Hooking Up The Big Brother Machine... And Fighting It: Via EFF.org Updates.

Here's a movie pitch: One lone telecommunications technician, going about his ordinary daily work in San Francisco, begins to realize things aren't quite what they seem. There's a "secret room" downstairs, and ordinary employees aren't allowed to enter it. Coworkers — almost casually! — remark that a government spy agency is involved, that similar facilities are being built across the country, that some of them are stamped with the government's ominous eye-and-pyramid "Total Information Awareness" logo.

Soon, the plot thickens. Mundane technical procedures produce startling revelations. He stumbles on a document that suggests the room contains a supercomputer designed to data-mine phone calls and Internet traffic. And, indeed, he soon realizes that the room is sucking up copies of electronic communications from millions of random Americans.

All this in the early 2000s, when "the political atmosphere in the country after 9/11 had a witchhunt feel to it, and even modest criticism of the administration was getting painted as disloyalty or worse."

What happens to our hero when he finally decides to go public? [ Read more ... ]

Obama threatens to veto greater intelligence oversight: Via Salon: Glenn Greenwald.

(updated below)

One of the principal weapons used by the Bush administration to engage in illegal surveillance activities -- from torture to warrantless eavesdropping -- was its refusal to brief the full Congressional Intelligence Committees about its activities.  Instead, at best, it would confine its briefings to the so-called "Gang of Eight" -- comprised of 8 top-ranking members of the House and Senate -- who were impeded by law and other constraints from taking any action even if they learned of blatantly criminal acts. 

This was a sham process:  it allowed the administration to claim that it "briefed" select Congressional leaders on illegal conduct, but did so in a way that ensured there could be no meaningful action or oversight, because those individuals were barred from taking notes or even consulting their staff and, worse, because the full Intelligence Committees were kept in the dark and thus could do nothing even in the face of clear abuses.  The process even allowed the members who were briefed to claim they were powerless to stop illegal programs.  That extremely restrictive process also ensures irresolvable disputes over what was actually said during those briefings, as illustrated by recent controversies over what Nancy Pelosi and other leading Democrats were told about Bush's torture and eavesdropping programs.  Here's how Richard Clarke explained it in July, 2009, on The Rachel Maddow Show: [ Read more ... ]

Government No-Fly List Includes the Dead: Via Threat Level.

You may be dying, figuratively, to get off the government’s no-fly list, but death won’t guarantee removal.

The government’s no-fly list includes the names of dead suspects, according to government officials who spoke with the Associated Press, to help catch people who may try to assume the suspect’s identity.

The no-fly list has been shrouded in mystery since it was first developed after the 9/11 attacks. How people get on the list or get off it has been a closely guarded secret, with only bits of information made public during congressional hearings.

The AP has pieced together the broad steps it takes for someone to get on the list, and some of the changes the list has undergone since it was first created nine years ago. [ Read more ... ]

White House Cyber Czar: ‘There Is No Cyberwar’: Via Threat Level.

Howard Schmidt, the new cybersecurity czar for the Obama administration, has a short answer for the drumbeat of rhetoric claiming the United States is caught up in a cyberwar that it is losing.

“There is no cyberwar,” Schmidt told Wired.com in a sit-down interview Wednesday at the RSA Security Conference in San Francisco.

“I think that is a terrible metaphor and I think that is a terrible concept,” Schmidt said. “There are no winners in that environment.”

Instead, Schmidt said the government needs to focus its cybersecurity efforts to fight online crime and espionage.

His stance contradicts Michael McConnell, the former director of national intelligence who made headlines last week when he testified to Congress that the country was already in the midst of a cyberwar — and was losing it. [ Read more ... ]

Comprehensive National Cybersecurity Initiative: Via Schneier on Security.

On Tuesday, the White House published an unclassified summary of its Comprehensive National Cybersecurity Initiative (CNCI). Howard Schmidt made the announcement at the RSA Conference. These are the 12 initiatives in the plan: [ Read more ... ]

U.S. Security Agencies Begging for a Cybersecurity "Cold War": Via Blog of Rights: Official Blog of the American Civil Liberties Union.

