The CIA seeks to break security of Apple devices

The Intercept is reporting that the CIA has conducted a multi-year campaign to break the security of Apple iPhones and iPads.

By targeting essential security keys used to encrypt data stored on Apple’s devices, the researchers have sought to thwart the company’s attempts to provide mobile security to hundreds of millions of Apple customers across the globe. Studying both “physical” and “non-invasive” techniques, U.S. government-sponsored research has been aimed at discovering ways to decrypt and ultimately penetrate Apple’s encrypted firmware. This could enable spies to plant malicious code on Apple devices and seek out potential vulnerabilities in other parts of the iPhone and iPad currently masked by encryption.

* * *

The security researchers also claimed they had created a modified version of Apple’s proprietary software development tool, Xcode, which could sneak surveillance backdoors into any apps or programs created using the tool. Xcode, which is distributed by Apple to hundreds of thousands of developers, is used to create apps that are sold through Apple’s App Store.

The modified version of Xcode, the researchers claimed, could enable spies to steal passwords and grab messages on infected devices. Researchers also claimed the modified Xcode could “force all iOS applications to send embedded data to a listening post.” It remains unclear how intelligence agencies would get developers to use the poisoned version of Xcode.

Researchers also claimed they had successfully modified the OS X updater, a program used to deliver updates to laptop and desktop computers, to install a “key logger.”

* * *

“Spies gonna spy,” says Steven Bellovin, a former chief technologist for the U.S. Federal Trade Commission and current professor at Columbia University. “I’m never surprised by what intelligence agencies do to get information. They’re going to go where the info is, and as it moves, they’ll adjust their tactics. Their attitude is basically amoral: whatever works is OK.”

Bellovin says he generally supports efforts by U.S. intelligence to “hack” devices — including Apple’s — used by terrorists and criminals, but expressed concern that such capabilities could be abused. “There are bad people out there, and it’s reasonable to seek information on them,” he says, cautioning that “inappropriate use — mass surveillance, targeting Americans without a warrant, probably spying on allies — is another matter entirely.”

Documents provided by Edward Snowden revealed the CIA attacks on Apple software and hardware. The documents also reveal that other tech companies were also attacked.  Tim Cook has repeatedly attacked the efforts of the CIA and the NSA and he has called for privacy protection for all Apple customers.

“If I were Tim Cook, I’d be furious,” says the ACLU’s Soghoian. “If Apple is mad at the intelligence community, and they should be, they should put their lawyers to work. Lawsuits speak louder than words.”

* * *

“I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will,” Cook said last September in announcing Apple’s new privacy policy. More recently, Cook said, “None of us should accept that the government or a company or anybody should have access to all of our private information. This is a basic human right. We all have a right to privacy. We shouldn’t give it up. We shouldn’t give in to scare-mongering.”

* * *

As corporations increasingly integrate default encryption methods and companies like Apple incorporate their own indigenous encryption technologies into easy-to-use text, voice and video communication platforms, the U.S. and British governments are panicking. “Encryption threatens to lead all of us to a very dark place,” declared FBI Director James Comey in an October 2014 lecture at the Brookings Institution. Citing the recent moves by Apple to strengthen default encryption on its operating systems, and commitments by Google to incorporate such tools, Comey said, “This means the companies themselves won’t be able to unlock phones, laptops, and tablets to reveal photos, documents, e-mail, and recordings stored within.”

Under current U.S. regulations, law enforcement agencies can get a court order to access communications channeled through major tech companies and wireless providers. But if those communications are encrypted through a process not accessible by any involved company, the data is essentially meaningless, garbled gibberish. “In a world in which data is encrypted, and the providers don’t have the keys, suddenly, there is no one to go to when they have a warrant,” says Soghoian. “That is, even if they get a court order, it doesn’t help them. That is what is freaking them out.”

You can read the full, detailed and shocking article here.

Wikipedia sues NSA over mass surveillance

Wikipedia is suing the NSA over the spy agency’s so-called “upstream” surveillance, which collects information around the world by tapping into Internet cables.

The notion that the N.S.A. is monitoring Wikipedia’s users is not, unfortunately, a stretch of the imagination. One of the documents revealedby the whistle-blower Edward J. Snowden specifically identified Wikipedia as a target for surveillance, alongside several other major websites like, Gmail and Facebook. The leaked slide from a classified PowerPoint presentation declared that monitoring these sites could allow N.S.A. analysts to learn “nearly everything a typical user does on the Internet.”

