In August, 2013, as evidence emerged of the active participation by New Zealand in the “Five Eyes” mass surveillance program exposed by Edward Snowden, the country’s conservative Prime Minister, John Key, vehemently denied that his government engages in such spying. He went beyond mere denials, expressly vowing to resign if it were ever proven that his government engages in mass surveillance of New Zealanders. He issued that denial, and the accompanying resignation vow, in order to re-assure the country over fears provoked by a new bill he advocated to increase the surveillance powers of that country’s spying agency, Government Communications Security Bureau (GCSB) – a bill that passed by one vote thanks to the Prime Minister’s guarantees that the new law would not permit mass surveillance.
Since then, a mountain of evidence has been presented that indisputably proves that New Zealand does exactly that which Prime Minister Key vehemently denied – exactly that which he said he would resign if it were proven was done. Last September, we reported on a secret program of mass surveillance at least partially implemented by the Key government that was designed to exploit the very law that Key was publicly insisting did not permit mass surveillance. At the time, Snowden, citing that report as well as his own personal knowledge of GCSB’s participation in the mass surveillance tool XKEYSCORE, wrote in an article for the Intercept:
Let me be clear: any statement that mass surveillance is not performed in New Zealand, or that the internet communications are not comprehensively intercepted and monitored, or that this is not intentionally and actively abetted by the GCSB, is categorically false. . . . The prime minister’s claimto the public, that “there is no and there never has been any mass surveillance” is false. The GCSB, whose operations he is responsible for, is directly involved in the untargeted, bulk interception and algorithmic analysis of private communications sent via internet, satellite, radio, and phone networks.
Tag: NSA
Australian Secretary Of Defense Not Concerned About Phone Hack; Doesn’t Think People Want To Spy On His Phone
If you were the Secretary of Defense of a large country, you might think you’d be slightly concerned that foreign agents would want to spy on you. Not so down in Australia apparently, where the current Secretary of Defense, insists that he’d be “surprised” if anyone wanted to find out what was on his phone. Seriously.
We’ve written about the recent story, revealed in documents leaked by Ed Snowden, that the NSA and GCHQ were able to hack into the systems of Gemalto, the world’s largest maker of SIM cards for mobile phones, and obtain the encryption keys used in those cards. While Gemalto insists that the hack didn’t actually get those encryption keys, not everyone feels so comfortable with Gemalto’s own analysis of what happened.
Senator Scott Ludlam (who we’ve written about a few times before) reasonably found the story of the Gemalto hack to be concerning, and went about asking some questions of the government to find out what they knew about it. The results are rather astounding. First he had asked ASIO, the Australian Security Intelligence Organization, and they said it wasn’t their area, but it might be ASD (the Australian Signals Directorate). The video below shows Ludlam asking the ASD folks for more information about the hack and being flabbergasted that they basically say they haven’t even heard about the hack at all:
Right at the beginning, the first person says he’s not aware of the situation, and Ludlam asks “are you aware of the broad outlines?” and gets a “no I am not” response, leading to a rather dry “Really?!? Okay, this is going to be interesting” reply from Ludlam. It goes on in this nature for a while, with the various people on the panel playing dumb, and Ludlam repeatedly (and rightly) appearing shocked that they appear to have no idea about the story.
But the really incredible part comes in the last minute of the video, in which Ludlam asks the Australian Secretary of Defense, Dennis Richardson, about his own concerns about his phone being spied on:
Ludlam: Do you use an encrypted phone, Mr. Richardson?
Richardson: No, I don’t.
Ludlam: Right. Okay. Do you use a commercial — I’m not asking you to name names — but do you use a commercial telecommunications provider?
Richardson: Yeah, yeah, yes.
Ludlam: So there might be a SIM card in your phone or mind. Does this alarm you at all?
Richardson: No.
Ludlam: No?
Richardson: No.
Ludlam: Why is that?
Richardson: Well, because I don’t particularly deal with people who… if anyone wants to listen to my telephone calls they can. I’d be surprised if they do, but I don’t particularly have conversations which I’m particularly worried about.
[Laughter all around the room]
Ludlam: So it’s okay if foreign spooks have hacked every mobile handset in the country because you don’t have anything in particular…
Richardson: It’s possible some might try to.
