Posts tagged NSA

In Praise of Sources

Every journalist who is not too stupid or too full of himself to notice what is going on knows what he does is morally indefensible. He is a kind of confidence man, preying on people’s vanity, ignorance, or loneliness, gaining their trust and betraying them without remorse.

Janet Malcom, The Journalist and the Murderer, via Slate. The Storytellers: Walter Kirn gets taken in by a con man.

So begins a review in Slate of Blood Will Out, a new memoir by Walter Kirn about his relationship with Clark Rockefeller, a real life Mr. Ripley who impersonated a famous name, lived the high life and was eventually charged on kidnapping and murder charges. Kirn’s book explores how, as a writer, he was taken in by the faux Rockefeller. Or, more precisely, by the German-born Christian Gerhartsreiter who successfully played a Rockefeller in New York City social circles.

But while Kirn explores why and how he was taken over a decade-long relationship, let’s go back to Malcom’s original quote, to the journalist as con man, to his or her relationship with sources, and why sources should talk with reporters.

In the wake of NSA revelations, national security journalists have spoken about their increased difficulty reporting the news (see here, here and here). And with the Obama administration’s use of the Espionage Act to prosecute whistleblowers you can see why that would be the case.

So why should sources talk to reporters? It’s an important, unasked question, says Edward Wasserman, dean of the Graduate School of Journalism at UC Berkeley:

When you think about it, that question goes to the foundation of the entire edifice of a free press. And that foundation, at the moment, is shaky.

Let’s back up. No honest press, whatever its sense of mission and however firm its legal protections, can outperform its sources. It can’t be any better, stronger, braver, more richly informed, or more dedicated to broad public purpose than the people who swallow their misgivings, return the phone call, step forward, and risk embarrassment and reprisal to talk to the reporter.

The mythology of journalism enshrines the sleuths, sometimes the editors, even the publishers, but sources are really the whole ball game. Press freedom is nothing more than source freedom, one step removed. The right of a news organization to tell what it learns is an empty abstraction without the willingness of news sources to tell what they know.

Considering how important sources are, it’s stunning how little affection they get and how flimsy the protections are that anybody claims for them.

Give Wasserman’s article a good read.

It moves well beyond national security issues as it explores, again, why when a source’s quote can be nitpicked a thousand different ways — in “the online multiverse, and his or her words, motives and integrity will be denounced or impugned, often by pseudonymous dingbats, some of them undisclosed hirelings” — he or she should ever want to talk to the news media.

How to spot the difference between a terrorist and a journalist

A note to governments from Index on Censorship:

Index on Censorship here. We’ve noticed some you have had trouble telling the difference between terrorists and journalist lately (yes, you too Barack: put the BlackBerry down). So we thought as people with some experience of the journalism thing, we could offer you a few handy tips to refer to the next time you find yourself asking: journalist or terrorist?

Have a look at your suspect. Is he carrying a) a notebook with weird squiggly lines on it, or b) an RPG-7. If the latter, odds on he’s a terrorist. The former? Most likely a journalist. Those squiggly lines are called “shorthand” – it’s what reporters do when they’re writing things down for, er, reporting. It might look a bit like Arabic, but it’s not, and even if it was, that wouldn’t be a good enough reason to lock the guy up.

Still not clear? Let’s move on to the questioning part.

Background: In Egypt, Al Jazeera journalists are on trial for having links to a “terrorist organization”; in England, a court ruled that the detention of Glenn Greenwald’s partner at Heathrow Airport was legal because carrying the Edward Snowden NSA documents is, um, terroristy; in Morocco, a journalist was charged last fall with “inciting terrorism” because he linked to an Al Qaeda video; and in the United States the government admits that journalists could be targeted with counter-terrorism laws as they do their jobs (see here, here, and here for all things depressing). 

We could go on.

How Covert Agents Infiltrate the Internet to Manipulate, Deceive, and Destroy Reputations

Via Glenn Greenwald / The Intercept:

One of the many pressing stories that remains to be told from the Snowden archive is how western intelligence agencies are attempting to manipulate and control online discourse with extreme tactics of deception and reputation-destruction. It’s time to tell a chunk of that story, complete with the relevant documents…

…Among the core self-identified purposes of [the Joint Threat Research Intelligence Group] are two tactics: (1) to inject all sorts of false material onto the internet in order to destroy the reputation of its targets; and (2) to use social sciences and other techniques to manipulate online discourse and activism to generate outcomes it considers desirable. To see how extremist these programs are, just consider the tactics they boast of using to achieve those ends: “false flag operations” (posting material to the internet and falsely attributing it to someone else), fake victim blog posts (pretending to be a victim of the individual whose reputation they want to destroy), and posting “negative information” on various forums…

