In order to obtain a copy of the NSA’s main XKeyscore software, whose existence was first revealed by Edward Snowden in 2013, Germany’s domestic intelligence agency agreed to hand over metadata of German citizens it spies on. According to documents seen by the German newspaper Die Zeit, after 18 months of negotiations, the US and Germany signed an agreement in April 2013 that would allow the Federal Office for the Protection of the Constitution (Bundesamtes für Verfassungsschutz—BfV) to obtain a copy of the NSA’s most important program and to adopt it for the analysis of data gathered in Germany.
Australia’s long sleepwalk into a surveillance state continued last week, with the largely-uncontested passage of the suite of bills creating the Australian Border Force (ABF).
As well as telecommunications metadata access, the legislation wrapped the Australian Border Force (ABF) in a protective coating of spook-power.
Last week, Senator Scott Ludlam warned that the ABF – a mash-up of the “border control functions” of the Departments of Immigration and Customs – was being designated a law enforcement agency under the Telecommunications Interception Act.
That means that Australian citizens who haven’t committed a crime, or even travelled overseas, might still be swept up in a metadata request.
However, as an anonymous reader pointed out to Vulture South, the law goes even further than that.
In the digest of legislation needed to create the ABF, it’s also noted that “the Bill gives significant law enforcement powers to all officers of Department of Immigration and Border Protection (DIBP).”
What that means is that the ABF will be able to conduct controlled operations which, under the government’s new national security regime, means the agency now has the power to block reporting of its activities and pursue whistleblowers.
That’s more than a trivial change, since it’s already known that the Australian Federal Police (AFP) has been investigating journalists reporting on asylum-seeker issues to try and uncover their sources.
Senate Minority Leader Harry Reid, D-Nev., on Monday used last week’s appellate court ruling that NSA bulk collection of call records is illegal to bash his Republican counterpart for wanting to keep it going through 2020.
“My friend, the Majority Leader, keeps talking about extending the program for five and a half years,” Reid said from the floor of the Senate, referencing Sen. Mitch McConnell, R-Ky. “How can you reauthorize something that’s illegal?” Reid asked. “You can’t. You shouldn’t.”
“Extending an illegal program for five and a half years? That is not sensible,” he said. “What should happen is that we should move forward and do something that is needed here — and that is, do it all over again.”
On Sunday at a speech in Boston, McConnell called the bulk phone call metadata collection program “an important tool to prevent the next terrorist attack,” and said that the U.S. “is better off with an extension of the Patriot Act than not.” Three provisions of the Patriot Act are set to expire on June 1, including one that the NSA has claimed justifies the program.
Reid offered an alternative Monday, saying that McConnell should seek to advance the USA Freedom Act, a bill that would end the bulk collection of metadata from domestic phone companies. He pointed out that a version of the bill passed out of the House Judiciary Committee in April by a 25 – 2 vote, and predicted that the legislation would be advanced by a full House vote this week.
Reid also painted the bill as an escape hatch for McConnell — and said he would back a revolt that’s being openly planned, should the Senate Majority Leader attempt to move for a clean extension of the Patriot Act. Sens. Ron Wyden, D-Ore., and Rand Paul, R-Ky., have already threatened filibusters.
“This is the only bipartisan, bicameral solution we have today that will end the illegal bulk collection and reform and reauthorize key provisions of FISA,” Reid said.
“Otherwise … I’m not the only one, Mr. President,” he added. “I’m told, walking over here, that the junior senator from Kentucky is not going to let an extension … take place. So why don’t we just go ahead and get it done now.”
The NSA’s bulk collection of Americans’ phone call records may be illegal, a US federal appeals court has ruled.
The US Second Circuit Court of Appeal unanimously ruled that the NSA’s bulk telephone metadata1program was not authorised by section 215 of the Patriot Act, voiding an earlier ruling by a lower court. The US District Court for the Southern District of New York dismissed a legal challenge to the NSA dragnet surveillance program. Judge Vernon S Broderick ruled that section 215 of the Patriot Act was a statutory scheme that precludes judicial review.
The decision by three judges on appeal overturns that decision and re-opens the case against the NSA that it acted contrary to either the Fourth or First Amendments to the US Constitution. Lawyers are still to argue on these points properly. Attorneys for the ACLU (American Civil Liberties Union) have however succeeded in re-instating the case and in deprecating the Patriot Act as a trump card in justifying surveillance, as the ruling by the judges explains.
