example, the full report concluded: “This electronic surveillance activity presents prima facie questions of criminality and is well within the limitations period.”
The prosecutive summary had been sent to Attorney General Benjamin Civiletti for further action. But any attempt to prosecute top officials of America’s most secret agency, the file warned, would almost certainly be met by finger-pointing and scapegoating. “There is likely to be much ‘buck-passing’ from subordinate to superior, agency to agency, agency to board or committee, board or committee to the President, and from the living to the dead,” the report cautioned.
In addition, calling the crimes “an international cause célèbre involving fundamental constitutional rights of United States citizens,” the task force pointed to the likelihood that the NSA would put political pressure on anyone who dared to testify against it. What’s more, the report added, defense attorneys for senior NSA officials would likely subpoena “every tenuously involved government official and former official” to establish that the illegal operations had been authorized from on high. “While the high office of prospective defense witnesses should not enter into the prosecutive decision,” the report noted, “the confusion, obfuscation, and surprise testimony which might result cannot be ignored.”
The report’s prosecutive summary also pointed to the NSA’s top-secret “charter” issued by the Executive Branch, which exempts the agency from legal restraints placed on the rest of the government. “Orders, directives, policies, or recommendations of any authority of the Executive branch relating to the collection . . . of intelligence,” the charter reads, “shall not be applicable to Communications Intelligence activities, unless specifically so stated.” This so-called “birth certificate,” the Justice Department report concluded, meant the NSA did not have to follow any restrictions placed on electronic surveillance “unless it was expressly directed to do so.” In short, the report asked, how can you prosecute an agency that is above the law?


“Put Down the Receiver, Leave the Room, and Keep Walking”

If the first shock to top officials at the NSA was the discovery that they were being investigated as potential criminals, the second shock was that I had a copy of the top secret file on the investigation. When the NSA discovered that the file was in my possession, director Bobby Inman wrote to the attorney general informing him that the documents contained classified information and should never have been handed over to me. But Civiletti, apparently believing that the file had been properly reviewed and declassified, ignored Inman’s protest.
Then, on January 20, 1981, Ronald Reagan was sworn into office. At the Justice Department, Civiletti was replaced by a new attorney general with a much more accommodating attitude when it came to the NSA: William French Smith.
A few months later, while I was working on a chapter of my book that dealt with the Five Eyes partnership, I sent a letter to George Gapp, the senior liaison officer from GCHQ, the NSA’s British counterpart. In the letter, I noted that documents released to me by the Justice Department implicated his agency in Operation Minaret, the illegal NSA program directed against American citizens. I asked whether he knew of GCHQ’s involvement in the operation and whether the agency was currently engaged in any similar activities in the United States.
The letter apparently set off a firestorm, both at the NSA and GCHQ. Lt. Gen. Faurer, who had replaced Inman as director, sent a letter to the new attorney general again pointing out that the documents in my possession contained top-secret material. Considering that they accused his agency of being a criminal enterprise, they were also embarrassing to the NSA, and potentially explosive. The decision was made to try to get them back from me before the publication of my book.
Thus the answering machine message I heard on that steamy day in Cambridge, while I was quietly working away at a back table in the Algiers Coffee House. The call was from Gerald Schroeder, a senior attorney with the Justice Department. When I called him back, he asked whether we could meet in Washington to discuss the file that had been released to me by his own department. The Reagan Justice Department, it seemed, now wanted to reverse the decision of the Carter Justice Department and get the documents back.
Long before the arrival of the internet, and the ability to transfer documents at the tap of a finger, I was very concerned about what the agency might do to retrieve the physical copy of the file in my possession. Years before, when David Kahn had written his monumental history of cryptology, the agency had considered placing him under surveillance and conducting a “surreptitious entry” into his Long Island home to steal the manuscript prior to publication. Decades earlier, after Herbert Yardley wrote about the Black Chamber, the predecessor to NSA, the Justice Department actually did steal the manuscript for his second book, preventing it from ever being published.
My first thought was to quickly make a duplicate of the file and get the copy out of the country. That would protect the documents not only from theft, but also from any court order prohibiting me from revealing their contents. With a copy beyond the jurisdiction of U.S. courts, a foreign newspaper could always publish the documents.

I called a close friend who worked for the Insight Team, the investigative unit of London’s Sunday Times. She agreed to help. It turned out that an American journalist she knew was flying from Boston to London that night, and she quickly arranged for him to take the documents with him and give them to her to hide.

That night I met the journalist on a dark Boston street corner and passed him a package, with the understanding that I was not to tell him what it contained. He wanted as little information as possible, in case he was questioned later. Early the next morning, my friend at the Sunday Times called from London with a code indicating that all was well and that the documents were in a secure place.
With the documents safely beyond the reach of the Justice Department, I next turned to my next problem – finding an attorney to represent me. With the advance on my book totaling $7,500, spread over three years, I was in no position to seek out a white-shoe law firm on Beacon Hill. Instead, I called the ACLU’s Center for National Security Studies and explained my problem. They immediately put me in touch with Mark Lynch, a staff attorney at the center who had considerable experience going up against intelligence agencies, including the NSA. Lynch agreed to represent me.
On July 23, two weeks after I had received the phone call at the coffee shop, Lynch and I met with Schroeder for an hour and a half in the conference room of the center, a cluster of rooms in the stately Stewart Mott house on Capitol Hill. Schroeder began by insisting that the two documents had been released to me “by mistake.” The NSA and the CIA had determined that they contained information that was still classified, he said, and the Justice Department would like me to return them.
I politely informed Schroeder that the documents had been in my possession for more than two years, that material from them was already incorporated into my manuscript, and that the Carter administration had spent 10 months reviewing them before releasing the documents to me. There had been no mistake. In addition, because the documents raised questions about criminal activities by the NSA and CIA, I felt it was important for the public to be informed. In the end, we agreed to another meeting – but this time I insisted that since I had traveled to Washington for the first meeting, they would come to Boston for the next one.
The second meeting took place on August 14, in the editorial conference room of my publisher, Houghton Mifflin, on Beacon Hill. This time, the government dispensed with any attempt at politeness. Accompanying Schroeder were the NSA’s general counsel, Daniel Schwartz, and the agency’s director of policy, Eugene Yeates. They immediately began by interrogating me. How many copies of the document I had made? Whom I had given them to? Where were the documents now located? I responded that none of those questions were on the agenda; since my attorney could not be present, we had agreed in advance that the meeting was simply to allow them to explain the government’s position. Any questions, I said, would have to go through Mark Lynch. I pointed to the phone.
After placing a call to Lynch, Schroeder brought up the possibility of using the espionage statute to force me to return the documents. Lynch immediately asked to speak with me privately.
Once the three officials left the room, Lynch expressed worry over the way the meeting was going. The officials could have a subpoena or a restraining order or a warrant for my arrest in their pocket, he said. He advised me to put down the receiver, call Schroeder to the phone, leave the room – and keep walking. To this day, I still have no idea how long the three officials waited for me to return before finding their way out of the publishing house and back to Washington.
The fight quickly escalated. On September 24, after we informed Schroeder that I was going to use the documents in my book and that all further discussions would be pointless, I received a registered letter. “You are currently in possession of classified information that requires protection against unauthorized disclosure,” Schroeder wrote. “Under the circumstances, I have no choice but to demand that you return the two documents . . . Of course, you will have a continuing obligation not to publish or communicate the information.” To emphasize the point, on November 27 the Justice Department sent my attorney a letter stating that “there should be no misunderstanding of the Government’s position that Mr. Bamford holds information that is currently and properly classified” and that failure to return the documents could force federal prosecutors to resort to an unnamed “post-publication judicial remedy.”
Despite the threats, I refused to alter my manuscript or return the documents. Instead, we argued that according to Executive Order 12065, “classification may not be restored to documents already declassified and released to the public” under the Freedom of Information Act. That prompted the drama to move all the way up to the White House. On April 2, 1982, President Reagan signed a new executive order on secrecy that overturned the earlier one and granted him the authority to “reclassify information previously declassified and disclosed.”
We responded by citing the legal principle of ex post facto, arguing that even if the new executive order was legal, Reagan could not retroactively enforce it against me. The Puzzle Palace was published on schedule, in September 1982, with no deletions or alterations to the text. And ever since then, the NSA’s criminal file – still officially top secret, according to the NSA – has remained on my bookshelf.

NSA supercomputer console, 1971

Wrongdoing Masquerading as Patriotism

More than three decades later, the NSA, like a mom-and-pop operation that has exploded into a global industry, now employs sweeping powers of surveillance that Frank Church could scarcely have imagined in the days of wired phones and clunky typewriters. At the same time, the Senate intelligence committee he once chaired has done an about face, protecting the agencies from the public rather than the public from the agencies.
It is a dangerous combination – one the Church Committee warned of long ago. “The potential for abuse is awesome,” the committee observed, especially when “checks and balances designed … to assure accountability have not been applied.” As the committee presciently noted in its report, “Intelligence collection programs naturally generate ever-increasing demands for new data.”
For proof, one need only look at the NSA’s ever-expanding array of surveillance techniques. The agency’s metadata collection program now targets everyone in the country old enough to hold a phone. The gargantuan data storage facility it has built in Utah may eventually hold zettabytes (1,000,000,000,000,000,000,000 bytes) of information. And the massive supercomputer that the NSA is secretly building in Oak Ridge, Tennessee, will search through it all at exaflop (1,000,000,000,000,000,000 operations per second) speeds.
Without adequate oversight, or penalties for abuse, the only protection that citizens have comes not from Congress or the courts, but from whistleblowers. As one myself, albeit in the most minor capacity, I understand what motivates someone to expose wrongdoing masquerading as patriotism. There is no graduate school for whistleblowing and no handbook for whistleblowers. It’s an imperfect science, and whistleblowers learn from the mistakes of their predecessors. Edward Snowden, Chelsea Manning, Tom Drake, Bill Binney and Kirk Wiebe all came from different backgrounds and worked in different fields. None joined the intelligence community to become a whistleblower, but each was driven by unchecked government abuse to tell the public what they knew to be true.
The solution is not to jail the whistleblowers, or to question the patriotism of those who tell their stories, but to do what Attorney General Edward Levi courageously attempted to do more than a third of a century ago – to have the criminal division of the Justice Department conduct a thorough investigation, and then to prosecute any member of the intelligence community who has broken the law, whether by illegally spying on Americans or by lying to Congress.
I would be happy to lend my copy of the NSA’s criminal file to Attorney General Eric Holder, if he would like to see how to begin. Or he can read it here.








