http://techbeat.com/2013/11/microsoft-suspects-nsa-spying-strengthens-encryption/


The NSA. Spying. Surveillance. Edward Snowden.

We’ve been hearing about these left and right in the past year, and it seems that the issue is not going anywhere any time soon. In fact, major tech players have made their voices heard and are taking some steps to counter “alleged” NSA spying. About a month ago, we heard about Yahoo adding email encryption exactly due to that. Now, as we look at the end of 2013, Microsoft is also ramping up its security efforts.

http://techbeat.com/wp-content/uploads/2013/11/nsa-auge.jpg

According to a Washinton Post article, Microsoft has already had its own suspicions about the NSA’s activities. Who wouldn’t, after all the talk? As they say, where there’s smoke, there’s fire. Anyhow, when the news came out that the NSA was gaining access to the networks of Google and Yahoo, Microsoft execs decided to do something about it.

There is no solid evidence that the NSA is actually doing something “against” Microsoft, but it is only understandable that the big boys will want to take steps. Just in case.

So what are they doing?

Microsoft is going to join the ranks of its contemporaries who are already beefing up their defenses against intrusions of this kind. The spying issue is much bigger than the tech companies, sure, and the government has to be one to put measures in place in terms of legislation, but at the end of the day, the onus to take care of their products lies on Microsoft et al.

Since we know that “data collection” by the NSA can be done at points outside of the private networks, this beefing up of security – encryption included – is something that should make privacy-focused individuals rest easier. Then again, we know that TAO (NSA’s elite hacking team) exists. Who’s to say they don’t just get around the encryption somehow?

What do you think of this whole brouhaha?

It's all PR.... these guys been in bed with the NSA since forever... heck, if they play cowboy, they get handed a NSL and they have to comply.

The problem with spying isn't going to be solved in the private sector, simply because it's a problem of laws. It's Congress that has to close the spigot.

Top-Secret Document Reveals NSA Spied On Porn Habits As Part Of Plan To Discredit 'Radicalizers'
The National Security Agency has been gathering records of online sexual activity and evidence of visits to pornographic websites as part of a proposed plan to harm the reputations of those whom the agency believes are radicalizing others through incendiary speeches, according to a top-secret NSA document. The document, provided by NSA whistleblower Edward Snowden, identifies six targets, all Muslims, as “exemplars” of how “personal vulnerabilities” can be learned through electronic surveillance, and then exploited to undermine a target's credibility, reputation and authority.

"Without discussing specific individuals, it should not be surprising that the US Government uses all of the lawful tools at our disposal to impede the efforts of valid terrorist targets who seek to harm the nation and radicalize others to violence,"

"It's important to remember that the NSA’s surveillance activities are anything but narrowly focused -- the agency is collecting massive amounts of sensitive information about virtually everyone,"

"Wherever you are, the NSA's databases store information about your political views, your medical history, your intimate relationships and your activities online," he added. "The NSA says this personal information won't be abused, but these documents show that the NSA probably defines 'abuse' very narrowly."

the lessons of history ought to compel serious concern that a "president will ask the NSA to use the fruits of surveillance to discredit a political opponent, journalist or human rights activist."


"The NSA has used its power that way in the past and it would be naïve to think it couldn't use its power that way in the future,"

http://www.huffingtonpost.com/2013/11/26/nsa-porn-muslims_n_4346128.html

NSA/CIA is unstoppable. There will never be enough votes in Congress to restrict them, AND then to enforce the restrictions.

And NSA/CIA will never allow themselves to be restricted because they will always cover them with the blanket of "we are defeding the country" (and warming our chairs, padding our pensions)

the incompetent Keystone Kops ignored the clues and hints from Russia about the Boston Marathon bombers.

Techies Vs. NSA: Encryption Arms Race Escalates

Encrypted email, secure instant messaging and other privacy services are booming in the wake of the National Security Agency's recently revealed surveillance programs. But the flood of new computer security services is of variable quality, and much of it, experts say, can bog down computers and isn't likely to keep out spies.

In the end, the new geek wars --between tech industry programmers on the one side and government spooks, fraudsters and hacktivists on the other-- may leave people's PCs and businesses' computer systems encrypted to the teeth but no better protected from hordes of savvy code crackers.

"Every time a situation like this erupts you're going to have a frenzy of snake oil sellers who are going to throw their products into the street," says Carson Sweet, CEO of San Francisco-based data storage security firm CloudPassage. "It's quite a quandary for the consumer."

Encryption isn't meant to keep hackers out, but when it's designed and implemented correctly, it alters the way messages look. Intruders who don't have a decryption key see only gobbledygook.

