Good for Google

According to Declan McCullagh at c|net, Google is experimenting with encrypting customer files on its cloud service called Drive. This is the kind of customer service that should be standard throughout all cloud services.

Google has begun experimenting with encrypting Google Drive files, a privacy-protective move that could curb attempts by the U.S. and other governments to gain access to users’ stored files.

Two sources told CNET that the Mountain View, Calif.-based company is actively testing encryption to armor files on its cloud-based file storage and synchronization service. One source who is familiar with the project said a small percentage of Google Drive files is currently encrypted.

The move could differentiate Google from other Silicon Valley companies that have been the subject of ongoing scrutiny after classified National Security Agency slides revealedthe existence of government computer software named PRISM. The utility collates data that the companies are required to provide under the Foreign Intelligence Surveillance Act — unless, crucially, it’s encrypted and the government doesn’t possess the key.

“Mechanisms like this could give people more confidence and allow them to start backing up potentially their whole device,” said Seth Schoen, senior staff technologist at theElectronic Frontier Foundation in San Francisco.

The Edward Snowden revelations of massive surveillance of American citizens, and their records, will continue to push companies to fight back. There is no law in the United States banning encryption of data, although the Federal government tried and failed in the past to ban all encryption that did not include a government “back door.”

Back in the 1990s, in what’s remembered as the crypto wars, the FBI and NSA argued that national security would be endangered if they did not have a way to spy on encrypted e-mails, IMs and phone calls. After a long protracted battle, the security community prevailed after mustering detailed technical studies and research that concluded that national security was actually strengthened by wide use of encryption to secure computers and sensitive business and government communications.

Obama administration continued Bush email spy program for two years (updated x2)

The latest from The Guardian:

The Obama administration for more than two years permitted the National Security Agency to continue collecting vast amounts of records detailing the email and internet usage of Americans, according to secret documents obtained by the Guardian.

The documents indicate that under the program, launched in 2001, a federal judge sitting on the secret surveillance panel called the Fisa court would approve a bulk collection order for internet metadata ”every 90 days”. A senior administration official confirmed the program, stating that it ended in 2011.

The collection of these records began under the Bush administration’s wide-ranging warrantless surveillance program, collectively known by the NSAcodename Stellar Wind.

According to a top-secret draft report by the NSA’s inspector general – published for the first time today by the Guardian – the agency began “collection of bulk internet metadata” involving “communications with at least one communicant outside the United States or for which no communicant was known to be a citizen of the United States”.

Eventually, the NSA gained authority to “analyze communications metadataassociated with United States persons and persons believed to be in the United States”, according to a 2007 Justice Department memo, which is marked secret.

And, although that program was stopped in 2011, a similar program replaced it.

Read the full Guardian article here and access the draft Inspector General report that lays it all out, chapter and verse.

The Guardian is also reporting the following regarding James Comey, Obama’s nominee for head of the FBI:

James Comey famously threatened to resign from the Justice Department in 2004 over the warrantless surveillance of Americans’ internet records. But once Justice Department and National Security Agency lawyers found a novel legal theory to cover the surveillance, the man Barack Obama tapped last week to lead the FBI stayed on as deputy attorney general for another year as the monitoring continued.

Update: More from The Washington Post:

A remarkable document released by The Guardian gives the public its first in-depth look at the legal process that justified the dragnet surveillance programs undertaken during President George W. Bush’s first term. And they make clear that lots of people involved in the process — government lawyers, judges, and the lawyers of private telecommunications companies — believed the Bush administration had stepped over the legal line.

* * *

But rather than asking Congress to amend FISA, President Bush took the law into his own hands on Oct. 4, 2001. He signed an “Authorization,” drafted by vice presidential counsel David Addington, purporting to give the NSA broad authority to intercept telephone and Internet communications if at least one party to the communication was located outside the United States.