The broader point is that, far beyond hacktivists, these surveillance agencies have vested themselves with the power to deliberately ruin people’s reputations and disrupt their online political activity even though they’ve been charged with no crimes, and even though their actions have no conceivable connection to terrorism or even national security threats. As Anonymous expert Gabriella Coleman of McGill University told me, “targeting Anonymous and hacktivists amounts to targeting citizens for expressing their political beliefs, resulting in the stifling of legitimate dissent.” Pointing to this study she published, Professor Coleman vehemently contested the assertion that “there is anything terrorist/violent in their actions.”

Read through for source documents demonstrating how this done.

War on Anonymous: British Spies Attacked Hackers

NBC News reports that British intelligence engaged in a distributed denial of service (DDoS) attack on Anonymous:

A secret British spy unit created to mount cyber attacks on Britain’s enemies has waged war on the hacktivists of Anonymous and LulzSec, according to documents taken from the National Security Agency by Edward Snowden and obtained by NBC News.

The blunt instrument the spy unit used to target hackers, however, also interrupted the web communications of political dissidents who did not engage in any illegal hacking. It may also have shut down websites with no connection to Anonymous.

According to the documents, a division of Government Communications Headquarters (GCHQ), the British counterpart of the NSA, shut down communications among Anonymous hacktivists by launching a “denial of service” (DDOS) attack – the same technique hackers use to take down bank, retail and government websites – making the British government the first Western government known to have conducted such an attack.

Writing in Wired, McGill University’s Gabriella Coleman says the British government tactics are an extrajudicial danger that affects us all:

Whether you agree with the activities of Anonymous or not — which have included everything from supporting the Arab Spring protests to DDoSing copyright organizations to doxing child pornography site users — the salient point is that democratic governments now seem to be using their very tactics against them.

The key difference, however, is that while those involved in Anonymous can and have faced their day in court for those tactics, the British government has not. When Anonymous engages in lawbreaking, they are always taking a huge risk in doing so. But with unlimited resources and no oversight, organizations like the GCHQ (and theoretically the NSA) can do as they please. And it’s this power differential that makes all the difference

…But here’s the thing: You don’t even need to believe in or support DDoS as a protest tactic to find the latest Snowden revelations troubling. There are clearly defined laws and processes that a democratic government is supposed to follow. Yet here, the British government is apparently throwing out due process and essentially proceeding straight to the punishment — using a method that is considered illegal and punishable by years in prison.

FJP: Read that last line again. So, for example, a hacker fined $183,000 and put on probation for participating in 1 minute of a DDoS attack. And here’s a search across the FBI’s Web site for its prosecutions for DDoS attacks.

NSA, British Intelligence is Tracking You on Angry Birds
Via ProPublica:

When a smartphone user opens Angry Birds, the popular game application, and starts slinging birds at chortling green pigs, spy agencies have plotted how to lurk in the background to snatch data revealing the player’s location, age, sex and other personal information, according to secret British intelligence documents.
In their globe-spanning surveillance for terrorism suspects and other targets, the National Security Agency and its British counterpart have been trying to exploit a basic byproduct of modern telecommunications: With each new generation of mobile phone technology, ever greater amounts of personal data pour onto networks where spies can pick it up.
According to dozens of previously undisclosed classified documents, among the most valuable of those unintended intelligence tools are so-called leaky apps that spew everything from users’ smartphone identification codes to where they have been that day.

Read through for the details.

NSA, British Intelligence is Tracking You on Angry Birds

Via ProPublica:

When a smartphone user opens Angry Birds, the popular game application, and starts slinging birds at chortling green pigs, spy agencies have plotted how to lurk in the background to snatch data revealing the player’s location, age, sex and other personal information, according to secret British intelligence documents.

In their globe-spanning surveillance for terrorism suspects and other targets, the National Security Agency and its British counterpart have been trying to exploit a basic byproduct of modern telecommunications: With each new generation of mobile phone technology, ever greater amounts of personal data pour onto networks where spies can pick it up.

According to dozens of previously undisclosed classified documents, among the most valuable of those unintended intelligence tools are so-called leaky apps that spew everything from users’ smartphone identification codes to where they have been that day.

Read through for the details.

Internet governance is too important to be left just to governments.
Patricia Lewis, Research Director, International Security at Chatham House to The Guardian. Independent commission to investigate future of internet after NSA revelations.

