The American Bear

Sunshine/Lollipops

The Interest-Divergence Dilemma Between the Tech Companies and the NSA* | Translation Exercises

… [As] the tech letter [from Google, Yahoo, etc.] shows, while the language they resort to is the time-honored liberal discourse between security and freedom, in fact the balance they care about is the balance between corporate profits, government power, and customer complacence. It is not necessarily a problem to tip over from freedom to security, as long as government surveillance doesn’t begin to cause unrest among their customers such that they lose their profit machine.

Presumably “being sensible” means not undermining “trust in the Internet,” which makes total sense, when your business profits depend on your customers’ trust in the Internet. So the appeal from the tech companies to the USG, in essence, is to continue their collaboration with the corporations to mine and acquire as much data as possible, but to be less obtrusive, less extreme, less confrontational about it. One way to do so, is to re-institute strict controls on which persons are the focus of data collection.

This is the quintessential neoliberal environment: corporations and the government converge to strip the focus away from rights so as to have better control over individuals. But at the moment that corporate profit is threatened, corporations no longer act in complete concert with the state, but rather each “institution” (the government and corporations) battle each other for control over consumers/citizens.

I think there’s a different (or another) red herring … : It is the red herring of “interests.” In other words, the discourse of interests distracts the “public” conversation from naming several realities (i.e. this is what is NOT printed as part of the official record, as in Reuters or the NYT; it doesn’t mean that many of us don’t see it).

1) It distracts us from being able to identify the struggle over the limits of surveillance as being about the limits of corporate power versus the state’s power and not, as its typically articulated, to protect persons/subjects/consumers/citizens.

2) This struggle is better understood as that between corporate interests for profit and (managing its customers’ behaviors for that purpose) v. government interests to acquire all information as a mode of securing control over subjects and companies.

In other words, the struggle between the tech companies and the government is over managing individual actions en masse, and by extension, its dialectical counterpart: consumers’/subjects’ resistance to being managed.

And this battle reflects the red herring of interests: The discourse of “interests” saturates the public conversation, such that privacy is no longer a relevant question. In fact, the prime concern that governs state actions is “its” own interests. This makes more sense if we revert to the assumption that the state’s interest is in its own survival, not that of its subjects/citizens. The corporations have their own interests in mind is obvious, but their interests are profits as extracted through the control/management of consumers’ actions (such as through Google’s and Facebook’s data collection methods, which in turn are enhanced by targeting personalized ads at each user, which in turn extracts more information about user behavior.

The issue at stake is not about principles, or ethics, or privacy per se. Rather, the real concern—from the perspective of the tech companies is their profits being lost. That is the tipping point that shifts the balance away from profit in the service of overwhelming government desire to know everything that’s going on. That interest was okay, so long as the public (customers) didn’t know (or didn’t focus so much on) the fact that their information was being handed over in volume by the tech companies. But when that knowledge threatens to drive away their customer base, then the “balance” qua fine-tuning has been lost. [READ]

FBI, cops put drones aloft without updating privacy guidelines | McClatchy DC

The FBI and numerous other local and federal law enforcement agencies are #exploring the use of drones – unmanned aircraft — to conduct surveillance and crime scene examinations without risking the lives of pilots.

But in an interim, partially classified audit report released on Thursday, September 26th, Justice Department Inspector General Michael Horowitz is raising a big caution flag. His audit team asked, in essence, “Did anyone think about Americans’ privacy rights?”

The drones weigh less than 55 pounds, and they can buzz over homes and businesses with cameras trained on activity below. They cost just 25 bucks an hour to operate – a tiny fraction of the $625 hourly cost of choppers and other manned aircraft.  Some agencies are experimenting with infrared cameras for nighttime use.

Between 2004, when the Justice Department acquired its first drone, and May of this year, the FBI and three other department components spent $3.7 million buying the drones, 80 percent of the money coming from the bureau, which already has them in use.