(Originally posted on Huffington Post.)

So the U.S. security establishment is salivating at the prospect of a new cybersecurity "Cold War." In an over-the-top op-ed in Tuesday's Washington Post, Mike McConnell issues a declaration that we are "fighting a cyber war today" and compares it to the nuclear showdown with the Soviets. McConnell exemplifies the security establishment as much as anyone — former director of the National Security Agency (NSA), former Director of National Intelligence, and currently executive vice president at Booz Allen Hamilton, a private-sector refuge for former U.S. intelligence officials (and a company that stands to make large sums from consulting on cybersecurity). [ Read more ... ]

U.S. Declassifies Part of Secret Cybersecurity Plan: Via Threat Level.

The Obama administration declassified part of the government’s cybersecurity plan Tuesday, publishing parts of it that discuss intrusion detection systems for federal computer networks and the government’s role in securing critical infrastructure.

The declassification announcement was made by Howard A. Schmidt, a former Microsoft security executive who in December was appointed cybersecurity coordinator by President Barack Obama. Schmidt was speaking at the RSA Security Conference in San Francisco, an annual industry conference for computer security professionals.

The government’s Comprehensive National Cybersecurity Initiative was launched in 2008 by President George W. Bush under a shroud of secrecy. The plan has 12 directives that cover the government’s strategy to protect U.S. networks — including military, civilian,  government networks and critical infrastructure systems — as well as the government’s offensive strategy to combat cyber warfare.

Civil libertarians criticized the Bush administration for failing to disclose the contents of the plan or allowing independent oversight of its implementation. Schmidt said that Obama recognized the need for some transparency. [ Read more ... ]

Cyberwar Hype Intended to Destroy the Open Internet: Via Threat Level.

The biggest threat to the open internet is not Chinese government hackers or greedy anti-net neutrality ISPs, it’s Michael McConnell, the former director of national intelligence.

McConnell’s not dangerous because he knows anything about SQL injection hacks, but because he knows about social engineering:  McConnell is the nice-seeming guy who is willing and able to use fear-mongering to manipulate the federal bureaucracy for his own ends, while coming off like a straight shooter to those not in the know.

When he was head of the country’s national intelligence, he scared President Bush with visions of e-doom, prompting the president to sign a comprehensive secret order that unleashed tens of billions of dollars into the military’s black budget so they can start making firewalls and malware into military equipment. And now McConnell, back safely in civilian life as a vice president at the secretive defense contracting giant Booz Allen Hamilton, is out in front of Congress and the media, peddling the same Cybaremaggedon! gloom.

And now he says we need to re-engineer the internet. [ Read more ... ]

NSA Historical Documents: Via Schneier on Security.

Just declassified: "A Reference Guide to Selected Historical Documents Relating to the National Security Agency/Central Security Service, 1931–1985." Formerly "Top Secret UMBRA." From my quick scan, there are minimal redactions.

Read Original Article:(Via Schneier on Security.)

Cybersecurity is Not Your Gig, NSA!: Via Blog of Rights: Official Blog of the American Civil Liberties Union.

The news that the NSA and Google are working on a deal for the military agency to help protect the information giant's data networks comes at a time when the NSA is angling to get a major piece of cybersecurity action.

The only problem is, despite what the agency would have us believe, the NSA is mainly a spy agency, not a cybersecurity agency. The agency's website says:

The NSA/CSS core missions are to protect U.S. national security systems and to produce foreign signals intelligence information.

The Information Assurance mission confronts the formidable challenge of preventing foreign adversaries from gaining access to sensitive or classified national security information. The Signals Intelligence mission collects, processes, and disseminates intelligence information from foreign signals for intelligence and counterintelligence purposes and to support military operations. [ Read more ... ]

Appeals Court Backs EFF Push for Telecom Lobbying Documents Disclosure: Via EFF.org Updates.

San Francisco - Today a federal appeals court rejected a government claim of "lobbyist privacy" to hide the identities of individuals who pressured Congress to grant immunity to telecommunications companies that participated in the government's warrantless electronic surveillance of millions of ordinary Americans. As the court observed, "There is a clear public interest in public knowledge of the methods through which well-connected corporate lobbyists wield their influence."