For those who want to take matters into their own hands, encryption software has been proliferating across the Internet since the Snowden revelations broke. Heml.is -- Swedish for "secret" -- is marketed as a secure messaging app for your phone. MailPile aims to combine a Gmail-like user friendly interface with a sometimes clunky technique known as public key encryption. Younited hopes to keep spies out of your cloud storage, and Pirate Browser aims to keep spies from seeing your search history. A host of other security-centered programs with names like Silent Circle, RedPhone, Threema, TextSecure, and Wickr all promise privacy.

Many of the people behind these programs are well known for pushing the boundaries of privacy and security online. Heml.is is being developed by Peter Sunde, co-founder of notorious file sharing website The Pirate Bay. Finland's F-Secure, home of Internet security expert Mikko Hypponen, is behind Younited. Dreadlocked hacker hero Moxie Marlinspike is the brains behind RedPhone, while Phil Zimmerman, one of the biggest names in privacy, is trying to sell the world on Silent Circle. Even flamboyant file sharing kingpin Kim Dotcom is getting in on the secure messaging game with an encrypted email service.

http://talkingpointsmemo.com/idealab/techies-vs-nsa-encryption-arms-race-escalates

If you try to hide, you're obviously a suspect and surveillance target for CIA/NSA/FBI.

I remember the right-wingers here, when debating/supporting dubya/dickheadREPUG spying, FISA, etc, saying "if you have nothing to hide, then there's no problem", just fuck off with your "reasonable expectation of privacy". Now that the surveillance is happening under the Dem pres, they're against it.

Snowden is a True American Hero

It's all PR.... these guys been in bed with the NSA since forever... heck, if they play cowboy, they get handed a NSL and they have to comply.

The problem with spying isn't going to be solved in the private sector, simply because it's a problem of laws. It's Congress that has to close the spigot.

Hit the nail on the head. +1

It's all PR.... these guys been in bed with the NSA since forever... heck, if they play cowboy, they get handed a NSL and they have to comply.

The problem with spying isn't going to be solved in the private sector, simply because it's a problem of laws. It's Congress that has to close the spigot.:tu

"It's Congress that has to close the spigot."

won't happen.

If it does, then it will for pro-forma, for show, with no real enforcement, nudge-and-wink stuff, letting CIA/NSA/FBI continue to rape everybody's privacy "for national security".

HTF do you spy on the spooks?

We already saw Snowden expose Clapper lying to Congress about surveillance, and got off with an "error", rather than prison (lucky he wasn't baseball player lying about juicing).

It's all PR.... these guys been in bed with the NSA since forever... heck, if they play cowboy, they get handed a NSL and they have to comply.

The problem with spying isn't going to be solved in the private sector, simply because it's a problem of laws. It's Congress that has to close the spigot.

I disagree, private sector can solve this - by lobbying. If Microsoft and like start losing serious money because of this, the problem will be fixed, otherwise it's an uphill battle. Only by putting surveillance "security" vs. something like for example functioning economy can we hope to regain some privacy.

"It's Congress that has to close the spigot."

won't happen.

If it does, then it will for pro-forma, for show, with no real enforcement, nudge-and-wink stuff, letting CIA/NSA/FBI continue to rape everybody's privacy "for national security".

HTF do you spy on the spooks?

We already saw Snowden expose Clapper lying to Congress about surveillance, and got off with an "error", rather than prison (lucky he wasn't baseball player lying about juicing).



another nail.....

I disagree, private sector can solve this - by lobbying. If Microsoft and like start losing serious money because of this, the problem will be fixed, otherwise it's an uphill battle. Only by putting surveillance "security" vs. something like for example functioning economy can we hope to regain some privacy.

The "fix" is changing the law and removing the powers granted to a secret court with no oversight that couldn't care less about "functioning economy" or who is losing money.

Microsoft knows this, that's why they spin the PR machine, so when manager X, completely unaware of the Patriot Act and it's abuses, asks what are they doing about "that thing I heard about Snowden/spying", they can drop this press release on him.

The only thing more abused that the "National Security" rug in the US is the "Protect the Children" rug... neither unfortunately is going away in the foreseeable future.

Even when there are laws, regs, frustrated FISA judges (all Repugs appointed by Chief Justice), NSA/CIA are unstoppable law breakers, renegades

Why FISA Court Judges Rule The Way They Do

But old rulings that have been released this winter demonstrate those judges were often frustrated with the NSA's lapses.

