Thanks to another disclosure from Edward Snowden, we now know that the NSA hijacks tracking cookies, including those used by Google, to locate targets and hack their computers. More details at The Washington Post.
According to the documents, the NSA and its British counterpart, GCHQ, are using the small tracking files or “cookies” that advertising networks place on computers to identify people browsing the Internet. The intelligence agencies have found particular use for a part of a Google-specific tracking mechanism known as the “PREF” cookie. These cookies typically don’t contain personal information, such as someone’s name or e-mail address, but they do contain numeric codes that enable Web sites to uniquely identify a person’s browser.
In addition to tracking Web visits, this cookie allows NSA to single out an individual’s communications among the sea of Internet data in order to send out software that can hack that person’s computer. The slides say the cookies are used to “enable remote exploitation,” although the specific attacks used by the NSA against targets are not addressed in these documents.
Ryan Lizza, writing in the New Yorker, has a great essay that explores why the President seems to do nothing to rein in the NSA. It is long, but is certainly worth a full read.
Senator Edward J. Markey (D-MA) has announced that he will propose new legislation to restrict and control government access to cellphone data, including location tracking. In the last year alone, cellphone companies provided information to law enforcement and other governmental entities more than 1.1 million times.
Most of the requests were for information from a specific customer account. But law enforcement agencies also received information from 9,000 so-called tower dumps, in which the agencies were granted access to data from all the phones that connected to a cell site during a specified period of time.
The cellphone carriers’ reports, which came in response to a congressional inquiry, underscored the law enforcement agencies’ strong reliance on wireless phone records. The carriers are shown to turn over records thousands of times a day in response to police emergencies, subpoenas and other requests.
Eight large technology companies have launched a large pro-privacy public campaign to push back against the massive surveillance state created by the NSA. Part of the campaign features this website, which sets forth various principles on which surveillance reform should be based.
AOL, Apple, Facebook, Google, LinkedIn, Microsoft, Twitter, and Yahoo all signed an open letter published on their website. An excerpt:
We understand that governments have a duty to protect their citizens. But this summer’s revelations highlighted the urgent need to reform government surveillance practices worldwide. The balance in many countries has tipped too far in favor of the state and away from the rights of the individual — rights that are enshrined in our Constitution. This undermines the freedoms we all cherish. It’s time for a change.
The tech industry is no small part of our economy. The industry is under a real threat caused by the NSA. They do have ample money to wage such campaigns and they are also a major target for campaign contributions. This effort is important to the survival of both individual privacy and the Internet.
This is a creative approach to dealing with the NSA, but I don’t have much hope that it can succeed.
More info here and here.
Listen to this debate organized by Intelligence Squared and focused on the massive surveillance state that the US has created. The embed below requires flash, but you can go directly to the page using the link above.
Like many others, we are especially alarmed by recent allegations in the press of a broader and concerted effort by some governments to circumvent online security measures – and in our view, legal processes and protections – in order to surreptitiously collect private customer data. In particular, recent press stories have reported allegations of governmental interception and collection – without search warrants or legal subpoenas – of customer data as it travels between customers and servers or between company data centers in our industry.
If true, these efforts threaten to seriously undermine confidence in the security and privacy of online communications. Indeed, government snooping potentially now constitutes an “advanced persistent threat,” alongside sophisticated malware and cyber attacks.
– Brad Smith, General Counsel & Executive Vice President, Legal & Corporate Affairs, Microsoft, announcing a major effort on the part of Microsoft to protect their customers from US spying operations.
Another disclosure from the Edward Snowden files has been released. It turns out that the NSA is tracking cellphones around the world to the tune of 5 billion records a day. The tracking program includes tracking the locations of US citizens outside the country. The program does not “target” phones inside the US, but it collects enormous data on in-the-US phones by claiming that the collection is “incidental.”
From The Washington Post:
The National Security Agency is gathering nearly 5 billion records a day on the whereabouts of cellphones around the world, according to top-secret documents and interviews with U.S. intelligence officials, enabling the agency to track the movements of individuals — and map their relationships — in ways that would have been previously unimaginable.
The records feed a vast database that stores information about the locations of at least hundreds of millions of devices, according to the officials and the documents, which were provided by former NSA contractor Edward Snowden. New projects created to analyze that data have provided the intelligence community with what amounts to a mass surveillance tool.
The NSA does not target Americans’ location data by design, but the agency acquires a substantial amount of information on the whereabouts of domestic cellphones “incidentally,” a legal term that connotes a foreseeable but not deliberate result.