The Electronic Frontier Foundation (EFF) has been seeking records detailing the telecoms' campaign for retroactive legal immunity under the Freedom of Information Act (FOIA). Telecom immunity was enacted as part of the FISA Amendments Act of 2008.

"Today's ruling is an important one for government and corporate accountability," said EFF Staff Attorney Marcia Hofmann. "The court recognized that paid lobbyists trying to influence the government to advance their clients' interests can't hide behind privacy claims to keep their efforts secret." [ Read more ... ]

Court Keeps White House Spy Docs Secret: Via Threat Level.

A federal appellate panel on Tuesday blocked a court order requiring disclosure of e-mail between the White House, Justice Department, National Security Agency and Office of the Director of National Intelligence — communications that paved the way for new spy legislation.

The 2008 messages were a precursor to legislation that year to kill litigation against the nation’s carriers for funneling Americans’ communications to the National Security Agency without warrants.

The decision by the 9th U.S. Circuit Court of Appeals reverses a California judge who ordered disclosure of those e-mails and the names of telco company lobbyists who pushed for the legislation. The Electronic Frontier Foundation, a civil rights group in San Francisco, sought the e-mail and lobbyist information under a Freedom of Information Act claim. [ Read more ... ]

More Details on the Chinese Attack Against Google: Via Schneier on Security.

Three weeks ago, Google announced a sophisticated attack against them from China. There have been some interesting technical details since then. And the NSA is helping Google analyze the attack.

The rumor that China used a system Google put in place to enable lawful intercepts, which I used as a news hook for this essay, has not been confirmed. At this point, I doubt that it's true.

Read Original Article:(Via Schneier on Security.)

‘Don’t Be Evil,’ Meet ‘Spy on Everyone’: How the NSA Deal Could Kill Google: Via Danger Room.

The company once known for its “don’t be evil” motto is now in bed with the spy agency known for the mass surveillance of American citizens.

The National Security Agency is widely understood to have the government’s biggest and smartest collection of geeks — the guys that are more skilled at network warfare than just about anyone on the planet. So, in a sense, it’s only natural that Google would turn to the NSA after the company was hit by an ultrasophisticated hack attack. After all, the military has basically done the same thing, putting the NSA in charge of its new “Cyber Command.” The Department of Homeland Security is leaning heavily on the NSA to secure .gov networks.

But there’s a problem. The NSA and its predecessors also have a long history of spying on huge numbers of people, both at home and abroad. During the Cold War, the agency worked with companies like Western Union to intercept and read millions of telegrams. During the war on terror years, the NSA teamed up with the telecommunications companies to eavesdrop on customers’ phone calls and internet traffic right from the telcos’ switching stations. And even after the agency pledged to clean up its act — and was given wide new latitude to spy on whom they liked – the NSA was still caught “overcollecting” on U.S. citizens. According to The New York Times, the agency even “tried to wiretap a member of Congress without a warrant.” [ Read more ... ]

Google to enlist NSA to help it ward off cyberattacks: Via washingtonpost.com .

The world's largest Internet search company and the world's most powerful electronic surveillance organization are teaming up in the name of cybersecurity.

Under an agreement that is still being finalized, the National Security Agency would help Google analyze a major corporate espionage attack that the firm said originated in China and targeted its computer networks, according to cybersecurity experts familiar with the matter. The objective is to better defend Google -- and its users -- from future attack.

Google and the NSA declined to comment on the partnership. But sources with knowledge of the arrangement, speaking on the condition of anonymity, said the alliance is being designed to allow the two organizations to share critical information without violating Google's policies or laws that protect the privacy of Americans' online communications. The sources said the deal does not mean the NSA will be viewing users' searches or e-mail accounts or that Google will be sharing proprietary data. [ Read more ... ]

Courts, Congress Shun Addressing Legality of Warrantless Eavesdropping: Via Threat Level.

Heads spun four years ago this weekend, when AT&T was accused of funneling every one of its customers’ electronic communications to the National Security Agency — without warrants.