J. Abizeid

Well-Known Member

Authorities Think About Telling You If You’re Watchlisted from Warrantless Spying

David McNew

The Obama Administration might have to start letting people know when they’ve been flagged for terrorist connections based on information picked up from secret NSA spying programs.
That could potentially affect the tens of thousands of individuals on the government’s no fly list, as well as those people and groups that the Treasury Department designates as foreign terrorists, The New York Times reported yesterday.
According to the Times, administration lawyers are debating whether the NSA’s warrantless programs are covered by a provision in the Foreign Intelligence Surveillance Act (FISA) that requires the government to disclose the use of electronic surveillance in any “proceeding” against someone.
NSA warrantless surveillance was brought under FISA in 2008, but the debate was kindled by Edward Snowden’s disclosures in 2013. The Justice Department, for example, recently started notifying criminal defendants when prosecutions involved warrantless spying. (The belated notification came up in the trial of Mohamed Mohamud, who was sentenced today to 30 years for an attempted bombing in Portland, Ore. He tried and failed to challenge the constitutionality of the NSA spying.)
But the Times story also notes that the government may be interpreting the notice requirement– and what counts as a “proceeding” — very narrowly to avoid the ramifications for a broader set of targets of warrantless spying.

J. Abizeid

Well-Known Member
Google chairman Eric Schmidt warns NSA spying could 'break' the internet - The Times of India

Google chairman Eric Schmidt warns NSA spying could 'break' the internet

AFP | Oct 9, 2014, 11.26 AM IST

SAN FRANCISCO: Google's Eric Schmidt said on Wednesday US online spying is a threat so dire it could wind up 'breaking the internet.'

Schmidt's concern was echoed by Facebook, Microsoft, Dropbox and others involved in a panel discussion in Silicon Valley led by Senate finance committee chairman Ron Wyden.

The discussion was about economic and regulatory backlash caused by a US spying scandal that has undermined trust in US internet firms ability or willingness to keep people's online communications private.

"The impact is severe, and it is getting worse," Google's executive chairman and former chief executive said.

"The simplest outcome is that we are going to end up breaking the internet."

Panelists say government-erected barriers to the free flow of data online would essentially break the internet ecosystem that powers economies and lets people share and collaborate across the globe.

Threats are already emerging as countries propose trade barriers disguised as regulations calling for internet companies to host data or services locally, instead of on servers in the United States, panelists said.

Pressure for such 'data localization' includes keeping digital information in the hands of local companies and not US internet firms.

Such laws would defy online efficiencies on which US technology firms rely.

"The notion of having to place data centers and the data itself within regions is fundamentally at odds with the way the internet is architected," said Facebook general counsel Colin Stretch.

Compelling US technology firms to have facilities in countries where they have users would hinder the creation of start-ups for which Silicon Valley is famous for.

"Imagine if Larry (Page) and Sergey (Brin) were sitting around the garage and the Number Two thing on the to-do list was to build a data center in Germany," said Dropbox general counsel Ramsey Homsany, referring to the Google founders early days building the search engine in a rented garage.

Technology start-ups that cannot afford international expansion would find it harder to win investors, according to John Lilly, a partner at Silicon Valley venture capital firm Greylock Partners.

Panel members called for US legislators to rein in online snooping and win back trust from the international community.

In the meantime, they backed taking matters into their own hands by improving security and encryption at their services and networks.

"In the absence of better law, we are all being compelled to invest in better technology," said Microsoft general counsel Brad Smith.

"If people in government are concerned about encryption, they need to invest in better laws."

Leaks last year by former National Security Agency analyst Edward Snowden sparked a massive row over internet and phone data sweeps conducted by the spy agency and US allies.

"The one asset the US has stronger than our military might is our moral authority," Smith said during the panel discussion of damage caused by the spying scandal.

"This decline in trust has not only affected trust in technology products but in the leadership of the United States."

J. Abizeid

Well-Known Member

Edward Snowden’s Girlfriend, Lindsay Mills, Moved to Moscow to Live with Him


CITIZENFOUR, the new film by Intercept co-founding editor Laura Poitras, premiered this evening at the New York Film Festival, and will be in theaters around the country beginning October 24. Using all first-hand, real-time footage, it chronicles the extraordinary odyssey of Edward Snowden in Hong Kong while he worked with journalists, as well the aftermath of the disclosures for the NSA whistleblower himself and for countries and governments around the world.
The film provides the first-ever character study of Snowden and his courageous whistleblowing, contains significant new revelations about all of these events, and will undoubtedly be discussed for years to come. But one seemingly banal — yet actually quite significant — revelation from the film is worth separately highlighting: In June of this year, Snowden’s long-time girlfriend, Lindsay Mills, moved to Moscow to live with him.
Vital to the U.S. government and its assorted loyalists in the commentariat is to depict whistleblowers as destined to live miserable lives. That’s the key to their attempt to deter unwanted disclosure: the message that doing so will result in the full-scale destruction of one’s life. That’s what explains the grotesquely severe mistreatment and 35-year prison term for Chelsea Manning, as well as the repeated, gleeful predictions that Snowden will “end up like Kim Philby,” the British defector to the Soviet Union who, it is claimed, died a premature death from alcoholism, solitude and all-around deprivation.
The reality is that none of that has ever applied to Edward Snowden. Particularly when compared to what he expected his life to be upon deciding to embark on the whistleblowing path — decades of imprisonment in the harsh American penal state, if not worse — his post-Hong Kong life has been fulfilling and rewarding. He speaks, and writes, and is interviewed, and has become an important voice in the global debate he triggered.
But the fact that he is now living in domestic bliss as well, with his long-term girlfriend whom he loves, should forever put to rest the absurd campaign to depict his life as grim and dank. Snowden not only changed how the world thinks about a number of profoundly important political issues by defying its most powerful government, but then was able to build a happy, healthy and fulfilling life for himself. And if he can do that, so can other whistleblowers, which is precisely why so much effort has been devoted to depicting him in all sorts of false lights. What Poitras’ film does is let people judge Snowden for themselves, and that’s one of the aspects that makes it so important and powerful.

J. Abizeid

Well-Known Member

Core Secrets: NSA Saboteurs in China and Germany


The National Security Agency has had agents in China, Germany, and South Korea working on programs that use “physical subversion” to infiltrate and compromise networks and devices, according to documents obtained by The Intercept.
The documents, leaked by NSA whistleblower Edward Snowden, also indicate that the agency has used “under cover” operatives to gain access to sensitive data and systems in the global communications industry, and that these secret agents may have even dealt with American firms. The documents describe a range of clandestine field activities that are among the agency’s “core secrets” when it comes to computer network attacks, details of which are apparently shared with only a small number of officials outside the NSA.
“It’s something that many people have been wondering about for a long time,” said Chris Soghoian, principal technologist for the American Civil Liberties Union, after reviewing the documents. “I’ve had conversations with executives at tech companies about this precise thing. How do you know the NSA is not sending people into your data centers?”
Previous disclosures about the NSA’s corporate partnerships have focused largely on U.S. companies providing the agency with vast amounts of customer data, including phone records and email traffic. But documents published today by The Intercept suggest that even as the agency uses secret operatives to penetrate them, companies have also cooperated more broadly to undermine the physical infrastructure of the internet than has been previously confirmed.
In addition to so-called “close access” operations, the NSA’s “core secrets” include the fact that the agency works with U.S. and foreign companies to weaken their encryption systems; the fact that the NSA spends “hundreds of millions of dollars” on technology to defeat commercial encryption; and the fact that the agency works with U.S. and foreign companies to penetrate computer networks, possibly without the knowledge of the host countries. Many of the NSA’s core secrets concern its relationships to domestic and foreign corporations.
Some of the documents in this article appear in a new documentary, CITIZENFOUR, which tells the story of the Snowden disclosures and is directed by Intercept co-founder Laura Poitras. The documents describe a panoply of programs classified with the rare designation of “Exceptionally Compartmented Information,” or ECI, which are only disclosed to a “very select” number of government officials.

Sentry Eagle

The agency’s core secrets are outlined in a 13-page “brief sheet” about Sentry Eagle, an umbrella term that the NSA used to encompass its most sensitive programs “to protect America’s cyberspace.”
“You are being indoctrinated on Sentry Eagle,” the 2004 document begins, before going on to list the most highly classified aspects of its various programs. It warns that the details of the Sentry Eagle programs are to be shared with only a “limited number” of people, and even then only with the approval of one of a handful of senior intelligence officials, including the NSA director.
“The facts contained in this program constitute a combination of the greatest number of highly sensitive facts related to NSA/CSS’s overall cryptologic mission,” the briefing document states. “Unauthorized disclosure…will cause exceptionally grave damage to U.S. national security. The loss of this information could critically compromise highly sensitive cryptologic U.S. and foreign relationships, multi-year past and future NSA investments, and the ability to exploit foreign adversary cyberspace while protecting U.S. cyberspace.”
The document does not provide any details on the identity or number of government officials who were supposed to know about these highly classified programs. Nor is it clear what sort of congressional or judicial oversight, if any, was applied to them. The NSA refused to comment beyond a statement saying, “It should come as no surprise that NSA conducts targeted operations to counter increasingly agile adversaries.” The agency cited Presidential Policy Directive 28, which it claimed “requires signals intelligence policies and practices to take into account the globalization of trade, investment and information flows, and the commitment to an open, interoperable, and secure global Internet.” The NSA, the statement concluded, “values these principles and honors them in the performance of its mission.”
Sentry Eagle includes six programs: Sentry Hawk (for activities involving computer network exploitation, or spying), Sentry Falcon (computer network defense), Sentry Osprey (cooperation with the CIA and other intelligence agencies), Sentry Raven (breaking encryption systems), Sentry Condor (computer network operations and attacks), and Sentry Owl (collaborations with private companies). Though marked as a draft from 2004, it refers to the various programs in language indicating that they were ongoing at the time, and later documents in the Snowden archive confirm that some of the activities were going on as recently as 2012.


