NSA- FBI tapping directly into the central servers extracting audio, video chats, photographs, e-mai

J. Abizeid

J. Abizeid

Well-Known Member
https://firstlook.org/theintercept/2015/02/19/great-sim-heist/

The Great SIM Heist
How Spies Stole the Keys to the Encryption Castle

AMERICAN AND BRITISH spies hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe, according to top-secret documents provided to The Intercept by National Security Agency whistleblower Edward Snowden.

The hack was perpetrated by a joint unit consisting of operatives from the NSA and its British counterpart Government Communications Headquarters, or GCHQ. The breach, detailed in a secret 2010 GCHQ document, gave the surveillance agencies the potential to secretly monitor a large portion of the world’s cellular communications, including both voice and data.

The company targeted by the intelligence agencies, Gemalto, is a multinational firm incorporated in the Netherlands that makes the chips used in mobile phones and next-generation credit cards. Among its clients are AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers around the world. The company operates in 85 countries and has more than 40 manufacturing facilities. One of its three global headquarters is in Austin, Texas and it has a large factory in Pennsylvania.

In all, Gemalto produces some 2 billion SIM cards a year. Its motto is “Security to be Free.”

With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments. Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider’s network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt.

As part of the covert operations against Gemalto, spies from GCHQ — with support from the NSA — mined the private communications of unwitting engineers and other company employees in multiple countries.

Gemalto was totally oblivious to the penetration of its systems — and the spying on its employees. “I’m disturbed, quite concerned that this has happened,” Paul Beverly, a Gemalto executive vice president, told The Intercept. “The most important thing for me is to understand exactly how this was done, so we can take every measure to ensure that it doesn’t happen again, and also to make sure that there’s no impact on the telecom operators that we have served in a very trusted manner for many years. What I want to understand is what sort of ramifications it has, or could have, on any of our customers.” He added that “the most important thing for us now is to understand the degree” of the breach.

Leading privacy advocates and security experts say that the theft of encryption keys from major wireless network providers is tantamount to a thief obtaining the master ring of a building superintendent who holds the keys to every apartment. “Once you have the keys, decrypting traffic is trivial,” says Christopher Soghoian, the principal technologist for the American Civil Liberties Union. “The news of this key theft will send a shock wave through the security community.”

The massive key theft is “bad news for phone security. Really bad news.”
Beverly said that after being contacted by The Intercept, Gemalto’s internal security team began on Wednesday to investigate how their system was penetrated and could find no trace of the hacks. When asked if the NSA or GCHQ had ever requested access to Gemalto-manufactured encryption keys, Beverly said, “I am totally unaware. To the best of my knowledge, no.”

According to one secret GCHQ slide, the British intelligence agency penetrated Gemalto’s internal networks, planting malware on several computers, giving GCHQ secret access. We “believe we have their entire network,” the slide’s author boasted about the operation against Gemalto.

Additionally, the spy agency targeted unnamed cellular companies’ core networks, giving it access to “sales staff machines for customer information and network engineers machines for network maps.” GCHQ also claimed the ability to manipulate the billing servers of cell companies to “suppress” charges in an effort to conceal the spy agency’s secret actions against an individual’s phone. Most significantly, GCHQ also penetrated “authentication servers,” allowing it to decrypt data and voice communications between a targeted individual’s phone and his or her telecom provider’s network. A note accompanying the slide asserted that the spy agency was “very happy with the data so far and [was] working through the vast quantity of product.”

The Mobile Handset Exploitation Team (MHET), whose existence has never before been disclosed, was formed in April 2010 to target vulnerabilities in cellphones. One of its main missions was to covertly penetrate computer networks of corporations that manufacture SIM cards, as well as those of wireless network providers. The team included operatives from both GCHQ and the NSA.

While the FBI and other U.S. agencies can obtain court orders compelling U.S.-based telecom companies to allow them to wiretap or intercept the communications of their customers, on the international front this type of data collection is much more challenging. Unless a foreign telecom or foreign government grants access to their citizens’ data to a U.S. intelligence agency, the NSA or CIA would have to hack into the network or specifically target the user’s device for a more risky “active” form of surveillance that could be detected by sophisticated targets. Moreover, foreign intelligence agencies would not allow U.S. or U.K. spy agencies access to the mobile communications of their heads of state or other government officials.

“It’s unbelievable. Unbelievable,” said Gerard Schouw, a member of the Dutch Parliament, when told of the spy agencies’ actions. Schouw, the intelligence spokesperson for D66, the largest opposition party in the Netherlands, told The Intercept, “We don’t want to have the secret services from other countries doing things like this.” Schouw added that he and other lawmakers will ask the Dutch government to provide an official explanation and to clarify whether the country’s intelligence services were aware of the targeting of Gemalto, whose official headquarters is in Amsterdam.

Last November, the Dutch government proposed an amendment to its constitution to include explicit protection for the privacy of digital communications, including those made on mobile devices. “We have, in the Netherlands, a law on the [activities] of secret services. And hacking is not allowed,” Schouw said. Under Dutch law, the interior minister would have to sign off on such operations by foreign governments’ intelligence agencies. “I don’t believe that he has given his permission for these kind of actions.”

The U.S. and British intelligence agencies pulled off the encryption key heist in great stealth, giving them the ability to intercept and decrypt communications without alerting the wireless network provider, the foreign government or the individual user that they have been targeted. “Gaining access to a database of keys is pretty much game over for cellular encryption,” says Matthew Green, a cryptography specialist at the Johns Hopkins Information Security Institute. The massive key theft is “bad news for phone security. Really bad news.”


AS CONSUMERS BEGAN to adopt cellular phones en masse in the mid-1990s, there were no effective privacy protections in place. Anyone could buy a cheap device from RadioShack capable of intercepting calls placed on mobile phones. The shift from analog to digital networks introduced basic encryption technology, though it was still crackable by tech savvy computer science graduate students, as well as the FBI and other law enforcement agencies, using readily available equipment.

Today, second-generation (2G) phone technology, which relies on a deeply flawed encryption system, remains the dominant platform globally, though U.S. and European cellphone companies now use 3G, 4G and LTE technology in urban areas. These include more secure, though not invincible, methods of encryption, and wireless carriers throughout the world are upgrading their networks to use these newer technologies.

It is in the context of such growing technical challenges to data collection that intelligence agencies, such as the NSA, have become interested in acquiring cellular encryption keys. “With old-fashioned [2G], there are other ways to work around cellphone security without those keys,” says Green, the Johns Hopkins cryptographer. “With newer 3G, 4G and LTE protocols, however, the algorithms aren’t as vulnerable, so getting those keys would be essential.”

The privacy of all mobile communications — voice calls, text messages and Internet access — depends on an encrypted connection between the cellphone and the wireless carrier’s network, using keys stored on the SIM, a tiny chip smaller than a postage stamp, which is inserted into the phone. All mobile communications on the phone depend on the SIM, which stores and guards the encryption keys created by companies like Gemalto. SIM cards can be used to store contacts, text messages, and other important data, like one’s phone number. In some countries, SIM cards are used to transfer money. As The Intercept reported last year, having the wrong SIM card can make you the target of a drone strike.

SIM cards were not invented to protect individual communications — they were designed to do something much simpler: ensure proper billing and prevent fraud, which was pervasive in the early days of cellphones. Soghoian compares the use of encryption keys on SIM cards to the way Social Security numbers are used today. “Social security numbers were designed in the 1930s to track your contributions to your government pension,” he says. “Today they are used as a quasi national identity number, which was never their intended purpose.”

Because the SIM card wasn’t created with call confidentiality in mind, the manufacturers and wireless carriers don’t make a great effort to secure their supply chain. As a result, the SIM card is an extremely vulnerable component of a mobile phone. “I doubt anyone is treating those things very carefully,” says Green. “Cell companies probably don’t treat them as essential security tokens. They probably just care that nobody is defrauding their networks.” The ACLU’s Soghoian adds, “These keys are so valuable that it makes sense for intel agencies to go after them.”

As a general rule, phone companies do not manufacture SIM cards, nor program them with secret encryption keys. It is cheaper and more efficient for them to outsource this sensitive step in the SIM card production process. They purchase them in bulk with the keys pre-loaded by other corporations. Gemalto is the largest of these SIM “personalization” companies.

After a SIM card is manufactured, the encryption key, known as a “Ki,” is burned directly onto the chip. A copy of the key is also given to the cellular provider, allowing its network to recognize an individual’s phone. In order for the phone to be able to connect to the wireless carrier’s network, the phone — with the help of the SIM — authenticates itself using the Ki that has been programmed onto the SIM. The phone conducts a secret “handshake” that validates that the Ki on the SIM matches the Ki held by the mobile company. Once that happens, the communications between the phone and the network are encrypted. Even if GCHQ or the NSA were to intercept the phone signals as they are transmitted through the air, the intercepted data would be a garbled mess. Decrypting it can be challenging and time-consuming. Stealing the keys, on the other hand, is beautifully simple, from the intelligence agencies’ point of view, as the pipeline for producing and distributing SIM cards was never designed to thwart mass surveillance efforts.

One of the creators of the encryption protocol that is widely used today for securing emails, Adi Shamir, famously asserted: “Cryptography is typically bypassed, not penetrated.” In other words, it is much easier (and sneakier) to open a locked door when you have the key than it is to break down the door using brute force. While the NSA and GCHQ have substantial resources dedicated to breaking encryption, it is not the only way — and certainly not always the most efficient — to get at the data they want. “NSA has more mathematicians on its payroll than any other entity in the U.S.,” says the ACLU’s Soghoian. “But the NSA’s hackers are way busier than its mathematicians.”

GCHQ and the NSA could have taken any number of routes to steal SIM encryption keys and other data. They could have physically broken into a manufacturing plant. They could have broken into a wireless carrier’s office. They could have bribed, blackmailed or coerced an employee of the manufacturer or cellphone provider. But all of that comes with substantial risk of exposure. In the case of Gemalto, hackers working for GCHQ remotely penetrated the company’s computer network in order to steal the keys in bulk as they were en route to the wireless network providers.

SIM card “personalization” companies like Gemalto ship hundreds of thousands of SIM cards at a time to mobile phone operators across the world. International shipping records obtained by The Intercept show that in 2011, Gemalto shipped 450,000 smart cards from its plant in Mexico to Germany’s Deutsche Telekom in just one shipment.

In order for the cards to work and for the phones’ communications to be secure, Gemalto also needs to provide the mobile company with a file containing the encryption keys for each of the new SIM cards. These master key files could be shipped via FedEx, DHL, UPS or another snail mail provider. More commonly, they could be sent via email or through File Transfer Protocol, FTP, a method of sending files over the Internet.

The moment the master key set is generated by Gemalto or another personalization company, but before it is sent to the wireless carrier, is the most vulnerable moment for interception. “The value of getting them at the point of manufacture is you can presumably get a lot of keys in one go, since SIM chips get made in big batches,” says Green, the cryptographer. “SIM cards get made for lots of different carriers in one facility.” In Gemalto’s case, GCHQ hit the jackpot, as the company manufactures SIMs for hundreds of wireless network providers, including all of the leading U.S.— and many of the largest European — companies.

But obtaining the encryption keys while Gemalto still held them required finding a way into the company’s internal systems.




Diagram from a top-secret GCHQ slide.



TOP-SECRET GCHQ documents reveal that the intelligence agencies accessed the email and Facebook accounts of engineers and other employees of major telecom corporations and SIM card manufacturers in an effort to secretly obtain information that could give them access to millions of encryption keys. They did this by utilizing the NSA’s X-KEYSCORE program, which allowed them access to private emails hosted by the SIM card and mobile companies’ servers, as well as those of major tech corporations, including Yahoo and Google.

In effect, GCHQ clandestinely cyberstalked Gemalto employees, scouring their emails in an effort to find people who may have had access to the company’s core networks and Ki-generating systems. The intelligence agency’s goal was to find information that would aid in breaching Gemalto’s systems, making it possible to steal large quantities of encryption keys. The agency hoped to intercept the files containing the keys as they were transmitted between Gemalto and its wireless network provider customers.