The harm to Wikimedia and the hundreds of millions of people who visit our websites is clear: Pervasive surveillance has a chilling effect. It stifles freedom of expression and the free exchange of knowledge that Wikimedia was designed to enable.

* * *

In the lawsuit we’re filing with the help of the American Civil Liberties Union, we’re joining as a fellow plaintiff a broad coalition of human rights, civil society, legal, media and information organizations. Their work, like ours, requires them to engage in sensitive Internet communications with people outside the United States.

That is why we’re asking the court to order an end to the N.S.A.’s dragnet surveillance of Internet traffic.

Privacy is an essential right. It makes freedom of expression possible, and sustains freedom of inquiry and association. It empowers us to read, write and communicate in confidence, without fear of persecution. Knowledge flourishes where privacy is protected.

This is an excellent, well-funded effort that might have a decent chance of limiting at least some of the “collect it all” operations of the NSA.

SIM card security breached by US and UK

The Intercept is reporting this morning that US and UK spies broke into the internal network of Gemalto, the largest SIM card manufacturer in the world and stole the encryption keys used by the manufacturer. SIM cards are designed to protect the privacy of cellphone conversations, among other things. The reporting is based on documents provided by Edward Snowden, and the breach was described in a document written in 2010.

So, as a beginning point, you can safely assume that your mobile phone privacy was breached over four years ago.

Here are more details:

Leading privacy advocates and security experts say that the theft of encryption keys from major wireless network providers is tantamount to a thief obtaining the master ring of a building superintendent who holds the keys to every apartment. “Once you have the keys, decrypting traffic is trivial,” says Christopher Soghoian, the principal technologist for the American Civil Liberties Union. “The news of this key theft will send a shock wave through the security community.”

* * *

The U.S. and British intelligence agencies pulled off the encryption key heist in great stealth, giving them the ability to intercept and decrypt communications without alerting the wireless network provider, the foreign government or the individual user that they have been targeted. “Gaining access to a database of keys is pretty much game over for cellular encryption,” says Matthew Green, a cryptography specialist at the Johns Hopkins Information Security Institute. The massive key theft is “bad news for phone security. Really bad news.”

SIM cards were not primarily designed to protect privacy, but instead were by cell phone companies to limit fraudulent use of their networks.

SIM cards were not invented to protect individual communications — they were designed to do something much simpler: ensure proper billing and prevent fraud, which was pervasive in the early days of cellphones. Soghoian compares the use of encryption keys on SIM cards to the way Social Security numbers are used today. “Social security numbers were designed in the 1930s to track your contributions to your government pension,” he says. “Today they are used as a quasi national identity number, which was never their intended purpose.”

Because the SIM card wasn’t created with call confidentiality in mind, the manufacturers and wireless carriers don’t make a great effort to secure their supply chain. As a result, the SIM card is an extremely vulnerable component of a mobile phone. “I doubt anyone is treating those things very carefully,” says Green. “Cell companies probably don’t treat them as essential security tokens. They probably just care that nobody is defrauding their networks.” The ACLU’s Soghoian adds, “These keys are so valuable that it makes sense for intel agencies to go after them.”

Much more from The Intercept here.

Representative tweets:

Christmas Eve NSA data dump

If you head the NSA and, due to a court order, you are required to publicly release (heavily redacted) documents indicating that the NSA violated the law repeatedly over more than a decade, when would you choose to announce the release?

Well, the NSA chose to make the release around 1:30 pm, Christmas eve.

Bloomberg reports:

The NSA, responding to a Freedom of Information Act lawsuit from the American Civil Liberties Union, released a series of required quarterly and annual reports to the President’s Intelligence Oversight Board that cover the period from the fourth quarter of 2001 to the second quarter of 2013.

The heavily-redacted reports include examples of data on Americans being e-mailed to unauthorized recipients, stored in unsecured computers and retained after it was supposed to be destroyed, according to the documents. They were posted on the NSA’s website at around 1:30 p.m. on Christmas Eve.

