Judge almost shut down surveillance program, documents show
FOX News / AP National Security September 10, 2013
SAN FRANCISCO –
A federal judge who oversaw a secret U.S. spy court almost shut down the government’s domestic surveillance program designed to fight terrorism after he “lost confidence” in officials’ ability to operate it, documents released Tuesday show.
U.S. District Judge Reggie Walton issued a blistering opinion in March 2009 after discovering government officials had been accessing domestic phone records for nearly three years without “reasonable, articulate suspicion” that they were connected to terrorism.
Walton said the government’s excuse that the program was complicated “strained credulity,” and he ordered the National Security Agency to conduct an “end-to-end” review of its processes and policies while also ordering closer monitoring of its activities.
Later in 2009, a Justice Department lawyer reported to the spy court a “likely violation” of NSA surveillance rules. The lawyer said that in some cases, it appeared the NSA was distributing the sensitive phone records by email to as many as 189 analysts, but only 53 were approved by the Foreign Intelligence Surveillance Court to see them.
Judge Walton wrote that he was “deeply troubled by the incidents,” which he said occurred just weeks after the NSA had performed a major review of its internal practices because of the initial problems reported earlier in the year.
Walton’s dissatisfaction with the Obama administration’s handling of the surveillance program are contained in hundreds of pages of previously classified documents federal officials released Tuesday as part of a lawsuit by a civil liberties group.
The Obama administration has been facing mounting pressure to reveal more details about the government’s domestic surveillance program since a former intelligence contractor released documents showing massive National Security Agency trawling of domestic data.
The information included domestic telephone numbers, calling patterns and the agency’s collection of Americans’ Internet user names, IP addresses and other metadata swept up in surveillance of foreign terror suspects.
The documents released Tuesday came in response to a lawsuit filed by the Electronic Frontier Foundation. They relate to a time in 2009 when U.S. spies went too far in collecting domestic phone data and then mislead the secret Foreign Intelligence Surveillance Court about their activities.
The Obama administration’s decision to release the documents comes just two weeks after it declassified three secret FISC opinions — including one in response to a separate EFF lawsuit in the federal court in Washington. In that October 2011 FISA opinion, Judge James D. Bates said he was troubled by at least three incidents over three years where government officials admitted to mistaken collection of domestic data.
The New York Times by Charlie Savage August 21, 2013
The federal government is making progress on developing a surveillance system that would pair computers with video cameras to scan crowds and automatically identify people by their faces, according to newly disclosed documents and interviews with researchers working on the project.
The Department of Homeland Security tested a crowd-scanning project called the Biometric Optical Surveillance System — or BOSS — last fall after two years of government-financed development. Although the system is not ready for use, researchers say they are making significant advances. That alarms privacy advocates, who say that now is the time for the government to establish oversight rules and limits on how it will someday be used.
Tech firms squirm over their role in Prism surveillance
PC World by Ellen Messmer July 28, 2013
The disclosures about the National Security Agency’s massive global surveillance by Edward Snowden, the former information-technology contractor who’s now wanted by the U.S. government for treason, is hitting the U.S. high-tech industry hard as it tries to explain its involvement in the NSA data-collection program.
Last week, a gaggle of 22 large U.S. high-tech firms—including Apple, Facebook, Google, Microsoft, and Yahoo which have acknowledged they participate in NSA data-gathering efforts in some form, if not exactly as Snowden and some press reports have described it—begged to be freed from the secrecy about it in their pleading, public letter to President Obama, NSA director Keith Alexander, and a dozen members of Congress.
The July 18 A letter from America’s high-tech powerhouses, which was also signed by almost three dozen nonprofit and trade organizations as well as six venture-capital firms, begged for “greater transparency around national security-related requests by the US government to Internet, telephone, and web-based service providers” in terms of how much information the government demands on high-tech customers and subscriber accounts and how.
The letter begged for the U.S. government to make the amount of requests the government makes related to national security for individual customer information public.
“This information about how and how often the government is using these legal authorities is important to the American people, who are entitled to have an informed public debate about the appropriateness of those authorities and their use, and to international users of US-based service providers who are concerned about the privacy and security of their communications.,” the letter to President Obama, Congress, the NSA director and Director of National Intelligence, stated yesterday.
Firms on the defensive
The revelations last month from Snowden about NSA’s extensive involvement in U.S. high-tech firms for purposes of information collection has suddenly put the U.S. high-tech industry on the defensive as they struggle to offer an explanation about all this to their global users while still bound by secrecy under the U.S. Patriot Act. There’s no indication yet from the White House or others in government that any change in the NSA spying program, which relies on the participation of U.S.-based firms, will change.
“This should be debated in a public setting,” said John Dickson, principal at security firm Denim Group and a former U.S. Air Force officer, about the situation in which NSA’s global surveillance is tied so clearly to U.S.-based companies. He noted the U.S. government has actually said little but the media much.
This is all putting tremendous pressure on the U.S. high-tech industry, especially abroad in Europe where privacy questions may be making U.S. industry seem less competitive. This week Brad Smith, Microsoft general counsel and executive vice president, legal and corporate affairs at Microsoft, A issued a public statement that sought to clarify Microsoft’s participation in the U.S. government’s content gathering methods.