The Bureau of Alcohol, Tobacco and Firearms plans to deploy drones soon, while the Drug Enforcement Administration and United States Marshals Service acquired them for testing, but haven’t yet decided to use them domestically, the IG says.

Officials of the FBI and ATF told the auditors they see no need to develop specialized privacy protocols, and they don’t see any practical difference in using the drones for surveillance versus manned aircraft.

But the agency watchdogs concluded that a consistent department policy may be needed for the use of small drones, which can hover covertly in areas where people might expect privacy and remain there far longer than a traditional aircraft could.

[D]ocuments show that the [National Security] agency has already achieved another of the goals laid out in the budget request: to influence the international standards upon which encryption systems rely.

Independent security experts have long suspected that the NSA has been introducing weaknesses into security standards, a fact confirmed for the first time by another secret document. It shows the agency worked covertly to get its own version of a draft security standard issued by the US National Institute of Standards and Technology approved for worldwide use in 2006.

'Eventually, NSA became the sole editor,' the document states.

US and UK spy agencies defeat privacy and security on the internet

New Details Show Broader NSA Surveillance Reach (2) | WSJ

… Blarney was in use before the 2001 terror attacks, operating at or near key fiber-optic landing points in the U.S. to capture foreign communications coming in and out of the country. One example is an AT&T facility in San Francisco that was revealed in 2006 during the debate over warrantless wiretapping. A similar facility was built at an AT&T site in New Jersey, former officials say.

After the 2001 attacks, a former official says, these intercept systems were expanded to include key Internet networks within the U.S. through partnerships with U.S. Internet backbone providers. Amid fears of terrorist “sleeper cells” inside the U.S., the government under President George W. Bush also began redefining how much domestic data it could collect.

For the 2002 Winter Olympics in Salt Lake City, officials say, the Federal Bureau of Investigation and NSA arranged with Qwest Communications International Inc. to use intercept equipment for a period of less than six months around the time of the event. It monitored the content of all email and text communications in the Salt Lake City area.

At that point, the systems fed into the Bush administration’s program of warrantless wiretapping, which circumvented the surveillance court on the authority of the president’s power as commander in chief. The Bush administration came under criticism from lawmakers and civil libertarians for sidestepping court supervision.

The current legal backing for Blarney and its related programs stems from a section of a 2008 surveillance law. It permits the government, for foreign intelligence investigations, to snoop on foreigners “reasonably believed” to be outside the U.S.

Previously, the law had tighter standards. It allowed the government to spy on people if there were “probable cause” to believe they were an “agent of a foreign power.”

NSA has discretion on setting its filters, and the system relies significantly on self-policing. This can result in improper collection that continues for years.

New Details Show Broader NSA Surveillance Reach | WSJ

[…] One U.S. official says the agency doesn’t itself “access” all the traffic within the surveillance system. The agency defines access as “things we actually touch,” this person says, pointing out that the telecom companies do the first stage of filtering.

The surveillance system is built on relationships with telecommunications carriers that together cover about 75% of U.S. Internet communications. They must hand over what the NSA asks for under orders from the secret Foreign Intelligence Surveillance Court. The firms search Internet traffic based on the NSA’s criteria, current and former officials say.

Verizon Communications Inc., for example, has placed intercepts in the largest U.S. metropolitan areas, according to one person familiar with the technology. It isn’t clear how much information these intercepts send to the NSA. A Verizon spokesman declined to comment.

Not all telecommunications providers handle the government demands the same way, says the person familiar with the legal process. According to a U.S. official, lawyers at telecom companies serve as checks on what the NSA receives. “The providers are independently deciding what would be responsive,” the official says.

… The person [we interviewed] says talks between the government and different telecoms about what constitutes foreign communications have “been going on for some years,” and that some in the industry believe the law is unclear on Internet traffic. “Somebody should enunciate a rule,” this person says.