GCHQ operatives identified key individuals and their positions within Gemalto and then dug into their emails. In one instance, GCHQ zeroed in on a Gemalto employee in Thailand who they observed sending PGP-encrypted files, noting that if GCHQ wanted to expand its Gemalto operations, “he would certainly be a good place to start.” They did not claim to have decrypted the employee’s communications, but noted that the use of PGP could mean the contents were potentially valuable.

The cyberstalking was not limited to Gemalto. GCHQ operatives wrote a script that allowed the agency to mine the private communications of employees of major telecommunications and SIM “personalization” companies for technical terms used in the assigning of secret keys to mobile phone customers. Employees for the SIM card manufacturers and wireless network providers were labeled as “known individuals and operators targeted” in a top-secret GCHQ document.

According to that April 2010 document, “PCS Harvesting at Scale,” hackers working for GCHQ focused on “harvesting” massive amounts of individual encryption keys “in transit between mobile network operators and SIM card personalisation centres” like Gemalto. The spies “developed a methodology for intercepting these keys as they are transferred between various network operators and SIM card providers.” By that time, GCHQ had developed “an automated technique with the aim of increasing the volume of keys that can be harvested.”

The PCS Harvesting document acknowledged that, in searching for information on encryption keys, GCHQ operatives would undoubtedly vacuum up “a large number of unrelated items” from the private communications of targeted employees. “[H]owever an analyst with good knowledge of the operators involved can perform this trawl regularly and spot the transfer of large batches of [keys].”

The document noted that many SIM card manufacturers transferred the encryption keys to wireless network providers “by email or FTP with simple encryption methods that can be broken … or occasionally with no encryption at all.” To get bulk access to encryption keys, all the NSA or GCHQ needed to do was intercept emails or file transfers as they were sent over the Internet — something both agencies already do millions of times per day. A footnote in the 2010 document observed that the use of “strong encryption products … is becoming increasingly common” in transferring the keys.

In its key harvesting “trial” operations in the first quarter of 2010, GCHQ successfully intercepted keys used by wireless network providers in Iran, Afghanistan, Yemen, India, Serbia, Iceland and Tajikistan. But, the agency noted, its automated key harvesting system failed to produce results against Pakistani networks, denoted as “priority targets” in the document, despite the fact that GCHQ had a store of Kis from two providers in the country, Mobilink and Telenor. “t is possible that these networks now use more secure methods to transfer Kis,” the document concluded.

From December 2009 through March 2010, a month before the Mobile Handset Exploitation Team was formed, GCHQ conducted a number of trials aimed at extracting encryption keys and other personalized data for individual phones. In one two-week period, they accessed the emails of 130 people associated with wireless network providers or SIM card manufacturing and personalization. This operation produced nearly 8,000 keys matched to specific phones in 10 countries. In another two-week period, by mining just six email addresses, they produced 85,000 keys. At one point in March 2010, GCHQ intercepted nearly 100,000 keys for mobile phone users in Somalia. By June, they’d compiled 300,000. “Somali providers are not on GCHQ’s list of interest,” the document noted. “[H]owever, this was usefully shared with NSA.”

The GCHQ documents only contain statistics for three months of encryption key theft in 2010. During this period, millions of keys were harvested. The documents stated explicitly that GCHQ had already created a constantly evolving automated process for bulk harvesting of keys. They describe active operations targeting Gemalto’s personalization centers across the globe, as well as other major SIM card manufacturers and the private communications of their employees.

A top-secret NSA document asserted that, as of 2009, the U.S. spy agency already had the capacity to process between 12 and 22 million keys per second for later use against surveillance targets. In the future, the agency predicted, it would be capable of processing more than 50 million per second. The document did not state how many keys were actually processed, just that the NSA had the technology to perform such swift, bulk operations. It is impossible to know how many keys have been stolen by the NSA and GCHQ to date, but, even using conservative math, the numbers are likely staggering.

GCHQ assigned “scores” to more than 150 individual email addresses based on how often the users mentioned certain technical terms, and then intensified the mining of those individuals’ accounts based on priority. The highest-scoring email address was that of an employee of Chinese tech giant Huawei, which the U.S. has repeatedly accused of collaborating with Chinese intelligence. In all, GCHQ harvested the emails of employees of hardware companies that manufacture phones, such as Ericsson and Nokia; operators of mobile networks, such as MTN Irancell and Belgacom; SIM card providers, such as Bluefish and Gemalto; and employees of targeted companies who used email providers, such as Yahoo and Google. During the three-month trial, the largest number of email addresses harvested were those belonging to Huawei employees, followed by MTN Irancell. The third largest class of emails harvested in the trial were private Gmail accounts, presumably belonging to employees at targeted companies.

“People were specifically hunted and targeted by intelligence agencies, not because they did anything wrong, but because they could be used.”
The GCHQ program targeting Gemalto was called DAPINO GAMMA. In 2011, GCHQ launched operation HIGHLAND FLING to mine the email accounts of Gemalto employees in France and Poland. A top-secret document on the operation stated that one of the aims was “getting into French HQ” of Gemalto “to get in to core data repositories.” France, home to one of Gemalto’s global headquarters, is the nerve center of the company’s worldwide operations. Another goal was to intercept private communications of employees in Poland that “could lead to penetration into one or more personalisation centers” — the factories where the encryption keys are burned onto SIM cards.

As part of these operations, GCHQ operatives acquired the usernames and passwords for Facebook accounts of Gemalto targets. An internal top-secret GCHQ wiki on the program from May 2011 indicated that GCHQ was in the process of “targeting” more than a dozen Gemalto facilities across the globe, including in Germany, Mexico, Brazil, Canada, China, India, Italy, Russia, Sweden, Spain, Japan and Singapore.

The document also stated that GCHQ was preparing similar key theft operations against one of Gemalto’s competitors, Germany-based SIM card giant Giesecke and Devrient.

On January 17, 2014, President Barack Obama gave a major address on the NSA spying scandal. “The bottom line is that people around the world, regardless of their nationality, should know that the United States is not spying on ordinary people who don’t threaten our national security and that we take their privacy concerns into account in our policies and procedures,” he said.

The monitoring of the lawful communications of employees of major international corporations shows that such statements by Obama, other U.S. officials and British leaders — that they only intercept and monitor the communications of known or suspected criminals or terrorists — were untrue. “The NSA and GCHQ view the private communications of people who work for these companies as fair game,” says the ACLU’s Soghoian. “These people were specifically hunted and targeted by intelligence agencies, not because they did anything wrong, but because they could be used as a means to an end.”
 
  • Advertisement
  • Abou Sandal

    Abou Sandal

    Legendary Member
    Orange Room Supporter
    FBI Official: We Need to "Keep Fear Alive" to Justify Terror Budget

     
    J. Abizeid

    J. Abizeid

    Well-Known Member

    Citizenfour Official Trailer 1 (2014) -
    Edward Snowden Documentary HD
     
    J. Abizeid

    J. Abizeid

    Well-Known Member
    The CIA Campaign to Steal Apple’s Secrets
    By Jeremy Scahill and Josh Begley
    @jeremyscahill@joshbegley



    RESEARCHERS WORKING with the Central Intelligence Agency have conducted a multi-year, sustained effort to break the security of Apple’s iPhones and iPads, according to top-secret documents obtained by The Intercept.

    The security researchers presented their latest tactics and achievements at a secret annual gathering, called the “Jamboree,” where attendees discussed strategies for exploiting security flaws in household and commercial electronics. The conferences have spanned nearly a decade, with the first CIA-sponsored meeting taking place a year before the first iPhone was released.

    By targeting essential security keys used to encrypt data stored on Apple’s devices, the researchers have sought to thwart the company’s attempts to provide mobile security to hundreds of millions of Apple customers across the globe. Studying both “physical” and “non-invasive” techniques, U.S. government-sponsored research has been aimed at discovering ways to decrypt and ultimately penetrate Apple’s encrypted firmware. This could enable spies to plant malicious code on Apple devices and seek out potential vulnerabilities in other parts of the iPhone and iPad currently masked by encryption.

    The CIA declined to comment for this story.

    The security researchers also claimed they had created a modified version of Apple’s proprietary software development tool, Xcode, which could sneak surveillance backdoors into any apps or programs created using the tool. Xcode, which is distributed by Apple to hundreds of thousands of developers, is used to create apps that are sold through Apple’s App Store.

    The modified version of Xcode, the researchers claimed, could enable spies to steal passwords and grab messages on infected devices. Researchers also claimed the modified Xcode could “force all iOS applications to send embedded data to a listening post.” It remains unclear how intelligence agencies would get developers to use the poisoned version of Xcode.

    Researchers also claimed they had successfully modified the OS X updater, a program used to deliver updates to laptop and desktop computers, to install a “keylogger.”

    Other presentations at the CIA conference have focused on the products of Apple’s competitors, including Microsoft’s BitLocker encryption system, which is used widely on laptop and desktop computers running premium editions of Windows.

    The revelations that the CIA has waged a secret campaign to defeat the security mechanisms built into Apple’s devices come as Apple and other tech giants are loudly resisting pressure from senior U.S. and U.K. government officials to weaken the security of their products. Law enforcement agencies want the companies to maintain the government’s ability to bypass security tools built into wireless devices. Perhaps more than any other corporate leader, Apple’s CEO, Tim Cook, has taken a stand for privacy as a core value, while sharply criticizing the actions of U.S. law enforcement and intelligence agencies.

    “If U.S. products are OK to target, that’s news to me,” says Matthew Green, a cryptography expert at Johns Hopkins University’s Information Security Institute. “Tearing apart the products of U.S. manufacturers and potentially putting backdoors in software distributed by unknowing developers all seems to be going a bit beyond ‘targeting bad guys.’ It may be a means to an end, but it’s a hell of a means.”

    Apple declined to comment for this story, instead pointing to previous comments Cook and the company have made defending Apple’s privacy record.




    Lockheed Martin Dulles Executive Plaza, Herndon, Virginia.



    SECURITY RESEARCHERS from Sandia National Laboratories presented their Apple-focused research at a secret annual CIA conference called the Trusted Computing Base Jamboree. The Apple research and the existence of the conference are detailed in documents provided to The Intercept by National Security Agency whistleblower Edward Snowden.

    The conference was sponsored by the CIA’s Information Operations Center, which conducts covert cyberattacks. The aim of the gathering, according to a 2012 internal NSA wiki, was to host “presentations that provide important information to developers trying to circumvent or exploit new security capabilities,” as well as to “exploit new avenues of attack.” NSA personnel also participated in the conference through the NSA’s counterpart to the CIA’s Trusted Computing Base, according to the document. The NSA did not provide comment for this story.

    The Jamboree was held at a Lockheed Martin facility inside an executive office park in northern Virginia. Lockheed is one of the largest defense contractors in the world; its tentacles stretch into every aspect of U.S. national security and intelligence. The company is akin to a privatized wing of the U.S. national security state — more than 80 percent of its total revenue comes from the U.S. government. Lockheed also owns Sandia Labs, which is funded by the U.S. government, whose researchers have presented Apple findings at the CIA conference.

    “Lockheed Martin’s role in these activities should not be surprising given its leading role in the national surveillance state,” says William Hartung, director of the Arms and Security Project at the Center for International Policy and author of Prophets of War, a book that chronicles Lockheed’s history. “It is the largest private intelligence contractor in the world, and it has worked on past surveillance programs for the Pentagon, the CIA and the NSA. If you’re looking for a candidate for Big Brother, Lockheed Martin fits the bill.”

    The Apple research is consistent with a much broader secret U.S. government program to analyze “secure communications products, both foreign and domestic” in order to “develop exploitation capabilities against the authentication and encryption schemes,” according to the 2013 Congressional Budget Justification. Known widely as the “Black Budget,” the top-secret CBJ was provided to The Intercept by Snowden and gives a sprawling overview of the U.S. intelligence community’s spending and architecture. The White House did not respond to a request for comment.