Guardian journalists could face criminal charges over Edward Snowden leaks

Via The Telegraph:

Employees of The Guardian newspaper could face criminal charges over their role in publishing secrets leaked by Edward Snowden, Britain’s most senior counter-terrorism officer has signalled.

Cressida Dick, an assistant commissioner at Scotland Yard, confirmed for the first time that detectives were examining whether staff at the newspaper had committed an offence.

She also told MPs that her officers are looking at potential breaches of a specific anti-terrorism law which makes it unlawful to communicate information about British intelligence agents. The offence carries up to 10 years’ imprisonment.

Rationale? Exactly what you’d think: “[L]ast month Sir John Sawers, the MI6 chief, said terrorists were ‘rubbing their hands with glee’ at the Snowden disclosures.”

Seven months ago, the world began to learn the vast scope of the National Security Agency’s reach into the lives of hundreds of millions of people in the United States and around the globe, as it collects information about their phone calls, their email messages, their friends and contacts, how they spend their days and where they spend their nights. The public learned in great detail how the agency has exceeded its mandate and abused its authority, prompting outrage at kitchen tables and at the desks of Congress, which may finally begin to limit these practices…

…All of this is entirely because of information provided to journalists by Edward Snowden, the former N.S.A. contractor who stole a trove of highly classified documents after he became disillusioned with the agency’s voraciousness. Mr. Snowden is now living in Russia, on the run from American charges of espionage and theft, and he faces the prospect of spending the rest of his life looking over his shoulder.

Considering the enormous value of the information he has revealed, and the abuses he has exposed, Mr. Snowden deserves better than a life of permanent exile, fear and flight. He may have committed a crime to do so, but he has done his country a great service. It is time for the United States to offer Mr. Snowden a plea bargain or some form of clemency that would allow him to return home, face at least substantially reduced punishment in light of his role as a whistle-blower, and have the hope of a life advocating for greater privacy and far stronger oversight of the runaway intelligence community…

When someone reveals that government officials have routinely and deliberately broken the law, that person should not face life in prison at the hands of the same government.

New York Times Editorial. Edward Snowden, Whistle-Blower.

FJP: First, good on The New York Times.

Second, as the Times points out, Snowden’s been charged with two violations of the Espionage Act “involving unauthorized communication of classified information, and a charge of theft of government property.”

While the editorial suggests Snowden should receive clemency or, at the very least, a reduced sentence compared to the decades he faces under the current charges, take a look at the Freedom of the Press Foundation’s analysis of what Snowden would be able to present in his defense should he wind up in court. Basically, nothing:

If Edward Snowden comes back to the US to face trial, he likely will not be able to tell a jury why he did what he did, and what happened because of his actions. Contrary to common sense, there is no public interest exception to the Espionage Act. Prosecutors in recent cases have convinced courts that the intent of the leaker, the value of leaks to the public, and the lack of harm caused by the leaks are irrelevant—and are therefore inadmissible in court…

…[I]n Snowden’s case, the administration will be able to exclude almost all knowledge beneficial to his case from a jury until he’s already been found guilty of felonies that will have him facing decades, if not life, in jail.

This would mean Snowden could not be able to tell the jury that his intent was to inform the American public about the government’s secret interpretations of laws used to justify spying on millions of citizens without their knowledge, as opposed to selling secrets to hostile countries for their advantage.

If the prosecution had their way, Snowden would also not be able to explain to a jury that his leaks sparked more than two dozen bills in Congress, and half a dozen lawsuits, all designed to rein in unconstitutional surveillance. He wouldn’t be allowed to explain how his leaks caught an official lying to Congress, that they’ve led to a White House review panel recommending forty-six reforms for US intelligence agencies, or that they’ve led to an unprecedented review of government secrecy.

Chilling, and worthwhile to keep in mind when people say he should return from Russia and make his case to court.

Show Off

Show Off

The NSA didn’t wake up and say, ‘Let’s just spy on everybody.’ They looked up and said, ‘Wow, corporations are spying on everybody. Let’s get ourselves a copy.
Bruce Schneier, Cryptographer and security specialist, via Reform Corporate Surveillance, a parody site of Reform Government Surveillance, created by Aral Balkan, Founder of Indie Phone

Privacy as a Human Right?

Point, via The Guardian: The United Nations moved a step closer to calling for an end to excessive surveillance on Tuesday in a resolution that reaffirms the “human right to privacy” and calls for the UN’s human rights commissioner to conduct an inquiry into the impact of mass digital snooping.

Counterpoint, via Foreign Policy: The United States and its key intelligence allies are quietly working behind the scenes to kneecap a mounting movement in the United Nations to promote a universal human right to online privacy, according to diplomatic sources and an internal American government document obtained by The Cable.