One of the most interesting components of the “core secrets” involves an array of clandestine activities in the real world by NSA agents working with their colleagues at the CIA, FBI, and Pentagon. The NSA is generally thought of as a spying agency that conducts its espionage from afar—via remote commands, cable taps, and malware implants that are overseen by analysts working at computer terminals. But the agency also participates in a variety of “human intelligence” programs that are grouped under the codename Sentry Osprey. According to the briefing document’s description of Sentry Osprey, the NSA “employs its own HUMINT assets (Target Exploitation—TAREX) to support SIGINT operations.”
According to a 2012 classification guide describing the program, TAREX “conducts worldwide clandestine Signals Intelligence (SIGINT) close-access operations and overt and clandestine Human Intelligence (HUMINT) operations.” The NSA directs and funds the operations and shares authority over them with the Army’s Intelligence and Security Command. The guide states that TAREX personnel are “integrated” into operations conducted by the CIA, FBI, and Defense Intelligence Agency. It adds that TAREX operations include “off net-enabling,” “supply chain-enabling,” and “hardware implant-enabling.”
According to another NSA document, off-net operations are “covert or clandestine field activities,” while supply-chain operations are “interdiction activities that focus on modifying equipment in a target’s supply chain.”
The NSA’s involvement in supply-chain interdiction was previously revealed in No Place to Hide, written by Intercept co-founder Glenn Greenwald. The book included a photograph of intercepted packages being opened by NSA agents, and an accompanying NSA document explained the packages were “redirected to a secret location” where the agents implanted surveillance beacons that secretly communicated with NSA computers. The document did not say how the packages were intercepted and did not suggest, as the new documents do, that interception and implants might be done by clandestine agents in the field.
The TAREX guide lists South Korea, Germany, and Beijing, China as sites where the NSA has deployed a “forward-based TAREX presence;” TAREX personnel also operate at domestic NSA centers in Hawaii, Texas, and Georgia. It also states that TAREX personnel are assigned to U.S. embassies and other “overseas locations,” but does not specify where. The document does not say what the “forward-based” personnel are doing, or how extensive TAREX operations are. But China, South Korea, and Germany are all home to large telecommunications equipment manufacturers, and China is known to be a key target of U.S. intelligence activities.
Although TAREX has existed for decades, until now there has been little information in the public domain about its current scope. A 2010 book by a former Defense Intelligence Agency officer, Lt. Col. Anthony Shaffer, described TAREX operations in Afghanistan as consisting of “small-unit, up-close, intelligence-gathering operatives. Usually two-to-three man units.”

“Under Cover” Agents

The most controversial revelation in Sentry Eagle might be a fleeting reference to the NSA infiltrating clandestine agents into “commercial entities.” The briefing document states that among Sentry Eagle’s most closely guarded components are “facts related to NSA personnel (under cover), operational meetings, specific operations, specific technology, specific locations and covert communications related to SIGINT enabling with specific commercial entities (A/B/C).”
It is not clear whether these “commercial entities” are American or foreign or both. Generally the placeholder “(A/B/C)” is used in the briefing document to refer to American companies, though on one occasion it refers to both American and foreign companies. Foreign companies are referred to with the placeholder “(M/N/O).” The NSA refused to provide any clarification to The Intercept.
The document makes no other reference to NSA agents working under cover. It is not clear whether they might be working as full-time employees at the “commercial entities,” or whether they are visiting commercial facilities under false pretenses. The CIA is known to use agents masquerading as businessmen, and it has used shell companies in the U.S. to disguise its activities.
There is a long history of overt NSA involvement with American companies, especially telecommunications and technology firms. Such firms often have employees with security clearances who openly communicate with intelligence agencies as part of their duties, so that the government receives information from the companies that it is legally entitled to receive, and so that the companies can be alerted to classified cyber threats. Often, such employees have previously worked at the NSA, FBI, or the military.
But the briefing document suggests another category of employees—ones who are secretly working for the NSA without anyone else being aware. This kind of double game, in which the NSA works with and against its corporate partners, already characterizes some of the agency’s work, in which information or concessions that it desires are surreptitiously acquired if corporations will not voluntarily comply. The reference to “under cover” agents jumped out at two security experts who reviewed the NSA documents for The Intercept.
“That one bullet point, it’s really strange,” said Matthew Green, a cryptographer at Johns Hopkins University. “I don’t know how to interpret it.” He added that the cryptography community in America would be surprised and upset if it were the case that “people are inside [an American] company covertly communicating with NSA and they are not known to the company or to their fellow employees.”
The ACLU’s Soghoian said technology executives are already deeply concerned about the prospect of clandestine agents on the payroll to gain access to highly sensitive data, including encryption keys, that could make the NSA’s work “a lot easier.”
“As more and more communications become encrypted, the attraction for intelligence agencies of stealing an encryption key becomes irresistible,” he said. “It’s such a juicy target.”
Of course the NSA is just one intelligence agency that would stand to benefit from these operations. China’s intelligence establishment is believed to be just as interested in penetrating American companies as the NSA is believed to be interested in penetrating Chinese firms.
“The NSA is a risk [but] I worry a lot more about the Chinese,” said Matthew Prince, chief executive of CloudFlare, a server company. “The insider threat is a huge challenge.” Prince thinks it is unlikely the NSA would place secret agents inside his or other American firms, due to political and legal issues. “I would be surprised if that were the case within any U.S. organization without at least a senior executive like the CEO knowing it was happening,” he said. But he assumes the NSA or CIA are doing precisely that in foreign companies. “I would be more surprised if they didn’t,” he said.

Corporate Partners

The briefing sheet’s description of Sentry Owl indicates the NSA has previously unknown relationships with foreign companies. According to the document, the agency “works with specific foreign partners (X/Y/Z) and foreign commercial industry entities” to make devices and products “exploitable for SIGINT”—a reference to signals intelligence, which is the heart of the NSA’s effort to collect digital communications, such as emails, texts, photos, chats, and phone records. This language clarifies a vague reference to foreign companies that appears in the secret 2013 budget for the intelligence community, key parts of which were published last year from the Snowden archive.
The document does not name any foreign companies or products, and gives no indication of the number or scale of the agency’s ties to them. Previous disclosures from the Snowden archive have exposed the agency’s close relationships with foreign intelligence agencies, but there has been relatively little revealed about the agency gaining the help of foreign companies.
The description of Sentry Hawk, which involves attacks on computer networks, also indicates close ties with foreign as well as American companies. The document states that the NSA “works with U.S. and foreign commercial entities…in the conduct of CNE [Computer Network Exploitation].” Although previous stories from the Snowden archive revealed a wide range of NSA attacks on computer networks, it has been unclear whether those attacks were conducted with the help of “commercial entities”—especially foreign ones. The document does not provide the names of any of these entities or the types of operations.
Green, the cryptography professor, said “it’s a big deal” if the NSA is working with foreign companies on a greater scale than currently understood. Until now, he noted, disclosures about the agency’s corporate relationships have focused on American companies. Those revelations have harmed their credibility, nudging customers to foreign alternatives that were thought to be untouched by the NSA. If foreign companies are also cooperating with the NSA and modifying their products, the options for purchasing truly secure telecommunications hardware are more limited than previously thought.
The briefing sheet does not say whether foreign governments are aware that the NSA may be working with their own companies. If they are not aware, says William Binney, a former NSA crypto-mathematician turned whistleblower, it would mean the NSA is cutting deals behind the backs of friendly and perhaps not-so-friendly governments.
“The idea of having foreign corporations involved without any hint of any foreign government involved is significant,” he said. “It will be an alert to all governments to go check with their companies. Bring them into parliament and put them under oath.”
The description of Sentry Raven, which focuses on encryption, provides additional confirmation that American companies have helped the NSA by secretly weakening encryption products to make them vulnerable to the agency. The briefing sheet states the NSA “works with specific U.S. commercial entities…to modify U.S manufactured encryption systems to make them exploitable for SIGINT.” It doesn’t name the commercial entities or the encryption tools they modified, but it appears to encompass a type of activity that Reuters revealed last year—that the NSA paid $10 million to the security firm RSA to use a weak random number generator in one of its encryption programs.
The avalanche of NSA disclosures since the Snowden leaks began in 2013 has shattered whatever confidence technologists once had about their networks. When asked for comment on the latest documents, Prince, the CEO of CloudFlare, began his response by saying, “We’re hyper-paranoid about everything.”

J. Abizeid

Well-Known Member
The World Masses Must Wake up from their Amnesia...

The Virtual Interview: Edward Snowden – The New Yorker Festival
Last edited by a moderator:

J. Abizeid

Well-Known Member
Interestingly enough, those who consider RT pure Rissian propaganda tool started paying more attention to it since FOX and CNN’s priorities are pure entertainment while the world is burning…


​‘Hostile to privacy’: Snowden urges internet users to get rid of Dropbox

General view of atmosphre at Edward Snowden Interviewed by Jane Mayer at the MasterCard stage at SVA Theatre during The New Yorker Festival 2014 on October 11, 2014 in New York

Edward Snowden has hit out at Dropbox and other services he says are “hostile to privacy,” urging web users to abandon unencrypted communication and adjust privacy settings to prevent governments from spying on them in increasingly intrusive ways.
“We are no longer citizens, we no longer have leaders. We’re subjects, and we have rulers,” Snowden told The New Yorker magazine in a comprehensive hour-long interview.
There isn’t enough investment into security research, into understanding how metadata could better be protected and why that is more necessary today than yesterday, he said.
READ MORE: ‘Seen’ in New York: Edward Snowden on the run again
The whistleblower believes one fallacy in how authorities view individual rights has to do with making the individual forsake those rights by default. Snowden’s point is that the moment you are compelled to reveal that you have nothing to hide is when the right to privacy stops being a right – because you are effectively waiving that right.
“When you say, ‘I have nothing to hide,’ you’re saying, ‘I don’t care about this right.’ You’re saying, ‘I don’t have this right, because I’ve got to the point where I have to justify it.’ The way rights work is, the government has to justify its intrusion into your rights – you don’t have to justify why you need freedom of speech.”
In that situation, it becomes OK to live in a world where one is no longer interested in privacy as such – a world where Facebook, Google and Dropbox have become ubiquitous, and where there are virtually no safeguards against the wrongful use of the information one puts there.

