Hoping for spy reforms? Jeb Bush, dangerously close to being the next US prez, backs the NSA

Former Florida governor, brother of former President George W Bush, son of former President George H W Bush, and Republican frontrunner for the 2016 US presidential election, Jeb Bush … has strongly defended the NSA’s mass surveillance of innocent people.

Speaking at the Chicago Council on Global Affairs as part of his run for the White House, Bush made it clear that if he did become president he would retain the programs introduced under his brother’s administration.

While covering broad foreign policy topics, Bush appeared to go off script when he said that in order to effectively tackle Islamic terrorism, it was necessary to have “responsible intelligence gathering and analysis – including the NSA metadata program, which contributes to awareness of potential terror cells and interdiction efforts on a global scale.”

He continued: “For the life of me, I don’t understand.. the debate has gotten off track, where we’re not understanding or protecting.. we do protect our civil liberties.. but this is a hugely important program to use these technologies to keep us safe.”

Fast forward to the 28-minute mark for the fun to begin in this vid, streamed live on Wednesday, of his talk

Link (The Register)

GCHQ Will Have To Start Letting Everyone Know Whether Or Not They’ve Been Illegally Spied On

Last December, the IPT (Investigatory Powers Tribunal) ruled that GCHQ’s surveillance programs didn’t violate human rights, despite being broad and untargeted dragnets. This ruling — in response to several legal challenges brought in the wake of the Snowden leaks — was unsurprising. The IPT has overwhelmingly supported GCHQ’s spying efforts in the past, having only sided against it in one-half of one percent of the challenges brought against it.

The IPT’s ongoing support of the UK’s intelligence community is unsurprising. To declare any of its programs as illegal or in violation of citizens’ rights would be to implicate itself for its near-constant approval of surveillance programs. That makes its February decision a bit of an aberration. In response to Privacy International’s legal challenge, it changed course slightly, declaring certain elements of the GCHQ’s spying efforts “illegal” — specifically, information sharing with the NSA. But this was only a partial capitulation. The IPT went on to say that this was once illegal but now was not, thanks to its December 2014 ruling. In some bizarre way, the legal complaints brought against the GCHQ managed to legalize its once-illegal partnership with the NSA.

However, its February decision makes it clear that operations prior to December 2014 were illegal, and provides an opening for UK citizens to force a bit more transparency on their intelligence community.

Because the IPT found the intelligence sharing to be illegal, anyone, inside or outside the UK, can file a complaint to the IPT and ask if their communications were part of that illegal sharing, and be legally entitled to an answer. [Privacy International’s Eric] King explained, “If they don’t find anything, it’s likely they respond ‘no determination’. If they do find something, the IPT is obliged to give a declaration to the individual that their communications were illegally interfered with.”

This is far more transparency than has been granted by the NSA, which still responds to similar inquiries about files on citizens (from those citizens themselves) with its omnipresent Glomar declaration, neither confirming nor denying the collected results of its domestic surveillance programs.

Link (Techdirt)

Researchers Find ‘Astonishing’ Malware Linked to NSA Spying

Security researchers have uncovered highly sophisticated malware that is linked to a secret National Security Agency hacking operation exposed by The Intercept last year.

Russian security firm Kaspersky published a report Monday documenting the malware, which it said had been used to infect thousands of computer systems and steal data in 30 countries around the world. Among the targets were a series of unnamed governments, telecom, energy, and aerospace companies, as well as Islamic scholars, and media organizations.

Kaspersky did not name the NSA as the author of the malware. However, Reuters reported later on Monday that the agency had created the technology, citing anonymous former U.S. intelligence officials.

Kaspersky’s researchers noted that the newly found malware is similar to Stuxnet, a covert tool reportedly created by the U.S. government to sabotage Iranian nuclear systems. The researchers also identified a series of codenames that they found contained within the samples of malware, including STRAIGHTACID, STRAITSHOOTER, and GROK.

Notably, GROK, which Kaspersky said is a piece of malware used to secretly log keystrokes, is tied to secret NSA hacking tactics described in documents from whistleblower Edward Snowden. Last year, The Intercept revealed that the NSA was using a tool called GROK to log keystrokes as part of a toolkit it uses to hack computers and collect data.

The other codenames identified by Kaspersky on Tuesday—such as STRAIGHTACID, STRAITSHOOTER—are strikingly similar to known NSA hacking operations. Leaked NSA documents have revealed that the agency uses hacking tools known as STRAIGHTBIZARRE and FOXACID to break into computers and grab data.