Ludlam: It’s possible some just have.
Richardson: [shrugs] Well, it’s possible.
So there you have it, folks. The Australian Secretary of Defense says that anyone is allowed to listen in to his calls, because there’s nothing secret about any of them. I’m not quite familiar with public records/freedom of information laws in Australia, but is it possible for someone to put in a request for recording all of the Secretary of Defense’s phone calls?
Let’s blame Iran (again)
US director of National Intelligence James Clapper has accused Iran of orchestrating a 2014 hack of the Las Vegas Sands casino. The attack crippled the magnificent cultural institution’s IT infrastructure.
Clapper told a US Senate Armed Services Committee Thursday (US time) that the hack of the US$14 billion casino was the handiwork of Iran rather than ordinary hacking groups, Bloomberg reports.
“While both of these nations (Iran and North Korea) have lesser technical capabilities in comparison to Russia and China, these destructive attacks demonstrate that Iran and North Korea are motivated and unpredictable cyber-actors,” Clapper says.
The attacks brought down the casino’s IT systems including email but not the most valuable components of the organisation.
Here’s 140 Fully-Redacted Pages Explaining How Much Snowden’s Leaks Have Harmed The Nation’s Security
If the US intelligence committee is concerned about the status of “hearts and minds” in its ongoing NSA v. Snowden battle, it won’t be winning anyone over with its latest response to a FOIA request.
Various representatives of the intelligence community have asserted (sometimes repeatedly) that Snowden’s leaks have caused irreparable harm to intelligence-gathering efforts and placed the nation in “grave danger.” But when given the chance to show the public how much damage has been done, it declares everything on the subject too sensitive to release. EVERYTHING.
NSA Director: If I Say ‘Legal Framework’ Enough, Will It Convince You Security People To Shut Up About Our Plan To Backdoor Encryption?
Admiral Mike Rogers, the NSA Director, has barely been on the job for a year, and so far he’d mostly avoided making the same kinds of absolutely ridiculous statements that his predecessor General Keith Alexander was known for. Rogers had, at the very least, appeared slightly more thoughtful in his discussions about the surveillance state and his own role in it. However, Rogers ran into a bit of trouble at New America’s big cybersecurity event on Monday — in that there were actual cybersecurity folks in the audience and they weren’t accepting any of Rogers’ bullshit answers. The most notable exchange was clearly between Rogers and Alex Stamos, Yahoo’s chief security officer, and a well known privacy/cybersecurity advocate.
Alex Stamos (AS): “Thank you, Admiral. My name is Alex Stamos, I’m the CISO for Yahoo!. … So it sounds like you agree with Director Comey that we should be building defects into the encryption in our products so that the US government can decrypt…
Mike Rogers (MR): That would be your characterization. [laughing]
AS: No, I think Bruce Schneier and Ed Felton and all of the best public cryptographers in the world would agree that you can’t really build backdoors in crypto. That it’s like drilling a hole in the windshield.
MR: I’ve got a lot of world-class cryptographers at the National Security Agency.
AS: I’ve talked to some of those folks and some of them agree too, but…
MR: Oh, we agree that we don’t accept each others’ premise. [laughing]
AS: We’ll agree to disagree on that. So, if we’re going to build defects/backdoors or golden master keys for the US government, do you believe we should do so — we have about 1.3 billion users around the world — should we do for the Chinese government, the Russian government, the Saudi Arabian government, the Israeli government, the French government? Which of those countries should we give backdoors to?
MR: So, I’m not gonna… I mean, the way you framed the question isn’t designed to elicit a response.
AS: Well, do you believe we should build backdoors for other countries?
MR: My position is — hey look, I think that we’re lying that this isn’t technically feasible. Now, it needs to be done within a framework. I’m the first to acknowledge that. You don’t want the FBI and you don’t want the NSA unilaterally deciding, so, what are we going to access and what are we not going to access? That shouldn’t be for us. I just believe that this is achievable. We’ll have to work our way through it. And I’m the first to acknowledge there are international implications. I think we can work our way through this.
AS: So you do believe then, that we should build those for other countries if they pass laws?
MR: I think we can work our way through this.