The White House Office of Legal counsel wrote a legal opinion defending the legality of wiretapping based on Bush’s Authorization. The White House refused two requests by NSA lawyers to see this document, though Addington did “read a few paragraphs of the opinion” over the phone to NSA General Counsel Robert Deitz. The NSA’s inspector general stated that he found it “strange that NSA was told to execute a secret program that everyone knew presented legal questions, without being told the underpinning legal theory.”

Update 2: And more is available from C|net:

A newly disclosed top secret document lauds the National Security Agency’s “productive” and long-standing surveillance “partnership” with a pair of telecommunications providers — that permitted tapping into their fiber links — but without naming names.

This is where things get interesting for clue sleuths.

Even in the top-secret document published by the Guardian today, the firms are described only as “Company A” and “Company B.” But the NSA’s inspector general did disclose that, at the time the program was being formed in the wake of the September 11 attacks, the agency entered into the partnerships because Company A had access to 39 percent of international phone calls, and Company B had access to 28 percent.

Those figures closely correspond with Federal Communications Commission data (PDF). The most recent figures publicly available in late 2001, when the carrier “partnerships” were being expanded, reveal that AT&T carried 38.2 percent of international minutes billed to U.S. carriers. MCI, now part of Verizon, carried 29.1 percent.

Verizon spokesman Ed McFadden would not confirm or deny his employer’s identity as company B, and told CNET today that the company “always requires appropriate legal process” when responding to requests from any government agency. AT&T did not respond to questions.

“Collection partnerships” with these two firms have allowed the spy agency to vacuum up e-mail and phone call content by tapping into their “fiber-optic cables, gateway switches, and data networks,” says the 2009 report. That’s consistent with previous reports that AT&T permitted the NSA to tap into its telecommunications facilities.

* * *

The Guardian’s report today also cited a December 2012 document prepared by the NSA’s Special Source Operations (SSO) directorate discussing classified programs codenamed EvilOlive and ShellTrumpet, which had “processed its one-trillionth metadata record” at the time. The newspaper, which did not make the SSO document public, summarized it as:

With this new system, the NSA is able to direct more than half of the internet traffic it intercepts from its collection points into its own repositories. One end of the communications collected are inside the United States. The NSA called it the “One-End Foreign (1EF) solution”. It intended the program, codenamed EvilOlive, for “broadening the scope” of what it is able to collect….This new system, SSO stated in December, enables vastly increased collection by the NSA of Internet traffic. “The 1EF solution is allowing more than 75% of the traffic to pass through the filter,” the SSO December document reads. “This milestone not only opened the aperture of the access but allowed the possibility for more traffic to be identified, selected and forwarded to NSA repositories.”

One interpretation of EvilOlive is that the NSA is acquiring the majority of Americans’ confidential Internet and phone communications — or at least the majority flowing through the networks of its partner telecommunications companies — and archiving them for years. Any subsequent restrictions on access by intelligence analysts would be policy-based, not technology-based, and could be modified in the future to be more permissive.

The Obama administration has declined to discuss the NSA’s vast collection apparatus in any detail. A statement last week from James Clapper, the director of national intelligence, said an analyst cannot “can (sic) eavesdrop on domestic communications without proper legal authorization” — but, pointedly, did not say what “proper legal authorization” meant.

3uzzqp

FBI admits using drones to spy on Americans

From Wired: Threat Level:

“Our footprint is very small. We have very few,” [FBI Director Robert] Mueller said in response to an inquiry on unmanned aircraft by Sen. Chuck Grassley (R-Iowa).

Grassley asked: “Does the FBI own or currently use drones and for what purposes?”

“Yes, for surveillance.”

Grassley continued: “Does the FBI use drones for surveillance on U.S. soil?”

“Yes, in a very, very minimal way, and seldom.”

Moments later, Sen. Dianne Feinstein (D-California) said drones were a huge privacy threat to Americans. The director was unprepared to answer Feinstein’s questions on what “privacy strictures” are in place to protect Americans’ privacy in connection to FBI drone use.