In particular, Snowden advised web users to “get rid” of Dropbox. Such services only insist on encrypting user data during transfer and when being stored on the servers. Other services he recommends instead, such as SpiderOak, encrypt information while it’s on your computer as well.
“We're talking about dropping programs that are hostile to privacy,” Snowden said.
The same goes for social networks such as Facebook and Google, too. Snowden says they are “dangerous” and proposes that people use other services that allow for encrypted messages to be sent, such as RedPhone or SilentCircle.
The argument that encryption harms security efforts to capture terrorists is flawed, even from a purely legalistic point of view, Snowden said, explaining that you can still retain encryption and have the relevant authorities requesting private information from phone carriers and internet providers on a need-to-know basis.
READ MORE: Snowden reunited with dancer girlfriend in Moscow
And the penchant for close, secretive cooperation with the government will only cost companies money and jobs, Snowden added, because no one would want to buy a phone made by a company that provides inherent backdoors for third parties to access your information.
“The same rights that we inherited our children deserve to inherit the same way,” Snowden said.
“But ultimately we have to remember that political reform in the United States is not going to solve the problem globally. Governments [everywhere] are going to have their own national laws. And these can be terrible governments… so, because of that, you have to use secure communications… the real key is that companies willing to collaborate with the government and compromise their products and services do not deserve to be trusted with your data. Because if they do it for one government, they’ll do it for another government,” Snowden said.
For consumers to retain trust in the services they use, they need to fight for the very idea of privacy, to keep the topic in focus, he said, adding: “I speak with computer scientists and cryptographers every day to try to figure out how we can create solutions” for metadata to be appreciated and viewed as someone’s own private business.
READ MORE: Second 'Snowden' leaking classified data?
“There are solutions, there are ways forward, and we need to pursue them, to work toward them,” Snowden said. “And we need to say that this is an effort worth doing.”
The whistleblower continues to lead a secretive existence in Russia, where he’s been stranded since June 2013, hiding from his own government, which is seeking to prosecute him for his crimes behind closed doors.
“I’ve told the government again and again in negotiations, you know, that if they’re prepared to offer an open trial, a fair trial in the same way that Dan Ellsberg got, and I’m allowed to make my case to the jury, I would love to do so,” Snowden said. “But to this point they’ve declined.”

J. Abizeid

Well-Known Member

How The NSA Plans To Recruit Your Teenagers


Kids across America no longer have to wait until college to plan on being a part of the National Security Agency. In fact, they could start preparing for their NSA careers as early as age 13.

The NSA has begun sponsoring cybersecurity camps for middle and high school students, agency recruiter Steven LaFountain told CNBC’s Eamon Javers in a recent interview. Six prototype camps launched this past summer, and the NSA hopes to eventually have a presence in schools in all 50 states.
The camps, LaFountain told CNBC, teach “low-level programming… where most cybersecurity vulnerabilities are” and sponsor activities like a “wireless scavenger hunt” in which 10th graders were dispatched to hunt down “rogue access points.” The general idea is to eliminate “threats out there on the Internet”
“The students are really, really into it,” LaFountain added.
This isn’t the first time the NSA has reached out to the youth of America. In 2010, the NSA introduced CryptoKids, animated characters tasked with the vital mission of informing kids about cybersecurity. And unlike Saturday morning cartoons, the CryptoKids are still going strong.
If the NSA wants to give its summer camp program the same longevity, it might think about bulking up the curriculum. Somehow, despite training kids in sophisticated techniques to defeat computer and network attacks, the agency’s curriculum is silent on one of the simplest, and highest profile, data breaches in NSA history. “I typically don’t talk to them about” Edward Snowden, the former NSA contractor who leaked a vast trove of secrets, LaFountain said.
No word yet on if the curriculum offers students an Intro to Executive Order 12333 or gives them spark notes on using FISA warrants to surveil American activists.

J. Abizeid

Well-Known Member
'Privacy should be upheld, otherwise it will lead to totalitarianism'

Last edited by a moderator:

J. Abizeid

Well-Known Member

New Zealand Cops Raided Home of Reporter Working on Snowden Documents


Agents from New Zealand’s national police force ransacked the home of a prominent independent journalist earlier this month who was collaborating with The Intercept on stories from the NSA archive furnished by Edward Snowden. The stated purpose of the 10-hour police raid was to identify the source for allegations that the reporter, Nicky Hager, recently published in a book that caused a major political firestorm and led to the resignation of a top government minister.
But in seizing all the paper files and electronic devices in Hager’s home, the authorities may have also taken source material concerning other unrelated stories that Hager was pursuing. Recognizing the severity of the threat posed to press freedoms from this raid, the Freedom of the Press Foundation today announced a global campaign to raise funds for Hager’s legal defense.
In August, one month before New Zealand’s national election, Hager published Dirty Politics, which showed that key figures in Prime Minister John Key’s National Party were feeding derogatory information about their opponents to a virulent right-wing blogger named Cameron Slater. Hager published evidence in the form of incriminating emails, provided by a hacker, demonstrating coordination between National Party officials and Slater. The ensuing scandal forced the resignation of a top Key ally, Justice Minister Judith Collins, and implicated numerous other National Party officials and supporters. Despite the scandal, the National Party won a resounding victory in the election, sending Key to a third term as prime minister.
On October 2—less than two weeks after the election—detectives from a regional “major crime team” came to Hager’s Wellington home armed with a search warrant authorizing them to seize anything that might lead them to the identity of his source for Dirty Politics. The warrant shows that prior to the raid, a police “intelligence analyst” had studied Hager’s media appearances in an effort to discover information about his sources for the book, taking particular note of references Hager made to knowing the source’s identity.
While there is no evidence that Hager’s work on NSA documents was a factor in the raid, it is possible that authorities knew or suspected that he had been given access to some of those documents. Over the past several months, Hager has exchanged multiple encrypted emails with reporters at The Intercept which, if obtained by New Zealand authorities under a warrant, could have tipped them off to the existence of a relationship. When The Intercept reported last month on the activities of the nation’s surveillance agency GCSB, we made clear that we were working with local journalists on further stories, and it was widely speculated that Hager was the likeliest local candidate for such a partnership. At the time, Key expressed concern that future stories from the Snowden archive could jeopardize the country’s bid for a seat on the U.N. Security Council.
Whether or not Hager’s work with The Intercept may have partially motivated the raid, the situation underscores the dangers of using invasive law enforcement tactics against reporters—they impede the reporting process, render source relationships very difficult to protect, and offer the very authorities that reporters are attempting to hold accountable a window into their ongoing reporting. (The Intercept‘s collaboration with Hager will proceed.)
The raid at Hager’s home took place while he was out of town, visiting the University of Auckland to give a series of lectures. Six officers arrived at his home at 7:45 a.m., waking his 22-year-old daughter, who was presented with a search warrant as she answered the door.
Once they entered the property, detectives spent ten hours sifting through Hager and his family’s personal effects, making copies of any USB storage devices they found and seizing Hager’s computer, personal documents, a camera, a dictaphone, CDs, and dozens of other items—not to mention his daughter’s laptop, cellphones, and iPod.
“This was an unusually heavy action for New Zealand police to take against someone in the media,” Hager told The Intercept. “Occasionally police use a warrant to go after a particular piece of evidence held by a media person or organization. But hours of sifting through someone’s files and seizing piles of their materials does not normally occur. It has a strong smell of politics about it.”
Hager, New Zealand’s most well known independent reporter, emphasized the potential damage the raid could have on work that is wholly unrelated to Dirty Politics: “It is disruptive to anyone’s work to suddenly not have their computers and especially an investigative journalist’s work. There is now also the legal battle to get my equipment and files back untouched. There is no choice about fighting it. I have to protect this and other sources for life or why should anyone ever trust me again?”
The New Zealand Police did not immediately respond to email request seeking comment. Hager is challenging the legality of the warrant in court, and the property that was seized remains sealed and unavailable to the police for the time being.
Although he is being represented by pro bono counsel, Hager has already incurred legal expenses reaching into the thousands of dollars, and New Zealand’s “loser pays” provision could subject him to a very large monetary judgment if he loses. The Freedom of the Press Foundation campaign to raise money for Hager is intended to help him fight for the return of his property, challenge the legality of the raid, and defend himself against any potential future threats stemming from his work as a journalist. (The Intercept‘s Glenn Greenwald and Laura Poitras are co-founders of the foundation and, along with Edward Snowden and Intercept technology analyst Micah Lee, are also board members; in May, The Intercept‘s parent company First Look Media donated $350,000 to the foundation.)
Press freedoms are under increasing assault in the English-speaking world—there have been similar controversies in the other Five Eyes alliance nations of the U.S., the U.K., Australia, and Canada—and the ability of New Zealand police officers to cavalierly raid the home of a reporter who has criticized the government in power threatens to establish a dangerous precedent everywhere reporters operate. A successful campaign on Hager’s behalf would signal that people around the world are willing to defend basic press freedoms and stand against such assaults. Those wishing to do so can contribute to Hager’s defense fund here.

J. Abizeid

Well-Known Member
Ed Snowden Taught Me To Smuggle Secrets Past Incredible Danger. Now I Teach You.

By Micah Lee @micahflee
Today at 10:36 AM

Late on the evening of January 11, 2013, someone sent me an interesting email. It was encrypted, and sent from the sort of anonymous email service that smart people use when they want to hide their identity. Sitting at the kitchen table in the small cottage where I lived in Berkeley with my wife and two cats, I decrypted it.
The anonymous emailer wanted to know if I could help him communicate securely with Laura Poitras, the documentary filmmaker who had repeatedly cast a critical eye on American foreign policy.

