The National Security Agency and its closest allies planned to hijack data links to Google and Samsung app stores to infect smartphones with spyware, a top-secret document reveals.
The surveillance project was launched by a joint electronic eavesdropping unit called the Network Tradecraft Advancement Team, which includes spies from each of the countries in the “Five Eyes” alliance — the United States, Canada, the United Kingdom, New Zealand and Australia.
The top-secret document, obtained from NSA whistleblower Edward Snowden, was published Wednesday by CBC News in collaboration with The Intercept. The document outlines a series of tactics that the NSA and its counterparts in the Five Eyes were working on during workshops held in Australia and Canada between November 2011 and February 2012.
The main purpose of the workshops was to find new ways to exploit smartphone technology for surveillance. The agencies used the Internet spying system XKEYSCORE to identify smartphone traffic flowing across Internet cables and then to track down smartphone connections to app marketplace servers operated by Samsung and Google. (Google declined to comment for this story. Samsung said it would not be commenting “at this time.”)
As part of a pilot project codenamed IRRITANT HORN, the agencies were developing a method to hack and hijack phone users’ connections to app stores so that they would be able to send malicious “implants” to targeted devices. The implants could then be used to collect data from the phones without their users noticing.
Previous disclosures from the Snowden files have shown agencies in the Five Eyes alliance designed spyware for iPhones and Android smartphones, enabling them to infect targeted phones and grab emails, texts, web history, call records, videos, photos and other files stored on them. But methods used by the agencies to get the spyware onto phones in the first place have remained unclear.
The newly published document shows how the agencies wanted to “exploit” app store servers — using them to launch so-called “man-in-the-middle” attacks to infect phones with the implants. A man-in-the-middle attack is a technique in which hackers place themselves between computers as they are communicating with each other; it is a tactic sometimes used by criminal hackers to defraud people. In this instance, the method would have allowed the surveillance agencies to modify the content of data packets passing between targeted smartphones and the app servers while an app was being downloaded or updated, inserting spyware that would be covertly sent to the phones.
Tag: Canada
Border Patrol Agents Tase Woman For Refusing To Cooperate With Their Bogus Search
These CBP agents — like too many other law enforcement officers — had no idea how to react when their authority was challenged. They only saw one route to take: escalation.
Cooke knew the CBP agents needed something in the way of reasonable suspicion to continue to detain her. But they had nothing. The only thing offered in the way of explanation as they ordered her to return to her detained vehicle was that she appeared “nervous” during her prior interaction with the female CBP agent. This threadbare assertion of “reasonable suspicion” is law enforcement’s blank check — one it writes itself and cashes with impunity.
The CBP supervisor then stated he’d be bringing in a drug dog to search her vehicle — another violation of Cooke’s rights. The Supreme Court very recently ruled that law enforcement cannot unnecessarily prolong routine stops in order to perform additional searches unrelated to the stop’s objective.
If the purpose of CBP is to secure borders and regulate immigration, then this stop had very little to do with the agency’s objectives. Cooke is an American citizen and had not crossed a border. If the CBP’s objective is to do whatever it wants within x number of miles of the border, then it’s apparently free to perform suspicionless searches. In this case, the CBP was operating in drug enforcement mode, but even so, it still hadn’t offered anything more than Cooke’s alleged “nervousness” to justify the search and detainment. Additionally, the CBP’s decision to bring in a drug dog raised the bar for justification.
Greatest Threat to Free Speech Comes Not From Terrorism, But From Those Claiming to Fight It
We learned recently from Paris that the Western world is deeply and passionately committed to free expression and ready to march and fight against attempts to suppress it. That’s a really good thing, since there are all sorts of severe suppression efforts underway in the West — perpetrated not by The Terrorists but by the Western politicians claiming to fight them.
One of the most alarming examples comes, not at all surprisingly, from the U.K. government, which is currently agitating for new counterterrorism powers, “including plans for extremism disruption orders designed to restrict those trying to radicalize young people.” Here are the powers which the British Freedom Fighters and Democracy Protectors are seeking:
They would include a ban on broadcasting and a requirement to submit to the police in advance any proposed publication on the web and social media or in print. The bill will also contain plans for banning orders for extremist organisations which seek to undermine democracy or use hate speech in public places, but it will fall short of banning on the grounds of provoking hatred.
It will also contain new powers to close premises including mosques where extremists seek to influence others. The powers of the Charity Commission to root out charities that misappropriate funds towards extremism and terrorism will also be strengthened.
