Home » Posts tagged 'digital surveillance' (Page 2)
Tag Archives: digital surveillance
Leaked Documents Show FBI, DEA and U.S. Army Buying Italian Spyware
The FBI, Drug Enforcement Administration and U.S. Army have all bought controversial software that allows users to take remote control of suspects’ computers, recording their calls, emails, keystrokes and even activating their cameras, according to internal documents hacked from the software’s Italian manufacturer.
The company, Hacking Team, has also been aggressively marketing the software to other U.S. law enforcement and intelligence agencies, demonstrating their products to district attorneys in New York, San Bernardino, California, and Maricopa, Arizona; and multi-agency task forces like the Metropolitan Bureau of Investigation in Florida and California’s Regional Enforcement Allied Computer Team. (We do not use this product nor are we currently considering a proposal from the vendor/manufacturer to purchase it,” Jerry Cobb, a spokesperson for the Maricopa County Attorney’s Office said.)
The company was also in conversation with various other agencies, including the CIA, the Pentagon’s Criminal Investigative Service, the New York Police Department, and Immigrations and Customs Enforcement.
The revelations come from hundreds of gigabytes of company information, including emails and financial records, which were released online Sunday night and analyzed by The Intercept. Milan-based Hacking Team is one of a handful of companies that sell off-the-shelf spyware for hundreds of thousands of euros — a price point accessible to smaller countries and large police forces. Hacking Team has drawn fire from human rights and privacy activists who contend that the company’s aggressive malware, known as Remote Control System, or RCS, is being sold to countries that deploy it against activists, political opponents and journalists.
Even in the U.S., where the software would presumably be used only with a judge’s approval, the tactic is still controversial. Just last month, Sen. Chuck Grassley, R-Iowa, wrote to the director of the FBI asking for “more specific information about the FBI’s current use of spyware,” in order for the Senate Judiciary Committee to evaluate “serious privacy concerns.”
…click on the above link to read the rest of the article…
XKeyscore: NSA’s Google For the World’s Private Communications
XKeyscore: NSA’s Google For the World’s Private Communications
One of the National Security Agency’s most powerful tools of mass surveillance makes tracking someone’s Internet usage as easy as entering an email address, and provides no built-in technology to prevent abuse. Today, The Intercept is publishing 48 top-secret and other classified documents about XKEYSCORE dated up to 2013, which shed new light on the breadth, depth and functionality of this critical spy system — one of the largest releases yet of documents provided by NSA whistleblower Edward Snowden.
The NSA’s XKEYSCORE program, first revealed by The Guardian, sweeps up countless people’s Internet searches, emails, documents, usernames and passwords, and other private communications. XKEYSCORE is fed a constant flow of Internet traffic from fiber optic cables that make up the backbone of the world’s communication network, among other sources, for processing. As of 2008, the surveillance system boasted approximately 150 field sites in the United States, Mexico, Brazil, United Kingdom, Spain, Russia, Nigeria, Somalia, Pakistan, Japan, Australia, as well as many other countries, consisting of over 700 servers.
These servers store “full-take data” at the collection sites — meaning that they captured all of the traffic collected — and, as of 2009, stored content for 3 to 5 days and metadata for 30 to 45 days. NSA documents indicate that tens of billions of records are stored in its database. “It is a fully distributed processing and query system that runs on machines around the world,” an NSA briefing on XKEYSCORE says. “At field sites, XKEYSCORE can run on multiple computers that gives it the ability to scale in both processing power and storage.”
XKEYSCORE also collects and processes Internet traffic from Americans, though NSA analysts are taught to avoid querying the system in ways that might result in spying on U.S. data. Experts and privacy activists, however, have long doubted that such exclusions are effective in preventing large amounts of American data from being swept up.
…click on the above link to read the rest of the article…
Bulk Phone Surveillance Lives Again, To Die in a More Orderly Fashion in Five Months
A federal judge with the top-secret surveillance court on Monday breezily reinstated the NSA bulk domestic surveillance program that was temporarily halted a month ago, allowing the agency to go back to hoovering up telephone metadata for five months while it unwinds the program for good.