Still, Bates, like other members of the secret court almost always gave the agency a green light to do more despite the violations.

we're learning about how this court operates, that it really does see its job as getting to yes.

it doesn't look like the judges are trying to find the best interpretation of the law. It looks like they are trying to find an interpretation of the law that can plausibly sustain what the government has asked to do. And that's not the role of the court.

Judge John Bates called out the agency for continually collecting too much information, and misrepresenting its activities to the court for years. His recently released opinion said the NSA vacuumed up more information on American citizens than it was supposed to, then wrongfully shared the content of email messages with other people in the government who were not empowered to receive it.

Mukasey recently told an audience at the Federalist Society that reform proposals on the table - things like putting an adversary inside the court to argue against the government and limiting phone record collection - could undermine national security.

it's almost impossible to police such a secret organization.

Mess up in a mass surveillance world, you get a massive mistake. And those mistakes have led to collection of lots of information about Americans that's supposed to be off limits.

not convinced that surveillance this complicated can ever be controlled.

there is no way to make bulk collection and mass surveillance work in a democracy - period. That it is just incompatible with a democracy.

http://www.npr.org/2013/12/03/248320220/why-fisa-court-judges-rule-the-way-they-do

While Microsoft's recent move to encrypt user data (http://www.zdnet.com/microsoft-to-encrypt-network-traffic-amid-nsa-datacenter-link-tapping-claims-7000023687/) made the most headlines, the reasoning underlying its new data protection strategies classify the US government in the same category as a cyber-criminal group.

Brad Smith, Microsoft's EVP of Legal and Corporate Affairs, labeled the American government as an "advanced persistent threat" (http://blogs.technet.com/b/microsoft_blog/archive/2013/12/04/protecting-customer-data-from-government-snooping.aspx) in a December 4 post on The Official Microsoft Blog.http://www.zdnet.com/microsoft-us-government-is-an-advanced-persistent-threat-7000024019/

Saving the Net from the surveillance state: Glenn Greenwald speaks uphttp://news.cnet.com/8301-13578_3-57613838-38/saving-the-net-from-the-surveillance-state-glenn-greenwald-speaks-up-q-a/?tag=nl.e703&s_cid=e703&ttag=e703&ftag=CAD090e536

The "fix" is changing the law and removing the powers granted to a secret court with no oversight that couldn't care less about "functioning economy" or who is losing money.

Microsoft knows this, that's why they spin the PR machine, so when manager X, completely unaware of the Patriot Act and it's abuses, asks what are they doing about "that thing I heard about Snowden/spying", they can drop this press release on him.

The only thing more abused that the "National Security" rug in the US is the "Protect the Children" rug... neither unfortunately is going away in the foreseeable future.

The house and senate intelligence committees have oversight. They see everything that goes through there. POTUS does too. If you have no faith in Obama, Feinstein and Rogers I certainly understand but it is what it is.

The house and senate intelligence committees have oversight. They see everything that goes through there. POTUS does too. If you have no faith in Obama, Feinstein and Rogers I certainly understand but it is what it is.

no, congress and the Exec DON'T see everything.

As I posted above, even FISA judges, who are probably closer to NSA than lege or exec, know NSA breaks even the very few rules.

And Clapper was exposed by Greenwald as outright feloniously lying to Congress, Congress being an object of contempt and ridicule by the NSA/CIA's "A Few Good Men" manning the ramparts and defending America by raping it.

no, congress and the Exec DON'T see everything.

As I posted above, even FISA judges, who are probably closer to NSA than lege or exec, know NSA breaks even the very few rules.

And Clapper was exposed by Greenwald as outright feloniously lying to Congress, which is probably an object contempt and ridicule by the NSA/CIA's "A Few Good Men" manning the ramparts and defending America by raping it.

Have to love people that behave with certainty regarding topics where there is none.

Now I want you to think real hard: who leaked the judge's 'frustration' to NPR? How can that apply to the discussion at hand?

Even when there are laws, regs, frustrated FISA judges (all Repugs appointed by Chief Justice), NSA/CIA are unstoppable law breakers, renegades

Why FISA Court Judges Rule The Way They Do

But old rulings that have been released this winter demonstrate those judges were often frustrated with the NSA's lapses.

Still, Bates, like other members of the secret court almost always gave the agency a green light to do more despite the violations.

we're learning about how this court operates, that it really does see its job as getting to yes.

it doesn't look like the judges are trying to find the best interpretation of the law. It looks like they are trying to find an interpretation of the law that can plausibly sustain what the government has asked to do. And that's not the role of the court.

Judge John Bates called out the agency for continually collecting too much information, and misrepresenting its activities to the court for years. His recently released opinion said the NSA vacuumed up more information on American citizens than it was supposed to, then wrongfully shared the content of email messages with other people in the government who were not empowered to receive it.