In essence, advocating any ideas or working for any political outcomes regarded by British politicians as “extremist” will not only be a crime, but can be physically banned in advance. Basking in his election victory, Prime Minister David Cameron unleashed this Orwellian decree to explain why new Thought Police powers are needed: “For too long, we have been a passively tolerant society, saying to our citizens ‘as long as you obey the law, we will leave you alone.’” It’s not enough for British subjects merely to “obey the law”; they must refrain from believing in or expressing ideas which Her Majesty’s Government dislikes.
Canada passes controversial spook-powers law
The Canadian government has passed a controversial anti-terrorism Bill, designed to extend the powers of the country’s spy agencies.
The Bill was passed 183 votes to 93 yesterday and was introduced following the first terror attack on Canadian soil last October, in which a gunman attacked the country’s parliament, shot a soldier on cermonial guard duty and was subsequently killed himself.
The legislation will give Canada’s spooks the ability to operate overseas and make preventative arrests.
It says the Canadian Security Intelligence Service will be able to take within and outside Canada “measures to reduce threats to the security of Canada, including measures that are authorised by the Federal Court”.
It will also enact the Security of Canada Information Sharing Act, which enhances the government information disclosure powers.
Stephen Blaney, minister of Public Safety and Emergency Preparedness, said:
“[Since] October 22, we have crafted measures that are specifically designed to face the international jihadi threat that our country is facing.”
Megaupload Canada Servers Battle Reignites
The dramatic events of January 2012 in which the gigantic Mega empire of Kim Dotcom was brought to its knees are now more than three years old. Legal argument has dogged the case from day one, with each passing month presenting yet more points of contention.
One of the oldest issues surrounds the hardware seized as part of the global operation to close down what was once the world’s largest centralized file-sharing operation.
The U.S. Government seized 1,103 servers at Carpathia’s hosting facility in the United States, equipment that is currently gathering dust in a Virginia storage facility. Also at issue is a lesser-discussed batch of servers seized in Canada.
On January 18, 2012, a judge in Ontario issued a warrant to seize the 32 servers located in an Equinix datacenter. As the case continued to build against Megaupload, Kim Dotcom and his associates, the U.S. government asked Canadian authorities to hand the hardware over, claiming that an internal Megaupload email revealed them to be “database / number crunching machines.”
A year later in January 2013, Megaupload protested the handing over of the hardware to U.S. authorities claiming that the servers contained a lot of information irrelevant to the case. Megaupload said an independent forensic examiner could examine the servers and determine their contents before any handover.
An Ontario court sided with Megaupload and refused to send the servers’ data to the United States. Instead, both sides were ordered to find a way to filter out irrelevant content.
Now, more than two years later, the issue of just how much of this seized content can be sent to the United States remains an issue. The matter reappeared before a Toronto court Monday, with fresh ideas on how progression can be made.
Crown attorney Moiz Rahman, acting on behalf of the U.S. government, suggested the appointment of an independent group of forensic examiners to inspect the data and determine which data is relevant to the case, CBC reports.
However, Megaupload lawyer Scott Hutchison raised concerns that once back in the United States, the so-called “clean team” might disclose non-relevant information they’d discovered on the servers. Any ruling in Canada to seal their lips would not be enforceable in the U.S., Hutchinson said.
“Once they return to the United States, that’s nothing more than a promise,” the lawyer said.
While conceding that the “vast majority” of the data was likely to be media uploaded by Megaupload’s users, Hutchinson suggested that it would be preferable to hire an independent Canada-based investigator to carry out the work.
But speaking for the Crown on behalf of the U.S., Rahman said that a U.S. team could present the results of its investigation to a Canadian court, which could then decide what information would be allowed back to the United States under current treaty protocol.
“That’s a little bit of cold comfort to me,” said Justice Michael Quigley.
After Rahman claimed that an independent Canadian investigator would prove too expensive, the Judge ordered the parties to present their respective costings to the court before any decision on the fate of the data is made.
iiNet loses Dallas Buyers Club Piracy Case
Back in 2012, the Australian High Court ruled that ISP iiNet was not responsible for the copyright infringements of its customers. Stymied by that ruling, many Australian file-sharers breathed a sigh of relief, as Antipodean users are usually amongst the last to get content, forgotten in the long-tail of media distribution.
Conversely, it also meant that they were one of the last English-speaking (and English common-law) countries to see the appearance of so-called ‘Speculative Invoicing’, more commonly known as copyright trolling. However, “Down Under” couldn’t escape forever, and eventually the trolls washed up on the shore, in the shape of mega-troll “Dallas Buyers Club” (DBC).
The model should be familiar to most of our readers. A company (or its representative) joins a BitTorrent swarm, and “observes” a number of peers on the torrent. It then applies for a court order for the ISP to hand over the identities behind all those IP addresses so they can be pressured for cash settlement.
