Reports today in the New York Times and ProPublica confirm what EFF’s Jewel v. NSA lawsuit has claimed since 2008—that the NSA and AT&T have collaborated to build a domestic surveillance infrastructure, resulting in unconstitutional seizure and search of of millions, if not hundreds of millions, of Americans’ Internet communications.
Tag: Spying
Apple, Google should give FBI every last drop of user information, says ex-HP CEO and wannabe US prez Carly Fiorina • The Register
Come back, Trump, all is forgiven
Another Journalist Claims UK Law Enforcement Violated Anti-Terrorism Laws By Putting Him Under Surveillance | Techdirt
A BBC journalist suspects that Police Scotland snooped on him without judicial approval to try and find his sources while he was investigating the force.
Eamon O’Connor has claimed that a “very dependable source” believes he was targeted by the force’s Counter Corruption Unit.
The revelation comes after the Sunday Herald quoted an inside source as saying that Police Scotland was one of two forces to have accessed phone records, under the Regulation of Investigatory Powers Act (RIPA), to find journalistic sources without judicial approval since the law was changed in March to prevent this.
Global spy system ECHELON confirmed at last – by leaked Snowden files • The Register
Origins of automated surveillance
Source: Global spy system ECHELON confirmed at last – by leaked Snowden files • The Register
US spied on Japanese PM Abe, Mitsubishi, and so much more • The Register
WikiLeaks exposes blanket snooping on Asian powerhouse
Source: US spied on Japanese PM Abe, Mitsubishi, and so much more • The Register
Use snooped data in court? Nah, says UK.gov – folk might be cleared
British government snoops claimed it was too much hassle for them to use intercepted communications data in court proceedings because the accused could use the info to prove their innocence, it has emerged.
Police officers, spies and local council bin inspectors were all asked for their views of Blighty’s surveillance laws as part of the Independent Terrorism Legislation Reviewer’s, er, review of Blighty’s snooping laws, which was published on Thursday.
One of the questions asked was why, uniquely in the West, Britain’s state-sponsored snoopers do not use the evidence they gather against alleged criminals in legal proceedings. The response, at paragraph 9.16 was revealing:Part of the reason for this is the extensive disclosure requirement in criminal proceedings: were it sought to rely on the product of intercept conducted over a period of several months, the defence could legitimately request a transcript of the entire intercept product with a view to searching it for exculpatory material.
In plain English, this meant the authorities were worried that using communications data hoovered up under the Regulation of Investigatory Powers Act would mean alleged crims could demand access to the same data – and use it to show they were innocent of the crimes they were charged with.
NSA Planned to Hijack Google App Store to Hack Smartphones
The National Security Agency and its closest allies planned to hijack data links to Google and Samsung app stores to infect smartphones with spyware, a top-secret document reveals.
The surveillance project was launched by a joint electronic eavesdropping unit called the Network Tradecraft Advancement Team, which includes spies from each of the countries in the “Five Eyes” alliance — the United States, Canada, the United Kingdom, New Zealand and Australia.
The top-secret document, obtained from NSA whistleblower Edward Snowden, was published Wednesday by CBC News in collaboration with The Intercept. The document outlines a series of tactics that the NSA and its counterparts in the Five Eyes were working on during workshops held in Australia and Canada between November 2011 and February 2012.
The main purpose of the workshops was to find new ways to exploit smartphone technology for surveillance. The agencies used the Internet spying system XKEYSCORE to identify smartphone traffic flowing across Internet cables and then to track down smartphone connections to app marketplace servers operated by Samsung and Google. (Google declined to comment for this story. Samsung said it would not be commenting “at this time.”)
As part of a pilot project codenamed IRRITANT HORN, the agencies were developing a method to hack and hijack phone users’ connections to app stores so that they would be able to send malicious “implants” to targeted devices. The implants could then be used to collect data from the phones without their users noticing.
Previous disclosures from the Snowden files have shown agencies in the Five Eyes alliance designed spyware for iPhones and Android smartphones, enabling them to infect targeted phones and grab emails, texts, web history, call records, videos, photos and other files stored on them. But methods used by the agencies to get the spyware onto phones in the first place have remained unclear.
The newly published document shows how the agencies wanted to “exploit” app store servers — using them to launch so-called “man-in-the-middle” attacks to infect phones with the implants. A man-in-the-middle attack is a technique in which hackers place themselves between computers as they are communicating with each other; it is a tactic sometimes used by criminal hackers to defraud people. In this instance, the method would have allowed the surveillance agencies to modify the content of data packets passing between targeted smartphones and the app servers while an app was being downloaded or updated, inserting spyware that would be covertly sent to the phones.