Mukasey recently told an audience at the Federalist Society that reform proposals on the table - things like putting an adversary inside the court to argue against the government and limiting phone record collection - could undermine national security.

it's almost impossible to police such a secret organization.

Mess up in a mass surveillance world, you get a massive mistake. And those mistakes have led to collection of lots of information about Americans that's supposed to be off limits.

not convinced that surveillance this complicated can ever be controlled.

there is no way to make bulk collection and mass surveillance work in a democracy - period. That it is just incompatible with a democracy.

http://www.npr.org/2013/12/03/248320220/why-fisa-court-judges-rule-the-way-they-do






http://media.tumblr.com/tumblr_m7n9xtvJ9K1qi4uu3.gif

http://io9.com/us-spy-agency-launched-this-earth-conquering-octopus-lo-1479029015

The house and senate intelligence committees have oversight. They see everything that goes through there. POTUS does too. If you have no faith in Obama, Feinstein and Rogers I certainly understand but it is what it is.

I don't really buy that. I don't think they have the capacity of understanding neither the technology nor the scope. Heck, even the (secret) court appointed to oversee and authorize these procedures has protested about being misled (if not outright lied to) about these programs and their use. To me, the word oversight means somebody looking over your shoulder and verifying what you're doing. The whole "agency reports/requests authorization" methodology is simply flawed.

Spies’ Dragnet Reaches a Playing Field of Elves and Trolls

Not limiting their activities to the earthly realm, American and British spies have infiltrated the fantasy worlds of World of Warcraft and Second Life, conducting surveillance and scooping up data in the online games played by millions of people across the globe, according to newly disclosed classified documents.

Fearing that terrorist or criminal networks could use the games to communicate secretly, move money or plot attacks, the documents show, intelligence operatives have entered terrain populated by digital avatars that include elves, gnomes and supermodels.

The spies have created make-believe characters to snoop and to try to recruit informers, while also collecting data and contents of communications between players, according to the documents, disclosed by the former National Security Agency contractor Edward J. Snowden. Because militants often rely on features common to video games — fake identities, voice and text chats, a way to conduct financial transactions — American and British intelligence agencies worried that they might be operating there, according to the papers.

Online games might seem innocuous, a top-secret 2008 N.S.A. document warned, but they had the potential to be a “target-rich communication network” allowing intelligence suspects “a way to hide in plain sight.” Virtual games “are an opportunity!” another 2008 N.S.A. document declared.

But for all their enthusiasm — so many C.I.A., F.B.I. and Pentagon spies were hunting around in Second Life, the document noted, that a “deconfliction” group was needed to avoid collisions — the intelligence agencies may have inflated the threat.

:lol No threat too silly to escapt inflation and to keep sucking down the taxpayers' $100Bs

http://mobile.nytimes.com/2013/12/10/world/spies-dragnet-reaches-a-playing-field-of-elves-and-trolls.html?from=homepage

But when the Russians tell the CIA/NSA the Boston Marathon bombers were a threat, duh, CIA/NSA ignored it. :lol

The NSA Would Really Appreciate a Visit From President Obama



We don't know what the National Security Agency's office atmosphere was like back before Edward Snowden was a household name, but it seems safe to say it was better then than it is now. The Washington Post reports thatmorale at the organization's Fort Meade headquarters (http://www.washingtonpost.com/world/national-security/nsa-morale-down-after-edward-snowden-revelations-former-us-officials-say/2013/12/07/24975c14-5c65-11e3-95c2-13623eb2b0e1_story_1.html) "has taken a hit" as the world has been inundated with seemingly endless spying revelations."The news — the Snowden disclosures — it questions the integrity of the NSA workforce," said one anonymous former official. "It's become very public and very personal. Literally, neighbors are asking people, 'Why are you spying on Grandma?' And we aren’t. People are feeling bad, beaten down." And you know what would cheer them up? A little face time with President Obama.


Though top Obama aides, including Chief of Staff Denis McDonough, have stopped by recently "to express the president’s support and appreciation for all that NSA does to keep us safe," NSA workers are said to be "dismayed" that he has not gone up to Maryland himself. Former NSA Inspector General Joel Brenner fondly recalled (http://www.washingtonpost.com/world/national-security/nsa-morale-down-after-edward-snowden-revelations-former-us-officials-say/2013/12/07/24975c14-5c65-11e3-95c2-13623eb2b0e1_story_1.html) the 2006 visit George W. Bush made to the agency in the wake of the New York Times' reports on its warrantless post–September 11 surveillance. "There’s been nothing like that from this White House," Brenner complained.