“”Recent leaked documents have focused on the addition of HTTPS encryption to Outlook.com instant messaging, which is designed to make this content more secure as it travels across the Internet,” Microsoft counsel Smith wrote. “To be clear, we do not provide any government with the ability to break the encryption, nor do we provide the government with the encryption keys. When we are legally obligated to comply with demands, we pull the specified content from our servers where it sits in an unencrypted state, and then we provide it to the government agency.”
Microsoft’s SkyDrive and Skype A is handled somewhat similarly in terms of government requests, Smith said. As far as enterprise and document storage for business customers, “we take steps to redirect the government to the customer directly, and we notify the customer unless we are legally prohibited from doing so,” Smith stated in his July 16 post. “We have never provided any government with customer data from any of our business or government customers for national security purposes.”
Smith added Microsoft got four requests related to law enforcement in 2012. “We do not provide any government with the ability to break the encryption used between our business customers and their data in the cloud, nor do we provide the government with the encryption keys.”
Is Prism even effective anymore?
In the meantime, it’s safe to assume in this NSA leaks debacle that “the bad guys have switched tactics” and probably wouldn’t use U.S.-based high-tech services, Dickson points out. And in this atmosphere of rising cyber-nationalism, the possible role of China’s government and its own high-tech industry have to be asked, too, he noted.
Former head of the U.S. Central Intelligence Agency and the NSA, Gen. Michael Hayden, recently charged forward on that topic in an interview with The Australian Financial Review.
Hayden said he believes that China-based network vendor Huawei conducted clandestine activities and shared with the Chinese state “intimate and sensitive knowledge of the foreign telecommunications systems it is involved with.” According to the published report, Gen. Hayden said the Huawei is a significant security threat to Australia and the U.S., has spied for the Chinese government, and intelligence agencies have evidence of this.
A Huawei spokesman, John Suffolk, Huawei’s global cyber security officer, is quoted by the Australian publication yesterday as calling Hayden’s remarks “unsubstantiated and defamatory” and that any critics of the company should present any evidence publicly.In an opinion piece on CNN.com today, Gen. Hayden railed openly against Edward Snowden as a national security threat, saying he “fled to China with several computers’ worth of data from NSANET, one of the most highly classified and sensitive networks in American intelligence.”
Hayden acknowledged that one aspect of the fallout from Snowden’s leaks is that “the undeniable economic punishment that will be inflicted on American businesses for simply complying with American law.”
Hayden’s remarks on CNN also seem to sarcastically criticize the Europeans now complaining about the NSA activities and how they may violate European data-privacy laws. “Others, most notably in Europe, will rend their garments in faux shock and outrage that these firms have done this, all the while ignoring that these very same companies, along with their European counterparts, behave the same way when confronted with the lawful demands of the European states.”
Hayden continued: “The real purpose of those complaints is competitive economic advantage, putting added burdens on or even disqualifying American firms competing in Europe for the big data and cloud services that are at the cutting edge of the global IT industry.”
As if all this weren’t enough, former President Jimmy Carter also spoke out yesterday on NSA global surveillance, suggesting the NSA data collection practices were harming democracy. Former president Carter also said Edward Snowden’s revelations didn’t really harm national security and and was actually “beneficial” because “they inform the public.”
Government collecting millions of records on American drivers, study says
FOX News July 17, 2013
Law enforcement agencies across the United States are using automatic scanners to amass millions of digital records on the location and movement of vehicles, according to a study published Wednesday by the American Civil Liberties Union.
The scanners – which can be affixed to police cars, bridges or buildings — capture images of moving or parked vehicles that include such details as location and license plate numbers.
The images are then uploaded into police databases and kept for weeks or sometimes indefinitely.
While the Supreme Court ruled in 2012 that a judge’s approval is needed to track a car with GPS, the ACLU says the image scanning raises concerns about government possibly over-intruding in the lives of everyday citizens.
“There’s just a fundamental question of whether we’re going to live in a society where these dragnet surveillance systems become routine,” said Catherine Crump, a staff attorney with the ACLU, which wants police departments to immediately delete records of cars not linked to a crime.
Law enforcement officials said the scanners can be crucial to tracking suspicious cars, aiding drug busts and finding abducted children.
License plate scanners also can be efficient. The state of Maryland told the ACLU that troopers could “maintain a normal patrol stance” while capturing up to 7,000 license plate images in a single eight-hour shift.
“At a time of fiscal and budget constraints, we need better assistance for law enforcement,” said Harvey Eisenberg, chief of the national security section and assistant U.S. attorney in Maryland.
The ACLU found that only five states have laws governing license plate readers. New Hampshire, for example, bans the technology except in narrow circumstances, while Maine and Arkansas limit how long plate information can be stored.
The report comes amid a national debate about the federal government collecting information on Americans’ phone calls and Internet activities – punctuated Wednesday by a heated Capitol Hill exchange over the matter.