    As of 2013, according to the classified budget, U.S. intelligence agencies were creating new capabilities against dozens of commercially produced security products, including those made by American companies, to seek out vulnerabilities.

    Last week, CIA Director John Brennan announced a major reorganization at the agency aimed, in large part, at expanding U.S. cyber-operations. The Information Operations Center, which organized the Jamboree conferences, will be folded into a new Directorate of Digital Innovation. Notwithstanding its innocuous name, a major priority of the directorate will be offensive cyberattacks, sabotage and digital espionage. Brennan said the CIA reorganization will be modeled after the agency’s Counterterrorism Center, which runs the U.S. targeted killing and drone program.


    THE DOCUMENTS do not address how successful the targeting of Apple’s encryption mechanisms have been, nor do they provide any detail about the specific use of such exploits by U.S. intelligence. But they do shed light on an ongoing campaign aimed at defeating the tech giant’s efforts to secure its products, and in turn, its customers’ private data.

    “Spies gonna spy,” says Steven Bellovin, a former chief technologist for the U.S. Federal Trade Commission and current professor at Columbia University. “I’m never surprised by what intelligence agencies do to get information. They’re going to go where the info is, and as it moves, they’ll adjust their tactics. Their attitude is basically amoral: whatever works is OK.”

    Bellovin says he generally supports efforts by U.S. intelligence to “hack” devices — including Apple’s — used by terrorists and criminals, but expressed concern that such capabilities could be abused. “There are bad people out there, and it’s reasonable to seek information on them,” he says, cautioning that “inappropriate use — mass surveillance, targeting Americans without a warrant, probably spying on allies — is another matter entirely.”

    In the top-secret documents, ranging from 2010 through 2012, the researchers appear particularly intent on extracting encryption keys that prevent unauthorized access to data stored — and firmware run — on Apple products.

    “The Intelligence Community (IC) is highly dependent on a very small number of security flaws, many of which are public, which Apple eventually patches,” the researchers noted in an abstract of their 2011 presentation at the Jamboree. But, they promised, their presentation could provide the intelligence community with a “method to noninvasively extract” encryption keys used on Apple devices. Another presentation focused on physically extracting the key from Apple’s hardware.

    A year later, at the 2012 Jamboree, researchers described their attacks on the software used by developers to create applications for Apple’s popular App Store. In a talk called “Strawhorse: Attacking the MacOS and iOS Software Development Kit,” a presenter from Sandia Labs described a successful “whacking” of Apple’s Xcode — the software used to create apps for iPhones, iPads and Mac computers. Developers who create Apple-approved and distributed apps overwhelmingly use Xcode, a free piece of software easily downloaded from the App Store.

    The researchers boasted that they had discovered a way to manipulate Xcode so that it could serve as a conduit for infecting and extracting private data from devices on which users had installed apps that were built with the poisoned Xcode. In other words, by manipulating Xcode, the spies could compromise the devices and private data of anyone with apps made by a poisoned developer — potentially millions of people. “Trying to plant stuff in Xcode has fascinating implications,” says Bellovin.

    The researchers listed a variety of actions their “whacked” Xcode could perform, including:

    — “Entice” all Mac applications to create a “remote backdoor” allowing undetected access to an Apple computer.

    — Secretly embed an app developer’s private key into all iOS applications. (This could potentially allow spies to impersonate the targeted developer.)

    — “Force all iOS applications” to send data from an iPhone or iPad back to a U.S. intelligence “listening post.”

    — Disable core security features on Apple devices.

    The Intelligence Community is highly dependent on a very small number of security flaws, many of which are public, which Apple eventually patches.
    For years, U.S. and British intelligence agencies have consistently sought to defeat the layers of encryption and other security features used by Apple to protect the iPhone. A joint task force comprised of operatives from the NSA and Britain’s Government Communications Headquarters, formed in 2010, developed surveillance software targeting iPhones, Android devices and Nokia’s Symbian phones. The Mobile Handset Exploitation Team successfully implanted malware on iPhones as part of WARRIOR PRIDE, a GCHQ framework for secretly accessing private communications on mobile devices.

    That program was disclosed in Snowden documents reported on last year by The Guardian. A WARRIOR PRIDE plugin called NOSEY SMURF allowed spies to remotely and secretly activate a phone’s microphone. Another plugin, DREAMY SMURF, allowed intelligence agents to manage the power system on a phone and thus avoid detection. PARANOID SMURF was designed to conceal the malware in other ways. TRACKER SMURF allowed ultra-precise geolocating of an individual phone. “[If] its [sic] on the phone, we can get it,” the spies boasted in a secret GCHQ document describing the targeting of the iPhone.

    All of the SMURF malware — including the plugin that secretly turns on the iPhone’s microphone — would first require that agencies bypass the security controls built into the iOS operating system. Spies would either need to hack the phone in order to plant their malware on it, or sneak a backdoor into an app the user installed voluntarily. That was one of the clear aims of the Apple-focused research presented at the CIA’s conference.

    “The U.S. government is prioritizing its own offensive surveillance needs over the cybersecurity of the millions of Americans who use Apple products,” says Christopher Soghoian, the principal technologist at the American Civil Liberties Union. “If U.S. government-funded researchers can discover these flaws, it is quite likely that Chinese, Russian and Israeli researchers can discover them, too. By quietly exploiting these flaws rather than notifying Apple, the U.S. government leaves Apple’s customers vulnerable to other sophisticated governments.”

    Security experts interviewed by The Intercept point out that the SMURF capabilities were already available to U.S. and British intelligence agencies five years ago. That raises the question of how advanced the current capacity to surveil smartphone users is, especially in light of the extensive resources poured into targeting the products of major tech companies. One GCHQ slide from 2010 stated that the agency’s ultimate goal was to be able to “Exploit any phone, anywhere, any time.”




    Steve Jobs unveiling the first iPhone on January 9, 2007.



    THE FIRST JAMBOREE took place in 2006, just as Apple was preparing to unveil its highly-anticipated iPhone. In March 2010, according to a top-secret document, during a talk called “Rocoto: Implanting the iPhone,” a presenter discussed efforts to target the iPhone 3G. In addition to analyzing the device’s software for potential vulnerabilities, the presentation examined “jailbreak methods,” used within the iPhone community to free phones from their built-in constraints, that could be leveraged by intelligence agencies. “We will conclude with a look ahead at future challenges presented by the iPhone 3GS and the upcoming iPad,” the abstract noted. Over the years, as Apple updates its hardware, software and encryption methods, the CIA and its researchers study ways to break and exploit them.

    The attempts to target vulnerabilities in Apple’s products have not occurred in a vacuum. Rather, they are part of a vast multi-agency U.S./U.K. effort to attack commercial encryption and security systems used on billions of devices around the world. U.S. intelligence agencies are not just focusing on individual terrorists or criminals — they are targeting the large corporations, such as Apple, that produce popular mobile devices.

    “Every other manufacturer looks to Apple. If the CIA can undermine Apple’s systems, it’s likely they’ll be able to deploy the same capabilities against everyone else,” says Green, the Johns Hopkins cryptographer. “Apple led the way with secure coprocessors in phones, with fingerprint sensors, with encrypted messages. If you can attack Apple, then you can probably attack anyone.”

    According to the Black Budget, U.S. intelligence agencies have tech companies dead in their sights with the aim of breaking or circumventing any existing or emerging encryption or antiviral products, noting the threat posed by “increasingly strong commercial” encryption and “adversarial cryptography.”

    The Analysis of Target Systems Project produced “prototype capabilities” for the intelligence community, enabled “the defeat of strong commercial data security systems” and developed ways “to exploit emerging information systems and technologies,” according to the classified budget. The project received $35 million in funding in 2012 and had more than 200 personnel assigned to it. By the end of 2013, according to the budget, the project would “develop new capabilities against 50 commercial information security device products to exploit emerging technologies,” as well as new methods that would allow spies to recover user and device passwords on new products.

    Among the project’s missions:

    — Analyze “secure communications products, both foreign and domestic produced” to “develop exploitation capabilities against the authentication and encryption schemes.”

    — “[D]evelop exploitation capabilities against network communications protocols and commercial network security products.”

    — “Anticipate future encryption technologies” and “prepare strategies to exploit those technologies.”

    — “Develop, enhance, and implement software attacks against encrypted signals.”

    — “Develop exploitation capabilities against specific key management and authentication schemes.”

    — “[D]evelop exploitation capabilities against emerging multimedia applications.”

    — Provide tools for “exploiting” devices used to “store, manage, protect, or communicate data.”

    — “Develop methods to discover and exploit communication systems employing public key cryptography” and “communications protected by passwords or pass phrases.”

    — Exploit public key cryptography.

    — Exploit Virtual Private Networks, or VPNs, which allow people to browse the Internet with increased security and anonymity.

    The black budget also noted that the U.S. intelligence community partners with “National Laboratories” to conduct the type of research presented at the CIA’s annual Jamboree conference. It confirms the U.S. government’s aggressive efforts to steal encryption and authentication keys, as occurred in the NSA and GCHQ operations against Gemalto, the world’s largest manufacturer of SIM cards, through the use of Computer Network Exploitation attacks. In that case, spy agencies penetrated Gemalto’s internal networks and cyberstalked its employees to steal mass quantities of keys used to encrypt mobile phone communications.

    The CIA’s Information Operations Center is currently the second largest of the spy agency’s specialized centers. It not only conducts cyber-ops, but has operated covertly in other nations, working to develop assets from targeted countries to assist in its cyber-surveillance programs, according to the Black Budget. At times, its personnel brief the president.




    U.S. President Barack Obama holds up an iPad.



    AT THE CIA’s Jamboree in 2011, the computer researchers conducted workshops where they revealed the specifics of their efforts to attack one of the key privacy elements of Apple’s mobile devices. These machines have two separate keys integrated into the silicon of their Apple-designed processors at the point of manufacture. The two, paired together, are used to encrypt data and software stored on iPhones and iPads. One, the User ID, is unique to an individual’s phone, and is not retained by Apple. That key is vital to protecting an individual’s data and — particularly on Apple’s latest devices — difficult to steal. A second key, the Group ID, is known to Apple and is the same across multiple Apple devices that use the same processor. The GID is used to encrypt essential system software that runs on Apple’s mobile devices.

    The focus of the security researchers, as described at the CIA conferences, was to target the GID key, which Apple implants on all devices that use the same processors. For instance, Apple’s A4 processor was used in the iPhone 4, the iPod Touch and the original iPad. All of those devices used the same GID. As Apple designs new processors and faster devices that use those processors, the company creates new GIDs. If someone has the same iPhone as her neighbor, they have the exact same GID key on their devices. So, if intelligence agencies extract the GID key, it means they have information useful to compromising any device containing that key.

    At the 2011 Jamboree conference, there were two separate presentations on hacking the GID key on Apple’s processors. One was focused on non-invasively obtaining it by studying the electromagnetic emissions of — and the amount of power used by — the iPhone’s processor while encryption is being performed. Careful analysis of that information could be used to extract the encryption key. Such a tactic is known as a “side channel” attack. The second focused on a “method to physically extract the GID key.”

    Whatever method the CIA and its partners use, by extracting the GID — which is implanted on the processors of all Apple mobile devices — the CIA and its allies could be able to decrypt the firmware that runs on the iPhone and other mobile devices. This would allow them to seek out other security vulnerabilities to exploit. Taken together, the documents make clear that researching each new Apple processor and mobile device, and studying them for potential security flaws, is a priority for the CIA.

    According to the 2011 document describing the Jamboree presentations on Apple’s processor, the researchers asserted that extracting the GID key could also allow them to look for other potential gateways into Apple devices. “If successful, it would enable decryption and analysis of the boot firmware for vulnerabilities, and development of associated exploits across the entire A4-based product-line, which includes the iPhone 4, the iPod touch and the iPad.”

    At the CIA conference in 2012, Sandia researchers delivered a presentation on Apple’s A5 processor. The A5 is used in the iPhone 4s and iPad 2. But this time, it contained no abstract or other details, instructing those interested to contact a CIA official on his secure phone or email.