And there is this description of the concerns of Senators from The Guardian:

A Senate intelligence committee member, Mark Udall, Democrat of Colorado, later questioned whehter such use of drones was constitutional. “Unmanned aerial systems have the potential to more efficiently and effectively perform law enforcement duties, but the American people expect the FBI and other government agencies to first and foremost protect their constitutional rights,” Udall said in a prepared statement.

“I am concerned the FBI is deploying drone technology while only being in the ‘initial stages’ of developing guidelines to protect Americans’ privacy rights. I look forward to learning more about this program and will do everything in my power to hold the FBI accountable and ensure its actions respect the US constitution.”

Another senator, Chuck Grassley, Republican of Iowa, also expressed concern. Asked whether the FBI drones were known about before the Mueller hearing, Grassley told CNN “absolutely not.” Grassley added the FBI was asked last year whether agents were using drones but the bureau never got back with an answer.

Privacy quote of the day 2

From a civil liberties perspective, the [NSA telephone vacuuming] program could hardly be any more alarming. It’s a program in which millions of innocent people have been put under the constant surveillance of government agents. It’s analogous to the FBI stationing an agent outside every home in the country to track who goes in and who comes out. It is beyond Orwellian, and it provides further evidence of the extent to which basic democratic rights are being surrendered in secret to the demands of unaccountable intelligence agencies.

Jameel Jaffer of the American Civil Liberties Union.

The Fourth Amendment has apparently been gutted

The seal of the U.S. National Security Agency....

(Photo credit: Wikipedia)

Glenn Greenwald, reporting for The Guardian, says that The Guardian is in possession of a secret court order issued in April that requires Verizon to report daily to the FBI detailed information on every phone call placed by Americans, domestic or international. The order is signed by Roger Vinson, Judge of the United States Foreign Intelligence Court.

The secret Foreign Intelligence Surveillance Court (Fisa) granted the order to the FBI on April 25, giving the government unlimited authority to obtain the data for a specified three-month period ending on July 19.

Under the terms of the blanket order, the numbers of both parties on a call are handed over, as is location data, call duration, unique identifiers, and the time and duration of all calls. The contents of the conversation itself are not covered.

* * *

The Guardian approached the National Security Agency, the White House and the Department of Justice for comment in advance of publication on Wednesday. All declined. The agencies were also offered the opportunity to raise specific security concerns regarding the publication of the court order.

The court order expressly bars Verizon from disclosing to the public either the existence of the FBI’s request for its customers’ records, or the court order itself.

* * *

It is not known whether Verizon is the only cell-phone provider to be targeted with such an order, although previous reporting has suggested the NSA has collected cell records from all major mobile networks. It is also unclear from the leaked document whether the three-month order was a one-off, or the latest in a series of similar orders.

The court order appears to explain the numerous cryptic public warnings by two US senators, Ron Wyden and Mark Udall, about the scope of the Obama administration’s surveillance activities.

* * *

These recent events reflect how profoundly the NSA’s mission has transformed from an agency exclusively devoted to foreign intelligence gathering, into one that focuses increasingly on domestic communications. A 30-year employee of the NSA, William Binney, resigned from the agency shortly after 9/11 in protest at the agency’s focus on domestic activities.

In the mid-1970s, Congress, for the first time, investigated the surveillance activities of the US government. Back then, the mandate of the NSA was that it would never direct its surveillance apparatus domestically.

At the conclusion of that investigation, Frank Church, the Democratic senator from Idaho who chaired the investigative committee, warned: “The NSA’s capability at any time could be turned around on the American people, and no American would have any privacy left, such is the capability to monitor everything: telephone conversations, telegrams, it doesn’t matter.

Consider for a moment what tracking of your phone call numbers dialed and numbers received can reveal, especially when combined with other data, about the lives of US citizens, including you, who happen to be, like me, Verizon customers. Read the order yourself. Are you agreeable to this type of surveillance of American citizens? And don’t for a moment think that similar orders are not in place with all the other US carriers.