In a 2012 case, for example, an NSA analyst “searched her spouse’s personal telephone directory without his knowledge to obtain names and telephone numbers for targeting,” according to one report. The analyst “has been advised to cease her activities,” it said.

Other unauthorized cases were a matter of human error, not intentional misconduct.

Last year, an analyst “mistakenly requested” surveillance “of his own personal identifier instead of the selector associated with a foreign intelligence target,” according to another report.


An excellent proposal

Senator Mark Udall (D-CO) lost his reelection bid on Tuesday. This is particularly important as Udall was one of the most forceful members of the Senate Intelligence Committee to call for more disclosure from the CIA and NSA regarding their operations.

Trevor Timm, writing in The Guardian, has interestingly suggested that Udall could legally read into the Congressional Record the text of the CIA Torture Report, prepared by the Intelligence Committee, which is still tied up by the CIA (and Obama Administration) refusals to allow publication of the report without massive and frustrating redactions.

America’s rising civil liberties movement lost one of its strongest advocates in the US Congress on Tuesday night, as Colorado’s Mark Udall lost his Senate seat to Republican Cory Gardner. While the election was not a referendum on Udall’s support for civil liberties (Gardner expressed support for surveillance reform, and Udall spent most of his campaign almost solely concentrating on reproductive issues), the loss is undoubtedly a blow for privacy and transparency advocates, as Udall was one of the NSA and CIA’s most outspoken and consistent critics. Most importantly, he sat on the intelligence committee, the Senate’s sole oversight board of the clandestine agencies, where he was one of just a few dissenting members.

But Udall’s loss doesn’t have to be all bad. The lame-duck transparency advocate now has a rare opportunity to truly show his principles in the final two months of his Senate career and finally expose, in great detail, the secret government wrongdoing he’s been criticizing for years. On his way out the door, Udall can use congressional immunity provided to him by the Constitution’s Speech and Debate clause to read the Senate’s still-classified 6,000-page CIA torture report into the Congressional record – on the floor, on TV, for the world to see.

There’s ample precedent for this. In 1971, former Senator Mike Gravel famously read the top-secret classified Pentagon Papers for three hours before almost collapsing and then entering thousands of pages more into the record after he couldn’t speak for any longer from exhaustion.

* * *

But now, Udall has nothing to lose. He can’t get kicked off any committee he won’t be a part of in two months. And he can’t be prosecuted for revealing classified information as a member of Congress.

This would be a terrific service to Americans who need to know that torture was official US policy following 9/11 so as to insure that such crimes never happen again by the American government.


Second NSA whistleblower is “confirmed”

Michael Isikoff is reporting that Federal agents have identified a suspected “second” whistleblower providing details of the NSA surveillance programs to reporters.


The FBI has identified an employee of a federal contracting firm suspected of being the so-called “second leaker” who turned over sensitive documents about the U.S. government’s terrorist watch list to a journalist closely associated with ex-NSA contractor Edward Snowden, according to law enforcement and intelligence sources who have been briefed on the case.

The FBI recently executed a search of the suspect’s home, and federal prosecutors in Northern Virginia have opened up a criminal investigation into the matter, the sources said.

But the case has also generated concerns among some within the U.S. intelligence community that top Justice Department officials — stung by criticism that they have been overzealous in pursuing leak cases — may now be more reluctant to bring criminal charges involving unauthorized disclosures to the news media, the sources said. One source, who asked not to be identified because of the sensitivity of the matter, said there was concern “there is no longer an appetite at Justice for these cases.”

I believe that the Justice Department should tread very carefully in dealing with any whistleblowers. And it should be especially careful in challenging reporters covering any additional disclosures in an attempt to reveal to Americans the overall breadth of the surveillance of American citizens. The people have a right to know.

Surveillance self-defense

The EFF has just released a compendium of products than can help you defend your computer systems and communications from the surveillance state. It is called Surveillance Self-Defense. It offers advice for people in differing scenarios.  I am planning to implement the recommendations in the section entitled “Mac User?”.

Well worth a careful review.

Conflicts of interest at the NSA

Who could have possibly thought that NSA employees, at high levels in the agency, would be involved in obvious conflicts of interest?  Well, BuzzFeed News is reporting that Teresa Shea, a high level employee, is leaving the agency as a result of financial interests and conflicts between her and her husband and the NSA.