    “If I were Tim Cook, I’d be furious,” says the ACLU’s Soghoian. “If Apple is mad at the intelligence community, and they should be, they should put their lawyers to work. Lawsuits speak louder than words.”




    Apple CEO Tim Cook testifies on Capitol Hill in Washington, May 21, 2013.



    FOR YEARS, Apple has included encryption features in the products it sells to consumers. In 2014, the company dramatically broadened the types of data stored on iPhones that are encrypted, and it incorporated encryption by default into its desktop and laptop operating system. This resulted in criticism from leading law enforcement officials, including the FBI director. The encryption technology that Apple has built into its products — along with many other security features — is a virtual wall that separates cybercriminals and foreign governments from customer data. But now, because Apple claims it can no longer extract customer data stored on iPhones, because it is encrypted with a key the company does not know, the U.S. government can be locked out too — even with a search warrant. The FBI director and other U.S. officials have referred to the advent of the encryption era — where previously accessible data and communications may now be off limits because of the security technology protecting them — as “going dark.”

    In the face of this rising challenge to its surveillance capabilities, U.S. intelligence has spent considerable time and resources trying to find security vulnerabilities in Apple’s encryption technology, and, more broadly, in its products, which can be leveraged to install surveillance software on iPhones and Macbooks. “The exploitation of security flaws is a high-priority area for the U.S. intelligence community, and such methods have only become more important as U.S. technology companies have built strong encryption into their products,” says the ACLU’s Soghoian.

    Microsoft has, for nearly a decade, included BitLocker, an encryption technology that protects data stored on a computer, in its Windows operating system. Unlike Apple, which made encryption available to all customers, Microsoft had included this feature only in its more expensive premium and professional versions of Windows, up until a few years ago. BitLocker is designed to work with a Trusted Platform Module, a special security chip included in some computers, which stores the encryption keys and also protects against unauthorized software modification.

    Also presented at the Jamboree were successes in the targeting of Microsoft’s disk encryption technology, and the TPM chips that are used to store its encryption keys. Researchers at the CIA conference in 2010 boasted about the ability to extract the encryption keys used by BitLocker and thus decrypt private data stored on the computer. Because the TPM chip is used to protect the system from untrusted software, attacking it could allow the covert installation of malware onto the computer, which could be used to access otherwise encrypted communications and files of consumers. Microsoft declined to comment for this story.

    In the wake of the initial Snowden disclosures, Apple CEO Tim Cook has specifically denounced the U.S. government’s efforts to compel companies to provide backdoor access to their users’ data.

    “I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will,” Cook said last September in announcing Apple’s new privacy policy. More recently, Cook said, “None of us should accept that the government or a company or anybody should have access to all of our private information. This is a basic human right. We all have a right to privacy. We shouldn’t give it up. We shouldn’t give in to scare-mongering.”

    As corporations increasingly integrate default encryption methods and companies like Apple incorporate their own indigenous encryption technologies into easy-to-use text, voice and video communication platforms, the U.S. and British governments are panicking. “Encryption threatens to lead all of us to a very dark place,” declared FBI Director James Comey in an October 2014 lecture at the Brookings Institution. Citing the recent moves by Apple to strengthen default encryption on its operating systems, and commitments by Google to incorporate such tools, Comey said, “This means the companies themselves won’t be able to unlock phones, laptops, and tablets to reveal photos, documents, e-mail, and recordings stored within.”

    Under current U.S. regulations, law enforcement agencies can get a court order to access communications channeled through major tech companies and wireless providers. But if those communications are encrypted through a process not accessible by any involved company, the data is essentially meaningless, garbled gibberish. “In a world in which data is encrypted, and the providers don’t have the keys, suddenly, there is no one to go to when they have a warrant,” says Soghoian. “That is, even if they get a court order, it doesn’t help them. That is what is freaking them out.”

    Comey alleged that “even a supercomputer would have difficulty with today’s high-level encryption,” meaning a “brute force” attempt to decrypt intercepted communications would be ineffective, and, even if successful, time-consuming.

    “Encryption isn’t just a technical feature; it’s a marketing pitch,” Comey added. “But it will have very serious consequences for law enforcement and national security agencies at all levels. Sophisticated criminals will come to count on these means of evading detection. It’s the equivalent of a closet that can’t be opened. A safe that can’t be cracked.”

    A few months after Comey’s remarks, Robert Litt, the general counsel for the Office of the Director of National Intelligence, also appeared at Brookings. “One of the many ways in which Snowden’s leaks have damaged our national security is by driving a wedge between the government and providers and technology companies, so that some companies that formerly recognized that protecting our nation was a valuable and important public service now feel compelled to stand in opposition,” Litt said. He appealed to corporations to embrace “a solution that does not compromise the integrity of encryption technology but that enables both encryption to protect privacy and decryption under lawful authority to protect national security.”

    Green, the Johns Hopkins professor, argues that U.S. government attacks against the products of American companies will not just threaten privacy, but will ultimately harm the U.S. economy. “U.S. tech companies have already suffered overseas due to foreign concerns about our products’ security,” he says. “The last thing any of us need is for the U.S. government to actively undermine our own technology industry.”

    The U.S. government is certainly not alone in the war against secure communications. British Prime Minister David Cameron has suggested that if he is re-elected, he may seek to ban encrypted chat programs that do not provide backdoor access to law enforcement. “Are we going to allow a means of communications which it simply isn’t possible to read?” Cameron said in a speech in England earlier this year. “My answer to that question is: ‘No, we must not.’”

    When the Chinese government recently tried to force tech companies to install a backdoor in their products for use by Chinese intelligence agencies, the U.S. government denounced China. “This is something that I’ve raised directly with President Xi,” President Obama said in early March. “We have made it very clear to them that this is something they are going to have to change if they are to do business with the United States.” But China was actually following the U.S. government’s lead. The FBI has called for an expansion of U.S. law, which would require Apple and its competitors to design their products so that all communications could be made available to government agencies. NSA officials have expressed similar sentiments.

    “Obama’s comments were dripping with hypocrisy,” says Trevor Timm, executive director of the Freedom of the Press Foundation. “Don’t get me wrong, his actual criticism of China for attempting to force tech companies to install backdoors was spot on — now if only he would apply what he said to his own government. Since he now knows backdooring encryption is a terrible policy that will damage cybersecurity, privacy, and the economy, why won’t he order the FBI and NSA to stop pushing for it as well?”
     
    J. Abizeid

    J. Abizeid

    Well-Known Member
    US Threatened Germany Over Snowden, Vice Chancellor Says - The Intercept

    US Threatened Germany Over Snowden, Vice Chancellor Says



    German Vice Chancellor Sigmar Gabriel (above) said this week in Homburg that the U.S. government threatened to cease sharing intelligence with Germany if Berlin offered asylum to NSA whistleblower Edward Snowden or otherwise arranged for him to travel to that country. “They told us they would stop notifying us of plots and other intelligence matters,” Gabriel said.

    The vice chancellor delivered a speech in which he praised the journalists who worked on the Snowden archive, and then lamented the fact that Snowden was forced to seek refuge in “Vladimir Putin’s autocratic Russia” because no other nation was willing and able to protect him from threats of imprisonment by the U.S. government (I was present at the event to receive an award). That prompted an audience member to interrupt his speech and yell out: “Why don’t you bring him to Germany, then?”

    There has been a sustained debate in Germany over whether to grant asylum to Snowden, and a major controversy arose last year when a Parliamentary Committee investigating NSA spying divided as to whether to bring Snowden to testify in person, and then narrowly refused at the behest of the Merkel government. In response to the audience interruption, Gabriel claimed that Germany would be legally obligated to extradite Snowden to the U.S. if he were on German soil.

    Afterward, however, when I pressed the vice chancellor (who is also head of the Social Democratic Party, as well as the country’s economy and energy minister) as to why the German government could not and would not offer Snowden asylum — which, under international law, negates the asylee’s status as a fugitive — he told me that the U.S. government had aggressively threatened the Germans that if they did so, they would be “cut off” from all intelligence sharing. That would mean, if the threat were carried out, that the Americans would literally allow the German population to remain vulnerable to a brewing attack discovered by the Americans by withholding that information from their government.

    This is not the first time the U.S. has purportedly threatened an allied government to withhold evidence of possible terror plots as punishment. In 2009, a British national, Binyam Mohamed, sued the U.K. government for complicity in his torture at Bagram and Guantánamo. The High Court ordered the U.K. government to provide Mohamed’s lawyers with notes and other documents reflecting what the CIA told British intelligence agents about Mohamed’s abuse.

    In response, the U.K. government insisted that the High Court must reverse that ruling because the safety of British subjects would be endangered if the ruling stood. Their reasoning: the U.S. government had threatened the British that they would stop sharing intelligence, including evidence of terror plots, if they disclosed what the Americans had told them in confidence about Mohamed’s treatment — even if the disclosure were ordered by the High Court as part of a lawsuit brought by a torture victim. British government lawyers even produced a letter from an unnamed Obama official laying out that threat.

    In the Mohamed case, it is quite plausible that the purported “threat” was actually the byproduct of collaboration between the U.S. and U.K. governments, as it gave the British a weapon to try to scare the court into vacating its ruling: you’re putting the lives of British subjects in danger by angering the Americans. In other words, it is quite conceivable that the British asked the Americans for a letter setting forth such a threat to enable them to bully the British court into reversing its disclosure order.

    In the case of Germany, no government official has previously claimed that they were threatened by the U.S. as an excuse for turning their backs on Snowden, whose disclosures helped Germans as much as any population outside of the U.S. Pointing to such threats could help a German political official such as the vice chancellor justify what is otherwise an indefensible refusal to protect the NSA whistleblower from persecution at home, though it seems far more plausible — given far more extremist U.S. behavior in the Snowden case — that Gabriel’s claims are accurate.

    Nonetheless, one of two things is true: 1) the U.S. actually threatened Germany that it would refrain from notifying them of terrorist plots against German citizens and thus deliberately leave them vulnerable to violent attacks, or 2) some combination of high officials from the U.S. and/or German governments are invoking such fictitious threats in order to manipulate and scare the German public into believing that asylum for Snowden will endanger their lives. Both are obviously noteworthy, though it’s hard to say which is worse.
     
    J. Abizeid

    J. Abizeid

    Well-Known Member
    UK Police Deem Snowden Leak Investigation a State Secret - The Intercept

    UK Police Deem Snowden Leak Investigation a State Secret




    British police claim a criminal investigation they launched into journalists who have reported on leaked documents from Edward Snowden has to be kept a secret due to a “possibility of increased threat of terrorist activity.”

    Following Snowden’s disclosures from the National Security Agency in 2013, London’s Metropolitan Police and a lawyer for the United Kingdom government separately confirmed a criminal probe had been opened into the leaks. One of the Metropolitan Police’s most senior officers publicly acknowledged during a parliamentary hearing that the investigation was focusing on whether reporters at the Guardian had committed criminal offenses for their role in revealing British government mass surveillance operations exposed in Snowden’s documents.

    But now, the Metropolitan Police, known as the Met, says everything about the investigation’s existence is a secret and too dangerous to disclose. In response to a Freedom of Information Act request from this reporter, the force has repeatedly refused to release any information about the status of the investigation, how many officers are working on it, or how much taxpayer money has been spent on it. The Met wrote in its response:

    to confirm or deny whether we hold any information concerning any current or previous investigations into the alleged actions of Edward Snowden could potentially be misused proving detrimental to national security.

    In this current environment, where there is a possibility of increased threat of terrorist activity, providing any details even to confirm or deny that any information exists could assist any group or persons who wish to cause harm to the people of the nation which would undermine the safeguarding of national security.

    The refusal notice, first issued late February and then upheld by the Met earlier this month after an appeal, cited a series of national security and law enforcement exemptions to the United Kingdom’s FOIA law as justification not releasing any details about the investigation.

    The Met said the information requested may have been “supplied by, or concerning, certain security bodies” that don’t have to abide by normal transparency requirements, such as the secretive surveillance agency Government Communications Headquarters, or GCHQ. The Met also claimed that it “would not be in the public interest” to reveal basic information about the status of the criminal probe because doing so “could be detrimental to any investigations that may be being conducted now or in the future.”