I think this order provides sufficient evidence to begin impeachment proceedings against both President Obama and Judge Roger Vinson for violating the explicit rights provided under the Constitution. The oath of the President requires him or her to “protect and defend the Constitution of the United States.” In all seriousness, this seems to be the end of privacy and the end of Fourth Amendment protection for United States citizens. Screw the IRS issues, screw Benghazi, screw the Eric Holder controversies. This is the only approach that will stop the continuing elimination of privacy rights in this country. This abuse trumps everything. Trust but verify, as Ronald Reagan once said.

More from The Guardian. More from Wired, The Verge, CNet and Tech Crunch. The EFF has long warned that this is probably happening. They note that:

Former FBI counterterrorism agent Tim Clemente told CNN last month that, in national security investigations, the bureau can access records of a previously-made telephone call. “All of that stuff is being captured as we speak whether we know it or like it or not,” he said. Clemente added in an appearance the next day that, thanks to the “intelligence community” — a likely reference to the NSA — “there’s a way to look at digital communications in the past.”

And The Guardian explains how telephone metadata (which Verizon is required to provide) can reveal much about your life.

The government has long argued that this information isn’t private or personal. It is, they say, the equivalent of looking at the envelope of a letter: what’s written on the outside is simple, functional information that’s essentially already public.

That forms the basis of collection: because it’s not personal information, but rather “transactional” or “business” data, there’s no need to show probable cause to collect it. Collection is also helped by the fact this information is already disclosed by callers to their carriers – because your phone number is shared with your provider, you’re not treating it as private.

But that is not a view shared by privacy advocates. Groups such as the Electronic Frontier Foundation say that by knowing who an individual speaks to, and when, and for how long, intelligence agencies can build up a detailed picture of that person, their social network, and more. Collecting information on where people are during the calls colours in that picture even further.

One recent case that highlights this tension is the recent subpoenas of the call records of Associated Press journalists, which led to clashes between the media and the White House over what was widely seen as intrusion into a free press.

The information collected on the AP was telephony metadata: precisely what the court order against Verizon shows is being collected by the NSA on millions of Americans every day.

And Twitter is starting to light up:

 

You might also want to listen to this little ditty from They Might Be Giants:

My first call tomorrow morning will be to Verizon seeking an explanation about what they are doing with my data.

Secret laws continue to propagate in the US

Seal of the United States Department of Justice

Seal of the United States Department of Justice (Photo credit: Wikipedia)

The Department of Justice is seeking to keep secret a memo written by the Office of Legal Counsel which claims that the FBI can request records from telecommunications companies without issuing national security letters or warrants in advance. In other words, the DOJ claims a right to side-step both the warrant and NSL process based on a memo which is not public. In effect, the DOJ is relying on secret law, which is among the techniques of repressive, totalitarian regimes. It is simply wrong to continue to create such secret laws in a democratic country supposedly governed by the rule of law.

They do this notwithstanding a redacted a DOJ Office of Inspector General report questioning the legality of such information requests. Check out page two of the text of the report. You can read chapter and verse of this action which is being challenged by the EFF.

In a brief filed on [in March] (PDF), EFF continued its fight against secret surveillance law, asking the D.C. Circuit Court of Appeals to order the release of a secret opinion of the Office of Legal Counsel (OLC).

The opinion was generated as part of a lengthy Inspector General investigation (PDF) into the FBI’s use of unconstitutional National Security Letters, so-called “exigent letters,” and other illegal methods of obtaining customer records. The OLC’s opinion provides the federal government with the authority to obtain private call-detail records in “certain circumstances,” without any legal process or a qualifying emergency, and despite federal laws to the contrary. So far, the DOJ has refused to disclose what those circumstances are, and has even refused to disclose the statute on which the government bases its purported authority.

EFF has long argued that, when the government interprets a law in a way that shapes or affects the rights of the public, the public is entitled to know what that interpretation is. Hiding the government’s interpretations of public laws – especially when those interpretations are unlikely to be tested in court – constitutes the perpetuation of “secret law.” But secret law has no place in a democracy; on Friday, we asked the D.C. Circuit to affirm that simple principle and to order the government to disclose the OLC’s legal interpretation.