… Mr. Obama and top intelligence officials say NSA’s programs are overseen by all three branches of government, citing procedures approved by the secret surveillance court that require the NSA to eliminate “incidentally acquired” data on Americans. “If you say, ‘We don’t want the NSA to be scanning large amounts of traffic,’ you’re saying you don’t want it to do its job,” says one former official.

Blarney, Fairview, Oakstar, Lithium and Stormbrew were mentioned, but not fully explained, in documents released by Mr. Snowden. An NSA paper released this month mentioned several but didn’t describe them beyond saying, “The government compels one or more providers to assist NSA with the collection of information responsive to the foreign intelligence need.”

The system is built with gear made by Boeing Co.’s Narus subsidiary, which makes filtering technology, and Internet hardware manufacturers Cisco SystemsInc. and Juniper Networks Inc., among other companies, according to former intelligence officials and industry figures familiar with the equipment.

Narus didn’t respond to requests for comment. Cisco and Juniper declined to comment.

‘Hops’ refers to a technical term indicating connections between people. A three-hop query means that the NSA can look at data not only from a suspected terrorist, but from everyone that suspect communicated with, and then from everyone those people communicated with, and then from everyone all of those people communicated with.

NSA warned to rein in surveillance as agency reveals even greater scope

Bonus:

… The paper, Four Degrees of Separation, by Lars Backstrom et al. explores the world-scale social-network, Facebook. Their findings that “the average distance… is 4.74, corresponding to 3.74 ‘degrees of separation’, showing that the world is even smaller than we expected.” With a dataset of Facebook’s entire active user base (721 million nodes, 69 billion edges), this research is certainly comprehensive. Succinctly put, “when considering another person in the world, a friend of your friend knows a friend of their friend, on average.” The researchers explicitly note that this research was conducted on a graph of individuals – there are no “subscriptions” or pages that people may “like” included in the graph. Thus, an interpretation on their finding would be that it depicts the average distance of the human network, using the Facebook network as a proxy.

You get the idea…

Revealed: how Microsoft handed the NSA access to encrypted messages | The Guardian

[…] The latest documents come from the NSA‘s Special Source Operations (SSO) division, described by Snowden as the “crown jewel” of the agency. It is responsible for all programs aimed at US communications systems through corporate partnerships such as Prism.

The files show that the NSA became concerned about the interception of encrypted chats on Microsoft’s Outlook.com portal from the moment the company began testing the service in July last year.

Within five months, the documents explain, Microsoft and the FBI had come up with a solution that allowed the NSA to circumvent encryption on Outlook.com chats

A newsletter entry dated 26 December 2012 states: “MS [Microsoft], working with the FBI, developed a surveillance capability to deal” with the issue. “These solutions were successfully tested and went live 12 Dec 2012.”

Two months later, in February this year, Microsoft officially launched the Outlook.com portal.

Another newsletter entry stated that already had pre-encryption access to Outlook email. “For collection against Hotmail, Live, and Outlook.com emails will be unaffected because Prism collects this data prior to encryption.”

And while we’re on the topic of Microsoft, don’t forget about the NYPD’s new Total Domain Awareness package:

The New York City Police Department and Microsoft have partnered up to bring the world a surveillance system straight out of a sci-fi novel. With a name both mundane and a little bit menacing, the Domain Awareness System allows the department to access around 3,000 CCTV cameras around the city and link the feeds with software to cross-check criminal and terrorist databases, take radiation levels, scan license plates, and more — 24 hours a day, 7 days a week, from a lower Manhattan headquarters. And when Microsoft turns around and sells the technology to other cities, New York gets a cut.

… Beyond the surveillance integration, the Domain Awareness System is an investment. “I hope Microsoft sells a lot of copies of this system,” the mayor said, “because 30 percent of the profits will go to us.”

Revealed: how Microsoft handed the NSA access to encrypted messages | The Guardian

[…] One document boasts that monitoring of Skype video production has roughly tripled since a new capability was added on 14 July 2012. “The audio portions of these sessions have been processed correctly all along, but without the accompanying video. Now, analysts will have the complete ‘picture’,” it says.