“Plus ça change, plus c’est la même chose,” Foreign Intelligence Surveillance Court Judge Michael W. Mosman wrote in his ruling, using the French phrase that means “the more things change, the more they stay the same” to summarize the legislative and judicial back-and-forth that led to the temporary reinstatement.
By failing to agree on how to reauthorize certain sections of the Patriot Act, the Senate on May 31 engaged in a rare act of rebellion against the surveillance state, forcing the National Security Agency to shutter the program that had collected telephone metadata — information about who called who, and for how long — for more than a decade, until NSA whistleblower Edward Snowden disclosed its existence in 2013.
Two days later, however, the Senate passed a milquetoast surveillance reform bill that ordered the bulk collection program phased out by November 29, to be replaced by one in which the NSA has to request specific records, and explain why.
That led to Monday’s paradoxical decision to revive bulk collection so it can die again, theoretically in a more orderly fashion.
In his decision, Mosman also flippantly dismissed a major appellate court ruling in May that the program was illegal. The Second Circuit Court of Appeals ruled that Section 215 of the Patriot Act, which was the government’s legal cover for bulk collection, didn’t authorize any such thing. The decision hinged on the common-sense conclusion that when the Patriot Act gave the government power to obtain phone records “relevant to an authorized investigation,” that wasn’t power to collect all phone records everywhere.
…click on the above link to read the rest of the article…
Senators Walloped with ‘Intense’ Amount of Anti-C-51 Email
Senators Walloped with ‘Intense’ Amount of Anti-C-51 Email
Words like ‘horrified’ and ‘terrified’ came up frequently, they report.
Many senators say they’ve been stunned by the overwhelming flood of email they’ve received over C-51, the highly controversial Harper government security bill that passed a Senate vote earlier in the month.
The vast majority of the messages expressed firm opposition to the legislation; words like “horrified” and “terrified” came up frequently.
Senator Percy Downe of P.E.I. reports having received 6,000 email messages on the bill, 150 from his home province.
“Normally on an issue of importance I might get 20 or 30 at the most from PEI, so this was a lot more,” he said.
Senator Joan Fraser received approximately 3,100 messages about C-51, while former RCMP officer Senator Larry Campbell only reported receiving a few hundred.
Senator Mobina Jaffer, an international activist for human and women’s rights, has received a whopping 10,000 email messages since May and they continue to trickle in, even though the bill is out of the Senate now.
“But not one letter I got was in favour of C-51 though, and that’s not normal,” she said.
Senator Grant Mitchell, deputy chair of the Senate committee on National Defence and Security, was the lead critic for the Liberal Senate caucus. He also was involved in the Senate’s pre-study of the bill at committee.
He compares his C-51 feedback to the response he got to the Kyoto bill and C-279, NDP MP Randall Garrison’s transgender bill of rights, which Mitchell is co-sponsoring through the Senate.
…click on the above link to read the rest of the article…
Crazyland
Crazyland
A long time ago—almost a quarter of a century—I worked in a research lab, designing measurement and data acquisition electronics for high energy physics experiments. In the interest of providing motivation for what follows, I will say a few words about the job. It was interesting work, and it gave me a chance to rub shoulders (and drink beer) with some of the most intelligent people on the planet (though far too fixated on subatomic particles).
The work itself was interesting too: it required a great deal of creativity because the cutting edge in electronics was nowhere near sharp enough for our purposes, and we spent our time coming up with strange new ways of combining commercially available components that made them perform better than one had the right to expect. But most of my time went into the care and feeding of an arcane and temperamental Computer Aided Design system that had been donated to the university, and, for all I know, is probably still there, bedeviling generations of graduate students. With grad students just about our only visitors, the atmosphere of the lab was rather monastic, with the days spent twiddling knobs, pushing buttons and scribbling in lab notebooks.
And so I was quite pleased when one day an unexpected visitor showed up. I was busy doing something quite tedious: looking up integrated circuit pin-outs in semiconductor manufacturer’s databooks and manually keying them into the CAD system—a task that no longer exists, thanks to the internet. The visitor was a young man, earnest, well-spoken and nervous. He was carrying something wrapped in a black trash bag, which turned out to be a boombox.