From: [email protected]■■■■■■■■■
To: Micah Lee
Date: Fri, 11 Jan 2013
I’m a friend. I need to get information securely to Laura Poitras and her alone, but I can’t find an email/gpg key for her.
Can you help?
I didn’t know it at the time, but I had just been contacted by Edward Snowden, the National Security Agency contractor who was then preparing a momentous leak of government data.
A month earlier, Snowden had anonymously emailed Glenn Greenwald, a Guardian journalist and chronicler of war-on-terror excesses, but Greenwald didn’t use encryption and didn’t have the time to get up to speed, so Snowden moved on. As is now well known, Snowden decided to contact Poitras because she used encryption. But he didn’t have her encryption key, as is necessary to send someone encrypted email, and the key wasn’t posted on the web. Snowden, extraordinarily knowledgeable about how internet traffic is monitored, didn’t want to send her an unencrypted email, even if just to ask for her key. So he needed to find someone he thought he could trust who both had her key and used encrypted email.
That was me.
And as it turned out, several months later I was drawn more deeply into the whole thing, when Snowden got back in touch and asked me to work with him to launch an online anti-surveillance petition.
Until now, I haven’t written about my modest role in the Snowden leak, but with the release of Poitras’ documentary on him, “Citizenfour,” I feel comfortable connecting the dots. I think it’s helpful to show how privacy technologists can work with sources and journalists to make it possible for leaks to happen in a secure way. Securing those types of interactions is part of my job now that I work with Greenwald and Poitras at The Intercept, but there are common techniques and general principles from my interactions with Snowden that could serve as lessons to people outside this organization.
When I got that first email, I was working as a staff technologist for the Electronic Frontier Foundation and as the chief technology officer of the Freedom of the Press Foundation. My encryption key was posted at both sites, so Snowden was able to find it easily, and the key was digitally signed by people who were well-known in the privacy world (pioneering blogger Cory Doctorow and free software champion Richard Stallman, for instance); this meant those people had digitally vouched, in a way that was incredibly difficult to forge, that the key really belonged to me and not to, say, some NSA trickster. In other words, Snowden didn’t need to worry about the key being a fake. Poitras was a founding board member of the FPF, so he assumed I would have her key, and he was right.
It wasn’t uncommon for me to receive the type of email Snowden sent — strangers send me encrypted emails all the time, requesting help. Some of those emails are from people who appear to have personal issues to work out, but the inquiry from Snowden, emailing under a pseudonym, struck me as serious. I quickly forwarded it in an encrypted email to Poitras. The encryption technology we used — the standard among email users concerned with privacy — is known by two acronyms: GPG, for GNU Privacy Guard, or PGP, for Pretty Good Privacy.
From: Micah Lee
To: Laura Poitras
Date: Sat, 12 Jan 2013
Hey Laura,
This person just send me this GPG encrypted email. Do you want to respond? If you want to, and you need any help with using crypto, I’m happy to help.
Like me, Poitras was accustomed to receiving anonymous inquiries, and she recognized that this one was credible. A few hours later, she sent me a reply.
From: Laura Poitras
To: Micah Lee
Date: Sat, 12 Jan 2013
Hey Micah,
Thanks for asking. Sure, you can tell this person I can be reached with GPG at: [email protected]
I’ll reply with my public key.
I’m also on jabber/OTR at:
[email protected]
I hope all is good with you!
The frustrating and ironic thing about GPG is that even experts make mistakes with it. Even, as it turns out, Edward Snowden.
I now had Poitras’ permission to send Snowden her encryption key, but in his first email to me, Snowden had forgotten to attach his key, which meant I could not encrypt my response. I had to send him an unencrypted email asking for his key first. His oversight was of no security consequence—it didn’t compromise his identity in any way—but it goes to show how an encryption system that requires users to take specific and frequent actions almost guarantees mistakes will be made, even by the best users.
After receiving Snowden’s key, I sent him an encrypted email with Poitras’ key. This enabled him to send his first encrypted email to Poitras, in which he called himself Citizenfour. But I wasn’t out of the identity-confirmation picture yet.
Snowden and Poitras quickly set up a more secure channel for communication. Poitras created an anonymous email account, doing so with the Tor Browser that masks your identity on the web, and she created a new GPG key, just for communicating with Citizenfour. This was advisable because, if she were under surveillance by the NSA or any other intelligence agency, they might have compromised her known accounts, and she would prefer for there to be no trace of her true name in the correspondence with this secrecy-seeking stranger.
But the internet is a hall of mirrors. Even though Snowden and Poitras had set up new anonymous email accounts and traded GPG keys through a trusted chain of communication, it’s still possible that something could have gone wrong. Maybe one end of the communication (either Snowden or Poitras) could have had their computer hacked, with the attacker in a position to impersonate them. Or maybe they could be victim to a man-in-the-middle attack where, for example, the NSA tricks two parties who think they’re having an encrypted conversation directly with each other into secretly having two separate encrypted conversations with the attacker, who forwards their messages along.
To be extra sure that these things weren’t happening, Snowden wanted to verify through a separate channel that he had Laura’s legitimate key. He asked Poitras to get me to tweet the fingerprint of her new GPG key.
Just a tiny bit of background: encryption keys are technically just strings of random data that scramble and unscramble information. Because these keys are too long to memorize or conveniently post on bios or put on business cards, each one has a far shorter “fingerprint” that is unique to the key. These fingerprints are just 40 characters long. To verify the new key that Poitras had sent him, Snowden needed to receive her new fingerprint from me and then compare it to the one he was using.
If the fingerprint that I tweeted didn’t match the key that Poitras sent him, that would be evidence that NSA or some other actor may be attempting a man-in-the-middle attack. If the fingerprints matched, however, he could be confident that he had her real key and no one was attacking their communication.
On January 28, Laura sent me the following encrypted email—
From: [email protected]
To: Micah Lee
Date: Mon, 28 Jan 2013
Hey Micah,
This is Laura Poitras.
Someone is trying to verify my fingerprint to this email. The person has proposed you tweet the fingerprint. Would you be able to tweet this to your acct:
1EBF 5F15 850C 540B 3142 F158 4BDD 496D 4C6C 5F25
Let me know if possible.
It might seem strange to use Twitter, a public platform, to convey crucial information, but in some circumstances it makes perfect sense. Doing a man-in-the-middle attack against encrypted email without getting caught is significantly simpler than performing an attack on a public platform that anyone in the world might notice. If NSA had hacked my Twitter account and posted the wrong fingerprint, there’s a good chance I, or one of my followers, would notice and start looking into it.
So on January 28, I tweeted Poitras’ new fingerprint:

With that, Snowden, using the handle Citizenfour, had a very secure channel for communicating with Poitras, using the email address [email protected]. I assumed this would be the end of my work with him.
Encrypting Greenwald

Snowden signed off from my life, or so I thought, with a final request: He asked that I help Greenwald get encrypted. He said it was an important task, though he didn’t tell me why. He also told me that someday I would be proud of the role I was playing.
I tried to teach GPG to Greenwald but I had the same problem Snowden had encountered when he reached out in December, that Greenwald was busy and couldn’t focus on it. Several months later, however, I succeeded in getting Greenwald up to speed on using an encrypted chat system called Off-the-Record (OTR), which is much simpler than GPG. For the first time he was able to have encrypted communications on the internet.
Then, on May 9, I got an encrypted email from Poitras that was exciting and alarming.
From: Laura Poitras
To: Micah Lee
Date: Thu, 9 May 2013
I’m working on something with Glenn and I really need to get him on a secure (preferably Tails) system. He does not have the technical skills to set this up himself, and I’m trying to keep things compartmentalized, so I don’t want to email him about this topic directly on a non-secure channel.
Poitras didn’t tell me what was going on, and I didn’t ask. Not who, not what. The same with Greenwald. I didn’t ask. This was basic operational security. Whatever they were doing was sensitive, and I had no need to know. Whether you’re working in the analog or digital world, this is one of the simplest and most important security practices: share secrets only with people who have to know. The fewer people who know a secret, the lower the chances are that it will be compromised.
Tails, the secure system Poitras asked me to get for Greenwald, is serious business. It’s a hardened operating system designed for people who need to be anonymous, and not a lot of people use it. The acronym stands for The Amnesic Incognito Live System. Before Poitras asked me to teach it to Greenwald, I had never used it. Crucially, everything you do in Tails is anonymous. All internet activity is routed through Tor, so by default your privacy is protected. And you run Tails directly off of a DVD or a USB stick — it is not installed on your hard drive. Since Tails operates completely independently from your hard drive and usual operating system, it offers a hefty dose of protection from malware and from anyone who might inspect your computer to look at what you’ve been doing.
It’s also a free software project, just like Tor, GPG, and OTR. That means the code is open source and can be peer reviewed, a level of transparency that makes the software resistant to backdoors, covert access points buried deep in the code.
On May 13, after creating a customized version of Tails for Greenwald, I hopped on my bike and pedaled to the FedEx office on Shattuck Avenue in Berkeley, where I slipped the Tails thumb drive into a shipping package, filled out a customs form that asked about the contents (“Flash Drive Gift,” I wrote), and sent it to Greenwald in Brazil. He received the package two weeks later, it having been delayed in transit, for what I believed to be bureaucratic rather than nefarious reasons, and the blue thumb drive actually made a cameo appearance in “Citizenfour.” For a technologist, this was a dream come true.