The formal opinions of the OLC are among the the most obvious, and pernicious, examples of government secret law. OLC has the authority, delegated by the Attorney General, to issue legal opinions and interpretations that are binding on other Executive branch agencies. Over the past decade, OLC opinions have provided the legal authority for some of the federal government’s most controversial (and, ultimately, illegal) practices: torture, warrantless wiretapping, and – more recently – the targeted killing of American citizens have all found legal “justifications” in OLC opinions. The Executive branch has also shrouded these opinions in secrecy.

Say “cheese”

The FBI is watching you.

As part of an update to the national fingerprint database, the FBI has begun rolling out facial recognition to identify criminals.

It will form part of the bureau’s long-awaited, $1 billion Next Generation Identification (NGI) programme, which will also add biometrics such as iris scans, DNA analysis and voice identification to the toolkit. A handful of states began uploading their photos as part of a pilot programme this February and it is expected to be rolled out nationwide by 2014. In addition to scanning mugshots for a match, FBI officials have indicated that they are keen to track a suspect by picking out their face in a crowd.

Another application would be the reverse: images of a person of interest from security cameras or public photos uploaded onto the internet could be compared against a national repository of images held by the FBI. An algorithm would perform an automatic search and return a list of potential hits for an officer to sort through and use as possible leads for an investigation.

Ideally, such technological advancements will allow law enforcement to identify criminals more accurately and lead to quicker arrests. But privacy advocates are worried by the broad scope of the FBI’s plans. They are concerned that people with no criminal record who are caught on camera alongside a person of interest could end up in a federal database, or be subject to unwarranted surveillance.

This development bears careful watching by those who care about civil liberties.

Law enforcement GPS tracking: how widespread?

After the recent Supreme Court decision ruling unconstitutional at least certain types of warrantless tracking of automobiles with GPS devices attached to the cars, the FBI has apparently turned off many of its trackers.

After the ruling, the FBI had a problem collecting the devices that it had turned off, Mr. Weissmann said. In some cases, he said, the FBI sought court orders to obtain permission to turn the devices on briefly – only in order to locate and retrieve them.

What I find interesting is that it appears that around 3,000 of the devices were deactivated.  That represents 3,000 people who up to a couple of weeks ago were secretly tracked by their government without the minimum requirement of a simple search warrant. Not a huge number, but it is the number of devices in operation at one point in time. The number of people tracked by the FBI over the past several years is probably at least 180,000, assuming 30 days per person tracked over five years. And this estimate only covers the FBI. Surely other Federal agencies were using the same techniques.

This represents a significant victory over the continuing erosion of privacy rights in the United States.

Steve Jobs’ FBI file

The FBI investigated the background of Steve Jobs back in 1991 in connection with a proposal by President George H.W. Bush to appoint Jobs to a Federal position. Yesterday, the FBI released the file in response to a Freedom of Information Act request.

The bottom line? The FBI concluded that Steve Jobs experimented with drugs and did not always tell the truth.

One anonymous source described Mr. Jobs as a “deceptive individual who is not completely forthright or honest,” adding that he will “twist the truth and distort reality in order to achieve his goals.” Several discussed the fact that Mr. Jobs fathered a child out of wedlock.

Shocking.

Your tax dollars at work

The FBI is circulating a set of flyers purported to identify suspicious behaviors that indicates possible terrorist activities that therefore should be reported to the FBI by all good citizens.  The flyers are headlined “Communities Against Terrorism” and there are at least 25 versions.