…click on the above link to read the rest of the article…
How Canada Can End Mass Surveillance
How Canada Can End Mass Surveillance
Third chapter in OpenMedia’s crowd-sourced privacy plan.
Some may remember East Germany’s Stasi spy agency, or reference China’s extensive Internet censorship. But few would express fear that western democratic governments like the U.S., Britain, and Canada were engaged in the mass surveillance of law-abiding citizens.
That all changed in June 2013 when Edward Snowden, a contractor at the U.S. National Security Agency (NSA), blew the whistle on the spying activities of the NSA and its Five Eyes partners in Canada, Australia, New Zealand, and the U.K. Since then, we’ve seen a long stream of revelations about how Canada’s Communications Security Establishment (CSE) is engaged in extensive spying on private online activities.
To give just a few examples, we learned that CSE spied on law-abiding Canadians using the free Wi-Fi at Pearson airport, and monitored their movements for weeks afterward. We learned that CSE is monitoring an astonishing 15 million file downloads a day, with Canadian Internet addresses among the targets.
Even emails Canadians send to the government or their local MP are monitored — up to 400,000 a day according to CBC News. Just last week we discovered CSE targets widely-used mobile web browsers and app stores. Many of these activities are not authorized by a judge, but by secret ministerial directives like the ones MP Peter MacKay signed in 2011.
CSE is not the only part of the government engaged in mass surveillance. Late last year, the feds sought contractors to build a new monitoring system that will collect and analyze what Canadians say on Facebook and other social media sites. As a result, the fear of getting caught in the government’s dragnet surveillance is one more and more Canadians may soon face.
…click on the above link to read the rest of the article…
Canadians to Spy Agencies: Get a Warrant!
Canadians to Spy Agencies: Get a Warrant!
Ranked first among privacy priorities, the people of Canada have spoken. Second in a series.
Do our digital homes deserve the same right to privacy as our brick-and-mortar homes?
This is one of the questions Canadians are asking after CBC News revealed that a government spy agency — the Communications Security Establishment (CSE) — targeted popular mobile browsers and apps, leaving millions at risk of having their private data hacked.
This is the latest in a long series of revelations about how the government has been spying on our private online activities on a massive scale — without ever going to a judge to ask for a warrant.
Earlier this week, we launched a crowdsourced pro-privacy action plan, to tackle these and other concerns. The early reception has been positive, with the federal privacy commissioner stating that he “shared many of the views expressed by participants in this project.”
As part of our crowdsourcing process, we presented participants with a range of privacy priorities, which we asked them to rank in order of preference. Top of Canadians’ list was “require a warrant for government to spy on personal information,” which barely edged out “end blanket surveillance” for the number one spot.
Tackling Canada’s privacy deficit starts with getting a warrant, finds new OpenMedia report.
We drilled down further by asking in what circumstances should the government be allowed to access Canadians’ personal information. Again we presented a range of options, and this time the result was overwhelming:
Over 93 per cent of participants said a warrant granted by a judge is a must when it comes to accessing your personal information. Independent studies, such as this one by the privacy commissioner and this one by Forum Research, reinforce these findings.
…click on the above link to read the rest of the article…
ENCRYPTING YOUR LAPTOP LIKE YOU MEAN IT
ENCRYPTING YOUR LAPTOP LIKE YOU MEAN IT
Time and again, people are told there is one obvious way to mitigate privacy threats of all sorts, from mass government surveillance to pervasive online tracking to cybercriminals: Encryption. As President Obama put itearlier this year, speaking in between his administration’s attacks on encryption, “There’s no scenario in which we don’t want really strong encryption.” Even after helping expose all the ways the government can get its hands on your data, NSA whistleblower Edward Snowden still maintained, “Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on.”