Snowden’s Website

Near the end of May, I received an anonymous and encrypted email from an account called “verax,” which is Latin for “truth teller.” The writer told me that he was the same person I had been in touch with several months earlier. He had a new request.
Would I help him build a website that would launch a global petition against surveillance?
I still didn’t know his name, where he was located, or what else he was up to, though clearly whatever he had going on with Poitras and Greenwald was sensitive. Because of my respect for them, I believed that anything they were going to this much trouble to accomplish was going to be worthwhile, so I agreed to build the site. I started using Tails in all my work with the contact, because I sensed that I had to take the highest security precautions possible. As Poitras had done with him in January, I created a new anonymous email account and GPG key just for communicating with him. He was glad that I did.
From: [email protected]■■■■■■■■■
To: ■■■■■■■■■
Date: Sat, 1 Jun 2013
Got it. Good idea, btw. There are some issues with keys being used for fingerprinting as they move over the network.
He said he was writing an anti-surveillance manifesto that he wanted to post on the yet-to-be-named site, along with a petition that people could add their names to. The site would be unveiled once the journalists he was working with published their first stories. I had ample experience building privacy-respecting websites, including many online petitions for EFF. Among others, I built a petition against the draconian online copyright enforcement bill SOPA that sent more than a million emails to Congress. So this was familiar territory for me.
Working in Tails to remain anonymous while I developed the site, however, meant that this would be trickier than the web development I’d done in the past. I didn’t have access to the latest browsers I was used to, and I didn’t dare test the mobile version of the site on my smartphone. I also had concern that my coding style might betray my identity: my code for this project used similar commenting and naming conversions as other code I’d written in the past. Trying to develop software without your personal coding style is like trying to write an essay using someone else’s voice. I was also concerned that the visual designs I was creating could be compared to my work in the past.
Snowden was even more worried about detection, though I didn’t know it at the time. He expected to be quickly arrested and prevented from speaking for himself, and predicted that the government would use that silence to mischaracterize his intentions. To keep that from happening, Snowden decided to take a highly visible online stand against mass surveillance. Part of his plan included the petition website that he asked me to build.
On May 27, Snowden had his first encrypted conversation directly with Greenwald, who agreed to travel to Hong Kong with Poitras, funded by Guardian.
As my work on the site got underway, I had an encrypted chat with Poitras and mentioned what I was doing, though I didn’t give her many details; just as I didn’t need to know everything she was doing, she didn’t need to know everything I was doing. She warned me to be extremely careful, and added that a very big story was in the works. I promised to be careful.
I was in a strange position. I was working with Snowden (whose name, in late May, I still didn’t know) and I suspected he was a whistleblower working with Poitras, but I didn’t know what he was blowing the whistle on, I didn’t know a large volume of documents were involved, and I had no idea where he was located. I didn’t know, for that matter, that Greenwald and Poitras would soon be heading to Hong Kong to meet him there. My ask-no-questions cluelessness was best for all concerned.
Days later, I was having an encrypted chat with Poitras, from our anonymous accounts, and she sounded excited. “You’ll never guess where we are right now,” I remember her writing. She didn’t tell me where she was, of course, because I didn’t need to know.
Snowden and I exchanged encrypted emails to discuss the site mockup and the site’s functionality, and he let me know a bit of what was going on. “Just wanted to provide an update on the work out here,” he emailed me on June 3. “Had an extremely productive meeting with two journalists today you may know, and will encounter a third tomorrow [Ewen MacAskill, a Guardian reporter who joined Greenwald and Poitras at the last moment]. After discussion, may hold off on the declaration for a few more days to give them time to work first.”
He told me his name, so that I could attach his signature to the end of the manifesto. This was about a week before the rest of the world would learn who he was. Using Tor, I searched the internet for Edward Snowden, but I couldn’t find anything. I checked LinkedIn, I checked Facebook, I think I even checked Twitter, and I found nothing. Who was this guy?
I learned more from the manifesto he sent me. It chilled my spine. He wrote about ubiquitous surveillance by not just the NSA but the intelligence agencies in the “Five Eyes” alliance: Britain, Canada, Australia, New Zealand and the U.S. He wrote about privacy and the lack of accountability, and what this means to democracy around the world. I still didn’t know exactly what he was leaking, but I could tell it would be big.
It turned out that he wasn’t familiar with the subtleties of using Twitter in petition campaigns. Due to my work at EFF, I knew that one of the things that can make a campaign go viral is offering a pre-written tweet to people who sign your petition and allowing them to send that tweet from their own account with just a couple of clicks. People often post these tweets, and that’s almost more helpful than their signatures since it vastly increases the campaign’s visibility. I explained this to Snowden, and also explained that it was really important to have a good hashtag for the campaign. He got it immediately, thanked me for pointing this out, and suggested the following Twitter template:
“This tweet is being monitored. Join me in breaking the back of the internet spy machine: https://www.supportonlinerights.com #HiNSA #HiGCHQ”
Snowden decided that the site should be called supportonlinerights.com, and we got to work registering it and finding a hosting company. But we ran into trouble paying for the registration and hosting. Snowden was using his real name and email address ([email protected]lavabit.com) and his own credit cards — he was not yet an international fugitive — but he was also using Tor, and this caused problems. Tor protects your identity by routing your web activity through a number of nodes, so that the site you are in touch with does not know your IP address or where you connect to the Internet from. But this creates a problem when you want to pay a bill, because the use of Tor can trigger fraud warnings with corporate payment departments, since Tor links your traffic to IP addresses that might be flagged as sources of abuse.
The company through which Snowden was registering his domain name and hosting his site, Dreamhost, initially rejected his credit cards. This led to a funny situation. Snowden, in his Hong Kong hotel room, wasn’t just discussing government secrets with Greenwald, Poitras and MacAskill. He was also chatting online with customer support. Trying to troubleshoot these problems, I checked the complaint logs he had opened and noticed that he explained he was using Tor because he was traveling overseas and didn’t trust the local ISPs. Eventually he prevailed and his credit cards were accepted. Here is the original registration record in the internet’s “WHOIS” system:

I was a bit nervous at the time, and my wife was very nervous, because the government does not look kindly on whistleblowers and the people who work with them. For security reasons, we were in a bubble. I hadn’t told any of my co-workers at EFF that I was building a website for a whistleblower. So there weren’t a lot of people to turn to for advice or comfort. Nonetheless, I was quite excited, especially after Greenwald’s first story was published on June 5, revealing a secret NSA program to collect massive amounts of domestic phone data. I finally knew what Snowden was leaking.
“Big news today, huh?” I emailed him. “How are you doing?”
He responded quickly.
From: [email protected]■■■■■■■■■
To: ■■■■■■■■■
Date: Thu, 6 Jun 2013
Oh, that old thing? That could have come from anywhere..
Timing is everything on this, and we aren’t close to finished. It’s encouraging to see prominent civil rights organizations already calling for change, and I’m hopeful that maybe this time, things will be different.
Come Monday, people will have something to be angry about. I think that will be the day. Please feel free to criticize the draft as much as you’d like: it needs to be something people are willing to give words to their own feelings.
The next few days brought a blitz of headline-grabbing stories about NSA surveillance from Greenwald, Poitras, and MacAskill as well as the The Washington Post’s Barton Gellman, who received documents from Snowden even though he hadn’t made the risky trip to Hong Kong. On June 9, there was another thunderbolt: Greenwald, MacAskill, and Poitras broke the news that Edward Snowden was their source, releasing a 12-minute interview with him in which he explained his motivations.
At this point I was terrified. What if he got arrested and extradited to the U.S.? What if he were forced into solitary confinement for long stretches, as had happened to Chelsea Manning? What if he was tortured or killed?
I also worried about properly shepherding the project with which he had entrusted me. What was the contingency plan for the petition website? If he was arrested, should I unilaterally launch supportonlinerights.com?
“I hope you’re safe and doing well,” I emailed Snowden. “In case anything happened to you, what would you like me to do with the website?”
The site was ready to go. At the time, I was using the Declaration of Independence as a placeholder for the manifesto; for security reasons, I didn’t want to load the manifesto until the launch. Here’s what it looked like:

On the same day the interview was posted, Gellman published the “Verax” handle while Snowden was still using it. This caused me great concern. When Snowden reached out in late May asking me to build the petition website, he initially emailed my public email address from his Verax address. I had tried hard to have no traceable connection to Snowden, but now the FBI and NSA knew his handle and were, I believed, in a position to search their massive surveillance databases to find his full email address and perhaps the email addresses he had communicated with, including mine. While I knew that I hadn’t broken any laws, I became worried that I would receive a knock on the door. I could deal with that — the EFF is, after all, filled with lawyers — but my wife was quite scared for me.
I was unable to concentrate on anything else as I waited to hear from Snowden. Due to Gellman’s story, I wasn’t sure whether he was still using his “Verax” address. (Gellman later told me he that he didn’t — and doesn’t — think he put anyone at risk, and that he carefully weighed the decision to publish the “verax” handle.)
On June 13, after he had parted ways with Greenwald and Poitras and gone underground in Hong Kong, he finally emailed me.
From: [email protected]■■■■■■■■■
To: ■■■■■■■■■
Date: Thu, 13 Jun 2013
I’m still here. As you may have heard, I’m on the run. Tons of surveillance, media, and less savory teams crawling all over this place…
I have a new draft for the site, but I keep revising it. Hold off on any action for now. I’m thinking something major may happen on Saturday and give us a venue to bring this to the fore.
Thank you again for all of your help and support. I’m sorry this has become so dangerous for everyone involved, but I suppose this is precisely what needed to be illustrated about our government. Let’s hope people reign it back in.
We never launched the website. When it became clear that Snowden wasn’t immediately getting arrested or prevented from communicating, and that the U.S. government wasn’t forcibly denying the public an accurate understanding of what he did and what his motivations were, he decided the website was no longer necessary. He never wanted the story to be about himself anyway, preferring instead that the public debate stay focused on NSA spying.
Teaching Snowden’s Lessons

After the dust settled, I sat down to write a simple tutorial for using the open source tools that allowed me, Poitras, Greenwald, and Snowden to communicate securely, and I ended up with a 30-page whitepaper called Encryption Works: How to Protect Your Privacy in the Age of NSA Surveillance. I took the name from Snowden’s now-famous quote: “Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.”
The post-Snowden world is a different place. While the NSA and its allied spy agencies still have very little accountability, and while their leaders can still lie to Congress without consequence, they’re no longer operating in the dark. The internet is enjoying a renaissance of security research to try to fix the major technical holes spy agencies have been exploiting for over a decade, and companies are demanding the right to protect the privacy of their users and to challenge gag orders. Lawsuits against NSA are finally moving through the courts, when before they were stalled.
In January 2014 Edward Snowden became the newest board member of Freedom of the Press Foundation, joining Pentagon Papers whistleblower Daniel Ellsberg, as well as Poitras, Greenwald, myself, and others.
Snowden was right. I am proud of the role that I played in shining light on the global espionage apparatus.

J. Abizeid

Well-Known Member
Secret Manuals Show the Spyware Sold to Despots and Cops Worldwide

Click LINK for more details.

When Apple and Google unveiled new encryption schemes last month, law enforcement officials complained that they wouldn’t be able to unlock evidence on criminals’ digital devices. What they didn’t say is that there are already methods to bypass encryption, thanks to off-the-shelf digital implants readily available to the smallest national agencies and the largest city police forces — easy-to-use software that takes over and monitors digital devices in real time, according to documents obtained by The Intercept.
We’re publishing in full, for the first time, manuals explaining the prominent commercial implant software “Remote Control System,” manufactured by the Italian company Hacking Team. Despite FBI director James Comey’s dire warnings about the impact of widespread data scrambling — “criminals and terrorists would like nothing more,” he declared — Hacking Team explicitly promises on its website that its software can “defeat encryption.”
The manuals describe Hacking Team’s software for government technicians and analysts, showing how it can activate cameras, exfiltrate emails, record Skype calls, log typing, and collect passwords on targeted devices. They also catalog a range of pre-bottled techniques for infecting those devices using wifi networks, USB sticks, streaming video, and email attachments to deliver viral installers. With a few clicks of a mouse, even a lightly trained technician can build a software agent that can infect and monitor a device, then upload captured data at unobtrusive times using a stealthy network of proxy servers, all without leaving a trace. That, at least, is what Hacking Team’s manuals claim as the company tries to distinguish its offerings in the global marketplace for government hacking software.
Hacking Team’s efforts include a visible push into the U.S. Though Remote Control System is sold around the world — suspected clients include small governments in dozens of countries, from Ethiopia to Kazakhstan to Saudi Arabia to Mexico to Oman — the company keeps one of its three listed worldwide offices in Annapolis, Maryland, on the edge of the federal intelligence and law-enforcement cluster around the nation’s capital; has sent representatives to American homeland security trade shows and conferences, where it has led training seminars like “Cyber Intelligence Solutions to Data Encryption” for police; and has even taken an investment from a firm headed by America’s former ambassador to Italy. The United States is also, according to two separate research teams, far and away Hacking Team’s top nexus for servers, hosting upwards of 100 such systems, roughly a fifth of all its servers globally.

