mandag den 30. september 2013

Recently in NSA - September 30

Inspired by the extremely awesome (run by the also awesome @m_cetera) I'm now quietly introducing a similar (but not nearly as ambitious) feature here - focusing on the NSA-revelations by the whistle-blower Edward Snowden.

If you've been living under a rock for the past few months, you can watch him explain his actions, here:

Here goes:

  • Today (September 30th) is an all-day conference in Lausanne (Switzerland) on privacy and surveillance in the light of the Snowden disclosures. Taking part is - amongst others:
    Here is Guardian Live-blog to follow through-out the day.
  • Glenn Greenwald (@ggreenwald) - who broke the Snowden-story in the Guardian & Jeremy Scahill (@jeremyscahill)- independent journalist of Blackwater + Dirty Wars fame announced that they are teaming up to disclose NSA involvement in the US Assassination program.
    "The connections between war and surveillance are clear. I don't want to give too much away but Glenn and I are working on a project right now that has at its center how the National Security Agency plays a significant, central role in the U.S. assassination program," said Scahill, speaking to moviegoers in Rio de Janeiro, where the documentary based on his book made its Latin American debut at the Rio Film Festival.
    "There are so many stories that are yet to be published that we hope will produce `actionable intelligence,' or information that ordinary citizens across the world can use to try to fight for change, to try to confront those in power," said Scahill.(Full AP article
  • US journalists James Risen (who's being persecuted by the Obama-administration) and Laura Poitras (who's being persecuted by the Obama administration) broke the latest giant Snowden revelation in the New York Times:
    WASHINGTON — Since 2010, the National Security Agency has been exploiting its huge collections of data to create sophisticated graphs of some Americans’ social connections that can identify their associates, their locations at certain times, their traveling companions and other personal information, according to newly disclosed documents and interviews with officials.
    The agency can augment the communications data with material from public, commercial and other sources, including bank codes, insurance information, Facebook profiles, passenger manifests, voter registration rolls and GPS location information, as well as property records and unspecified tax data, according to the documents. They do not indicate any restrictions on the use of such “enrichment” data, and several former senior Obama administration officials said the agency drew on it for both Americans and foreigners. (Full NYT article)

søndag den 29. september 2013

Reflecting on the Snowden disclosures

-->-  Why it isn't JUST about NSA

After the months of Snowden revelations, it's useful to reflect a bit on what we've learned from all this – both from the individual articles in various media outlets around the world - and each single story is truly remarkable, many of them in themselves front-page news, not to mention Pulitzer-prize material – but also, more broadly; what to make of it all, knowing all this.

For the individual stories, Al Jazeera America has put together a good Timeline of Snowden's revelations, beginning with the FISC-order for Verizon to hand over all the call records of its customers and ending with (at time of writing) the Der Spiegel story that reveals that NSA is also spying on financial transactions. It's really worth taking the time to read through it all. (Here)

The sheer scale of Snowden's revelations – however many thousands or ten of thousands of Top Secret documents he liberated from the clutches of the National Security State – is staggering, and for almost each passing day, more stories derived from his source-material are broken somewhere around the world. Most recently India's “The Hindu” newspaper began publishing a series of articles on US snooping on both Indian telecommunications as well as “old fashioned” (albeit very high-tech) spying on Indian diplomatic missions in the US – my hunch is, that this drip-drip-drip spreading of stories will continue for quite a long time and this in itself will lead to a more critical public, more adversarial media that suddenly realized that public opinion is far ahead of the chattering classes on this, more pushback from governments and/or parliaments around the world (in the US congress, interesting things are happening, some of which genuinely are cause for optimism, while some are just typical “damage-control” maneuvers).

But hidden – maybe in plain sight – beneath the fallout from (principally) Greenwald's, Poitras' and Gellman's continuing disclosures of Snowden's documents is this:

NSA isn't everything; maybe NSA in a sense isn't even the most important of the numerous US alphabet soup agencies. (Snowden docs about the US Intelligence Budget released by Gellman in the Washington Post, reveals that contrary to popular belief, the CIA is even more heavily funded than NSA).

Some will argue that this fact makes whatever is revealed about NSA somehow less important (the retort to that should be: very well – I'm looking forward to you securing a comparable trove of documents from a whistleblower within the CIA/NRO/DHS/DIA/whatever).

From where I'm sitting, the real insight (at least so far) from all this is: Capabilities.
What Snowden has risked EVERYTHING for – and what Greenwald & co are running great risks in continuing to reveal - is to let the public know what NSA is CAPABLE of – not just what they themselves are actually doing right now. (And do notice the two qualifiers there: “themselves”, “right now”). When we're talking NSA we're really first and foremost talking capability, architecture & technology, not policy and – as I hope to show – not even law. That said, I should probably clarify: 1) I'm sure that NSA themselves ARE doing horrible stuff – right now, and 2) that of course policy & legal stuff IS really important too.

So, without further ado: Let me introduce the National Counterterrorism Center (NCTC).
You might have heard about them before, if not, they're the US government organization responsible for “national and international counterterrorism efforts”. Pretty vague huh?
Of course they're being overseen by the DNI (headed by James Clapper who is mainly know for lying to congress under oath (or, giving the “least untruthful answers”).