But how can ordinary people get started using encryption? Encryption comes in many forms and is used at many different stages in the handling of digital information (you’re using it right now, perhaps without even realizing it, because your connection to this website is encrypted). When you’re trying to protect your privacy, it’s totally unclear how, exactly, to start using encryption. One obvious place to start, where the privacy benefits are high and the technical learning curve is low, is something called full disk encryption. Full disk encryption not only provides the type of strong encryption Snowden and Obama reference, but it’s built-in to all major operating systems, it’s the only way to protect your data in case your laptop gets lost or stolen, and it takes minimal effort to get started and use.
If you want to encrypt your hard disk and have it truly help protect your data, you shouldn’t just flip it on; you should know the basics of what disk encryption protects, what it doesn’t protect, and how to avoid common mistakes that could let an attacker easily bypass your encryption.
…click on the above link to read the rest of the article…
CSE worried about how its use of Canadian metadata might be viewed
Questions over spy agency’s definition of ‘tracking Canadians’
Canada’s electronic spy agency fretted over how its collection of cellphone and email metadata might be perceived even before CBC published a story on the agency using Wi-Fi data to track airport passengers, new documents obtained by CBC reveal.
A Communications Security Establishment employee warned in an email several days before the CBC story aired that public knowledge of the top-secret experiment, which followed passengers at a major Canadian international airport using their electronic footprints, “would be damaging” to the agency by “putting into question” its collection of the metadata belonging to Canadians.
“There was some internal squirming by CSE around the fact that they had used Canadian metadata to build the analytical model, and had done so over a protracted period,” says national security expert and University of Ottawa professor Wesley Wark.
The electronic surveillance agency came under increased scrutiny in the weeks following the Jan. 30, 2014 airing and publication of the CBC story, which was based on a document obtained by U.S. whistleblower Edward Snowden and analyzed in collaboration with the U.S. news site The Intercept.
- CSE used airport Wi-Fi to track Canadian travellers
- Wi-Fi snooping experiment prompts calls for review
- Canada’s Snowden files: More stories
Now, new documents obtained under the Access to Information Act, provide insight into how the spy agency prepped for Senate committee hearings and media scrums, as questions rained down about their use of the metadata collected about passengers at the Canadian international airport.
Care must be taken, said an email dated Feb. 3, 2014 — the day CSE chief John Forster spoke at a Senate committee — not only to make sure the agency didn’t mislead, but also to make sure “we don’t limit the scope of any future activities.”
…click on the above link to read the rest of the article…
Congress is Attempting to Reauthorize Key Patriot Act Provisions by Sneaking it Into “USA Freedom Act”
Congress is Attempting to Reauthorize Key Patriot Act Provisions by Sneaking it Into “USA Freedom Act”
Yet with Section 215’s lifespan now stretching to a matter of weeks, supporters of broad surveillance powers have yet to put forth a bill for their preservation – evidence, opponents believe, that the votes for reauthorization do not exist, particularly not in the House of Representatives.
More likely, according to a multiple Hill sources, is a different option under consideration: making the major NSA reform bill of the last Congress the point of departure for reauthorizing 215 in the current one.
The bill would not abridge NSA collection of Americans’ international communications, nor prevent the NSA or the FBI from warrantlessly searching through its troves of them for Americans’ identifying information. Nor would it restrict a constellation of surveillance efforts authorized by a Reagan-era executive order. Even a recently disclosed bulk domestic phone records collection dragnet by the Drug Enforcement Agency would be untouched.
“We should be demanding more reforms than the intelligence agencies are gladly willing to offer us,” said David Segal of the activist group Demand Progress.
– From the Guardian article: NSA and FBI Fight to Retain Spy Powers as Surveillance Law Nears Expiration
June 1, 2015 is a very important day for American civil liberties and the Constitution. On that day, Section 215 of the Patriot Act, one of the most egregious pieces of legislation passed in U.S. history, will expire automatically without reauthorization from Congress. Naturally, this is causing a panic attack within the heart of the NSA, FBI and all the authoritarian lackey legislators in Washington D.C. With the chances of a clean reauthorization next to none, these crafty “representatives” and their puppeteers need to figure out a way to sneak it into another piece of legislation. What better way to do this than making it a part of something that ostensibly appears to be reining in surveillance powers. Enter the USA Freedom Act.