    The Met carried out the searches for relevant requested information at its Counter Terrorism Command, according to the refusal notice, which is the unit handling the Snowden investigation. The Counter Terrorism Command operates within the Met’s Specialist Operations department and had a leading role in the Snowden-related detention and interrogation at a London airport in August 2013 of David Miranda, the partner of Intercept co-founder and former Guardian journalist Glenn Greenwald.

    When he was detained, Miranda was transporting a batch of encrypted Snowden documents to aid Greenwald’s reporting on the files. The Met seized the material at the airport and three months later quietly announced that it had opened a criminal investigation related to the leaks, saying the material taken from Miranda was “highly sensitive” and “could put lives at risk.” A counter-terrorism detective for the force told a court the case was being viewed as likely to be a “conspiracy with a global dimension.”

    The Intercept has filed a complaint with the Information Commissioner’s Office, the public body that enforces the U.K.’s freedom of information laws, about the Met’s refusal to release information about the current status of the investigation. The commissioner will now look at how the police handled the request and decide whether they should be ordered to hand over the relevant details.

    Earlier this week, The Intercept asked the Met to clarify how providing information about the Snowden leaks probe could suddenly pose a threat to national security, given that one of its own senior officers had previously discussed the case publicly. The Met declined to comment.

    In an emailed statement issued Thursday, a spokesman for the force said only: “We won’t be adding to the FOI [freedom of information] response.”
     
    J. Abizeid

    J. Abizeid

    Well-Known Member

    US bullied Germany not to let Snowden into the country – reports
     
    J. Abizeid

    J. Abizeid

    Well-Known Member
    How the NSA Converts Spoken Words Into Searchable Text - The Intercept
    The Computers are Listening
    How the NSA Converts Spoken Words Into Searchable Text

    Most people realize that emails and other digital communications they once considered private can now become part of their permanent record.

    But even as they increasingly use apps that understand what they say, most people don’t realize that the words they speak are not so private anymore, either.

    Top-secret documents from the archive of former NSA contractor Edward Snowden show the National Security Agency can now automatically recognize the content within phone calls by creating rough transcripts and phonetic representations that can be easily searched and stored.

    The documents show NSA analysts celebrating the development of what they called “Google for Voice” nearly a decade ago.

    Though perfect transcription of natural conversation apparently remains the Intelligence Community’s “holy grail,” the Snowden documents describe extensive use of keyword searching as well as computer programs designed to analyze and “extract” the content of voice conversations, and even use sophisticated algorithms to flag conversations of interest.

    The documents include vivid examples of the use of speech recognition in war zones like Iraq and Afghanistan, as well as in Latin America. But they leave unclear exactly how widely the spy agency uses this ability, particularly in programs that pick up considerable amounts of conversations that include people who live in or are citizens of the United States.

    Spying on international telephone calls has always been a staple of NSA surveillance, but the requirement that an actual person do the listening meant it was effectively limited to a tiny percentage of the total traffic. By leveraging advances in automated speech recognition, the NSA has entered the era of bulk listening.

    And this has happened with no apparent public oversight, hearings or legislative action. Congress hasn’t shown signs of even knowing that it’s going on.

    The USA Freedom Act — the surveillance reform bill that Congress is currently debating — doesn’t address the topic at all. The bill would end an NSA program that does not collect voice content: the government’s bulk collection of domestic calling data, showing who called who and for how long.

    Even if becomes law, the bill would leave in place a multitude of mechanisms exposed by Snowden that scoop up vast amounts of innocent people’s text and voice communications in the U.S. and across the globe.

    Civil liberty experts contacted by The Intercept said the NSA’s speech-to-text capabilities are a disturbing example of the privacy invasions that are becoming possible as our analog world transitions to a digital one.

    “I think people don’t understand that the economics of surveillance have totally changed,” Jennifer Granick, civil liberties director at the Stanford Center for Internet and Society, told The Intercept.

    “Once you have this capability, then the question is: How will it be deployed? Can you temporarily cache all American phone calls, transcribe all the phone calls, and do text searching of the content of the calls?” she said. “It may not be what they are doing right now, but they’ll be able to do it.”

    And, she asked: “How would we ever know if they change the policy?”

    Indeed, NSA officials have been secretive about their ability to convert speech to text, and how widely they use it, leaving open any number of possibilities.

    That secrecy is the key, Granick said. “We don’t have any idea how many innocent people are being affected, or how many of those innocent people are also Americans.”

    I Can Search Against It
    NSA whistleblower Thomas Drake, who was trained as a voice processing crypto-linguist and worked at the agency until 2008, told The Intercept that he saw a huge push after the September 11, 2001 terror attacks to turn the massive amounts of voice communications being collected into something more useful.

    Human listening was clearly not going to be the solution. “There weren’t enough ears,” he said.

    The transcripts that emerged from the new systems weren’t perfect, he said. “But even if it’s not 100 percent, I can still get a lot more information. It’s far more accessible. I can search against it.”

    Converting speech to text makes it easier for the NSA to see what it has collected and stored, according to Drake. “The breakthrough was being able to do it on a vast scale,” he said.



    More Data, More Power, Better Performance
    The Defense Department, through its Defense Advanced Research Projects Agency (DARPA), started funding academic and commercial research into speech recognition in the early 1970s.

    What emerged were several systems to turn speech into text, all of which slowly but gradually improved as they were able to work with more data and at faster speeds.

    In a brief interview, Dan Kaufman, director of DARPA’s Information Innovation Office, indicated that the government’s ability to automate transcription is still limited.

    Kaufman says that automated transcription of phone conversation is “super hard,” because “there’s a lot of noise on the signal” and “it’s informal as hell.”

    “I would tell you we are not very good at that,” he said.

    In an ideal environment like a news broadcast, he said, “we’re getting pretty good at being able to do these types of translations.”

    A 2008 document from the Snowden archive shows that transcribing news broadcasts was already working well seven years ago, using a program called Enhanced Video Text and Audio Processing:

    (U//FOUO) EViTAP is a fully-automated news monitoring tool. The key feature of this Intelink-SBU-hosted tool is that it analyzes news in six languages, including Arabic, Mandarin Chinese, Russian, Spanish, English, and Farsi/Persian. “How does it work?” you may ask. It integrates Automatic Speech Recognition (ASR) which provides transcripts of the spoken audio. Next, machine translation of the ASR transcript translates the native language transcript to English. Voila! Technology is amazing.

    A version of the system the NSA uses is now even available commercially.

    Experts in speech recognition say that in the last decade or so, the pace of technological improvement has been explosive. As information storage became cheaper and more efficient, technology companies were able to store massive amounts of voice data on their servers, allowing them to continually update and improve the models. Enormous processors, tuned as “deep neural networks” that detect patterns like human brains do, produce much cleaner transcripts.

    And the Snowden documents show that the same kinds of leaps forward seen in commercial speech-to-text products have also been happening in secret at the NSA, fueled by the agency’s singular access to astronomical processing power and its own vast data archives.

    In fact, the NSA has been repeatedly releasing new and improved speech recognition systems for more than a decade.

    The first-generation tool, which made keyword-searching of vast amounts of voice content possible, was rolled out in 2004 and code-named RHINEHART.

    “Voice word search technology allows analysts to find and prioritize intercept based on its intelligence content,” says an internal 2006 NSA memo entitled “For Media Mining, the Future Is Now!

    The memo says that intelligence analysts involved in counterterrorism were able to identify terms related to bomb-making materials, like “detonator” and “hydrogen peroxide,” as well as place names like “Baghdad” or people like “Musharaf.”

    RHINEHART was “designed to support both real-time searches, in which incoming data is automatically searched by a designated set of dictionaries, and retrospective searches, in which analysts can repeatedly search over months of past traffic,” the memo explains (emphasis in original).

    As of 2006, RHINEHART was operating “across a wide variety of missions and languages” and was “used throughout the NSA/CSS [Central Security Service] Enterprise.”

    But even then, a newer, more sophisticated product was already being rolled out by the NSA’s Human Language Technology (HLT) program office. The new system, called VoiceRT, was first introduced in Baghdad, and “designed to index and tag 1 million cuts per day.”

    The goal, according to another 2006 memo, was to use voice processing technology to be able “index, tag and graph,” all intercepted communications. “Using HLT services, a single analyst will be able to sort through millions of cuts per day and focus on only the small percentage that is relevant,” the memo states.

    A 2009 memo from the NSA’s British partner, GCHQ, describes how “NSA have had the BBN speech-to-text system Byblos running at Fort Meade for at least 10 years. (Initially they also had Dragon.) During this period they have invested heavily in producing their own corpora of transcribed Sigint in both American English and an increasing range of other languages.” (GCHQ also noted that it had its own small corpora of transcribed voice communications, most of which happened to be “Northern Irish accented speech.”)

    VoiceRT, in turn, was surpassed a few years after its launch. According to the intelligence community’s “Black Budget” for fiscal year 2013, VoiceRT was decommissioned and replaced in 2011 and 2012, so that by 2013, NSA could operationalize a new system. This system, apparently called SPIRITFIRE, could handle more data, faster. SPIRITFIRE would be “a more robust voice processing capability based on speech-to-text keyword search and paired dialogue transcription.”

    Extensive Use Abroad
    Voice communications can be collected by the NSA whether they are being sent by regular phone lines, over cellular networks, or through voice-over-internet services. Previously released documents from the Snowden archive describe enormous efforts by the NSA during the last decade to get access to voice-over-internet content like Skype calls, for instance. And other documents in the archive chronicle the agency’s adjustment to the fact that an increasingly large percentage of conversations, even those that start as landline or mobile calls, end up as digitized packets flying through the same fiber-optic cables that the NSA taps so effectively for other data and voice communications.

    The Snowden archive, as searched and analyzed by The Intercept, documents extensive use of speech-to-text by the NSA to search through international voice intercepts — particularly in Iraq and Afghanistan, as well as Mexico and Latin America.

    For example, speech-to-text was a key but previously unheralded element of the sophisticated analytical program known as the Real Time Regional Gateway (RTRG), which started in 2005 when newly appointed NSA chief Keith B. Alexander, according to the Washington Post, “wanted everything: Every Iraqi text message, phone call and e-mail that could be vacuumed up by the agency’s powerful computers.”

    The Real Time Regional Gateway was credited with playing a role in “breaking up Iraqi insurgent networks and significantly reducing the monthly death toll from improvised explosive devices.” The indexing and searching of “voice cuts” was deployed to Iraq in 2006. By 2008, RTRG was operational in Afghanistan as well.

    A slide from a June 2006 NSA powerpoint presentation described the role of VoiceRT:






    Keyword spotting extended to Iranian intercepts as well. A 2006 memo reported that RHINEHART had been used successfully by Persian-speaking analysts who “searched for the words ‘negotiations’ or ‘America’ in their traffic, and RHINEHART located a very important call that was transcribed verbatim providing information on an important Iranian target’s discussion of the formation of a the new Iraqi government.”


    According to a 2011 memo, “How is Human Language Technology (HLT) Progressing?“, NSA that year deployed “HLT Labs” to Afghanistan, NSA facilities in Texas and Georgia, and listening posts in Latin America run by the Special Collection Service, a joint NSA/CIA unit that operates out of embassies and other locations.

    “Spanish is the most mature of our speech-to-text analytics,” the memo says, noting that the NSA and its Special Collections Service sites in Latin America, have had “great success searching for Spanish keywords.”

    The memo offers an example from NSA Texas, where an analyst newly trained on the system used a keyword search to find previously unreported information on a target involved in drug-trafficking. In another case, an official at a Special Collection Service site in Latin America “was able to find foreign intelligence regarding a Cuban official in a fraction of the usual time.”

    In a 2011 article, “Finding Nuggets — Quickly — in a Heap of Voice Collection, From Mexico to Afghanistan,” an intelligence analysis technical director from NSA Texas described the “rare life-changing instance” when he learned about human language technology, and its ability to “find the exact traffic of interest within a mass of collection.”