A Jan. 31, 2006, lawsuit alleged major violations of the Fourth Amendment right to be free from warrantless searches and seizures. Such a sweeping breach seemed far-fetched.

Yet months after the lawsuit was lodged, the Electronic Frontier Foundation produced internal AT&T documents allegedly outlining secret rooms in AT&T offices connected to the NSA, which was siphoning all internet traffic, from e-mails to Voice Over Internet Protocol phone conversations.

But four years and a mountain of court briefs and rulings later, the legal system has never addressed the merits of the allegations — and likely never will. Even Congress has weighed in and passed legislation to prevent the allegations from being heard.

And many — including the former AT&T technician who produced the documents in the case and the EFF — believe the alleged dragnet surveillance program continues unabated today.

“Nothing has stopped the dragnet,” said Cindy Cohn, the EFF’s legal director, whose case had grown to include all of the nation’s leading internet service providers. [ Read more ... ]

Judge Tosses NSA Spy Cases: Via Threat Level.

A federal judge is dismissing lawsuits accusing the government of teaming with the nation’s telcos to funnel Americans’ electronic communications to the National Security Agency without warrants.

U.S. District Judge Vaughn Walker’s decision was a major blow to the two suits testing warrantless eavesdropping and executive branch powers implemented following the 2001 terror attacks. The San Francisco judge said the courts are not available to the public to mount that challenge.

“A citizen may not gain standing by claiming a right to have the government follow the law,” (.pdf) Walker ruled late Thursday.

He noted that the plaintiffs include most every American connected to the internet or to have used a telephone — meaning the lawsuits boil down to a “general grievance” and are barred. The decision came days after a government audit showed the telecom companies and FBI collaborated for four years, between 2003 and 2007, to violate federal wiretapping laws. [ Read more ... ]

Congress takes a bold stand against surveillance abuses: Via Salon: Glenn Greenwald.

Fixating on and condemning abuses of other countries is one of the greatest weapons the U.S. Government wields for distracting attention away from its own transgressions:  like those gossip-obsessed individuals endlessly mucking around in and passing judgment on the personal lives of others as a means of ignoring their own failings:

The San Francisco Chronicle, yesterday:

Few expect Google Inc.'s stare-down with China to usher in a new era of openness across the Asian nation, but some believe -- or hope -- it could pressure the government to improve relations with foreign technology companies. . . . The Obama administration issued statements of support for Google, and members of Congress are pushing to revive a bill banning U.S. tech companies from working with governments that digitally spy on their citizens.

EFF Plans Appeal of Jewel v. NSA Warrantless Wiretapping Case: Via EFF.org Updates.

San Francisco - A federal judge has dismissed Jewel v. NSA, a case from the Electronic Frontier Foundation (EFF) on behalf of AT&T customers challenging the National Security Agency's mass surveillance of millions of ordinary Americans' phone calls and emails.

"We're deeply disappointed in the judge's ruling," said EFF Legal Director Cindy Cohn. "This ruling robs innocent telecom customers of their privacy rights without due process of law. Setting limits on Executive power is one of the most important elements of America's system of government, and judicial oversight is a critical part of that." [ Read more ... ]

The backfiring of the surveillance state: Via Salon: Glenn Greenwald.

(updated below - Update II)

Every debate over expanded government surveillance power is invariably framed as one of "security v. privacy and civil liberties" -- as though it's a given that increasing the Government's surveillance authorities will "make us safer."  But it has long been clear that the opposite is true.  As numerous experts (such as Rep. Rush Holt) have attempted, with futility, to explain, expanding the scope of raw intelligence data collected by our national security agencies invariably impedes rather than bolsters efforts to detect terrorist plots.  This is true for two reasons:  (1) eliminating strict content limits on what can be surveilled (along with enforcement safeguards, such as judicial warrants) means that government agents spend substantial time scrutinizing and sorting through communications and other information that have nothing to do with terrorism; and (2) increasing the quantity of what is collected makes it more difficult to find information relevant to actual terrorism plots.  As Rep. Holt put it when arguing against the obliteration of FISA safeguards and massive expansion of warrantless eavesdropping power which a bipartisan Congress effectuated last year: [ Read more ... ]

Court: Feds Can Hide Alleged Spying on Gitmo Lawyers: Via Threat Level.