Shea was the director of signals intelligence, or SIGINT, which involves intercepting and decoding electronic communications via phones, email, chat, Skype, and radio. It’s widely considered the most important mission of the NSA, and includes some of the most controversial programs disclosed by former contractor Edward Snowden, including the mass domestic surveillance program.

It couldn’t be determined why Shea is leaving her position or what new job she might take. Neither the Sheas nor the NSA responded immediately to requests for comment.

In September, BuzzFeed News reported that a SIGINT “contracting and consulting” company was registered at Shea’s house, even while she was the SIGINT director at NSA. The resident agent of the company, Telic Networks, was listed as James Shea, her husband.

Mr. Shea is also the vice president of a major SIGINT contractor that appears to do business with the NSA. The company, DRS Signals Solutions, is a subsidiary of DRS Technologies, which itself is a subsidiary of Italian-owned Finmeccanica SPA.

Last week Buzzfeed News also reported Shea herself had incorporated an “office and electronics” business at her house, and that the company owned a six-seat airplane and a condominium in the resort town of Hilton Head, South Carolina.


Grand Rapids ArtPrize entry highlights NSA surveillance activities

ArtPrize is an independently organized international art competition in Grand Rapids, Michigan. It is the world’s largest art competition based on daily attendance, prize amounts, number of artists and venues. ArtPrize 2014 takes place September 24-October 12.  Voting number for “Just Listening” is 56367. ArtPrize officially opens Wednesday, September 24.

One of my friends, Ruth Tyszka, together with two other artists created a piece that challenges the NSA surveillance programs and whether the concept of Lady Justice has continuing validity in a time of world-wide mass surveillance.

Here is their explanation of the piece:

Darcel Deneau, Joan Schwartz and Ruth Tyszka worked together for months to create their 11 foot high sculpture “Just Listening” for exhibition at the 2014 ArtPrize art competition in Grand Rapids, Michigan. The three accomplished artists deploy art and technology in this visual commentary on American ideals within the context of the National Security Agency’s (NSA) electronic data surveillance and collection programs.The artists were honored and excited to be selected to show their sculpture “Just Listening” at the Fountain Street Church venue, which partnered with the American Civil Liberties Union to present the exhibit titled “Art To Change the World: Inspiring Social Justice.”The artists drew from a broad range of experience in different mediums to carefully choose a variety of mixed media materials to construct a contemporary Lady Justice lifting the world above her head. Serving as a symbol of American ideals and morality within the justice system, the Lady Justice figure is initially intended to be beautiful and aesthetically pleasing, drawing to mind traditional representations of Lady Justice. Upon closer inspection, the viewer is invited to participate and question the NSA’s systematic use of technology to collect information on citizens of the United States and from around the world. Lady Justice wears an elaborate gown made from surveillance-related news articles and punctuated by a cascade of red and white glass mosaic stripes down the front. She stands on a platform of data servers and balances above her head a 30-inch diameter globe constructed of repurposed circuit boards and stained glass and lit from within. A tablet computer embedded in the globe streams Tweets that reference the NSA. Earbuds connect Lady Justice to the world’s data. Throughout the sculpture, the artists use symbols like the slipping blindfold, the scales of justice, and the American eagle tattoo to metaphorically raise questions about the potential for compromise of Lady Justice’s representation of justice, fairness and equity.

Photo credits: PD Rearick; click images to enlarge
Deneau is a graduate of the College for Creative Studies (Detroit) and recently completed her term as the Board Chair at the Detroit Artists Market. Schwartz graduated from Wayne State University (Detroit), is a non-practicing pediatrics nurse and currently serves on the board of the Mosaic Artists of Michigan. Tyszka is a graduate of Oakland University and Wayne Law School (Detroit), currently splits her time between law and art, and is the Governance Chair on the Board of Trustees for the Society of American Mosaic Artists.
The Fountain Street Church is located at 24 Fountain St. NE, Grand Rapids, Michigan. If you make it to the show, be sure to take a look at this project. And be sure to vote in its favor. Voting number for “Just Listening” is 56367. ArtPrize officially opens Wednesday, September 24.

The NSA builds a search engine

The Intercept is reporting that the NSA has a built a Google-like search engine of its intelligence collections which is used by nearly two dozen US government agencies.