According to the Post, Obama might be more likely to show his affection for the NSA in person once "internal and external reviews" of its methods have been completed. In the meantime, employees will just have to make do with whatever messages of approval they can find (http://nymag.com/daily/intelligencer/2013/09/nsa-workers-spied-on-loved-ones-out-of-curiosity.html) on his cell phone.

http://nymag.com/daily/intelligencer/2013/12/nsa-would-really-appreciate-a-visit-from-obama.html

NSA uses Google cookies to pinpoint targets for hacking

The National Security Agency is secretly piggybacking on the tools that enable Internet advertisers to track consumers, using "cookies" and location data to pinpoint targets for government hacking and to bolster surveillance.

The agency's internal presentation slides (http://apps.washingtonpost.com/g/page/national/nsa-signal-surveillance-success-stories/647/), provided by former NSA contractor Edward Snowden, show that when companies follow consumers on the Internet to better serve them advertising, the technique opens the door for similar tracking by the government. The slides also suggest that the agency is using these tracking techniques to help identify targets for offensive hacking operations.

For years, privacy advocates have raised concerns about the use of commercial tracking tools to identify and target consumers with advertisements. The online ad industry has said its practices are innocuous and benefit consumers by serving them ads that are more likely to be of interest to them.

The revelation that the NSA is piggybacking on these commercial technologies could shift that debate, handing privacy advocates a new argument for reining in commercial surveillance.

http://www.washingtonpost.com/blogs/the-switch/wp/2013/12/10/nsa-uses-google-cookies-to-pinpoint-targets-for-hacking/?hpid=z1

http://media.tumblr.com/tumblr_m7n9xtvJ9K1qi4uu3.gif

How to tell if a website isn't spying on you......the government shuts it down

http://www.itsecurityguru.org/node/4780


CertiVox confirms it withdrew PrivateSky after GCHQ issued warrant
CertiVox has admitted that it chose to take its secure email encryption service PrivateSky offline after a warrant was issued by a division of GCHQ.

CEO Brian Spector told IT Security Guru that despite having "tens of thousands of heavily active users", it was served with an ultimatum from the National Technical Assistance Centre (NTAC), a division of GCHQ and a liaison with the Home Office, who were seeking the keys to decrypt the customer data.

He said that this was at the end of 2012, ahead of the same action by Lavabit and Silent Circle and it was before Snowden happened. “So they had persons of interest they wanted to track and came with this signed by the Home Secretary. You have to comply or you go to jail,” he said.

"It is the same in the USA with FISMA, and it is essentially a national security warrant. So in late 2012 we had the choice to make - either architect the world's most secure encryption system on the planet, so secure that CertiVox cannot see your data, or spend £500,000 building a backdoor into the system to mainline data to GCHQ so they can mainline it over to the NSA.”

Spector said that complying with the warrant would have been a "catastrophic invasion of privacy" of its users, so instead it chose to withdraw the product from public use and run it internally. "Whether or not you agree or disagree with the UK and US government, this is how it is and you have to comply with it," he said.

However some of the technology has been implemented into its M-Pin authentication options, where rather than hold the data, it is split in two so CertiVox has one half and the user has the other, and law enforcement would need both to access the data.

“So as far as I know we are the first to do that so if the NSA or GCHQ says 'hand it over' we can comply as they cannot do anything with it until they have the other half, where the customer has control of it,” he said.

^ good find thanks!


wpwv5PUZaGI

N.S.A. Dragnet Included Allies, Aid Groups and Business Elite

Secret documents reveal more than 1,000 targets of American and British surveillance in recent years, including the office of an Israeli prime minister, heads of international aid organizations, foreign energy companies and a European Union official involved in antitrust battles with American technology businesses.

While the names of some political and diplomatic leaders have previously emerged as targets, the newly disclosed intelligence documents provide a much fuller portrait of the spies’ sweeping interests in more than 60 countries.

Britain’s General Communications Headquarters, working closely with the National Security Agency, monitored the communications of senior European Union officials, foreign leaders including African heads of state and sometimes their family members, directors of United Nations and other relief programs, and officials overseeing oil and finance ministries, according to the documents. In addition to Israel, some targets involved close allies like France and Germany, where tensions have already erupted (http://www.nytimes.com/2013/10/24/world/europe/united-states-disputes-reports-of-wiretapping-in-Europe.html?_r=0) over recent revelations about spying by the N.S.A.