A federal appeals court on Wednesday upheld the government’s refusal to admit or deny it has documents related to warrantless eavesdropping on Guantanamo Bay detainees and their lawyers.

In doing so, the 2nd U.S. Circuit Court of Appeals accepted a little-known defense called the Glomar doctrine. The doctrine, the court ruled, allows the National Security Agency to refuse to acknowledge to the lawyers suing under the Freedom of Information Act that there are any documents responsive to allegations their clients had been or are being targeted under the Terrorist Surveillance Program adopted following the 2001 terror attacks.

“Confirming or denying the mere existence of specific records in a general surveillance program would logically be both confirming or denying that the NSA was targeting a specific individual and confirming or denying that the NSA is conducting a general surveillance program,” (.pdf) the New York-based appellate court wrote Wednesday. [ Read more ... ]

Lawsuit Challenging Unconstitutional Spying Should Be Reinstated, Says ACLU: Via American Civil Liberties Union.

FISA Amendments Act Must Be Subject To Judicial Review

FOR IMMEDIATE RELEASE
CONTACT: (212) 549-2666; media@aclu.org

NEW YORK – The American Civil Liberties Union filed a brief late Wednesday arguing that its lawsuit challenging an unconstitutional government spying law should be reinstated. The ACLU and the New York Civil Liberties Union filed the landmark lawsuit in July 2008 to stop the government from conducting surveillance under the FISA Amendments Act (FAA), which gives the executive branch virtually unchecked power to collect Americans' international e-mails and telephone calls by the millions, without a warrant and without suspicion of any kind.

"Allowing this case to move forward is essential to protecting innocent Americans' e-mail and telephone communications from dragnet, suspicionless government monitoring," said Jameel Jaffer, Director of the ACLU National Security Project. "Without court oversight, individual privacy rights are left to the mercy of the political branches. The courts have not only the authority but also the obligation to ensure that individual rights are not trampled by overbroad surveillance laws." [ Read more ... ]

Intelligence Agencies Release Docs Describing Misconduct in Response to EFF Lawsuit: Via EFF.org Updates.

Today the Department of Homeland Security, the Department of State, the Office of the Director of National Intelligence and the National Security Agency released 162 pages of intelligence oversight reporting in response to a Freedom of Information Act lawsuit filed by EFF in July.

The reports, made to a presidential advisory committee called the Intelligence Oversight Board, detail intelligence activities that the agencies "have reason to believe may be unlawful."

EFF is reviewing the documents now and has posted them on our website. Some of our initial finds include reports that: [ Read more ... ]

Senate Panel: 80 Percent of Cyber Attacks Preventable: Via Threat Level.

If network administrators simply instituted proper configuration policies and conducted good network monitoring, about 80 percent of commonly known cyber attacks could be prevented, a Senate committee heard Tuesday.

The remark was made by Richard Schaeffer, the NSA’s Information Assurance Director, who added that simply adhering to already known best practices would sufficiently raise the security bar so that attackers would have to take more risks to breach a network, “thereby raising [their] risk of detection.”

The Senate Judiciary Subcommittee on Terrorism, Technology and Homeland Security heard from a number of experts offering commentary on how the government should best tackle securing government and private-sector critical infrastructure networks. [ Read more ... ]

Handy Chart Tracks Proposed Amendments to Patriot Act: Via Threat Level.

Confused by all the proposed changes to the Patriot Act ricocheting through the Capitol? The Center for Democracy and Technology (CDT) has put together a handy chart comparing the current law with the various amendments in the House and Senate.

The chart compares proposed amendments (.pdf) to National Security Letters (NSLs) and the so-called “lone wolf” provisions of the Patriot Act. The proposals have only been passed by the judiciary committees, and face further amendments before they hit the full House and Senate for votes.

According to Gregory Nojeim, CDT’s director of project on freedom, security and technology, although neither of the current proposals goes far enough in fixing all of the problems that civil libertarians find in the Patriot Act, they do show improvements. [ Read more ... ]