The National Security Agency is secretly providing data to nearly two dozen U.S. government agencies with a “Google-like” search engine built to share more than 850 billion records about phone calls, emails, cellphone locations, and internet chats, according to classified documents obtained by The Intercept.

The documents provide the first definitive evidence that the NSA has for years made massive amounts of surveillance data directly accessible to domestic law enforcement agencies. Planning documents for ICREACH, as the search engine is called, cite the Federal Bureau of Investigation and the Drug Enforcement Administration as key participants.

ICREACH contains information on the private communications of foreigners and, it appears, millions of records on American citizens who have not been accused of any wrongdoing. Details about its existence are contained in the archive of materials provided to The Intercept by NSA whistleblower Edward Snowden.


So they are collecting this information, including data generated by American citizens that in no way are targets of normal law enforcement actions. In effect, this data is used in ways not at all related to national security. This is the surveillance state writ large. And, as shown in the image above, this information is searchable by the so-called “5-eyes”: Australia, Canada, New Zealand, the United Kingdom and the United States.

ICREACH has been accessible to more than 1,000 analysts at 23 U.S. government agencies that perform intelligence work, according to a 2010 memo. A planning document from 2007 lists the DEA, FBI, Central Intelligence Agency, and the Defense Intelligence Agency as core members. Information shared through ICREACH can be used to track people’s movements, map out their networks of associates, help predict future actions, and potentially reveal religious affiliations or political beliefs.

The creation of ICREACH represented a landmark moment in the history of classified U.S. government surveillance, according to the NSA documents.

The most wanted man in the world

Writing in Wired, James Bamford, a well-known IT security expert, has written a summary of what he learned during a recent visit he made to Russia to speak in person with Edward Snowden. It is a wonderful profile and it should be read in full. Snowden explains his reasons for the massive data dump of NSA operations and secrets.

Here is a video from the report, in Edward Snowden’s own words:

Communications collected by the NSA are an attractive nuisance

Michael P. Lynch has written an important analysis of the NSA’s large and growing collection of the full content of American’s communications. He highlights the dangers of abuse of such a collection and the essay is worth a careful read.

It’s been a while since we all became aware of what the National Security Administration has been up to. But as revelations of government breaches recede and the concerns of daily life resume, the public occasionally needs a reminder. A recent story in The Washington Post was exactly that. It laid out in detail what many had long suspected: that the N.S.A., in targeting foreign nationals, is collecting and storing extremely large amounts of information on many American citizens. This information is not restricted to metadata; it is content — photos, web chats, emails and the like. While United States law prevents targeting American citizens without a warrant (even if it is just a warrant from the secret FISA court) nothing currently prevents the N.S.A. from engaging in this “incidental collection” and no law prevents the agency — and other United States intelligence and law enforcement agencies — from accessing such content without a warrant into perpetuity.

We’ll get to know the consequences of our current policies on global warming. But the abuse of knowledge isn’t going to be so obvious.
Discussion of the Washington Post story has tended to concentrate on its eye-catching point that (at least) 90 percent of the data being collected is “incidental” in this way. But what, if anything, is wrong with the incidental collection of personal information? Should we be more or less alarmed by it?

My own view is that the storage of incidentally collected data is very wrong indeed. But the reasons that make it wrong also help to explain, I think, why as a nation we sometimes seem to refuse to resist it, and perhaps sympathize more than we should with Representative Mike Rogers’ comment from last year that your privacy can’t be violated if you don’t know about it.

The first reason many N.S.A. activities, including this one, are wrong is instrumental or consequential: they are potentially dangerous for the simple reason that they invite abuse that, should it occur, will be particularly difficult to uncover. To see this, reflect on the fact that the N.S.A. database is often referred to as a “pool of information.” This is an apt metaphor. In the law, swimming pools are called attractive nuisances. They attract children, and as a result, if you own a pool, even if you are a watchful, responsible parent yourself, you still have to put up a fence. Similarly, even if we can trust that the architects of the N.S.A.’s various programs had no intention of abusing the information they are collecting about American citizens, the pool of information could easily prove irresistible.