    Analysts in Texas found the new technology a boon for spying. “From finding tunnels in Tijuana, identifying bomb threats in the streets of Mexico City, or shedding light on the shooting of US Customs officials in Potosi, Mexico, the technology did what it advertised: It accelerated the process of finding relevant intelligence when time was of the essence,” he wrote. (Emphasis in original.)

    The author of the memo was also part of a team that introduced the technology to military leaders in Afghanistan. “From Kandahar to Kabul, we have traveled the country explaining NSA leaders’ vision and introducing SIGINT teams to what HLT analytics can do today and to what is still needed to make this technology a game-changing success,” the memo reads.

    Extent of Domestic Use Remains Unknown
    What’s less clear from the archive is how extensively this capability is used to transcribe or otherwise index and search voice conversations that primarily involve what the NSA terms “U.S. persons.”

    The NSA did not answer a series of detailed questions about automated speech recognition, even though an NSA “classification guide” that is part of the Snowden archive explicitly states that “The fact that NSA/CSS has created HLT models” for speech-to-text processing as well as gender, language and voice recognition, is “UNCLASSIFIED.”







    Also unclassified: The fact that the processing can sort and prioritize audio files for human linguists, and that the statistical models are regularly being improved and updated based on actual intercepts. By contrast, because they’ve been tuned using actual intercepts, the specific parameters of the systems are highly classified.

    “The National Security Agency employs a variety of technologies in the course of its authorized foreign-intelligence mission,” spokesperson Vanee’ Vines wrote in an email to The Intercept. “These capabilities, operated by NSA’s dedicated professionals and overseen by multiple internal and external authorities, help to deter threats from international terrorists, human traffickers, cyber criminals, and others who seek to harm our citizens and allies.”

    Vines did not respond to the specific questions about privacy protections in place related to the processing of domestic or domestic-to-international voice communications. But she wrote that “NSA always applies rigorous protections designed to safeguard the privacy not only of U.S. persons, but also of foreigners abroad, as directed by the President in January 2014.”

    The presidentially appointed but independent Privacy and Civil Liberties Oversight Board (PCLOB) didn’t mention speech-to-text technology in its public reports.

    “I’m not going to get into whether any program does or does not have that capability,” PCLOB chairman David Medine told The Intercept.

    His board’s reports, he said, contained only information that the intelligence community agreed could be declassified.

    “We went to the intelligence community and asked them to declassify a significant amount of material,” he said. The “vast majority” of that material was declassified, he said. But not all — including “facts that we thought could be declassified without compromising national security.”

    Hypothetically, Medine said, the ability to turn voice into text would raise significant privacy concerns. And it would also raise questions about how the intelligence agencies “minimize” the retention and dissemination of material— particularly involving U.S. persons — that doesn’t include information they’re explicitly allowed to keep.

    “Obviously it increases the ability of the government to process information from more calls,” Medine said. “It would also allow the government to listen in on more calls, which would raise more of the kind of privacy issues that the board has raised in the past.”

    “I’m not saying the government does or doesn’t do it,” he said, “just that these would be the consequences.”

    A New Learning Curve
    Speech recognition expert Bhiksha Raj likens the current era to the early days of the Internet, when people didn’t fully realize how the things they typed would last forever.

    “When I started using the Internet in the 90s, I was just posting stuff,” said Raj, an associate professor at Carnegie Mellon University’s Language Technologies Institute. “It never struck me that 20 years later I could go Google myself and pull all this up. Imagine if I posted something on alt.binaries.pictures.erotica or something like that, and now that post is going to embarrass me forever.”

    The same is increasingly becoming the case with voice communication, he said. And the stakes are even higher, given that the majority of the world’s communication has historically been conducted by voice, and it has traditionally been considered a private mode of communication.

    “People still aren’t realizing quite the magnitude that the problem could get to,” Raj said. “And it’s not just surveillance,” he said. “People are using voice services all the time. And where does the voice go? It’s sitting somewhere. It’s going somewhere. You’re living on trust.” He added: “Right now I don’t think you can trust anybody.”

    The Need for New Rules
    Kim Taipale, executive director of the Stilwell Center for Advanced Studies in Science and Technology Policy, is one of several people who tried a decade ago to get policymakers to recognize that existing surveillance law doesn’t adequately deal with new global communication networks and advanced technologies including speech recognition.

    “Things aren’t ephemeral anymore,” Taipale told The Intercept. “We’re living in a world where many things that were fleeting in the analog world are now on the permanent record. The question then becomes: what are the consequences of that and what are the rules going to be to deal with those consequences?”

    Realistically, Taipale said, “the ability of the government to search voice communication in bulk is one of the things we may have to live with under some circumstances going forward.” But there at least need to be “clear public rules and effective oversight to make sure that the information is only used for appropriate law-enforcement or national security purposes consistent with Constitutional principles.”

    Ultimately, Taipale said, a system where computers flag suspicious voice communications could be less invasive than one where people do the listening, given the potential for human abuse and misuse to lead to privacy violations. “Automated analysis has different privacy implications,” he said.

    But to Jay Stanley, a senior policy analyst with the ACLU’s Speech, Privacy and Technology Project, the distinction between a human listening and a computer listening is irrelevant in terms of privacy, possible consequences, and a chilling effect on speech.

    “What people care about in the end, and what creates chilling effects in the end, are consequences,” he said. “I think that over time, people would learn to fear computerized eavesdropping just as much as they fear eavesdropping by humans, because of the consequences that it could bring.”

    Indeed, computer listening could raise new concerns. One of the internal NSA memos from 2006 says an “important enhancement under development is the ability for this HLT capability to predict what intercepted data might be of interest to analysts based on the analysts’ past behavior.”

    Citing Amazon’s ability to not just track but predict buyer preferences, the memo says that an NSA system designed to flag interesting intercepts “offers the promise of presenting analysts with highly enriched sorting of their traffic.”

    To Phillip Rogaway, a professor of computer science at the University of California, Davis, keyword-search is probably the “least of our problems.” In an email to The Intercept, Rogaway warned that “When the NSA identifies someone as ‘interesting’ based on contemporary NLP [Natural Language Processing] methods, it might be that there is no human-understandable explanation as to why beyond: ‘his corpus of discourse resembles those of others whom we thought interesting'; or the conceptual opposite: ‘his discourse looks or sounds different from most people’s.'”

    If the algorithms NSA computers use to identify threats are too complex for humans to understand, Rogaway wrote, “it will be impossible to understand the contours of the surveillance apparatus by which one is judged. All that people will be able to do is to try your best to behave just like everyone else.”
     
    • Like
    Reactions: DLT
    EuroMode

    EuroMode

    Active Member
    NSA mass phone surveillance revealed by Edward Snowden ruled illegal

    The US court of appeals has ruled that the bulk collection of telephone metadata is unlawful, in a landmark decision that clears the way for a full legal challenge against the National Security Agency.

    A panel of three federal judges for the second circuit overturned an earlier ruling that the controversial surveillance practice first revealed to the US public by NSA whistleblower Edward Snowden in 2013 could not be subject to judicial review.

    But the judges also waded into the charged and ongoing debate over the reauthorization of a key Patriot Act provision currently before US legislators. That provision, which the appeals court ruled the NSA program surpassed, will expire on 1 June amid gridlock in Washington on what to do about it.

    The judges opted not to end the domestic bulk collection while Congress decides its fate, calling judicial inaction “a lesser intrusion” on privacy than at the time the case was initially argued.

    “In light of the asserted national security interests at stake, we deem it prudent to pause to allow an opportunity for debate in Congress that may (or may not) profoundly alter the legal landscape,” the judges ruled.

    But they also sent a tacit warning to Senator Mitch McConnell, the Republican leader in the Senate who is pushing to re-authorize the provision, known as Section 215, without modification: “There will be time then to address appellants’ constitutional issues.”

    “We hold that the text of section 215 cannot bear the weight the government asks us to assign to it, and that it does not authorize the telephone metadata program,” concluded their judgment.

    “Such a monumental shift in our approach to combating terrorism requires a clearer signal from Congress than a recycling of oft‐used language long held in similar contexts to mean something far narrower,” the judges added.

    “We conclude that to allow the government to collect phone records only because they may become relevant to a possible authorized investigation in the future fails even the permissive ‘relevance’ test.

    “We agree with appellants that the government’s argument is ‘irreconcilable with the statute’s plain text’.”

    The ruling, one of several in federal courts since the Guardian exposed the domestic bulk collection thanks to Snowden, immediately took on political freight.

    Senator Rand Paul, a Republican presidential candidate who has made opposition to over-broad surveillance central to his platform, tweeted: “The phone records of law abiding citizens are none of the NSA’s business! Pleased with the ruling this morning.”

    The White House stressed that it too supported an overhaul of the program, though declined to comment on the blow to the NSA’s existing legal authority.

    “We are in the process of evaluating the decision handed down this morning,” assistant press secretary Ned Price told the Guardian.

    “Without commenting on the ruling today, the president has been clear that he believes we should end the Section 215 bulk telephony metadata program as it currently exists by creating an alternative mechanism to preserve the program’s essential capabilities without the government holding the bulk data.

    “We continue to work closely with members of Congress from both parties to do just that, and we have been encouraged by good progress on bipartisan, bicameral legislation that would implement these important reforms,” added Price.

    But opponents in Congress were emphatic that the ruling represented a breakthrough in their fight to rein in executive overreach on surveillance.

    “Today’s court decision reaffirms what I’ve been saying since the Snowden leaks came to light. Congress never intended Section 215 to allow bulk collection,” said Republican Jim Sensenbrenner.

    “This program is illegal and based on a blatant misinterpretation of the law. It’s time for Congress to pass the USA Freedom Act in order to protect both civil liberties and national security with legally authorized surveillance.”

    “This is a huge step for individual Americans’ rights,” added leading Senate critic Ron Wyden.

    “Now that this program is finally being examined in the sunlight, the executive branch’s claims about its legality and effectiveness are crumbling. The president should end mass surveillance immediately. If not, Congress needs to finish the job and finally end this dragnet.”

    The American Civil Liberties Union, which led the initial legal challenge against director of national intelligence James Clapper, predicted that its victory on Thursday should force Congress to take a tougher approach.

    “The current reform proposals from Congress look anemic in light of the serious issues raised by the second circuit,” said the ACLU director, Anthony Romero. “Congress needs to up its reform game if it’s going to address the court’s concerns.”

    Leading reformers in the Senate also urged Senator McConnell to allow a vote on the reform-minded USA Freedom Act rather than attempt to simply update existing legislation when it expires in a few days time.

    “Congress should not reauthorize a bulk collection program that the court has found to violate the law,” said a joint statement from Democratic senator Patrick Leahy and Republican Mike Lee. “ We will not consent to any extension of this program … We urge the majority leader to bring the USA Freedom Act up for a vote next week after the House passes it.”

    But Senator McConnell initially appeared unconvinced despite the court’s ruling, insisting that the White House’s suggested alternative of having telephone companies retain data rather than the NSA was not an improvement.

    “The USA Freedom Act would replace Section 215 with an untested, untried and more cumbersome system,” said the Republican majority leader. “It would not end bulk collection of call data. Instead, it would have untrained, corporate employees with uncertain supervision and protocols do the collecting. So it switches this responsibility from the NSA, with total oversight, to corporate employees with uncertain supervision and protocols.”

    The original ruling against the ACLU from Judge William Pauley, a Clinton appointee to the southern district of New York, argued that al-Qaida’s “bold jujitsu” strategy to marry seventh century ideology with 21st century technology made it imperative that government authorities be allowed to push privacy boundaries.

    But Thursday’s appeal court ruling in New York, by circuit judges Robert Sack and Gerard Lynch and district judge Vernon Broderick, overturns that and forces the district court to hear a full challenge to the constitutionality of the NSA’s behavior.