Details of the surveillance are described in documents from the N.S.A. and Britain’s eavesdropping agency, known as GCHQ, dating from 2008 to 2011. The target lists appear in a set of GCHQ reports that sometimes identify which agency requested the surveillance, but more often do not. The documents were leaked by the former N.S.A. contractor Edward J. Snowden and shared by The New York Times,The Guardian (http://www.theguardian.com/uk-news/2013/dec/20/gchq-targeted-aid-agencies-german-government-eu-commissioner) and Der Spiegel (http://www.spiegel.de/international/world/snowden-documents-show-gchq-targeted-european-and-german-politicians-a-940135.html).

Also appearing on the surveillance lists is Joaquín Almunia, vice president of the European Commission, which, among other powers, has oversight of antitrust issues in Europe. The commission has broad authority over local and foreign companies, and has punished a number of American companies, including Microsoft and Intel, with heavy fines for hampering fair competition. The reports say that spies intercepted Mr. Almunia’s communications in 2008 and 2009.

In a statement, the N.S.A. denied that it had ever carried out espionage to benefit American businesses.

“We do not use our foreign intelligence capabilities to steal the trade secrets of foreign companies on behalf of — or give intelligence we collect to — U.S. companies to enhance their international competitiveness or increase their bottom line,” said Vanee Vines, an N.S.A. spokeswoman.

But she added that some economic spying was justified by national security needs. “The intelligence community’s efforts to understand economic systems and policies, and monitor anomalous economic activities, are critical to providing policy makers with the information they need to make informed decisions that are in the best interest of our national security,” Ms. Vines said. :lol yeah sure.

http://www.nytimes.com/2013/12/21/world/nsa-dragnet-included-allies-aid-groups-and-business-elite.html?hp

Lavabit loses its appeal on technical groundsL http://www.wired.com/2014/04/lavabit-ruling/

AT&T's CEO believes (http://arstechnica.com/tech-policy/2016/01/att-ceo-wont-join-tim-cook-in-fight-against-encryption-backdoors/) that the company should not offer robust security to its customers:


But tech company leaders aren't all joining the fight against the deliberate weakening of encryption. AT&T CEO Randall Stephenson said this week that AT&T, Apple, and other tech companies shouldn't have any say in the debate.


"I don't think it is Silicon Valley's decision to make about whether encryption is the right thing to do," Stephenson said in an interview (http://www.wsj.com/articles/at-t-ceo-says-congress-should-determine-encryption-policy-not-companies-1453294093) with The Wall Street Journal. "I understand [Apple CEO] Tim Cook's decision, but I don't think it's his decision to make."

His position is extreme in its disregard for the privacy of his customers. If he doesn't believe that companies should have any say in what levels of privacy they offer their customers, you can be sure that AT&T won't offer any robust privacy or security to you.


Does he have any clue what an anti-market position this is? He says that it is not the business of Silicon Valley companies to offer product features that might annoy the government. The "debate" about what features commercial products should have should happen elsewhere -- presumably within the government. I thought we all agreed that state-controlled economies just don't work.


My guess is that he doesn't realize what an extreme position he's taking by saying that product design isn't the decision of companies to make. My guess is that AT&T is so deep in bed (https://www.propublica.org/article/nsa-spying-relies-on-atts-extreme-willingness-to-help) with the NSA and FBI that he's just saying things he believes justifies his position.


Here's the original (http://www.wsj.com/articles/at-t-ceo-says-congress-should-determine-encryption-policy-not-companies-1453294093), behind a paywall.

https://www.schneier.com/blog/archives/2016/02/att_does_not_ca.html

Court Says 10 Weeks Of Warrantless Surveillance Is Perfectly Constitutional

How long can the government surveill your property without a warrant? According to (http://www.ca6.uscourts.gov/opinions.pdf/16a0031p-06.pdf) the Sixth Circuit Court of Appeals, pretty much indefinitely.


Rocky Houston appeals his conviction of being a felon in possession of a firearm in violation of 18 U.S.C. § 922(g)(1). At trial, the primary evidence against Houston was video footage of his possessing firearms at his and his brother’s rural Tennessee farm. The footage was recorded over the course of ten weeks by a camera installed on top of a public utility pole approximately 200 yards away. Although this ten-week surveillance was conducted without a warrant, the use of the pole camera did not violate Houston’s reasonable expectations of privacy because the camera recorded the same view of the farm as that enjoyed by passersby on public roads.

It's hard to fault the logic of this conclusion, even if it does seem the ATF's surveillance bumped up against the edges of the Fourth Amendment. What happened in aggregate was not a violation because no individual aspect of it crosses over the "expectation of privacy" line. An ATF agent with a camera filming from across the road wouldn't have violated Houston's privacy, even if the agent could only do so for a single 8-hour shift.