The big question was whether the Australian courts would allow for the discovery of subscriber details but in a decision released just minutes ago the courts said ‘yes’. Letters to be sent out to the 4,726 consumers involved will first have to be approved by the court, a move designed to reduce DBC’s ability to overstate the case and the potential penalties involved.
Following a similar ruling in Canada last February, this is the second time these kinds of restrictions have been placed on Dallas Buyers Club/Voltage Pictures. UK ‘trolls’ are also subjected to the same oversight in their initial letters to consumers but subsequent correspondence flies completely under the radar with no court involvement.
In today’s case the judge also ruled that the privacy of the 4726 accounts should be protected but placed no cap on damages. The precise restrictions and justifications will become clear when the verdict is published later today.
ISP Teksavvy Appeals in Hurt Locker Piracy Case
After numerous experiments elsewhere, notably in the US, two years ago Voltage Pictures took its turn piracy-into-profit business model to Canada.
The company’s targets were 2,000 Internet subscribers at local ISP Teksavvy. The early stages of the case saw the ISP dig in its heels while bringing on board the Canadian Internet Policy and Public Interest Clinic (CIPPIC) with the aim of protecting consumers from potentially large fines.
While CIPPIC was allowed to intervene, the subscribers’ identities were ordered to be handed over and with that in hand the arguments turned to who would have to pay for proceedings thus far.
Needless to say, Voltage Pictures’ and Teksavvy’s assessments were at the opposite ends of the spectrum, with the former saying that should it pay around $884.00 and the latter claiming a few hundred thousand dollars, $346,480.68 to be exact.
In the event the court rejected both sides’ claims, but the ruling was far away from Teksavvy’s expectations. The Federal Court told Voltage to pay $21,557 – $17,057 in technical administrative costs plus $4,500 in legal fees – associated with the IP-address lookups.
After being awarded just 6% of its original claim, it comes as little surprise that the ISP has now filed an appeal against the decision.
Following Canada’s Bad Example, Now UK Wants To Muzzle Scientists And Their Inconvenient Truths
I really hope this is a poor attempt at an april fools joke…
Techdirt has been following for a while Canada’s moves to stop scientists from speaking out about areas where the facts of the situation don’t sit well with the Canadian government’s dogma-based policies. Sadly, it looks like the UK is taking the same route. It concerns a new code for the country’s civil servants, which will also apply to thousands of publicly-funded scientists. As the Guardian reports:
Under the new code, scientists and engineers employed at government expense must get ministerial approval before they can talk to the media about any of their research, whether it involves GM crops, flu vaccines, the impact of pesticides on bees, or the famously obscure Higgs boson.
The fear — quite naturally — is that ministers could take days before replying to requests, by which time news outlets will probably have lost interest. As a result of this change, science organizations have sent a letter to the UK government, expressing their “deep concern” about the code. A well-known British neurobiologist, Sir Colin Blakemore, told the Guardian:
“The real losers here are the public and the government. The public lose access to what they consider to be an important source of scientific evidence, and the government loses the trust of the public,” Blakemore said.
Not only that, by following Canada’s example, the British government also makes it more likely that other countries will do the same, which will weaken science’s ability to participate in policy discussions around the world — just when we need to hear its voice most.
How The TPP Agreement Could Be Used To Undermine Free Speech And Fair Use In The US
We’ve been writing a lot about the Trans Pacific Partnership (TPP) agreement over the past few years. There are many, many problems with it, but the two key ones are the intellectual property chapter and the investment chapter. Unlike some who are protesting TPP, we actually think that free trade is generally a good thing and important for the economy — but neither the intellectual property section nor the investment chapter are really about free trade. In many ways, they’re about the opposite: trying to put in place protectionist/mercantilist policies that benefit the interests of a few large legacy industries over the public and actual competition and trade. We’ve already discussed many of the problems of the intellectual property chapter — which is still being fought over — including that it would block the US from reforming copyright to lower copyright term lengths (as even the head of the Copyright Office, Maria Pallante has argued for).
And, last week, Wikileaks leaked the investment chapter, which is focused on corporate sovereignty provisions, officially known as “investor state dispute settlement” or “ISDS” (named as such, in part, because the negotiators know it sounds boring, so they hope the public won’t pay attention). As people go through the details and the fine print, they’re finding some serious problems with it. Sean Flynn has a very in-depth look at how the combination of these two chapters — the IP chapter and the investment chapter — could very likely threaten fair use (and, with it, undermine the First Amendment).