    “The government has pointed to no affirmative evidence … that suggests that Congress intended to preclude judicial review,” said Lynch.

    source guardian
     
    J. Abizeid

    J. Abizeid

    Well-Known Member

    Court Rules NSA Bulk Spying Illegal: New Vindication for Snowden, and Uncertainty for PATRIOT Act
     
    J. Abizeid

    J. Abizeid

    Well-Known Member
    Speech Recognition is NSA's Best-Kept Open Secret - The Intercept

    The Computers are Listening
    Speech Recognition is NSA’s Best-Kept Open Secret

    Siri can understand what you say. Google can take dictation. Even your new smart TV is taking verbal orders.

    So is there any doubt the National Security Agency has the ability to translate spoken words into text?

    But precisely when the NSA does it, with which calls, and how often, is a well-guarded secret.

    It’s not surprising that the NSA isn’t talking about it. But oddly enough, neither is anyone else: Over the years, there’s been almost no public discussion of the NSA’s use of automated speech recognition.

    One minor exception was in 1999, when a young Australian cryptographer named Julian Assange stumbled across an NSA patent that mentioned “machine transcribed speech.”

    Assange, who went on to found WikiLeaks, said at the time: “This patent should worry people. Everyone’s overseas phone calls are or may soon be tapped, transcribed and archived in the bowels of an unaccountable foreign spy agency.”

    The most comprehensive post-Snowden descriptions of NSA’s surveillance programs are strangely silent when it comes to speech recognition. The report from the President’s Review Group on Intelligence and Communications Technologies doesn’t mention it, and neither does the October 2011 FISA Court ruling, or the detailed reports from the Privacy and Civil Liberties Oversight Board.

    There is some mention of speech recognition in the “Black Budget” submitted to Congress each year. But there’s no clear sign that anybody on the Hill has ever really noticed.

    As The Intercept reported on Tuesday, items from the Snowden archive document the widespread use of automated speech recognition by the NSA.

    The strategic advantage, invasive potential and policy implications of being able to turn spoken words into text are not trivial: Suddenly, voice conversations, historically considered ephemeral and unsearchable, can be scanned, catalogued and archived — not perfectly, but well enough to dramatically increase the effective scope of eavesdropping.

    Former senior NSA executive turned whistleblower Thomas Drake, who’s seen NSA’s automated speech recognition at work, says the silence is telling.

    “You’re seeing a black hole,” Drake told The Intercept. “That means there’s something there that’s really significant. You’re seeing some of the fuzzy contours of this whole other program.”

    Not Technically a Secret
    The NSA’s ability to turn voice into text, interestingly enough, is not technically a secret.

    And speech recognition technology has been heavily — and openly — funded by the Defense Advanced Research Project Agency (DARPA) since the early 1970s.

    The latest of DARPA’s many public research projects in that area is the Robust Automatic Transcription of Speech program, known as RATS, which focuses on “noisy or degraded speech signals that are important to military intelligence.”

    Meanwhile, DARPA’s intelligence-world counterpart, IARPA, announced the Babel Program in 2011, with its goal of “developing agile and robust speech recognition technology that can be rapidly applied to any human language in order to provide effective search capability for analysts to efficiently process massive amounts of real-world recorded speech.”

    Despite openly announcing its speech-to-text program, IARPA declined an interview request by The Intercept.

    Robert Litt, who as general counsel for the Office of the Director of National Intelligence is the intelligence community’s chief lawyer, was asked about the NSA’s speech-to-text capabilities at a forum on transparency on Capitol Hill on Friday.

    He took the opportunity to lash out at The Intercept’s reporting: “I think that story is a great example of what is wrong with a lot of media coverage of this,” he said. “That story made absolutely no distinction between technical capabilities and legal authorities. There are all sorts of technical capabilities that NSA has. I’m not commenting on the existence or nonexistence of any such authority. The question is when are they used and what are the legal authorities under which they are used. And I think that that’s something that a lot of the press reporting completely ignores, including that story you wrote.”

    Asked to explain in what ways the use of speech-to-text is limited, Litt repeatedly refused to even acknowledge its existence.

    “I’m not saying that the government isn’t using these techniques. I am not acknowledging that these techniques exist even.”

    You won’t hear much about the use of speech recognition for surveillance in academe, either.

    Researchers in the field are divided between those who don’t take NSA funding, and can only speculate about what goes on over there — and those who do take NSA funding, but won’t say what they know.

    “There’s a lot of weird hush-hush that goes on,” said Bhiksha Raj, an associate professor at Carnegie Mellon University’s Language Technologies Institute, who said he does not receive NSA funding. “Academics who work for the NSA must go through various clearances. They sign several papers. They hold closed meetings that are only attended by people with clearances.”

    Some non-NSA affiliated academics were once “quite keen” on seeing how the NSA was faring in the face of the technical challenges in the field, Steve Young, a professor of information engineering at the University of Cambridge, recalled. “But unless you actually work for the NSA and you’ve been vetted, you’re not going to get close to the real data.”

    Ironically, even GCHQ, NSA’s intelligence partner in the U.K., has complained about DARPA and NSA’s secrecy. A 2009 GCHQ assessment of speech-to-text technology said that “The DARPA evaluation programme, with significant steer from NSA, has been the main driving force behind technology improvements in the field. Unfortunately, the results of the evaluations are not put in the public domain, making reference difficult.”

    All the secrecy has an obvious advantage for the NSA. If the NSA can keep their speech-recognition capabilities secret, nobody can tell them what to do. And if nobody knows what they are doing, then nobody can tell them to stop.

    Senator Ron Wyden, D-Ore., arguably the foremost congressional critic of NSA overreach, wouldn’t comment directly on the question of speech recognition. But, he said through a spokesperson: “After 14 years on the Intelligence Committee, I’ve learned that senators must be constantly on the lookout for secret interpretations of the law and advances in surveillance that Congress isn’t aware of.”

    He added: “For centuries, individual privacy was protected in part by the limited resources of governments. It simply wasn’t possible for governments to secretly collect information on every single citizen without investing in massive networks of spies and informants. But in the 21st century mass surveillance is no longer difficult and expensive — it’s increasingly cheap and easy. The only privacy protections that will matter in the future are the ones that are written into law and defended by public demand for freedom and openness.”
     
    J. Abizeid

    J. Abizeid

    Well-Known Member
    Greatest Threat to Free Speech Comes Not From Terrorism, But From Those Claiming to Fight it - The Intercept

    Greatest Threat to Free Speech Comes Not From Terrorism, But From Those Claiming to Fight it



    We learned recently from Paris that the western world is deeply and passionately committed to free expression and ready to march and fight against attempts to suppress it. That’s a really good thing, since there are all sorts of severe suppression efforts underway in the west – perpetrated not by The Terrorists but by the western politicians claiming to fight them.

    One of the most alarming examples comes, not at all surprisingly, from the UK Government, which is currently agitating for new counter-terrorism powers “including plans for extremism disruption orders designed to restrict those trying to radicalize young people.” Here are the powers which the British Freedom Fighters and Democracy Protectors are seeking:

    They would include a ban on broadcasting and a requirement to submit to the police in advance any proposed publication on the web and social media or in print. The bill will also contain plans for banning orders for extremist organisations which seek to undermine democracy or use hate speech in public places, but it will fall short of banning on the grounds of provoking hatred.

    It will also contain new powers to close premises including mosques where extremists seek to influence others. The powers of the Charity Commission to root out charities that misappropriate funds towards extremism and terrorism will also be strengthened.

    In essence, advocating any ideas or working for any political outcomes regarded by British politicians as “extremist” will not only be a crime, but can be physically banned in advance. Basking in his election victory, Prime Minister David Cameron unleashed this Orwellian decree to explain why new Thought Police powers are needed: “For too long, we have been a passively tolerant society, saying to our citizens ‘as long as you obey the law, we will leave you alone.'” It’s not enough for British subjects merely to “obey the law”; they must refrain from believing in or expressing ideas which Her Majesty’s Government dislikes.

    If all that sounds menacing, tyrannical and even fascist to you — and really, how could it not? “extremism disruption orders” — you should really watch this video of Tory Home Secretary Theresa May try to justify the bill in an interview on BBC this morning. When pressed on what “extremism” means – specifically, when something crosses the line from legitimate disagreement into criminal “extremism” – she evades the question completely, instead repeatedly invoking creepy slogans about the need to stop those who seek to “undermine Our British Values” and, instead, ensure “we are together as one society, One Nation” (I personally believe this was all more lyrical in its original German). Click here to watch the video and see the face of western authoritarianism, advocating powers in the name of Freedom that are its very antithesis.

    Threats to free speech can come from lots of places. But right now, the greatest threat by far in the west to ideals of free expression is coming not from radical Muslims, but from the very western governments claiming to fight them. The increasingly unhinged, Cheney-sounding governments of the UK, Australia, France, New Zealand and Canada — joining the U.S. — have a seemingly insatiable desire to curb freedoms in the name of protecting them: prosecuting people for Facebook postings critical of Western militarism or selling “radical” cable channels, imprisoning people for “radical” tweets, banning websites containing ideas they dislike, seeking (and obtaining) new powers of surveillance and detention for those people (usually though not exclusively Muslim citizens) who hold and espouse views deemed by these governments to be “radical.”

    Anticipating Prime Minister Cameron’s new “anti-extremist” bill (to be unveiled in the “Queen’s Speech”), University of Bath Professor Bill Durodié said that “the window for free speech has now been firmly shut just a few months after so many political leaders walked in supposed solidarity for murdered cartoonists in France.” Actually, there has long been a broad, sustained assault in the west on core political liberties – specifically due process, free speech and free assembly – perpetrated not by “radical Muslims” but by those who endlessly claim to fight them. Sadly, and tellingly, none of that has triggered parades or marches or widespread condemnation by western journalists and pundits. But for those who truly believe in principles of free expression – as opposed to pretending to when it allows one to bash the Other Tribe – these are the assaults that need marches and protests.
     
    J. Abizeid

    J. Abizeid

    Well-Known Member
    House votes to end spy agencies' bulk collection of phone data| Reuters

    Wed May 13, 2015 6:44pm EDT
    House votes to end spy agencies' bulk collection of phone data



    An undated aerial handout photo shows the National Security Agency (NSA) headquarters building in Fort Meade, Maryland.
    Reuters/NSA/Handout/Files


    WASHINGTON The U.S. House of Representatives approved a bill on Wednesday that would end spy agencies' bulk collection of Americans' telephone data, setting up a potential showdown with the U.S. Senate over the program, which expires on June 1.

    The House voted 338-88 for the USA Freedom Act, which would end the bulk collection and instead give intelligence agencies access to telephone data and other records only when a court finds there is reasonable suspicion about a link to international terrorism.

    The strong support in the House by both Democrats and Republicans could increase pressure on Republican Senate Majority Leader Mitch McConnell to allow a vote on the bill.

    McConnell and several other senior Republican senators have said they would rather renew the existing bulk data collection program, authorized under the USA Patriot Act, passed in the wake of the Sept. 11, 2001, attacks.

    But continuing the program, which has concerned many privacy advocates since it was exposed in 2013 by former National Security Agency contractor Edward Snowden, would face strong resistance in the House.

    At least two senators - Republican Rand Paul, a 2016 presidential candidate, and Democrat Ron Wyden - have pledged to filibuster any attempt to extend the plan.

    Mostly framed so far as dealing with bulk collection of domestic telephone "metadata," the bipartisan USA Freedom Act addresses activities much broader than phone calls, said government officials and private experts.

    They said the FBI has used the Patriot Act and court rulings to gather records of hotel stays and international wire transfers by companies such as Western Union.

    Under the Freedom Act, such powers would remain in place, but investigators' data-collection power would be narrowed to cases where the government sets out tightly targeted "specific selection terms."

    "The big news in the USA Freedom Act is to limit bulk collection programs," said Georgia Institute of Technology professor Peter Swire, who served on a review commission appointed by President Barack Obama after Snowden's disclosures.

    "One (court) order would no longer authorize a bulk collection program, whether for telephone metadata or for other purposes," Swire said.

    Debate on the Freedom Act has been driven by the impending June 1 expiration of portions of the Patriot Act, which backers say provides essential counter-terrorism tools.