Ten weeks of surveillance is nothing more than 10 weeks of back-to-back, round-the-clock 8-hour shifts. US courts have often stated that rights violations cannot spring into existence on their own (https://www.techdirt.com/articles/20131016/06414624894/doj-argues-no-one-has-standing-to-challenge-metadata-collection-even-as-it-says-govt-can-legally-collect-everyones.shtml).

The aggregate is a sum of smaller parts and if none of the "smaller parts" are a violation of Fourth Amendment rights, then 1,680 hours of surveillance by camera is no different than 8 hours of surveillance by an agent.

https://www.techdirt.com/articles/20160209/16522733566/court-says-10-weeks-warrantless-surveillance-is-perfectly-constitutional.shtml

IoT will be a dream come true for the gov't.

IoT will be a dream come true for the gov't.already is

DOJ references Lavabit in its court battle with Apple:


DOJ has submitted its response (https://www.justsecurity.org/wp-content/uploads/2016/03/FBI-Apple-CDCal-Govt-Reply.pdf) to Apple in the Syed Farook case. Amid invocations of a bunch of ominous precedents — including Dick Cheney’s successful effort to hide his energy task force, Alberto Gonzales effort to use kiddie porn as an excuse to get a subset of all of Google’s web searches, and Aaron Burr’s use of encryption — it included this footnote explaining why it hadn’t just asked for Apple’s source code.


https://www.emptywheel.net/wp-content/uploads/2016/03/Screen-Shot-2016-03-10-at-6.17.50-PM.png (https://www.emptywheel.net/wp-content/uploads/2016/03/Screen-Shot-2016-03-10-at-6.17.50-PM.png)


That’s a reference to the Lavabit appeal (http://www.clearinghouse.net/detailDocument.php?id=69557), in which Ladar Levison was forced to turn over its encryption keys.


As it happens, Lavabit submitted an amicus (http://images.apple.com/pr/pdf/Lavabit.pdf) in this case (largely arguing against involuntary servitude). But as part of it, they revealed that the reason the government demanded Lavabit’s key is because “in deference to [Edward Snowden’s] background and skillset, the Government presumed the password would be impossible to break using brute force.”


https://www.emptywheel.net/wp-content/uploads/2016/03/Screen-Shot-2016-03-10-at-6.34.21-PM.png (https://www.emptywheel.net/wp-content/uploads/2016/03/Screen-Shot-2016-03-10-at-6.34.21-PM.png)

But that says that for phones that — unlike Farook’s which had a simple 4-digit passcode — the government maintains the right to demand more, up to and including their source code.


The government spends a lot of time in this brief arguing it is just about this one phone. But that footnote, along with the detail explaining why they felt the need to obtain Lavabit’s key, suggests it’s about far more than even Apple has claimed thus far.

https://www.emptywheel.net/2016/03/10/doj-to-apple-start-cooperating-or-youll-get-the-lavabit-treatment/

NSA sneak and peek, officially no longer just for investigating terrorism:


A while back, we noted a report (https://www.washingtonpost.com/news/the-watch/wp/2014/10/29/surprise-controversial-patriot-act-power-now-overwhelmingly-used-in-drug-investigations/) showing that the “sneak-and-peek” provision of the Patriot Act that was alleged to be used only in national security and terrorism investigations has overwhelmingly been used in narcotics cases. Now the New York Times reports (http://www.nytimes.com/2016/02/26/us/politics/obama-administration-set-to-expand-sharing-of-data-that-nsa-intercepts.html?_r=0) that National Security Agency data will be shared with other intelligence agencies like the FBI without first applying any screens for privacy. The ACLU of Massachusetts blog Privacy SOS explains why this is important (https://privacysos.org/blog/fbi-will-now-be-able-to-search-through-nsa-intercept-data/):



What does this rule change mean for you? In short, domestic law enforcement officials now have access to huge troves of American communications, obtained without warrants, that they can use to put people in cages. FBI agents don’t need to have any “national security” related reason to plug your name, email address, phone number, or other “selector” into the NSA’s gargantuan data trove. They can simply poke around in your private information in the course of totally routine (http://www.theguardian.com/us-news/2016/mar/08/fbi-changes-privacy-rules-accessing-nsa-prism-data?CMP=edit_2221) investigations. And if they find something that suggests, say, involvement in illegal drug activity, they can send that information to local or state police. That means information the NSA collects for purposes of so-called “national security” will be used by police to lock up ordinary Americans for routine crimes. And we don’t have to guess who’s going to suffer this unconstitutional indignity the most brutally. It’ll be Black, Brown, poor, immigrant, Muslim, and dissident Americans: the same people who are always targeted by law enforcement for extra “special” attention.