The company has made at least some sales to American entities, according to comments its outspoken co-founder and CEO David Vincenzetti made in l’Espresso in 2011. “We sell Remote Control System to institutions in more than 40 countries on five continents,” he told the Italian newsmagazine. “All of Europe, but also the Middle East, Asia, United States of America.” In the English-language press, where Hacking Team has been more circumspect about its client list, Vincenzetti’s l’Espresso comments about selling implants to U.S. institutions seem to have fallen through the cracks. Asked about them, Hacking Team spokesman Eric Rabe told The Intercept, “we do not identify either our clients or their locations.”Whatever the extent of its U.S. sales, Hacking Team’s manuals deserve an audience in America and beyond. This summer, researchers at the Citizen Lab at the University of Toronto’s Munk School of Global Affairs, including the co-author of this piece, published excerpts of the manuals and technical descriptions of Hacking Team’s capabilities. Publishing the manuals in their entirety here will give the public a better understanding of the sophistication of these relatively low-cost and increasingly prevalent surveillance tools. That sort of understanding is particularly important at a time when digital monitoring has spread from large federal agencies to local police departments and as more national governments gain the once-rarified ability to deploy digital implants across borders. Turnkey solutions like RCS effectively multiply the online threats faced by activists, dissidents, lawyers, businessmen, journalists, and any number of other computer users.
A Niche for Commercial Spyware

Within the U.S., there’s relatively little information on the prevalence of law enforcement hacking. The FBI only rarely discloses its use in criminal cases. Chris Soghoian, principal technologist with the American Civil Liberties Union’s Project on Speech, Privacy and Technology, who has closely tracked the FBI’s use of malware, says that agents use vague language when getting judges’ permission to hack devices. “This is a really, really, invasive tool,” Soghoian says. “If the courts don’t know what they’re authorizing, they’re not a good check on its use. If we as a society want malware to be used by the state, we ought to have a public debate.”
What is clear is that large nations with well-funded intelligence establishments have long been capable of the kind of surveillance Hacking Team offers. In 2001, it was first reported that the FBI had developed malware known as Magic Lantern, which could take over a computer and log its users’ keystrokes, as a way around encryption. Soghoian says it’s likely that the bureau and American intelligence agencies get more customized spying solutions from contractors other than Hacking Team. Countries such as China and Russia probably develop their spyware in-house.

Hacking Team and the German firm FinFisher have taken over another niche, as the most prominent purveyors of user-friendly, off-the-shelf spyware for less moneyed customers, says Ben Wagner, director of the Center for Internet and Human Rights at the European University Viadrina. A recent leak of FinFisher data showed customer service communications between the company and Bahrain, Pakistan, Estonia, and a regional police department in Australia, among other clients. The cost of a Hacking Team installation package, meanwhile, ranges from 200,000 to 1 million euros, Vincenzetti told l’Espresso in 2011. Pricey, but not out of reach.“If those countries didn’t have access to Gamma [FinFisher’s former parent company] or Hacking Team, they probably wouldn’t be able to do this kind of surveillance,” says Wagner. “Those are the two that we know about who have really gone for this targeted surveillance market for smaller and midsize countries.”
Soghoian thinks that “to the extent that Hacking Team has sold in the U.S., it would be to less well-resourced federal agencies or bigger local police teams.”
Hacking Team has built up enough of a profile to become something of an icon in its home country. “Elegant and tan” Vincenzetti has been lauded as a poster-boy for modernizing the Italian economy and is touted to stateside investors at events like “Italy Meets the USA.” Among those promoting Hacking Team is Innogest, an Italian venture capital firm headed by the former U.S. ambassador to Italy Ronald Spogli. The company is in Innogest’s own portfolio.

Despite the acclaim, Hacking Team — and its competitor FinFisher — have drawn the ire of human rights and privacy activists. “We have not that many companies doing nasty things for not that much money on a global scale, but with huge human rights effects,” Wagner said.
Companies like Hacking Team refer to their products as “lawful intercept” technology. They need at least the pretense of dealing with legitimate actors because the legality of surveillance software depends on the behavior of its users. That’s all that fundamentally separates their software from tools for crime or repression. But evaluating that legitimacy becomes tougher as prices fall and customers proliferate.
Hacking Team offers the assurance that its users are all government institutions. Spyware is perfectly legal in law enforcement or intelligence investigations “if used with the proper legal authorization in whatever jurisdiction they’re in,” according to Nate Cardozo, staff attorney at the Electronic Frontier Foundation. Hacking Team’s “customer policy” also claims that it will not sell to countries listed on international “blacklists” or that it believes “facilitate gross human rights abuses.” The company won’t disclose what it means by blacklists, how its review process works, or which, if any, customers have been dumped. Hacking Team’s spokesman refused to provide details beyond what is on the company’s website.
There’s evidence the company is not being particularly selective about to whom it sells. Of 21 suspected Hacking Team users tracked down by Citizen Lab, nine had been given the lowest possible ranking, “authoritarian,” in The Economist’s 2012 Democracy Index, and four of those were singled out for particularly egregious abuses — torture, beatings and rapes in detention, lethal violence against protestors — by Human Rights Watch.
Its competitors face similar criticism. Activists in Bahrain and Ethiopia have found FinFisher spyware on their computers. (FinFisher did not respond to an emailed request for comment.)
The U.S. government has shown an interest in policing the improper use of packaged malware. The Justice Department just recently brought its first case against a spyware developer, arresting a Pakistani man who marketed StealthGenie, an app that does some of the same things as Hacking Team’s RCS – monitoring all phone calls, messages, emails, texts and more without the owner’s knowledge — except for individuals rather than governments. Announcing the charges against StealthGenie’s maker, an assistant attorney general called the spyware “reprehensible…expressly designed for use by stalkers and domestic abusers who want to know every detail of a victim’s personal life.”
How It Works

Key to the spread of software like Hacking Team RCS is that it’s designed to be simple for non-experts to use.
In a brochure, Hacking Team boasts, “You cannot stop your targets from moving. How can you keep chasing them? What you need is a way to bypass encryption, collect relevant data out of any device, and keep monitoring your targets wherever they are, even outside your monitoring domain. Remote Control System does exactly that.”
Hacking Team manuals, dated September 2013, provide step-by-step instructions for technicians, administrators, and analysts on how to infect a device and set up spying.
The software can be installed physically, via a USB stick, if the authorities have direct access to the computer (imagine a police stop or an airport search.)
Or, the infection can happen remotely. It could take the familiar form of a phishing attack or email scam – as a group of Moroccan reporters found out in 2012. A document promising them a secret scoop (it was titled “scandale,” in French) turned out to be a decoy for Hacking Team software. An Emirati blogger fell victim to the same trick. The implant can also be melded with legitimate, useful software that the victim is prompted to download.
As The Intercept has previously reported, Hacking Team also installs its bugs via “network injectors” – physical devices housed with internet service providers, that allow them to intercept ordinary web traffic, like streaming video, and replace it with infectious code. (After we reported that YouTube and Microsoft Live were exploitable in this way, both companies moved to fix the vulnerabilities.)

J. Abizeid

Well-Known Member

NSA Reform Bill Dies As Republicans Hype Threats From Islamic State


Senate Republicans, ratcheting up their rhetoric about the threat posed by the Islamic State, on Tuesday night sank the only significant legislative attempt to rein in the National Security Agency in the nearly year and a half since American citizens first learned they were being spied on by their own government.
The procedural vote to move forward on the USA Freedom Act required 60 votes. It received 58. All but one Democrat and four libertarian-leaning Republicans voted in favor of the bill. The rest of the Republicans — including libertarian firebrand Rand Paul (R-Ky.) — voted against, along with Florida Democrat Bill Nelson. (Here’s the rollcall of the vote.)
During a brief debate before the vote, Georgia Republican Saxby Chambliss warned that members of the Islamic State “want people to walk the streets of New York… and start killing people.” And, displaying either a real or feigned ignorance of the extraordinary latitude the NSA will continue to enjoy when it comes to spying on international communications, he suggested that the bulk collection of domestic phone records was necessary to ferret out such plans. (Watch video of the debate.)
“God forbid we wake up tomorrow morning… to the news that a member of ISIL is in the United States and federal agents need to determine who this person is coordinating with to carry out a potential attack upon the homeland,” Florida Republican Marco Rubio said. “I promise you, if God forbid a horrifying event like that would happen, the first question that would be asked is why didn’t we know about it?”
Maine Republican Susan Collins asked: “Why would we weaken the ability of our intelligence community at a time when the threats against this country have never been greater?”
Supporters of the bill noted that bulk domestic surveillance had not served any identifiable intelligence purpose.
After the vote, Vermont Democrat Patrick Leahy, who wrote the bill, decried the “scare tactics” used by the opposition. “Fomenting fear stifles debate,” he said. “And doing it at the last minute is all the more regrettable.” (Watch the video.)
“This nation deserves more than that. This nation should not allow our liberties to be set aside by passing fears,” he said.
Looking around the chamber, Leahy concluded: “If we do not protect the Constitution, we do not deserve to be in this body.”
Supporters of the USA Freedom Act, including privacy groups and technology companies, had considered it an essential first step toward ending the NSA’s overreach. But Senate Minority Leader Mitch McConnell set the tone for the day in the morning, actively encouraging his caucus to block the measure, citing concerns that it would hurt the fight against such groups as the Islamic State. Republicans also took their cues from an op-ed in the Wall Street Journal, in which former CIA and NSA director Michael Hayden and former attorney general Michael Mukasey described the bill as NSA Reform That Only ISIS Could Love.
With Republicans taking control of the Senate in January, a vote during the current lame-duck session was widely considered the bill’s last, best shot.
The USA Freedom Act would have ended the government’s bulk collection of domestic phone records, forcing officials to make specific requests to phone companies. It would also have ended the law-enforcement monopoly on arguments before the secretive surveillance court by creating a role for a special advocate. And it would have required that significant court opinions be made public.
The arguments in favor of the bill on Tuesday night focused on the widespread support it enjoyed, real invasions of privacy, and the astonishing lack of any evidence that the bulk program had ever uncovered terror plots. “We learned that the bulk phone records collection program had not – as previously advertised – thwarted 54 terrorist plots, or even dozens, or even a few. In fact, we learned through our public hearings that the number was maybe one,” Leahy said.
“This is a carefully crafted bill that builds on the work of the House of Representatives, and has the unprecedented support of the Director of National Intelligence, the Attorney General, the Director of the NSA, American technology companies, and privacy and civil liberties groups across the political spectrum,” he said. “It is a reasonable and responsible compromise. There is no reason why we should not proceed to a debate.”
The Republican opponents indulged in dark fantasies about terror, and misunderstandings about the bulk surveillance program. “If this amendment ever becomes law,” Chambliss threatened, “all of a sudden, all of these telcoms are going to be holding this information, as opposed to the NSA holding it.” But the phone companies already hold the records.
Privacy advocates were dismayed. “Tonight the Senate voted to maintain a status quo that undermines American technology and consumer privacy and hampers innovation,” said Laura W. Murphy, director of the ACLU Washington Legislative Office. “Though this vote is a setback, it will not stop the push for reform.”