AS: I’m sure the Chinese and Russians are going to have the same opinion.
MR: I said I think we can work through this.
AS: Okay, nice to meet you. Thanks.
[laughter]
MR: Thank you for asking the question. I mean, there are going to be some areas where we’re going to have different perspectives. That doesn’t bother me at all. One of the reasons why, quite frankly, I believe in doing things like this is that when I do that, I say, “Look, there are no restrictions on questions. You can ask me anything.” Because we have got to be willing as a nation to have a dialogue. This simplistic characterization of one-side-is-good and one-side-is-bad is a terrible place for us to be as a nation. We have got to come to grips with some really hard, fundamental questions. I’m watching risk and threat do this, while trust has done that. No matter what your view on the issue is, or issues, my only counter would be that that’s a terrible place for us to be as a country. We’ve got to figure out how we’re going to change that.
[Moderator Jim Sciutto]: For the less technologically knowledgeable, which would describe only me in this room today, just so we’re clear: You’re saying it’s your position that in encryption programs, there should be a backdoor to allow, within a legal framework approved by the Congress or some civilian body, the ability to go in a backdoor?
MR: So “backdoor” is not the context I would use. When I hear the phrase “backdoor,” I think, “well, this is kind of shady. Why would you want to go in the backdoor? It would be very public.” Again, my view is: We can create a legal framework for how we do this. It isn’t something we have to hide, per se. You don’t want us unilaterally making that decision, but I think we can do this.
Former FBI Director Defends Metadata Collection
The current practices of the Foreign Intelligence Surveillance Act court are effective and don’t need to be changed, according to former FBI director Robert Mueller.
“Yes, it’s worthwhile. Metadata of telephone companies is terribly helpful,” Mueller said, speaking Tuesday morning at an American Bar Association breakfast held at the the University Club in Washington, D.C.
Mueller cited the example of the Boston Marathon bombing as evidence that bulk collection is important, saying that analysis of metadata was able to rule out potential associates of the Tsarnaev brothers. “They had additional IEDs [Improvised Explosive Devices],” Mueller said, adding that bulk collection helped prevent a second attack.
Metadata collection, he said, “is tremendously helpful in identifying contacts.”
The FISA court’s bulk metadata collection program has come under intense scrutiny in light of disclosures made by former National Security Agency contractor Edward Snowden. Congress now has until the end of May to decide whether to reauthorize Section 215 of the Patriot Act, which allows the bulk collection program.
Legislators are working on the language for a reauthorization bill, according to Mueller. “They’re tweaking it, trying to accommodate additional concerns, like privacy,” he said.
Mueller also defended current procedures, which have been criticized for not allowing those subject to surveillance to argue in front of the FISA court. “I’m not sure you need to change what’s been in effect,” he said.
Mueller also didn’t mince words when asked about a possible plea deal for Snowden.
“He’s indicted,” Mueller said of Snowden. “He should come back and face the music.”
Lawmaker Who Said Snowden Committed Treason, Now On The Other Side Of Metadata Surveillance
Rep. Aaron Schock is frequently referred to as a “rising star” in Congress, but this week, the Associated Press reported on a scandal involving Schock and his use of taxpayer and campaign funds for things like flights on private jets (owned by key donors) and a Katy Perry concert. Frankly, I think some of the “scandal” here is a bit overblown. But what struck me is part of how the AP tracked these details about Schock down:
The AP tracked Schock’s reliance on the aircraft partly through the congressman’s penchant for uploading pictures and videos of himself to his Instagram account. The AP extracted location data associated with each image then correlated it with flight records showing airport stopovers and expenses later billed for air travel against Schock’s office and campaign records.
In short, the metadata brought Schock down. Of course, as we’ve been describing, anyone who says that we shouldn’t be concerned about the NSA’s surveillance of metadata, or brushes it away as “just metadata,” doesn’t understand how powerful metadata can be. As former NSA/CIA boss Michael Hayden has said, the government kills people based on metadata.
But it does seem noteworthy that Schock was one of those who claimed that Ed Snowden’s leaking of how the NSA collected metadata on nearly everyone amounted to treason. I wonder if he still feels that way…
After this you look around and at your webcam
European Lawmakers Demand Answers on Phone Key Theft
European officials are demanding answers and investigations into a joint U.S. and U.K. hack of the world’s largest manufacturer of mobile SIM cards, following a report published by The Intercept Thursday.
