Items tagged with Snowden
One of the most troubling facts that came out of Edward Snowden's disclosures last year was the degree to which the government has relied on National Security Letters to compel companies to reveal information about their clients without producing a warrant. Many NSLs were accompanied by non-disclosure orders that forbade the receiving company from revealing to the accused that their information had been demanded. Microsoft had previously gone to court over such tactics and today, the details of the company's strategic victory became public for the first time. Last year, the FBI demanded information on an unidentified Office 365 enterprise customer and included a non-disclosure requirement alongside...
Read more...
Earlier this week, Apple released an updated set of legal guidelines spelling out exactly what it can and cannot access on your iDevice, what material it will turn over to the police, and under which circumstances it will surrender it. What's particularly interesting is the split response we've seen from different corners of the Internet. Everything Apple does tends to generate attention, but this particular set of announcements is getting a great deal of press -- and two very different narratives have emerged over what it means. Some readers and authors have reacted rather poorly to news that Apple can access user information even without knowing the passcode key. As my colleague, Rob Williams...
Read more...
A new comprehensive writeup at The Intercept claims to reveal additional details of the NSA's plans to infiltrate and conquer the Internet -- as well as its desire to bring virtually all data, everywhere, within its reach. A year ago, this kind of claim would've sounded like hyperbolic conspiracy theory, but no longer. Whether the NSA could ever effectively analyze that information is very much an open question, but the organization has launched a huge number of programs to pursue these ends. Own The Web What The Intercept report details is the NSA's plan for infiltrating target networks, right down to individual PCs. There are a dizzying number of codenames -- TURBINE is the automated system...
Read more...
The United States Government has filed a lawsuit against Sprint Communications requesting triple damages to the tune of $63M. Sprint's crime? Overcharging the NSA, FBI, and various other government agencies for the cost of spying on millions of Americans and turning their data over to the government. This is another "unintended consequence" of the Snowden revelations last year, though likely not one anyone anticipated. In the past, the government would've had no choice but to conduct this kind of action behind the tightest of closed doors, lest secrets leak that would reveal to the American people exactly how monitored our telecommunications are. Now, in the wake of the Snowden leaks, there's...
Read more...
If you’ve ever wondered how exactly NSA whistleblower Edward Snowden was able to access as much as he did, it’s apparently because he had help. According to an L.A. Times report, at least three other NSA workers helped him--wittingly or not. An NSA memo says that one of the three was an active-duty military member, while another was a civilian contractor like Snowden. No details were revealed about those two, including whether or not they worked with Snowden at his NSA location in Hawaii, but it does say that they have both been barred from accessing NSA systems since then. Edward Snowden (Credit: The Guardian) The third individual was a civilian employee who, it turns out, let Snowden...
Read more...
Facebook is facing a lawsuit from two users who allege that the company's "private" messaging is anything of the sort. We've seen a number of these cases over the years, going all the way back to Google's ad-crawling for Gmail, and it's generally known that if you use a service, company's are going to attempt to monetize your input. In Facebook's case, that includes all the things you post, the things you don't post, and apparently, even your private messages. Over the past few years, Facebook has been caught handing over user information to advertisers (including names and user IDs, despite promises to anonymize the information). According to the complaint, however, FB has been caught "clicking"...
Read more...
A fresh set of allegations and disclosures by der Spiegel claim that the NSA operates a Tailored Access Operations program designed to dig into spy targets conventionally perceived as "ungettable" for the purpose of extending the institutions global reach. The program has targeted individuals, companies, government institutions, and infrastructure, with tentacles that allegedly reach into nearly every facet of modern life. One facet of the program that's gotten quite a bit of attention is the NSA's ability to intercept packages shipped to targets, insert malware and other monitoring programs, and then ship the hardware to its intended destination. Der Spiegel reports that this interdiction gives...
Read more...
According to a new report, the NSA once paid the RSA Security $10M to implement a flawed security standard as the default protocol in its products. This new information builds on allegations from September that claimed the RSA had deployed a flawed, broken cryptographic standard. The new allegations, like much of what we've learned about the modern National Security Agency, comes from the files one-time Booz Allen contractor Edward Snowden began releasing this spring. If true, the blowback could destroy the RSA's credibility in the cryptographic world. The practical fallout from this news is likely to be relatively small. The standard in question is called Dual_EC_DRBG. It was first put forward...
Read more...
A new report from the Dutch news site NRC Handelsblad (NRC for short) is claiming that the NSA has used its own malware to infect and compromise some 50,000 additional networks. The revelation apparently comes courtesy of the treasure trove of documents Snowden released, though the NSA has refused to confirm or deny its capabilities. According to the report, the techniques used to disseminate the malware across thousands of networks are similar to an already-leaked story concerning Belgian ISP Belgacom. The GCHQ and NSA are accused of loading malware into Belgacom's servers allowing them to spy on the traffic running across the network without permission or legal authority to do so. The bulk...
Read more...
Microsoft's onetime Chief Privacy Advisor, Caspar Bowden, has come out with a vote of no-confidence in the company's long-term privacy measures and ability or interest to secure user data in the wake of the NSA's PRISM program. From 2002 - 2011, Bowden was in charge of privacy at Microsoft, and oversaw the company's efforts in that area in more than 40 countries, but claims to have been unaware of the PRISM program's existence while he worked at the company. In the two years since leaving Microsoft, Bowden has ceased carrying a cell phone and become a staunch open source user, claiming that he no longer trusts a program unless he can see the source. "The public now has to think about the...