So there you have it. The NSA is tracking the locations of millions of Americans, despite earlier non-denial denials. Tracking location is a pure insult to the right to travel anonymously.
The NSA has sent employees home on November 22 with talking points to be used with friends and family over the holidays to defend the NSA’s surveillance state operations.
The “talking points” sheet suggests that employees make five key points: (1) NSA’s mission is of great value to the Nation”; (2) NSA performs its mission the right way—lawful, compliant and in a way that protects civil liberties and privacy; (3) NSA performs its mission exceptionally well. We strive to be the best that we can be, because that’s what America requires as part of its defense in a dangerous world; (4) The people who work for NSA are loyal Americans with expert skills who make sacrifices to help protect the freedoms we all cherish; (5) NSA is committed to increased transparency, public dialog and faithful implementation of any changes required by our overseers. (No emphasis added. Underlines appear in the document.)
Needless to say, at least three of these talking points are false in material respects. Details of the lies are here.
The National Security Agency has been gathering records of online sexual activity and evidence of visits to pornographic websites as part of a proposed plan to harm the reputations of those whom the agency believes are radicalizing others through incendiary speeches.
– Glenn Greenwald, Ryan Gallagher, and Ryan Grim reporting in The Guardian.
The activities described in the report seem virtually certain to violate rights under both the Fourth Amendment and the First Amendment. And the surveillance results are shared outside the NSA with the DOJ, the Department of Commerce and the Drug Enforcement Administration. This program is reminiscent of the tactics of J. Edgar Hoover, at the FBI, who smeared such people as Martin Luther King. Outrageous and a clear indication of the dangers presented by the creation of the surveillance state now in force in the US.
Brian Knappenberger explains.
The ACLU has challenged the constitutionality of the massive phone meta-data surveillance by the NSA. The trial began on Friday, and it appears that the Federal judge overseeing the trial at the Manhattan Federal Courthouse, seems open to skepticism of the NSA’s case.
From a New York Times editorial:
Until Edward Snowden, a disaffected N.S.A. contractor, came along and documented the stunning scope of the phone program — which vacuums up information about every call made in the United States every day for the purpose of identifying possible terror suspects — intelligence and law-enforcement officials were accustomed to operating in the friendlier confines of the Foreign Intelligence Surveillance Court.
That is not a court by any standard definition. A rotating slate of federal judges considers secret warrant applications from the government and issues secret opinions, without hearing any opposing argument. In 2012, the court approved 1,855 of 1,856 requests that came before it.
The environment on Friday was very different, as lawyers for the A.C.L.U. vigorously contested the legality of the phone-data sweep, and Federal District Judge William Pauley III expressed a proper skepticism of the government’s claim that the program raised no constitutional concerns. When a government lawyer argued that Congress twice reauthorized the Patriot Act section under which the phone program has been approved, Judge Pauley reminded him that several members of Congress have said publicly they were not made aware of what was in the program. Others have said they believe it is being abused.
The A.C.L.U., which filed its suit days after the revelation of the phone-data sweep, called the program a “vast dragnet” that violates both federal law and the Constitution. The fact that the government must show a higher level of suspicion before it can examine a specific call’s data is irrelevant, the group’s lawyers said. The collection of so much data on millions of innocent Americans is itself an unconstitutional search, they argued, and under the government’s theory, the power to collect even more is “absolutely without limit.
The New York Times reports that a February, 2012, NSA white paper lays out extremely aggressive plans by the NSA to increase their surveillance capabilities greatly beyond what exists even today.
Written as an agency mission statement with broad goals, the five-page document said that existing American laws were not adequate to meet the needs of the N.S.A. to conduct broad surveillance in what it cited as “the golden age of Sigint,” or signals intelligence. “The interpretation and guidelines for applying our authorities, and in some cases the authorities themselves, have not kept pace with the complexity of the technology and target environments, or the operational expectations levied on N.S.A.’s mission,” the document concluded.
Using sweeping language, the paper also outlined some of the agency’s other ambitions. They included defeating the cybersecurity practices of adversaries in order to acquire the data the agency needs from “anyone, anytime, anywhere.” The agency also said it would try to decrypt or bypass codes that keep communications secret by influencing “the global commercial encryption market through commercial relationships,” human spies and intelligence partners in other countries. It also talked of the need to “revolutionize” analysis of its vast collections of data to “radically increase operational impact.”
Given that the NSA collects vast quantities of information, on virtually everyone and certainly every American with a telephone, it hard to concieve that even greater information collections would not alarmingly increase the potential for abuse. The madness must be brought under control. Once again, this power-grab was revealed by hero and whistle-blower Edward Snowden.