According to Kaspersky, the malware found in the latest discovery is the most advanced ever found and represents an “astonishing technical accomplishment.” It hides deep within an infected computer and can stay on the machine even after attempts to wipe or reformat the hard drive. The security firm has dubbed different variants of the malware EquationLaser, EquationDrug and GrayFish, and they are calling its creators the “Equation Group,” because of the way the spy technology attempts to hide itself in an infected computer using complex encryption.

Link (The Intercept)UKUK

Internet Industry Now Considers The Intelligence Community An Adversary, Not A Partner

In an interview last month, Timothy D. Cook, Apple’s chief executive, said the N.S.A. “would have to cart us out in a box” before the company would provide the government a back door to its products. Apple recently began encrypting phones and tablets using a scheme that would force the government to go directly to the user for their information. And intelligence agencies are bracing for another wave of encryption.

In fact, it seems noteworthy that this whole issue of increasing encryption by the tech companies to keep everyone out has been left off the official summit schedule. As the NY Times notes, Silicon Valley seems to be pretty much completely fed up with the intelligence community after multiple Snowden revelations revealed just how far the NSA had gone in trying to “collect it all” — including hacking into the foreign data centers of Google and Yahoo. And, on top of that, the NSA’s efforts to buy up zero day vulnerabilities before companies can find out and patch them:

“What has struck me is the enormous degree of hostility between Silicon Valley and the government,” said Herb Lin, who spent 20 years working on cyberissues at the National Academy of Sciences before moving to Stanford several months ago. “The relationship has been poisoned, and it’s not going to recover anytime soon.”

Link (Techdirt)

Obama To Germans Worried About NSA Surveillance: ‘Hey, Trust Us!’

It’s often been said that trust is something that you earn — or that you completely destroy in irredeemable ways. So it’s a little bizarre to see President Obama trying to restore German trust in the US (and specifically over NSA surveillance) with a bogus “hey, trust us” line, when his own government has spent the past few years doing everything possible to undermine any residual trust. Yet here he is, in a joint appearance with German Chancellor Angela Merkel, asking for “the benefit of the doubt.”

There are going to still be areas where we’ve got to work through these issues. We have to internally work through some of these issues, because they’re complicated, they’re difficult. If we are trying to track a network that is planning to carry out attacks in New York or Berlin or Paris, and they are communicating primarily in cyberspace, and we have the capacity to stop an attack like that, but that requires us then being able to operate within that cyberspace, how do we make sure that we’re able to do that, carry out those functions, while still meeting our core principles of respecting the privacy of all our people?

And given Germany’s history, I recognize the sensitivities around this issue. What I would ask would be that the German people recognize that the United States has always been on the forefront of trying to promote civil liberties, that we have traditions of due process that we respect, that we have been a consistent partner of yours in the course of the last 70 years, and certainly the last 25 years, in reinforcing the values that we share. And so occasionally I would like the German people to give us the benefit of the doubt, given our history, as opposed to assuming the worst — assuming that we have been consistently your strong partners and that we share a common set of values.

And if we have that fundamental, underlying trust, there are going to be times where there are disagreements, and both sides may make mistakes, and there are going to be irritants like there are between friends, but the underlying foundation for the relationship remains sound.

Link (Techdirt)

Magistrate Judge Shoots Down Government’s Attempt To Gag Yahoo Indefinitely Over Grand Jury Subpoenas

California judge Paul Grewal continues to hold up his end of the “Magistrates’ Revolt.” Grewal was the magistrate who shot down the government’s open-ended request to grab every email in a person’s Gmail account and sort through them at its leisure. He was actually the second magistrate to shoot down this request. The government went “judge shopping” after Judge John Facciola told it the scope of the request needed to be narrowed considerably before he would even think about granting it. The government decided it still wanted all the email and traveled across the country to see Judge Grewal… who told them to GTFO without even giving the feds the option to rewrite the request.

Grewal is once again siding with the public and acting as a check against government overreach.

Law enforcement cannot indefinitely forbid Yahoo Inc from revealing a grand jury subpoena that seeks subscriber account information, a U.S. judge ruled, because doing so would violate the company’s free speech rights.

U.S. Magistrate Judge Paul Grewal in San Jose, California on Thursday wrote that the government’s request would prohibit Yahoo from disclosing the subpoena, even years after the grand jury concluded its probe. The court order does not disclose the target of the federal investigation.

“In an era of increasing public demand for transparency about the extent of government demands for data from providers like Yahoo!, this cannot stand,” Grewal wrote.

Link (Techdirt)