Read more...
Over the past few months, as the Snowden leaks have exposed increasing levels of detail about the scope and nature of the NSA's "oversight" of the Internet, there's been a great deal of discussion on how users can protect themselves. The latest leaks from the Guardian, New York Times, and Pro Publica shed light on just how futile such efforts may be. According to the latest disclosures, the NSA has cracked key encryption algorithms that formerly protected large swathes of Internet traffic, and it did so back in 2010. Previously, many such efforts were thought to be effectively impossible due to the nature and complexity of hardware required to make the job happen. It's now clear that the NSA...
Read more...
Facebook's search for new sources of revenues continues unabated -- and this time, the company wants to target your own profile phtoos for inclusion in its database. That's a change from the previous system, in which users were only scanned if other people tagged them first. Your own profile photos weren't automatically added to the database in this fashion. According to Facebook, "Tag Suggest is a tool that helps Facebook users tag their friends in photographs more quickly and easily -- something people love to do on Facebook." The problem, of course, is that in the wake of Snowden's NSA unveils, it's not hard to see why a database capable of identifying tens of millions of people built on voluntarily...
Read more...
One of the contentious issues that's swirled around the NSA since whistleblower Edward Snowden began leaking information on the organization's capabilities is exactly what it can -- or can't -- do. Snowden has stated that as a contractor with Booz Allen Hamilton, "I, sitting at my desk, certainly had the authorities to wiretap anyone, from you, or your accountant, to a federal judge, to even the President if I had a personal email." The NSA has strongly denied these claims, arguing that it had neither the technological capability to engage in such monitoring nor the authority to do so. The authority question may be up for discussion, but new leaks from The Guardian today have blown gaping...
Read more...
A new report (albeit from unnamed industry sources, not Edward Snowden) alleges that the government has used the broad powers granted it by the Patriot Act to demand broad information about a user's passwords, website security, and even encryption information from service providers. The benefits of having this type of information are enormous, as it theoretically allows the government to directly monitor an account as email is sent and received. Email is typically the central repository for website login data and username/password information at any number of sites; it's used as identity verification when resetting mobile passwords or as part of the security process when accessing a secured site...
Read more...
We've covered the NSA revelations and subsequent government petitions at some length, but here's a new twist to the story of the government's pervasive monitoring program -- a view of the activity from an ISP's perspective. According to Pete Ashdown, the CEO of XMission, a Utah ISP, the company received its first FISA warrant "request" in 2010. There's no way to challenge FISA warrants and no legal recourse -- so Ashdown had no choice but to install a server, one of the NSA's own machines, in their data center. The technical aspects of the situation are remarkably straightforward. The NSA sent over a server (Ashdown was only allowed to take technical notes on how the unit was to be deployed)....
Read more...
Edward Snowden's leaks have shaken something loose in the IT industry. For years, companies have been afraid to talk about the requests and data sharing procedures the NSA and FBI have forced upon them as a result of the Patriot Act. Companies that went to court to fight these demands lost, and lost in silence, forbidden to even reveal that such requests were taking place. Now that the programs are common knowledge, multiple corporations have joined in to demand the right to tell us just how they participate in NSA requests. Today, a coalition of 63 companies, non-profits, and organizations issued a letter requesting the right to communicate the following: The number of government requests for...
Read more...
Microsoft is smarting in the wake of the Guardian's discussion of how chummy it's gotten with the NSA over the past few years, and the company wants permission to clarify its relationship with the federal government. To that end, the company has sent a follow-up letter to the Attorney General's office, asking it to please address the petition it filed in court back on June 19. Redmond is undoubtedly smarting at the accolades being heaped on Yahoo and its repeated court battles on behalf of its users, and wants an opportunity to clear the air. The company's new letter to Eric Holder states: When the Department and FBI denied our requests to share more information, we went to the Foreign Intelligence...
Read more...
For months, there've been questions regarding just how secure Skype's encryption was. After Microsoft bought the VOIP company it began moving to a more centralized node structure that made it easier to scale the product but at the cost of intrinsic security. Now, it seems such concerns were valid -- new leaked documents from The Guardian allege that the NSA has an effective backdoor to all of Microsoft's online products including Skype, Outlook, and SkyDrive. While The Guardian doesn't have any slides to show this time around, it suggests that Microsoft has gone beyond the minimal amount of grudging cooperation mandated by law. The company has reportedly helped the NSA "understand" certain alias...
Read more...
The controversy surrounding news of the NSA’s wide-ranging spying tactics is causing ripples in other aspects of U.S. – European Union relations. Based on information released by Edward Snowden, the former NSA contractor, the EU voted to support its own commission in the event the commission decides end data sharing agreements between the EU and the U.S. The commission is investigating both the reach of the NSA’s spying tactics as well as reports that the U.K. has been involved in a similar spying program. European Parliament The vote could prove to be an important one because of the data that is being shared between the EU and U.S. at the moment. In particular, flight passenger...
Read more...