And the bigger the pool the more irresistible it is likely to become. This is not just common sense, it explains why the N.S.A.’s repeated assertions that they aren’t actually looking at the content of emails, or targeting Americans, should have been greeted with skepticism. The pool of data is a pool of knowledge. Knowledge is power; and power corrupts. As a consequence it is difficult to avoid drawing the inference that absolute knowledge might corrupt absolutely.

This “incidental” collection of data, under EO 12333 and other NSA programs, is creating and more and more alluring collection that is used not only by the NSA but by the FBI and the CIA. And all of the collection is accomplished without a warrant. The Constitution does not authorize warrantless collection of Americans’ communications without a warrant. And there is a good reason for requiring warrants.

Birds of a feather?

King Abdullah ibn Abdul Aziz in 2002
King Abdullah ibn Abdul Aziz in 2002 (Photo credit: Wikipedia)

Guess who has a new BFF.

Of course, it is the NSA. And the new friend is the brutally repressive Saudi Arabian state police apparatus, according to a report at The Intercept:

The National Security Agency last year significantly expanded its cooperative relationship with the Saudi Ministry of Interior, one of the world’s most repressive and abusive government agencies. An April 2013 top secret memo provided by NSA whistleblower Edward Snowden details the agency’s plans “to provide direct analytic and technical support” to the Saudis on “internal security” matters.

The Saudi Ministry of Interior—referred to in the document as MOI— has been condemned for years as one of the most brutal human rights violators in the world. In 2013, the U.S. State Department reported that “Ministry of Interior officials sometimes subjected prisoners and detainees to torture and other physical abuse,” specifically mentioning a 2011 episode in which MOI agents allegedly “poured an antiseptic cleaning liquid down [the] throat” of one human rights activist. The report also notes the MOI’s use of invasive surveillance targeted at political and religious dissidents.

But as the State Department publicly catalogued those very abuses, the NSA worked to provide increased surveillance assistance to the ministry that perpetrated them. The move is part of the Obama Administration’s increasingly close ties with the Saudi regime; beyond the new cooperation with the MOI, the memo describes “a period of rejuvenation” for the NSA’s relationship with the Saudi Ministry of Defense.

* * *

Asked if the U.S. takes human rights records into account before collaborating with foreign security agencies, a spokesman for the office of the director of national intelligence told The Intercept: “Yes. We cannot comment on specific intelligence matters but, as a general principle, human rights considerations inform our decisions on intelligence sharing with foreign governments.”

Absolutely terrific news. Saudi Arabia is the country that created, and fundedAl-Quaeda, tortures its own citizens and severely represses women’s freedom. We now know that the NSA is willing to look the other way to help a country that is at least partially responsible for 9/11. Your tax dollars at work.

PCLOB to investigate use of Executive Order 12333

I previously described the nature and operation of Executive Order 12333, which allows warrantless collection of communications by Americans, provided only that the collection occurs overseas. Now, the Privacy and Civil Liberties Oversight Board has announced to it will examine the surveillance activities conducted un EO 12333.

The Washington Post reports:

An independent privacy watchdog agency announced Wednesday that it will turn its focus to the largest and most complex of U.S. electronic surveillance regimes: signals intelligence collection under Executive Order 12333.

That highly technical name masks a constellation of complex surveillance activities carried out for foreign intelligence purposes by the National Security Agency under executive authority. But unlike two other major NSA collection programs that have been in the news lately, EO 12333 surveillance is conducted without court oversight and with comparatively little Congressional review.

The Privacy and Civil Liberties Oversight Board, an independent executive branch agency, over the last year has taken in-depth looks at the other two NSA programs. It concluded the bulk collection of Americans’ phone call metadata under Section 215 of the Patriot Act was illegal and raised constitutional concerns. By contrast, it found the gathering of call and email content under Section 702 of the Foreign Intelligence Surveillance Act to be lawful, though certain elements pushed “close to the line” of being unconstitutional.

Now the board is planning to delve into EO 12333 collection, among other topics. It is not clear, however, how deep or broad its examination will be.

“It’s obviously a complex thing to look at 12333,” but “it’s something we’ll likely be delving into,” said a member of the Privacy and Civil Liberties Oversight Board who requested anonymity in order to speak freely. The board has highlighted 12333 issues in the past. For example, each agency is supposed to have guidelines to carry out the executive order, but some guidelines are three decades old. The board has encouraged the guidelines be updated, the source said.