The larger debate started when CIA contract worker Edward Snowden revealed, through news agencies, that the National Security Agency had collected such data as part of its anti-terrorism efforts.
Members of Congress said Wednesday that they never intended to allow the NSA to sweep up millions of records.
The most intense moments came when Rep. James Sensenbrenner, R-Wis., told Deputy Attorney General James Cole that Congress only meant to authorize seizures of information directly relevant to national security investigations.
As Cole explained why that was necessary, Sensenbrenner cut him off and reminded him that his surveillance authority expires in 2015.
“And unless you realize you’ve got a problem,” Sensenbrenner said, “that is not going to be renewed.”
The Mesquite Police Department, in Texas, has vehicle records stretching back to 2008, though the city plans to begin deleting files older than two years.
“There’s no expectation of privacy” for a vehicle driving on a public road or parked in a public place, said Lt. Bill Hedgpeth, a police spokesman. “It’s just a vehicle. It’s just a license plate.”
A spokeswoman for the Metropolitan Police Department, the District of Columbia’s police force, which takes pictures of speed and red light violations, told FoxNews.com that officials have not read the report so they have declined to comment about what officials do with the images.
However, the agency’s website states its photo radar system takes photographs only of vehicles that exceed speed limits, but also collects “basic data about the speed of every vehicle that passes through the radar beam.”
The system also targets only “the most serious and dangerous offenders,” according to the site.
In Yonkers, N.Y., just north of the Bronx, police said retaining the information indefinitely helps detectives solve future crimes. In a statement, the department said it uses license plate readers as a “reactive investigative tool” that is only accessed if detectives are looking for a particular vehicle in connection to a crime.
“These plate readers are not intended nor used to follow the movements of members of the public,” the department’s statement said.
But even if law enforcement officials say they don’t want a public location tracking system, the records add up quickly.
In Jersey City, N.J., for example, the population is only 250,000,but the city collected more than 2 million plate images on file. Because the city keeps records for five years, the ACLU estimates that it has some 10 million on file, making it possible for police to plot the movements of most residents depending upon the number and location of the scanners, according to the ACLU.
The ACLU study, based on 26,000 pages of responses from 293 police departments and state agencies across the country, also found that license plate scanners produced a small fraction of “hits,” or alerts to police that a suspicious vehicle has been found.
In Maryland, for example, the state reported reading about 29 million plates between January and May of last year. Of that amount, about 60,000 — or roughly 1 in every 500 license plates — were suspicious. The No. 1 crime? A suspended or revoked registration, or a violation of the state’s emissions inspection program accounted for 97 percent of all alerts.
Eisenberg, the assistant U.S. attorney, said the numbers “fail to show the real qualitative assistance to public safety and law enforcement.” He points to the 132 wanted suspects the program helped track. They were a small fraction of the 29 million plates read, but he said tracking those suspects can be critical to keeping an area safe.
Also, he said, Maryland has rules in place restricting access for criminal investigations only. Most records are retained for one year in Maryland, and the state’s privacy policies are reviewed by an independent board, Eisenberg noted.
At least in Maryland, “there are checks, and there are balances,” he said.
It isn’t exactly Superman-like X-ray vision, but cheap, low-power Wi-Fi technology is gaining more attention as a remote sensing tool.
C/Net News by Tim Hornyak June 27, 2013
Do you really wish you had X-ray vision? Sure, it would be fun to see what your neighbors are doing behind those walls — until you see something you wish you hadn’t.
Regardless, researchers at MIT have developed a sensing technology that uses low-power Wi-Fi to detect moving people. It follows other wall-penetrating sensor tech using radar and heavy equipment.
The Wi-Vi system by Dina Katabi and Fadel Adib sends out a low-power Wi-Fi signal and tracks its reflections to sense people moving around, even if they’re in closed rooms or behind walls.
Part of a Wi-Fi signal transmitted at a wall will penetrate it and reflect off people on the other side. The MIT system ignores all the other reflects, such as from objects, to focus on those from moving people only. It can determine the number of moving people in the room and their relative locations.
The system sends out two nearly identical signals, but one is the inverse of the other, and thus they cancel each other out.
“So, if the person moves behind the wall, all reflections from static objects are cancelled out, and the only thing registered by the device is the moving human,” Adib, a graduate student in MIT’s Department of Electrical Engineering and Computer Science, was quoted as saying in a release.
The Wi-Vi receiver uses changes in the signal reflection time to calculate where a moving person is behind a wall. It can also detect gestures such as arm waving and could be used to control home lighting or appliances in another room. It could also let people communicate with the outside using hand signals alone.
British researchers have also been investigating how to use Wi-Fi for surveillance and urban warfare, but the MIT system could be used in applications such as search and rescue, law enforcement, or personal security.
“If you are walking at night and you have the feeling that someone is following you, then you could use it to check if there is someone behind the fence or behind a corner,” said Katabi, a professor in the department.
Or the NSA could use it to see how badly you dance in front of your mirror.
The research (PDF) will be shown at the Sigcomm conference in Hong Kong in August. Check out a brief demo in the vid below.