J. Abizeid

Well-Known Member

How the NSA Hacks Cellphone Networks Worldwide

In March 2011, two weeks before the Western intervention in Libya, a secret message was delivered to the National Security Agency. An intelligence unit within the U.S. military’s Africa Command needed help to hack into Libya’s cellphone networks and monitor text messages.
For the NSA, the task was easy. The agency had already obtained technical information about the cellphone carriers’ internal systems by spying on documents sent among company employees, and these details would provide the perfect blueprint to help the military break into the networks.
The NSA’s assistance in the Libya operation, however, was not an isolated case. It was part of a much larger surveillance program—global in its scope and ramifications—targeted not just at hostile countries.
According to documents contained in the archive of material provided to The Intercept by whistleblower Edward Snowden, the NSA has spied on hundreds of companies and organizations internationally, including in countries closely allied to the United States, in an effort to find security weaknesses in cellphone technology that it can exploit for surveillance.
The documents also reveal how the NSA plans to secretly introduce new flaws into communication systems so that they can be tapped into—a controversial tactic that security experts say could be exposing the general population to criminal hackers.
Codenamed AURORAGOLD, the covert operation has monitored the content of messages sent and received by more than 1,200 email accounts associated with major cellphone network operators, intercepting confidential company planning papers that help the NSA hack into phone networks.
One high-profile surveillance target is the GSM Association, an influential U.K.-headquartered trade group that works closely with large U.S.-based firms including Microsoft, Facebook, AT&T, and Cisco, and is currently being funded by the U.S. government to develop privacy-enhancing technologies.
Karsten Nohl, a leading cellphone security expert and cryptographer who was consulted by The Intercept about details contained in the AURORAGOLD documents, said that the broad scope of information swept up in the operation appears aimed at ensuring virtually every cellphone network in the world is NSA accessible.

The operation appears aimed at ensuring virtually every cellphone network in the world is NSA accessible.
“Collecting an inventory [like this] on world networks has big ramifications,” Nohl said, because it allows the NSA to track and circumvent upgrades in encryption technology used by cellphone companies to shield calls and texts from eavesdropping. Evidence that the agency has deliberately plotted to weaken the security of communication infrastructure, he added, was particularly alarming.
“Even if you love the NSA and you say you have nothing to hide, you should be against a policy that introduces security vulnerabilities,” Nohl said, “because once NSA introduces a weakness, a vulnerability, it’s not only the NSA that can exploit it.”
NSA spokeswoman Vanee’ Vines told The Intercept in a statement that the agency “works to identify and report on the communications of valid foreign targets” to anticipate threats to the United States and its allies.
Vines said: “NSA collects only those communications that it is authorized by law to collect in response to valid foreign intelligence and counterintelligence requirements—regardless of the technical means used by foreign targets, or the means by which those targets attempt to hide their communications.”
Network coverage

The AURORAGOLD operation is carried out by specialist NSA surveillance units whose existence has not been publicly disclosed: the Wireless Portfolio Management Office, which defines and carries out the NSA’s strategy for exploiting wireless communications, and the Target Technology Trends Center, which monitors the development of new communication technology to ensure that the NSA isn’t blindsided by innovations that could evade its surveillance reach. The center’s logo is a picture of the Earth overshadowed by a large telescope; its motto is “Predict – Plan – Prevent.”


The NSA documents reveal that, as of May 2012, the agency had collected technical information on about 70 percent of cellphone networks worldwide—701 of an estimated 985—and was maintaining a list of 1,201 email “selectors” used to intercept internal company details from employees. (“Selector” is an agency term for a unique identifier like an email address or phone number.) From November 2011 to April 2012, between 363 and 1,354 selectors were “tasked” by the NSA for surveillance each month as part of AURORAGOLD, according to the documents. The secret operation appears to have been active since at least 2010.The information collected from the companies is passed onto NSA “signals development” teams that focus on infiltrating communication networks. It is also shared with other U.S. Intelligence Community agencies and with the NSA’s counterparts in countries that are part of the so-called “Five Eyes” surveillance alliance—the United Kingdom, Canada, Australia, and New Zealand.
Aside from mentions of a handful of operators in Libya, China, and Iran, names of the targeted companies are not disclosed in the NSA’s documents. However, a top-secret world map featured in a June 2012 presentation on AURORAGOLD suggests that the NSA has some degree of “network coverage” in almost all countries on every continent, including in the United States and in closely allied countries such as the United Kingdom, Australia, New Zealand, Germany, and France.
One of the prime targets monitored under the AURORAGOLD program is the London-headquartered trade group, the GSM Association, or the GSMA, which represents the interests of more than 800 major cellphone, software, and internet companies from 220 countries.
The GSMA’s members include U.S.-based companies such as Verizon, AT&T, Sprint, Microsoft, Facebook, Intel, Cisco, and Oracle, as well as large international firms including Sony, Nokia, Samsung, Ericsson, and Vodafone.
The trade organization brings together its members for regular meetings at which new technologies and policies are discussed among various “working groups.” The Snowden files reveal that the NSA specifically targeted the GSMA’s working groups for surveillance.
Claire Cranton, a spokeswoman for the GSMA, said that the group would not respond to details uncovered by The Intercept until its lawyers had studied the documents related to the spying.
“If there is something there that is illegal then they will take it up with the police,” Cranton said.
By covertly monitoring GSMA working groups in a bid to identify and exploit security vulnerabilities, the NSA has placed itself into direct conflict with the mission of the National Institute for Standards and Technology, or NIST, the U.S. government agency responsible for recommending cybersecurity standards in the United States. NIST recently handed out a grant of more than $800,000 to GSMA so that the organization could research ways to address “security and privacy challenges” faced by users of mobile devices.
The revelation that the trade group has been targeted for surveillance may reignite deep-seated tensions between NIST and NSA that came to the fore following earlier Snowden disclosures. Last year, NIST was forced to urge people not to use an encryption standard it had previously approved after it emerged NSA had apparently covertly worked to deliberately weaken it.
Jennifer Huergo, a NIST spokewoman, told The Intercept that the agency was “not aware of any activities by NSA related to the GSMA.” Huergo said that NIST would continue to work towards “bringing industry together with privacy and consumer advocates to jointly create a robust marketplace of more secure, easy-to-use, privacy-enhancing solutions.”
GSMA headquarters in London (left)
Encryption attack

The NSA focuses on intercepting obscure but important technical documents circulated among the GSMA’s members known as “IR.21s.”
Most cellphone network operators share IR.21 documents among each other as part of agreements that allow their customers to connect to foreign networks when they are “roaming” overseas on a vacation or a business trip. An IR.21, according to the NSA documents, contains information “necessary for targeting and exploitation.”
The details in the IR.21s serve as a “warning mechanism” that flag new technology used by network operators, the NSA’s documents state. This allows the agency to identify security vulnerabilities in the latest communication systems that can be exploited, and helps efforts to introduce new vulnerabilities “where they do not yet exist.”
The IR.21s also contain details about the encryption used by cellphone companies to protect the privacy of their customers’ communications as they are transmitted across networks. These details are highly sought after by the NSA, as they can aid its efforts to crack the encryption and eavesdrop on conversations.
Last year, the Washington Post reported that the NSA had already managed to break the most commonly used cellphone encryption algorithm in the world, known as A5/1. But the information collected under AURORAGOLD allows the agency to focus on circumventing newer and stronger versions of A5 cellphone encryption, such as A5/3.
The documents note that the agency intercepts information from cellphone operators about “the type of A5 cipher algorithm version” they use, and monitors the development of new algorithms in order to find ways to bypass the encryption.
In 2009, the British surveillance agency Government Communications Headquarters conducted a similar effort to subvert phone encryption under a project called OPULENT PUP, using powerful computers to perform a “crypt attack” to penetrate the A5/3 algorithm, secret memos reveal. By 2011, GCHQ was collaborating with the NSA on another operation, called WOLFRAMITE, to attack A5/3 encryption. (GCHQ declined to comment for this story, other than to say that it operates within legal parameters.)
The extensive attempts to attack cellphone encryption have been replicated across the Five Eyes surveillance alliance. Australia’s top spy agency, for instance, infiltrated an Indonesian cellphone company and stole nearly 1.8 million encryption keys used to protect communications, the New York Times reported in February.
Click to enlarge.

The NSA’s documents show that it focuses on collecting details about virtually all technical standards used by cellphone operators, and the agency’s efforts to stay ahead of the technology curve occasionally yield significant results. In early 2010, for instance, its operatives had already found ways to penetrate a variant of the newest “fourth generation” smartphone-era technology for surveillance, years before it became widely adopted by millions of people in dozens of countries.
The NSA says that its efforts are targeted at terrorists, weapons proliferators, and other foreign targets, not “ordinary people.” But the methods used by the agency and its partners to gain access to cellphone communications risk significant blowback.
According to Mikko Hypponen, a security expert at Finland-based F-Secure, criminal hackers and foreign government adversaries could be among the inadvertent beneficiaries of any security vulnerabilities or encryption weaknesses inserted by the NSA into communication systems using data collected by the AURORAGOLD project.
“If there are vulnerabilities on those systems known to the NSA that are not being patched on purpose, it’s quite likely they are being misused by completely other kinds of attackers,” said Hypponen. “When they start to introduce new vulnerabilities, it affects everybody who uses that technology; it makes all of us less secure.”
“It affects everybody who uses that technology; it makes all of us less secure.”
In December, a surveillance review panel convened by President Obama concluded that the NSA should not “in any way subvert, undermine, weaken, or make vulnerable generally available commercial software.” The panel also recommended that the NSA should notify companies if it discovers previously unknown security vulnerabilities in their software or systems—known as “zero days” because developers have been given zero days to fix them—except in rare cases involving “high priority intelligence collection.”
In April, White House officials confirmed that Obama had ordered NSA to disclose vulnerabilities it finds, though qualified that with a loophole allowing the flaws to be secretly exploited so long as there is deemed to be “a clear national security or law enforcement” use.
Vines, the NSA spokeswoman, told The Intercept that the agency was committed to ensuring an “open, interoperable, and secure global internet.”
“NSA deeply values these principles and takes great care to honor them in the performance of its lawful foreign-intelligence mission,” Vines said.
She declined to discuss the tactics used as part of AURORAGOLD, or comment on whether the operation remains active.