Eight months before being bought by Microsoft, Skype joined the program in February 2011.

According to the documents, work had begun on smoothly integrating Skype into Prism in November 2010, but it was not until 4 February 2011 that the company was served with a directive to comply signed by the attorney general.

The NSA was able to start tasking Skype communications the following day, and collection began on 6 February. “Feedback indicated that a collected Skype call was very clear and the metadata looked complete,” the document stated, praising the co-operation between NSA teams and the FBI. “Collaborative teamwork was the key to the successful addition of another provider to the system.”

ACLU technology expert Chris Soghoian said the revelations would surprise many Skype users. “In the past, Skype made affirmative promises to users about their inability to perform wiretaps,” he said. “It’s hard to square Microsoft’s secret collaboration with the NSA with its high-profile efforts to compete on privacy with Google.”

The information the NSA collects from PRISM is routinely shared with both the FBI and CIA. A 3 August 2012 newsletter describes how the NSA has recently expanded sharing with the other two agencies.

The NSA, the entry reveals, has even automated the sharing of aspects of Prism, using software that “enables our partners to see which selectors [search terms] the National Security Agency has tasked to Prism”.

The document continues: “The FBI and CIA then can request a copy of collection of any selector…” As a result, the author notes: “these two activities underscore the point that Prism is a team sport!” [++]

The calls you make can reveal a lot, but now that so much of our lives are mediated by the internet, your IP [internet protocol] logs are really a real-time map of your brain: what are you reading about, what are you curious about, what personal ad are you responding to (with a dedicated email linked to that specific ad), what online discussions are you participating in, and how often? … Seeing your IP logs – and especially feeding them through sophisticated analytic tools – is a way of getting inside your head that’s in many ways on par with reading your diary. Julian Sanchez quoted in NSA collected Americans’ email records in bulk for two years under Obama

Revealed: NSA collecting phone records of millions of Americans daily | The Guardian

The National Security Agency is currently collecting the telephone records of millions of US customers of Verizon, one of America’s largest telecoms providers, under a top secret court order issued in April.

The order, a copy of which has been obtained by the Guardian, requires Verizon on an “ongoing, daily basis” to give the NSA information on all telephone calls in its systems, both within the US and between the US and other countries.

The document shows for the first time that under the Obama administration the communication records of millions of US citizens are being collected indiscriminately and in bulk – regardless of whether they are suspected of any wrongdoing.

The secret Foreign Intelligence Surveillance Court (Fisa) granted the order to the FBI on April 25, giving the government unlimited authority to obtain the data for a specified three-month period ending on July 19.

Under the terms of the blanket order, the numbers of both parties on a call are handed over, as is location data, call duration, unique identifiers, and the time and duration of all calls. The contents of the conversation itself are not covered.

The disclosure is likely to reignite longstanding debates in the US over the proper extent of the government’s domestic spying powers.

Under the Bush administration, officials in security agencies had disclosed to reporters the large-scale collection of call records data by the NSA, but this is the first time significant and top-secret documents have revealed the continuation of the practice on a massive scale under President Obama.

[…]

It is not known whether Verizon is the only cell-phone provider to be targeted with such an order, although previous reporting has suggested the NSA has collected cell records from all major mobile networks. It is also unclear from the leaked document whether the three-month order was a one-off, or the latest in a series of similar orders.

The court order appears to explain the numerous cryptic public warnings by two US senators, Ron Wyden and Mark Udall, about the scope of the Obama administration’s surveillance activities.

For roughly two years, the two Democrats have been stridently advising the public that the US government is relying on “secret legal interpretations” to claim surveillance powers so broad that the American public would be “stunned” to learn of the kind of domestic spying being conducted.

Because those activities are classified, the senators, both members of the Senate intelligence committee, have been prevented from specifying which domestic surveillance programs they find so alarming. But the information they have been able to disclose in their public warnings perfectly tracks both the specific law cited by the April 25 court order as well as the vast scope of record-gathering it authorized. [READ]