Meantime, via Techrunch: Sir Tim Berners-Lee Blasts “Insidious, Chilling Effects” Of Online Surveillance, Says We Should Be Protecting Whistleblowers Like Snowden.

Tor, Privacy and Security

TOR was compromised and some other items on that list are just plain and simple idiotic and impossible to the common user - information like this to people on a site where they take it to heart really quickly isn’t the best idea… — Anonymous

Yesterday we highlighted steps you can take against Internet surveillance. One suggestion was to use Tor to anonymize your online activity.

As this message from our inbox notes, earlier this year a compromise was discovered in the Tor browser.

This is true. But once the vulnerability was discovered an update came out that resolved it.

Also true are revelations that the NSA went after the Tor network itself. Here’s what leaked documents say about the agency’s attempts to hack Tor:

"We will never be able to de-anonymize all Tor users all the time” but “with manual analysis we can de-anonymize a very small fraction of Tor users.”

Of course, no system or defense mechanism is foolproof and that should always be remembered. If you really need absolute privacy, leave your tracking device (read: phone) at home and go for a walk in a very loud place with whoever you need to communicate with.

But don’t succumb to privacy nihilism. As Bruce Schneier writes in The Guardian, “The NSA has turned the fabric of the internet into a vast surveillance platform, but they are not magical. They’re limited by the same economic realities as the rest of us, and our best defense is to make surveillance of us as expensive as possible.”

One way to do that is to encrypt and anonymize, and help your friends and networks do the same.

For more information about defensive technology and steps you can take to secure your communications, visit this primer from the EFF. It covers browser, email, chat, phones and secure deletion of your files.

Ten Steps You Can Take Against Internet Surveillance
While no solution’s foolproof, the Electronic Frontier Foundation puts together the following list to improve your online security.
As EFF’s Danny O’Brien notes:

[I]f you’re being personally targeted by a powerful intelligence agency like the NSA, it’s very, very difficult to defend yourself. The good news, if you can call it that, is that much of what the NSA is doing is mass surveillance on everybody. With a few small steps, you can make that kind of surveillance a lot more difficult and expensive, both against you individually, and more generally against everyone.

Read through for details and links to how each is done.
01: Use end-to-end encryption. 02: Encrypt as much communications as you can. 03: Encrypt your hard drive.  04: Strong passwords, kept safe. 05: Use Tor. 06: Turn on two-factor (or two-step) authentication.  07: Don’t click on attachments. 08: Keep software updated, and use anti-virus software. 09: Keep extra secret information extra secure. 10. Be an ally

To really challenge the surveillance state, you need to teach others what you’ve learned, and explain to them why it’s important. Install OTR, Tor and other software for worried colleagues, and teach your friends how to use them. Explain to them the impact of the NSA revelations. Ask them to sign up to Stop Watching Us and other campaigns against bulk spying. Run a Tor node, or hold a cryptoparty. They need to stop watching us; and we need to start making it much harder for them to get away with it.

Image: Sign from September’s “Freedom not Fear” protest march against global internet surveillance in Berlin,Germany. Via Frek Meyer.

Ten Steps You Can Take Against Internet Surveillance

While no solution’s foolproof, the Electronic Frontier Foundation puts together the following list to improve your online security.

As EFF’s Danny O’Brien notes:

[I]f you’re being personally targeted by a powerful intelligence agency like the NSA, it’s very, very difficult to defend yourself. The good news, if you can call it that, is that much of what the NSA is doing is mass surveillance on everybody. With a few small steps, you can make that kind of surveillance a lot more difficult and expensive, both against you individually, and more generally against everyone.

Read through for details and links to how each is done.

01: Use end-to-end encryption.
02: Encrypt as much communications as you can.
03: Encrypt your hard drive.
04: Strong passwords, kept safe.
05: Use Tor.
06: Turn on two-factor (or two-step) authentication.
07: Don’t click on attachments.
08: Keep software updated, and use anti-virus software.
09: Keep extra secret information extra secure.
10. Be an ally

To really challenge the surveillance state, you need to teach others what you’ve learned, and explain to them why it’s important. Install OTR, Tor and other software for worried colleagues, and teach your friends how to use them. Explain to them the impact of the NSA revelations. Ask them to sign up to Stop Watching Us and other campaigns against bulk spying. Run a Tor node, or hold a cryptoparty. They need to stop watching us; and we need to start making it much harder for them to get away with it.

Image: Sign from September’s “Freedom not Fear” protest march against global internet surveillance in Berlin,Germany. Via Frek Meyer.