The report, based on leaked documents provided by NSA whistleblower Edward Snowden, revealed the U.S. spy agency and its British counterpart Government Communications Headquarters, GCHQ, hacked the Franco-Dutch digital security giant Gemalto in a sophisticated heist of encrypted cell-phone keys.
The European Parliament’s chief negotiator on the European Union’s data protection law, Jan Philipp Albrecht, said the hack was “obviously based on some illegal activities.”
“Member states like the U.K. are frankly not respecting the [law of the] Netherlands and partner states,” Albrecht told the Wall Street Journal.
Sophie in ’t Veld, an EU parliamentarian with D66, the Netherlands’ largest opposition party, added, “Year after year we have heard about cowboy practices of secret services, but governments did nothing and kept quiet […] In fact, those very same governments push for ever-more surveillance capabilities, while it remains unclear how effective these practices are.”
“If the average IT whizzkid breaks into a company system, he’ll end up behind bars,” In ’t Veld added in a tweet Friday.
The EU itself is barred from undertaking such investigations, leaving individual countries responsible for looking into cases that impact their national security matters. “We even get letters from the U.K. government saying we shouldn’t deal with these issues because it’s their own issue of national security,” Albrecht said.
Still, lawmakers in the Netherlands are seeking investigations. Gerard Schouw, a Dutch member of parliament, also with the D66 party, has called on Ronald Plasterk, the Dutch minister of the interior, to answer questions before parliament. On Tuesday, the Dutch parliament will debate Schouw’s request.
Additionally, European legal experts tell The Intercept, public prosecutors in EU member states that are both party to the Cybercrime Convention, which prohibits computer hacking, and home to Gemalto subsidiaries could pursue investigations into the breach of the company’s systems.
According to secret documents from 2010 and 2011, a joint NSA-GCHQ unit penetrated Gemalto’s internal networks and infiltrated the private communications of its employees in order to steal encryption keys, embedded on tiny SIM cards, which are used to protect the privacy of cellphone communications across the world. Gemalto produces some 2 billion SIM cards a year.
The company’s clients include AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers. “[We] believe we have their entire network,” GCHQ boasted in a leaked slide, referring to the Gemalto heist.
FBI Flouts Obama Directive to Limit Gag Orders on National Security Letters
Despite the post-Snowden spotlight on mass surveillance, the intelligence community’s easiest end-run around the Fourth Amendment since 2001 has been something called a National Security Letter.
FBI agents can demand that an Internet service provider, telephone company or financial institution turn over its records on any number of people — without any judicial review whatsoever — simply by writing a letter that says the information is needed for national security purposes. The FBI at one point was cranking out over 50,000 such letters a year; by the latest count, it still issues about 60 a day.
The letters look like this:
Recipients are legally required to comply — but it doesn’t stop there. They also aren’t allowed to mention the order to anyone, least of all the person whose data is being searched. Ever. That’s because National Security Letters almost always come with eternal gag orders. Here’s that part:
That means the NSL process utterly disregards the First Amendment as well.
More than a year ago, President Obama announced that he was ordering the Justice Department to terminate gag orders “within a fixed time unless the government demonstrates a real need for further secrecy.”
And on Feb. 3, when the Office of the Director of National Intelligence announced a handful of baby steps resulting from its “comprehensive effort to examine and enhance [its] privacy and civil liberty protections” one of the most concrete was — finally — to cap the gag orders:
In response to the President’s new direction, the FBI will now presumptively terminate National Security Letter nondisclosure orders at the earlier of three years after the opening of a fully predicated investigation or the investigation’s close.
Continued nondisclosures orders beyond this period are permitted only if a Special Agent in Charge or a Deputy Assistant Director determines that the statutory standards for nondisclosure continue to be satisfied and that the case agent has justified, in writing, why continued nondisclosure is appropriate.
Despite the use of the word “now” in that first sentence, however, the FBI has yet to do any such thing. It has not announced any such change, nor explained how it will implement it, or when.
