Promises Of NSA Reform Raises More Questions Than It Answers

President Barack Obama’s pledge that the government would no longer be housing vast warehouses of the personal and private communication data of millions of Americans was a relief on the surface, but the vagueness displayed when the specifics were outlined has caused many to raise a significant amount of questions as to how exactly the implementation of this new policy will take place.

According to Politico, President Obama indicated that he would task Attorney General and the intelligence community to determine whether information about incoming and outgoing calls would be provided by independent companies such as Verizon and AT&T, or whether that information would be obtained by some other means. Privacy advocates had hoped that the answer would be that this information would not be obtainable at all – rather that it would remain private without a specific warrant – but that is not going to be the case.

Obama stressed the importance of creating a system which is comparable to the powers that the government has for information gathering under Section 215, which he stated is critical for national security. He did state that more work needed to be done on the system – in all likelihood, the final result will be a compromise that gives something to both sides of the debate.

Canada Is Reviewing Its Privacy Policies As A Result Of The NSA Leaks

As a result of the massive intelligence leak of NSA information by whistle blower Edward Snowden, Canada’s own intelligence agencies are now taking a hard look at Canada’s privacy and eavesdropping policies. This information came to light this week as the result of a memo which was recently declassified and details the steps that Canada is taking in its policy review efforts.

The memo is not dated and therefore cannot be tied down to a specific date, but it is addressed to Stephen Rigsby, the National Security Advisor, so was definitely composed during his tenure.  The CSEC, which is the Canadian version of the NSA, if the topic of the memo – specifically how they plan to deal with the potential damage two security systems as a result of the NSA leak.

The memo was previously classified and top-secret, but was obtained by a Canadian newspaper and the contents made public.

CSEC spokesperson Lauri Sullivan said that the agency will continue to review its policies and procedures to make sure that they are both effective and in the best interests of the nation, both of which are top priorities.

What? NSA Data Collection Hasn’t Prevented Terrorist Attacks?

Say it isn’t so!  All the billions of dollars spent on massive data centers and tapping the phones of our allies have done zip to prevent a single attack on American interests anywhere in the world?  Well that’s what had been reported by MSNBC and Business insider, amongst others.

The reports go as far as saying that any national security benefit has been modest at best and that NSA programs were not essential to preventing attack.  This investigation is at direct odds with reports coming from the White House and the president directly.  The rabbit hole continues to get deeper…

The Coming Wave Of Quantum Computers & The NSA

News has recently come out showcasing the NSA’s desire to create a quantum computer in order to crack every existing form of encryption known.  Well that is until quantum computing is available for the companies creating encryption methodologies.  Although it isn’t new information that the NSA has had its beady eyes focus on this objective for a while, it just makes everything all the more creepier given all the recent revelations of their practices.

If you are not familiar with what a quantum computer is in the first place, here is a video from Veritasium that goes over the basics (if you can call it that).  Pay particularly close attention to the 5 minute mark forward and you’ll understand why this form of computer will be perfect to carry out the NSA’s schemes.

Thankfully, they will likely be some years off before attaining their goal. Hopefully…

The NSA And The Supreme Court

aerial-utah-data-centerYou may find this a bit disturbing but did you know that much of the NSA’s public justification for hoarding all of our data comes from a 1979 Supreme Case, Katz v. United States.  It basically states a very loose definition of the “right to privacy” in that when it comes to 4th Amendment issues people should only have a “reasonable” expectation of privacy.  As you can imagine, this leaves the door open to all sorts of abuse.

“The Atlantic” recently put out a great article on that case, as well as others (go here to read it yourself).  In a nutshell, they demonstrate how that law is ridiculously outmoded because technology and tactics have changed so dramatically since then. This is one of the reasons why I believe that there needs to be a single all encompassing statute on privacy that crosses every aspect of our lives and not a patchwork quilt of federal, state, and private regulation and policies (that’s a different story, though).

NSA Hacks The iPhone With A DropoutJeep!?

I’m starting to think that I am in the middle of a James Bond movie or something.  It recently came out that the NSA created a protocol they call DropoutJeep (who the hell names these things anyway…) that allows them to target iPhone users.  That little hack lets them access your phone’s camera and microphone without you knowing! That’s a happy thought…

BGR put out an article a couple of days back that goes into more detail on the depth of this proverbial rabbit hole; go here to check it out.  Apple has subsequently denied any assistance in or knowledge of the governments activity.  Here’s a pretty little chart that shows how it basically work:

NSA's iPhone Hack

Leaked Slides Offer Insight Into Prism Spying

nsa-logoIn the continually developing story of the NSA’s use of its Prism program to broadly collect data, newly released slides show how the program works with Internet companies like Google and Apple to mine users’ information.  The slides, published this week with some redactions in the Washington Post, show a presentation of PRISM’s workflow and details the targeting process, confirming that both the NSA and the FBI have the ability to conduct real-time digital surveillance.

The leaked slides reveal that the surveillance process begins when an analyst gives Prism the task of gathering information about a specific target.  The system then has a built-in stall mechanism, as the program requires permission to target from a supervisor.  This supervisor must determine that there is a “reasonable belief” of threat, at least 51% certainty, as detailed in the slides.  This initial supervisory process appears to be the only human check on the system.

The data collection process then begins with the FBI, using interception units installed at the private companies involved, including Google, Skype, and Apple.  As the Washington Post reports, the FBI “deploys government equipment on private company property to retrieve matching information from a participating company, such as Microsoft or Yahoo, and pass it” on for analysis.  The information can be forwarded without review to the CIA, NSA, or within the FBI.  At this point, based on certain “selector” key words determined by analysts, data like chats and e-mail can be monitored live, with content mined through the service providers.  This data can also include location information, real-time video and voice events over IP addresses, and unique device signatures.

The latest four slides give further detail about the extent and timeline of Internet companies’ involvement with the program.  Microsoft joined first in 2007, followed by Yahoo, Google, Facebook, YouTube, Skype, AOL, and Apple most recently in 2012.  The evidence leak has left some companies scrambling to explain their initial denials of involvement earlier this June.  The companies are currently legally barred from discussing their involvement in the program, although both Google and Microsoft have petitioned for this gag order to be lifted.

The leak reveals that as of April 2013, 117,675 targets were being monitored using the Prism system.  The NSA and other agencies do not need a warrant to use the Prism program to target individuals, as Prism is approved by a court order through the Foreign Intelligence Surveillance Act.  There is no report yet as to how many of those targeted so far have been foreign nationals or American citizens.

The government and intelligence community maintain that the Prism program was built to spy on foreign targets operating outside of the US, but worries about lack of transparency and accountability suggest the potential for “incidental” data mining of the private lives of American citizens.  There are checks against this for stored content, as opposed to live real-time monitoring: towards the end of the process documented in the new slides, the FBI runs the target through its own databases to make sure their information does not match that of any known Americans.  For real-time monitoring, there remains no oversight for American personal data falling into the surveillance net.

The Washington Post reports that these latest slides claim that Prism is the number one source of raw information used today by the NSA.