The version for Internet Cafes is particularly disturbing in that is essentially says that anyone protecting their privacy online is quite possibly a terrorist.  Among the “suspicious” activities listed on the flyer are:

  • Always pay cash
  • Evidence of a residential based internet provider (signs on to Comcast, AOL, etc.)
  • Use of anonymizers, portals, or other means to shield IP address
  • Encryption or use of software to hide encrypted data in digital photos, etc.
  • Suspicious communications using VOIP or communicating through a PC game
  • Gather information about vulnerable infrastructure or obtain photos, maps or diagrams of transportation, sporting venues, or populated locations

So people who want to protect their privacy online, or who wish to pay for things with money, or who look up a sports stadium (maybe to find their seat for an event, say) ought to be reported to the FBI?

FBI opens probe of News Corporation

More trouble for the Murdochs:

In the U.S., the FBI opened a probe into whether employees of News Corp. might have hacked or attempted to hack into the private calls, voice-mail messages or call records of 9/11 victims or their families, according to people familiar with the investigation. The probe was opened Thursday morning, following a request a day earlier by Rep. Peter King (R., N.Y.), who heads the House Homeland Security Committee and whose Long Island district was home to many victims of the 2001 terrorist attacks.

It will also look into whether any News Corp. employees bribed or sought to bribe police officials to gain access to such records.

FBI defends ISPs, telecoms for warrantless wiretaps

This is probably not surprising (although it is depressing) but the FBI is going to court to protect telecoms and ISPs from having to disclose their participation in warrantless wiretaps in response to a lawsuit by the ACLU. Why? Because if the companies are named their customers might sue or drop them.

This rare piece of honesty came in a recently filed court declaration (PDF) from a top FBI official arguing why the agency shouldn’t have to supply the names in response to a Freedom of Information request filed by the American Civil Liberties Union.

“Specifically, these businesses would be substantially harmed if their customers knew that they were furnishing information to the FBI,” David M. Hardy wrote. “The stigma of working with the FBI would cause customers to cancel the companies’ services and file civil actions to prevent further disclosure of subscriber information. Therefore, the FBI has properly withheld this information.”

So, disclosure of warrantless wiretaps (or email taps) is a “proper” reason for non-disclosure of companies that go along to get along? Really? How could it possibly hurt a business if it discloses to customers that everything the business knows is open to the government?

More from the ACLU here.

Related articles

Wiretaps built-in

The Federal government is pushing for new laws that, in essence, would require that all communications technology would have to include functionality making wiretapping easily available to the government. The Feds have been working on this plan, called “Going Dark”. Some of the details were outlined in documents secured by the EFF pursuant to a FOIA request.

The FBI states the Going Dark program is a “five-prong strategic approach to address the lawful ‘Intercept capability gap’” (GD3, p. 10). These five prongs are:

  1. modernization /amendment of existing laws,
  2. enhancing authorities to protect industry proprietary and [law enforcement] sensitive lawful intercept information, equipment and techniques,
  3. enhancing [law enforcement] agencies’ coordination leveraging technical expertise of FBI with other [law enforcement] entities,
  4. enhancing lawful intercept cooperation between the communications industry and [law enforcement agencies] with a “One Voice” approach, and
  5. seeking new federal funding to bolster lawful intercept capabilities.

And yesterday, a hearing on the matter was held in Congress.

Ms. Caproni [FBI General Counsel] emphasized that the F.B.I. was not seeking new surveillance powers, but rather a way to keep its existing powers from eroding. She also said the F.B.I. was not seeking a decryption key that would allow the government to directly intercept and unscramble secure communications.

Rather, she said, the bureau hoped to require communication service providers to deploy, within their own systems, a wiretapping capability. The provider would have to be able to isolate, intercept and deliver to the government a particular user’s communications in response to a wiretap order.

This is a bad idea on several levels. First, there is no constitutional basis for requiring any business or citizen to create a path for wiretaps. Could the Congress require that microphones be placed into homes and business so that law enforcement could simply switch them on when desired? Despite claims to the contrary, this is an effort to secure additional, new wiretap powers.

Second, such back door access technologies are subject to a risk of hacker takeover.

Finally, American technology with such required back doors would be rejected by most the rest of the world, thereby crippling our business competitiveness.