This is why metadata collection can come back to harm you…
Rugby player Sonny Bill Williams is a role model for many, a fact that’s not gone un-noticed by the purveyors of a dubious fitness supplement who’ve created an ad that looks an awful lot like a news story about the athlete. Williams has nothing to do with the ad or the product. He’s just been used to get people clicking. And if you do click on the link to the “story”, you’re taken to a page on which you’re offered the chance to buy the supplement.
Once you’ve done so, Australia’s law enforcement authorities will soon have evidence that you’ve visited a site involved in the distribution of probably-not-entirely-legal substances.
That’s not enough to convict you. But if law enforcement authorities are investigating the importation of such substances, the fact that you once succumbed to a clickbait headline in order to read some gossip means you’re suddenly more worthy of investigation.
Welcome to the age of metadata retention, in which clickbait can incriminate you.
Back in January, we wrote about a legal challenge to the Netherlands’ data retention law by a group of civil rights organizations. This was because the Dutch government had decided to ignore the important ruling by Europe’s highest court, the Court of Justice of the EU (CJEU), that blanket data retention was “invalid.” Now, a court in The Hague has ruled the government was wrong to do so:
Dutch providers are no longer required to retain internet and phone traffic data. The telecommunications data retention law, that was fought in court by various privacy groups and small ISPs, is invalid.
That was ruled by the court of The Hague on Wednesday. The data retention law violated the Charter of Fundamental Rights of the European Union, specifically regarding the right to protection of private life and protection of personal data.
As that report from Nu.nl, translated by Matthijs R. Koot on his blog, makes clear, the court’s judgment affects all kinds of telecoms — both Internet and phone traffic data — and all communication providers. This is the judge’s reasoning:
The judge finds that the collected data are too easily accessible for crimes that are not serious. The plaintiffs stated that, technically, theft of a bicycle could lead to access to data, although the government stated this does not happen.
“Fact of the matter is that the possibility exists and that no safeguards exist to limit access to the data to what is strictly necessary to fight (only) serious crime”, according to the judge.
The court also finds it to be incorrect that no prior court approval is needed to access the data.
The judge’s ruling is only “provisonally enforeable”, and the Dutch government may appeal against it. But even if it does, it has a larger problem with its policy in this area. Although it claims a new data retention bill will be compatible with the CJEU ruling, the Netherlands’ Data Protection Authority has already said that it is still too intrusive for a number of reasons. Clearly, the European debate over what is a reasonable and proportionate level of data retention — if any — has a long way to go yet, both in the Netherlands and elsewhere.
Find a security flaw, go to jail. That’s the general attitude of government entities around the world. Over in Australia, an Anonymous member and fundraising manager for a cancer support group is facing an ever-shifting number of charges for finding and testing security holes.
Adam John Bennett is a rather un-anonymous member of Anonymous. He also acts as an unofficial mouthpiece for Anonymous via his LoraxLive online radio show. His supposed participation in a large-scale hack saw him raided by Australian Federal Police in May of 2014. Since then, he’s been awaiting prosecution for a variety of charges — charges government prosecutors seem unable to pin down.
The data breach leading to Bennett’s arrest involved a target of Australia’s controversial data retention law, which requires ISPs to hold onto subscribers’ internet activity (including social network use and emails) for two years and grant extensive access to a variety of government agencies.
The current practices of the Foreign Intelligence Surveillance Act court are effective and don’t need to be changed, according to former FBI director Robert Mueller.
“Yes, it’s worthwhile. Metadata of telephone companies is terribly helpful,” Mueller said, speaking Tuesday morning at an American Bar Association breakfast held at the the University Club in Washington, D.C.
Mueller cited the example of the Boston Marathon bombing as evidence that bulk collection is important, saying that analysis of metadata was able to rule out potential associates of the Tsarnaev brothers. “They had additional IEDs [Improvised Explosive Devices],” Mueller said, adding that bulk collection helped prevent a second attack.
Metadata collection, he said, “is tremendously helpful in identifying contacts.”
The FISA court’s bulk metadata collection program has come under intense scrutiny in light of disclosures made by former National Security Agency contractor Edward Snowden. Congress now has until the end of May to decide whether to reauthorize Section 215 of the Patriot Act, which allows the bulk collection program.
Legislators are working on the language for a reauthorization bill, according to Mueller. “They’re tweaking it, trying to accommodate additional concerns, like privacy,” he said.
Mueller also defended current procedures, which have been criticized for not allowing those subject to surveillance to argue in front of the FISA court. “I’m not sure you need to change what’s been in effect,” he said.
Mueller also didn’t mince words when asked about a possible plea deal for Snowden.
“He’s indicted,” Mueller said of Snowden. “He should come back and face the music.”