…click on the above link to read the rest of the article…
Inventor of Antivirus Sofware: The Government Is Planting Malicious Software On Your Phone So It Can Bypass Encryption and See What You’re Doing
Inventor of Antivirus Sofware: The Government Is Planting Malicious Software On Your Phone So It Can Bypass Encryption and See What You’re Doing
Spy Agencies Are Intentionally Destroying Digital Security
Top computer and internet experts say that NSA spying breaks the functionality of our computers and of the Internet. It reduces functionality and reduces security by – for example – creating backdoors that malicious hackers can get through.
Remember, American and British spy agencies have intentionally weakened security for many decades. And it’s getting worse and worse. For example, they plan to use automated programs to infect millions of computers.
Smart Phones Vulnerable to Spying
We documented in 2013 that smart phones are very vulnerable to spying:
The government is spying on you through your phone … and may even remotely turn on your camera and microphone when your phone is off.
As one example, the NSA has inserted its code into Android’s operating system … bugging three-quarters of the world’s smartphones. Google – or the NSA – can remotely turn on your phone’s camera and recorder at any time.
Moreover, Google knows just about every WiFi password in the world … and so the NSA does as well, since it spies so widely on Google.
But it’s not just the Android. In reality, the NSA can spy on just about everyone’s smart phone.
…click on the above link to read the rest of the article…
Police asked telcos for client data in over 80% of criminal probes
Ottawa also sought legal advice on telco’s transparency reports
Canadian police seek online and phone data from telecommunications companies in almost every criminal investigation, according to a briefing note to the federal minister for public safety, obtained by CBC News.
The scale of the practice suggested in the memo indicates it has become routine for officers to tap into private internet activity.
“Canadian police estimate that at least one form of lawful access request is made by government agencies to TSPs [telecom service providers] in about 80-95 per cent of all investigations today,” states the Sept. 26, 2014 memo addressed to Public Safety Minister Steven Blaney, released under the Access to Information Act.
- RCMP telecom subscriber data requests poorly tracked, says privacy czar
- RCMP drops some internet-related probes following Supreme Court ruling
Lawful access includes police asking telecommunications companies to install wiretaps, give access to emails or texts, and hand over identifiers like the name or address of a customer.
Tamir Israel, a lawyer specializing in internet and technology law, says the figure is likely so high because until a Supreme Court decision last June, police didn’t need a warrant to obtain subscriber information such as the name and address associated with an IP address.
“When a tool is unregulated in this way, it becomes a matter of standard practice,” said Israel, a lawyer with the Canadian Internet Policy and Public Interest Clinic at the University of Ottawa. “No assessment is made as to the invasiveness of the tool, whether it’s justified in a particular context or not. It’s easy to do. It’s low cost, so you just do it.”
…click on the above link to read the rest of the article…
Facebook tracking of online activity breaches EU law, report says
Tracking cookies collect data even if you don’t have a Facebook account, says Belgian universities
Facebook can track your online activity even if you don’t have a Facebook account, and that may breach European privacy laws, according to a report by two Belgian universities.
According to the report, first reported by the Guardian, Facebook uses cookies to track people’s online activity without their consent – even if they have logged out of Facebook, deactivated their account, or specifically opted out of online advertising in Europe.
‘Facebook is subject to and complies with EU data protection law.’
– Facebook statement
The report was ordered by the Belgian Privacy Commission, with research conducted at the University of Leuven and the Vrije Universiteit Brussel, after the commission determined that Facebook’s privacy policies, which were updated in January, violated European customer privacy laws.
It says that Facebook’s revised data use policy has enabled the social media giant “to create a vast advertising network which uses data from inside and outside Facebook to target both users and non-users of Facebook.”
Tracking cookies
Facebook can track users who have an account, says the report, with multiple cookies that identify them. Even non-users are tracked, with a cookie called “datr,” which has an expiration date of two years.
The tracking cookie can be placed on a user’s computer when he or she visits a website that includes a Facebook plug-in, not just Facebook.com itself, regardless of whether you clicked “like” or “share” on the social media toolbar.
…click on the above link to read the rest of the article…