    Senior Senate Republicans, including McConnell and John McCain, chairman of the Senate Armed Services Committee, want the Patriot Act provisions extended through 2020.

    McCain said he and his fellow Republicans had intense discussions about the Freedom Act throughout a party lunch on Wednesday but he did not know what would happen.

    "Your guess is as good as mine," he told Reuters.

    The White House said Obama supports the Freedom Act reforms and would sign the bill into law.
     
    J. Abizeid

    J. Abizeid

    Well-Known Member


    The domestic surveillance program uncovered by contractor Edward Snowden has split the nation over whether the NSA’s bulk collection on phone data goes too far against the privacy rights of Americans. But on Wednesday, the House easily voted to end this practice, and sent the bill to the Senate. Image: AP
     
    J. Abizeid

    J. Abizeid

    Well-Known Member
    Edward Snowden Cheers On Rand Paul - The Intercept

    Edward Snowden Cheers On Rand Paul




    NSA whistleblower Edward Snowden on Thursday praised Sen. Rand Paul’s ten-and-a-half hour takeover of the Senate floor on Wednesday in protest of the Patriot Act.

    Snowden, whose revelations about mass surveillance two years ago may finally result in reform legislation this week, said in a Reddit “Ask Me Anything” discussion that Paul’s action “represents a sea change from a few years ago, when intrusive new surveillance laws were passed without any kind of meaningful opposition or debate.”

    Paul, who is running for the Republican presidential nomination, spent much of his time on the floor criticizing the massive surveillance regime that Snowden exposed by leaking top-secret documents to journalists.

    It was all for show — Paul’s self proclaimed “filibuster” (minibuster? fauxbuster?) had no practical effect on upcoming Senate votes, although it did give his presidential campaign a boost. The Senate is due to vote in the next several days on the USA Freedom Act, which passed the House overwhelmingly last week, and which would eliminate one — but only one — of the programs Snowden disclosed: the bulk collection of domestic phone records.

    Senate Majority Leader Mitch McConnell, R-Ky., has said he would prefer to simply renew the three Patriot Act provisions that expire on June 1, including the one that officials say justifies the bulk collection, but he is in a small minority, and his proposal may not even come to a vote.

    Snowden wrote:

    Whatever you think about Rand Paul or his politics, it’s important to remember that when he took the floor to say “No” to any length of reauthorization of the Patriot Act, he was speaking for the majority of Americans — more than 60% of whom want to see this kind of mass surveillance reformed or ended.

    He was joined by several other senators who disagree with the Senate Majority leader’s efforts to sneak through a reauthorization of what courts just weeks ago declared was a comprehensively unlawful program, and if you notice that yours did not take to the floor with him, you should call them right now (1-920-END-4-215) and ask them to vote against any extension of the Patriot Act, because the final vote is being forced during the dark of a holiday weekend to shield them from criticism.

    Snowden, who appeared on Reddit from Moscow, shared the online discussion with ACLU Deputy Director Jameel Jaffer.

    In response to one commenter who noted that Paul was his senator, Snowden wrote:

    If Paul is your Senator, then Mitch McConnell is also from your state. He’s the one spearheading the effort to reauthorize the same program the Second Circuit just ruled is unlawful.

    Don’t send an email, make his phone ring. (ACLU tells me you can get your senator from any phone via 1-920-END-4-215)

    Snowden urged readers “to correct misinformation whenever you see this topic being debated.” He even supplied his own bullet points:

    • Supporters of mass surveillance say it keeps us safe. The problem is that that’s an allegation, not a fact, and there’s no evidence at all to support the claim. In fact, a White House review with unrestricted access to classified information found that not only is mass surveillance illegal, it has never made a concrete difference in even one terrorism investigation.
    • Some claim the Senate should keep Section 215 of the Patriot Act (which will be voted on in two days) because we need “more time for debate,” but even in the US, the public has already decided: 60% oppose reauthorization. This unconstitutional mass surveillance program was revealed in June 2013 and has been struck down by courts twice since then. If two years and two courts aren’t enough to satisfy them, what is?
    • A few try to say that Section 215 is legal. It’s not. Help them understand.
    • The bottom line is we need people everywhere — in the US, outside the US, and especially within their own communities — to push back and challenge anybody defending these programs. More than anything, we need to ordinary people to make it clear that a vote in favor of the extension or reauthorization of mass surveillance authorities is a vote in favor of a program that is illegal, ineffective, and illiberal.
    Asked if he thought the government might continue with the collection of bulk phone records despite losing what it says is its legal authority for doing so, Snowden replied:

    There are always reasons to be concerned that regardless of the laws passed, some agencies in government (FBI, NSA, CIA, and DEA, for example, have flouted laws in the past) will miscontrue the intent of Congress in passing limiting laws — or simply disregard them totally. For example, the DOJ’s internal watchdog, the Office of the Inspector General (OIG) released a report claiming, among other abuses, that it could simply refuse to tell government oversight bodies what exactly it was doing, so the legality or illegality of their operations simply couldn’t be questioned at all.

    However, that’s no excuse for the public or Congress to turn a blind eye to unlawful or immoral operations — and the kind of mass surveillance happening under Section 215 of the Patriot Act right now is very much unlawful: the Courts ruled just two weeks ago that not only are these activities illegal, but they have been since the day the programs began.

    And asked if, during his now-famous interview with John Oliver, Oliver had really handed him a “picture of his junk” (you simply must watch the segment, if you haven’t already), Snowden replied with a unicode emoticon known as a “Lenny Face“:


     
    J. Abizeid

    J. Abizeid

    Well-Known Member
    NSA Planned to Hijack Google App Store to Hack Smartphones - The Intercept

    NSA Planned to Hijack Google App Store to Hack Smartphones




    The National Security Agency and its closest allies planned to hijack data links to Google and Samsung app stores to infect smartphones with spyware, a top-secret document reveals.

    The surveillance project was launched by a joint electronic eavesdropping unit called the Network Tradecraft Advancement Team, which includes spies from each of the countries in the “Five Eyes” alliance — the United States, Canada, the United Kingdom, New Zealand and Australia.

    The top-secret document, obtained from NSA whistleblower Edward Snowden, was published Wednesday by CBC News in collaboration with The Intercept. The document outlines a series of tactics that the NSA and its counterparts in the Five Eyes were working on during workshops held in Australia and Canada between November 2011 and February 2012.

    The main purpose of the workshops was to find new ways to exploit smartphone technology for surveillance. The agencies used the Internet spying system XKEYSCORE to identify smartphone traffic flowing across Internet cables and then to track down smartphone connections to app marketplace servers operated by Samsung and Google. (Google declined to comment for this story. Samsung said it would not be commenting “at this time.”)

    As part of a pilot project codenamed IRRITANT HORN, the agencies were developing a method to hack and hijack phone users’ connections to app stores so that they would be able to send malicious “implants” to targeted devices. The implants could then be used to collect data from the phones without their users noticing.

    Previous disclosures from the Snowden files have shown agencies in the Five Eyes alliance designed spyware for iPhones and Android smartphones, enabling them to infect targeted phones and grab emails, texts, web history, call records, videos, photos and other files stored on them. But methods used by the agencies to get the spyware onto phones in the first place have remained unclear.

    The newly published document shows how the agencies wanted to “exploit” app store servers – using them to launch so-called “man-in-the-middle” attacks to infect phones with the implants. A man-in-the-middle attack is a technique in which hackers place themselves between computers as they are communicating with each other; it is a tactic sometimes used by criminal hackers to defraud people. In this instance, the method would have allowed the surveillance agencies to modify the content of data packets passing between targeted smartphones and the app servers while an app was being downloaded or updated, inserting spyware that would be covertly sent to the phones.




    But the agencies wanted to do more than just use app stores as a launching pad to infect phones with spyware. They were also keen to find ways to hijack them as a way of sending “selective misinformation to the targets’ handsets” as part of so-called “effects” operations that are used to spread propaganda or confuse adversaries. Moreover, the agencies wanted to gain access to companies’ app store servers so they could secretly use them for “harvesting” information about phone users.

    The project was motivated in part by concerns about the possibility of “another Arab Spring,” which was sparked in Tunisia in December 2010 and later spread to countries across the Middle East and North Africa. Western governments and intelligence agencies were largely blindsided by those events, and the document detailing IRRITANT HORN suggests the spies wanted to be prepared to launch surveillance operations in the event of more unrest.

    The agencies were particularly interested in the African region, focusing on Senegal, Sudan and the Congo. But the app stores targeted were located in a range of countries, including a Google app store server located in France and other companies’ app download servers in Cuba, Morocco, Switzerland, Bahamas, the Netherlands and Russia. (At the time, the Google app store was called the “Android Market”; it is now named Google Play.)

    Another major outcome of the secret workshops was the agencies’ discovery of privacy vulnerabilities in UC Browser, a popular app used to browse the Internet across Asia, particularly in China and India. Though UC Browser is not well-known in Western countries, its massive Asian user base, a reported half billion people, means it is one of the most popular mobile Internet browsers in the world.

    According to the top-secret document, the agencies discovered that the UC Browser app was leaking a gold mine of identifying information about its users’ phones. Some of the leaking information apparently helped the agencies uncover a communication channel linked to a foreign military unit believed to be plotting “covert activities” in Western countries. The discovery was celebrated by the spies as an “opportunity where potentially none may have existed before.”

    Citizen Lab, a human rights and technology research group based at the University of Toronto, analyzed the Android version of the UC Browser app for CBC News and said it identified “major security and privacy issues” in its English and Chinese editions. The Citizen Lab researchers have authored their own detailed technical report outlining the many ways the app has been leaking data, including some users’ search queries, SIM card numbers and unique device IDs that can be used to track people.

    Citizen Lab alerted UC Browser to the security gaps in mid-April; the company says it has now fixed them by rolling out an update for the app. A spokesperson for UC Browser’s parent company, Chinese e-commerce giant the Alibaba Group, told CBC News in a statement that it took security “very seriously and we do everything possible to protect our users.” The spokesperson added that the company had found “no evidence that any user information has been taken” — though it is not likely that surveillance of the leaking data would have been detectable.

    The case strikes at the heart of a debate about whether spy agencies are putting ordinary people at risk by secretly exploiting security flaws in popular software instead of reporting them so that they can be fixed.

    According to Citizen Lab Director Ron Deibert, the UC Browser vulnerability not only exposed millions of the app’s users to surveillance carried out by any number of governments — but it could also have been exploited by criminal hackers to harvest personal data.

    “Of course, the security agencies don’t [disclose the information],” Deibert said. “Instead, they harbor the vulnerability. They essentially weaponize it.” Taking advantage of weaknesses in apps like UC Browser “may make sense from a very narrow national security mindset,” Deibert added, “but it’s at the expense of the privacy and security of hundreds of millions of users worldwide.”

    The revelations are the latest to highlight tactics adopted by the Five Eyes agencies in their efforts to hack computers and exploit software vulnerabilities for surveillance. Last year, The Intercept reported that the NSA has worked with its partners to dramatically increase the scope of its hacking attacks and use of “implants” to infect computers. In some cases, the agency was shown to have masqueraded as a Facebook server in order to hack into computers.

    The Intercept and CBC News contacted each of the Five Eyes agencies for comment on this story, but none would answer questions on record about any of the specific details.

    A spokesperson for Canada’s Communications Security Establishment said that the agency was “mandated to collect foreign signals intelligence to protect Canada and Canadians from a variety of threats to our national security, including terrorism,” adding that it “does not direct its foreign signals intelligence activities at Canadians or anywhere in Canada.”

    British agency Government Communications Headquarters said that its work was “carried out in accordance with a strict legal and policy framework, which ensures that our activities are authorised, necessary and proportionate.”

    Australia’s Signals Directorate said it was “long-standing practice” not to discuss intelligence matters and would not comment further.

    New Zealand’s Government Communications Security Bureau said that it has “a foreign intelligence mandate” and that everything it does is “explicitly authorised and subject to independent oversight.”

    The NSA had not responded to repeated requests for comment at time of publication.
     
    Top