The full details as to how are a bit tricky to understand, because it involves digging through the leaked versions of both chapters, and understanding some of the subtle language choices, but it’s a serious concern. Flynn’s article also goes through the history of how such corporate sovereignty provisions have been expanded and increasingly used over the past decade or so. But the key part is this: the investment chapter certainly can (and will) be read to cover intellectual property as well, including the idea that a company can invoke the ISDS process if it feels its “intellectual property” has been “expropriated” in some manner. The word “investment” in the investment chapter is defined incredibly broadly and explicitly includes “intellectual property” as well as “other tangible or intangible, movable or immovable property.” It also, importantly, notes that an investment, for the purpose of ISDS, covers:
every asset that an investor owns or controls, directly or indirectly, that has the characteristics of an investment, including such characteristics as the commitment of capital or other resources, the expectation of gain or profit, or the assumption of risk.
Now, it’s no secret that the legacy entertainment industry is no fan of fair use (even if they often rely on it themselves). While fair use is officially part of the law in the US, the entertainment industry just recently fought very hard to block it in the UK and Australia, arguing (ridiculously) that fair use would harm innovation.
Even where there are very strong arguments for fair use — such as in helping the blind access works — the entertainment industry has twisted the so-called “three step” test from the Berne Agreement to argue that that is the most that is allowed for fair use. The three step test is actually really about limiting fair use, rather than enabling it. It is in the Berne agreement (as a relatively recent addition) as one possible “exception” to copyright, but not the only one. However, the haters of fair use like to pretend that it is the only one allowed under that agreement.
Under the three step test, “exceptions” to copyright occur when there are:
limitations and exceptions to exclusive rights to (Step 1) certain special cases (Step 2) which do not conflict with a normal exploitation of the work and (Step 3) do not unreasonably prejudice the legitimate interests of the rights holder
And, of course, in the US, fair use goes way beyond that already. And, as Flynn points out, it appears from the leaked text of TPP, the US would now be opening itself up to an ISDS challenge from a foreign owned company (remember: Universal Music is owned by a French company, Sony Music is owned by a Japanese company and Warner Music is owned by Russians…) that the fair use doctrine itself “expropriates” its “intellectual property” rights by going beyond the three steps test. Here’s Flynn:
And here is a major one lurking in the shadows. Many copyright intensive industries are hostile to the U.S. fair use doctrine and many of the decisions of courts emanating from it. There have been arguments raised from time to time that the doctrine or its applications are contrary to the so-called Berne 3-step test requiring that limitations and exceptions to rights be limited to certain special cases, not conflict with a normal exploitation of the work and not unreasonably prejudice the legitimate interests of the author (see this rebuttal from Gervais et al.). No other country has attempted to sue the U.S. or the nearly dozen other countries around the world that have fair use. But will the content industry be so reticent with such challenges in the future? With the TPP ISDS chapter, they will not have to in 40% of the global economy.
And this isn’t so far fetched. As we’ve been discussing, under existing ISDS/corporate sovereignty provisions in NAFTA, Eli Lilly is currently suing Canada for $500 million because Canada refused to grant it some patents. Eli Lilly is arguing that this “expropriated” Eli Lilly’s “intellectual property” and took away its “expected profits.”
Is it that difficult to believe that a recording studio or movie studio might make a similar argument on a fair use determination on one of its copyright-covered works?
And, if fair use is undermined, so is free speech. As we’ve noted, the Supreme Court itself has long argued that current fair use doctrine is a necessary “safety valve” in making sure that copyright does not violate the First Amendment. In other words, fair use is a key part of your First Amendment rights.
And yet… the USTR is basically putting in place a plan and system to undermine this, because the big copyright players are among the very few people who are allowed to see the negotiating text and to “advise” the USTR on what should be in it. Once again, it would seem like the most obvious way to deal with this would be for the USTR to release the negotiating documents, so that the public would be aware of what’s being negotiated, and could discuss the possible consequences — like how the current rules have the potential to undermine fair use and free speech. But, for reasons that the USTR still will not explain (perhaps because they reveal the USTR’s true reasoning for such provisions), it refuses to do so.
Corporate Sovereignty Provisions Of TPP Agreement Leaked Via Wikileaks: Would Massively Undermine Government Sovereignty
For years now, we’ve been warning about the problematic “ISDS” — “investor state dispute settlement” mechanisms that are a large part of the big trade agreements that countries have been negotiating. As we’ve noted, the ISDS name is designed to be boring, in an effort to hide the true impact — but the reality is that these provisions provide corporate sovereignty, elevating the power of corporations to put them above the power of local governments. If you thought “corporate personhood” was a problem, corporate sovereignty takes things to a whole new level — letting companies take foreign governments to special private “tribunals” if they think that regulations passed in those countries are somehow unfair. Existing corporate sovereignty provisions have led to things like Big Tobacco threatening to sue small countries for considering anti-smoking legislation and pharma giant Eli Lilly demanding $500 million from Canada, because Canada dared to reject some of its patents noting (correctly) that the drugs didn’t appear to be any improvement over existing drugs.