This basically formalizes what was already happening under the radar. We’ve known for a couple of years now that the Drug Enforcement Administration (http://www.reuters.com/article/us-dea-sod-idUSBRE97409R20130805) and the IRS (http://www.reuters.com/article/us-dea-irs-idUSBRE9761AZ20130807) were getting information from the NSA. Because that information was obtained without a warrant, the agencies were instructed to engage in “parallel construction” (https://www.washingtonpost.com/news/the-switch/wp/2013/08/05/the-nsa-is-giving-your-phone-records-to-the-dea-and-the-dea-is-covering-it-up/) when explaining to courts and defense attorneys how the information had been obtained. If you think parallel construction just sounds like a bureaucratically sterilized way of saying big stinking lie, well, you wouldn’t be alone. (https://www.techdirt.com/articles/20140203/11143926078/parallel-construction-revealed-how-dea-is-trained-to-launder-classified-surveillance-info.shtml) And it certainly isn’t the only time that that national security apparatus has let law enforcement agencies benefit from policies that are supposed to be reserved for terrorism investigations in order to get around the Fourth Amendment, then instructed those law enforcement agencies to misdirect, fudge and outright lie (http://www.baltimoresun.com/news/maryland/baltimore-city/bs-md-ci-stingray-challenge-20150904-story.html)about how they obtained incriminating information — see the Stingray debacle. This isn’t just a few rogue agents. The lying has been a matter of policy. (https://www.techdirt.com/articles/20140620/10271327635/new-emails-show-that-feds-instructed-police-to-lie-about-using-stingray-mobile-phone-snooping.shtml)We’re now learning that the feds had these agreements with police agencies (https://www.aclu.org/map/stingray-tracking-devices-whos-got-them) all over (http://www.nyclu.org/news/nypd-has-used-stingrays-more-1000-times-2008)the country (http://www.baltimoresun.com/news/maryland/baltimore-city/bs-md-ci-stingray-case-20150408-story.html), affecting thousands (http://www.zdnet.com/article/us-marshals-secretly-tracked-6000-cellphones-with-stingray-tech-report/) of cases (https://news.vice.com/article/police-in-washington-dc-are-using-the-secretive-stingray-cell-phone-tracking-tool).

EFF wins suit against DEA, curtains peeled back on Hemisphere:


AT&T has always considered itself to be an integral part (https://www.techdirt.com/articles/20150815/15220831968/new-leaks-confirm-ats-position-as-nsas-favorite-telco-partner.shtml) of federal government surveillance programs, often going beyond what's required to comply with demands for info. In the case of Hemisphere, it appeared to be operating as an unofficial arm of the government by "embedding" personnel in the DEA to expedite its surveillance efforts.

More documents (https://www.techdirt.com/articles/20140708/10063027815/more-hemisphere-documents-show-drug-warriors-getting-unchecked-access-to-call-records-lying-about-where-they-got-them.shtml) obtained by other FOIA requesters have peeled back a little bit of the secrecy. Even with redactions in place, the astonishing breadth of Hemisphere's surveillance capabilities was evident. Communications contained in the documents showed both the DEA and AT&T encouraged hiding the program from criminal defendants and the courts overseeing their cases. Parallel construction was the de facto policy, preventing anyone outside of US law enforcement from attacking the origin of evidence used against them.


The EFF's lawsuit victory has revealed even more of the program's inner workings (https://assets.documentcloud.org/documents/5663743/Hemisphere-Unredacted.pdf) [PDF], including the forms used by the DEA to initiate phone record searches. The searches hardly appear to be targeted, as agents were able to capture an unlimited amount of call data using a single subpoena.https://www.techdirt.com/articles/20181223/09123641283/eff-wins-foia-lawsuit-against-dea-forces-release-more-info-about-hemisphere-program.shtml

To sum up: the DEA doesn't want to talk about a program it claims it doesn't control. The DEA redacted tons of info about a program that's completely legal and it shouldn't have to justify to the American public, while simultaneously hiding the use of the program from criminal defendants and judges. It is not the NSA, the DEA claims, while engaging in many of the NSA's tactics, like parallel construction and Glomar-esque non-denial denials of the program's existence.

!!!


Over in the private sector, AT&T decided it was more DEA than telco to engage in the program, turning a decent profit (https://www.techdirt.com/articles/20161025/09290735882/new-docs-detail-how-att-planned-to-profit-massively-helping-law-enforcement-spy-public.shtml) on unchecked surveillance and benefiting from the legal immunity extended to private sector participants in government surveillance programs.