Border Force bureaucrats become super-spooks
Australia’s long sleepwalk into a surveillance state continued last week, with the largely-uncontested passage of the suite of bills creating the Australian Border Force (ABF).
As well as telecommunications metadata access, the legislation wrapped the Australian Border Force (ABF) in a protective coating of spook-power.
Last week, Senator Scott Ludlam warned that the ABF – a mash-up of the “border control functions” of the Departments of Immigration and Customs – was being designated a law enforcement agency under the Telecommunications Interception Act.
That means that Australian citizens who haven’t committed a crime, or even travelled overseas, might still be swept up in a metadata request.
However, as an anonymous reader pointed out to Vulture South, the law goes even further than that.
In the digest of legislation needed to create the ABF, it’s also noted that “the Bill gives significant law enforcement powers to all officers of Department of Immigration and Border Protection (DIBP).”
What that means is that the ABF will be able to conduct controlled operations which, under the government’s new national security regime, means the agency now has the power to block reporting of its activities and pursue whistleblowers.
That’s more than a trivial change, since it’s already known that the Australian Federal Police (AFP) has been investigating journalists reporting on asylum-seeker issues to try and uncover their sources.
UK government quietly rewrites hacking laws to give GCHQ immunity
The UK government has quietly passed new legislation that exempts GCHQ, police, and other intelligence officers from prosecution for hacking into computers and mobile phones.
While major or controversial legislative changes usually go through normal parliamentary process (i.e. democratic debate) before being passed into law, in this case an amendment to the Computer Misuse Act was snuck in under the radar as secondary legislation. According to Privacy International, “It appears no regulators, commissioners responsible for overseeing the intelligence agencies, the Information Commissioner’s Office, industry, NGOs or the public were notified or consulted about the proposed legislative changes… There was no public debate.”
Privacy International also suggests that the change to the law was in direct response to a complaint that it filed last year. In May 2014, Privacy International and seven communications providers filed a complaint with the UK Investigatory Powers Tribunal (IPT), asserting that GCHQ’s hacking activities were unlawful under the Computer Misuse Act.
On June 6, just a few weeks after the complaint was filed, the UK government introduced the new legislation via the Serious Crime Bill that would allow GCHQ, intelligence officers, and the police to hack without criminal liability. The bill passed into law on March 3 this year, and it went into effect on May 3. Privacy International says there was no public debate before the law was enacted, with only a rather one-sided set of stakeholders being consulted (Ministry of Justice, Crown Prosecution Service, Scotland Office, Northern Ireland Office, GCHQ, police, and National Crime Agency).
Despite filing its complaint back way back in 2014, Privacy International wasn’t told about the changes to the Computer Misuse Act until last week—after the new legislation became effective. The UK government is allowed to do this, of course, but it’s a little more underhanded and undemocratic than usual.
FBI Spied On Activists Because Protecting Corporate Interests Is Roughly Equivalent To Ensuring National Security
That whole thing about the FBI not surveilling people based solely on First Amendment activity? The thing that’s been in all the (FISA) papers (and agency policies)? Yeah, the FBI hasn’t heard of it either.
The FBI breached its own internal rules when it spied on campaigners against the Keystone XL pipeline, failing to get approval before it cultivated informants and opened files on individuals protesting against the construction of the pipeline in Texas, documents reveal.
Internal agency documents show for the first time how FBI agents have been closely monitoring anti-Keystone activists, in violation of guidelines designed to prevent the agency from becoming unduly involved in sensitive political issues.
“Unduly involved” is right. First of all, a majority of what was monitored was First Amendment activity, something no federal intelligence or investigative agency is supposed to be doing. Certainly, there can be law enforcement monitoring of protests as they occur, but there’s no provision in the law that allows the FBI to monitor people solely because of their activism.
Unless, of course, these activists are declared “extremists.” Then all bets (and Constitutional protections) are off.
“Many of these extremists believe the debates over pollution, protection of wildlife, safety, and property rights have been overshadowed by the promise of jobs and cheaper oil prices,” the FBI document states.
“Extremists” are often mentioned in the same breath as “domestic terrorists,” so with a little bit of rebranding, the FBI is now able to surveill people solely for their First Amendment-protected activities. That’s handy and not totally unexpected, given the agency’s long history of eyeballing activists who run contrary to its view on How Things Should Be. At one point, it was uppity blacks and encroaching homosexuals. Now, it’s people who don’t want an oil pipeline running through their neighborhoods.