In the summer of 2012, no other than Obamas head of DOJ – Eric Holder – gave the NCTC extremely broad new powers, with regards to using data on Americans.. basically, everything is now on the table – no 4th amendment here.

Here's a flashback, to roughly a year before Snowden stepped forward.

“On March 22, 2012 the Attorney General, the Director of National Intelligence (DNI) and the Director of NCTC issued an update to the 2008 rules for handling information on US persons. These were radical changes (to see how different please check out redline comparison we did between the 2008 and 2012 guidelines).
The biggest change regards the NCTC’s handling of “non-terrorism” related information on US persons. Previously, the intelligence community was barred from collecting information about ordinary Americans unless the person was a terror suspect or part of an actual investigation. When the NCTC gobbled up huge data sets it had to search for and identify any innocent US person information inadvertently collected, and discard it within 180 days. This crucial check meant that NCTC was dissuaded from collecting large databases filled with information on innocent Americans, because the data had to then be carefully screened. The 2012 guidelines eliminate this check, allowing NCTC to collect and “continually assess” information on innocent Americans for up to five years.
Once information is acquired, the new guidelines authorize broad new search powers. As long NCTC says its search is aimed at identifying terrorism information, it may conduct queries that involve non-terrorism data points and pattern-based searches and analysis (data mining).”

“What if a government spy agency had power to copy and data mine information about ordinary Americans from any government database? This could include records from law enforcement investigations, health information, employment history, travel and student records. Literally anything the government collects would be fair game, and the original agency in charge of protecting the privacy of those records would have little say over whether this happened, or what the spy agency did with the information afterward. What if that spy agency could add commercial information, anything it – or any other federal agency – could buy from the huge data aggregators that are monitoring our every move?”(my emphasis) Full article from ACLU

This is quite important. No matter what “safeguards” the NSA say is in place – an no matter what “protections” US citizens might think they have from suspicionless NSA surveillance - whether NSA &; co are lying through their teeth about these safeguards/protections is a totally separate matter. Once the data - ALL of it - is passed along to the NCTC, all of these are out the window.

Now – thanks to Snowden and a few very hardworking journalists, we begin to see, just what “any government database” includes. Apart from what is mentioned in the quote above, here's a quick list of things we now KNOW NSA is collecting:

  • Telephone call records of just about everyone – read here if you still don't know why collecting metadata is truly troubling (also: metadata in aggregate IS content – h/t Jake Appelbaum)
  • Just about everything everybody does online; IP- addresses, history of visited websites, internet-searches, e-mails, chat logs, social media activity, Skype/VoIP etc.
  • Data from GPS/TomTom devices, billing records and bank records

Further, I think that given - among other things – the response from head of NSA Keith Alexander when Senator Ron Wyden demanded to know if they're collection geo-locations in bulk from cell-phones: Not under THIS program (note: he was answering under oath) that it's safe to say, that they are indeed collection location data from cell-phones, both in domestically and abroad. See the whole exchange here:

This is probably still just the tip of the iceberg (think: Trapwire/CIA/private Intel companies/biometric data) – and sometimes the devil ISN'T in the detail – but in the aggregate.

Ex-NSA whistle-blower Bill Binney told us (pre-Snowden) that NSA is building profiles/social graphs on US citizens that tells all there is to know about a person:

“Unfortunately, once the software takes in data, it will build profiles on everyone in that data,” he said. “You can simply call it up by the attributes of anyone you want and it’s in place for people to look at.”(Article from Wired)

Just today, this was confirmed by LauraPoitras & James Risen in the New York Times, using documents provided by Edward Snowden:

“The agency can augment the communications data with material from public, commercial and other sources, including bank codes, insurance information, Facebook profiles, passenger manifests, voter registration rolls and GPS location information, as well as property records and unspecified tax data, according to the documents. They do not indicate any restrictions on the use of such “enrichment” data, and several former senior Obama administration officials said the agency drew on it for both Americans and foreigners.”

This of course is bad enough in and by itself – and again, the real point is capabilities; the reality is, that no matter if the current administration of the National Security State is packed with rainbow-shitting angels, this IS – in the words of Bill Binney - turnkey totalitarianism; or as another incredibly brave NSA whistle-blower put it: a “pre-fascist society”  (Thomas Drake).

But back to the ACLU:

“Perhaps most disturbing, once information is gathered (not necessarily connected to terrorism), in many cases it can be shared with “a federal, state, local, tribal, or foreign or international entity, or to an individual or entity not part of a government” – literally anyone. That sharing can happen in relation to national security and safety, drug investigations, if it’s evidence of a crime or to evaluate sources or contacts. This boundless sharing is broad enough to encompass disclosures to an employer or landlord about someone who NCTC may think is potentially a criminal, or at the request of local law enforcement for vetting an informant.” (please do read the full article from the ACLU)

So, no matter what rules the NSA themselves operates under, they're sucking up ALL data on everybody, all the time – and passing it on to NCTC who are free to do whatever the hell they want with it, including sharing it with absolutely anybody – including foreign powers and individuals(?!?!?) not part of government... without any oversight.

Oh – and the NCTC (by pure chance of course) is also the entity who's busy making lists for Obama's Terror Tuesday TM meetings, where he decides who should be drone-killed/bombed/kill-team'ed without any due process:

The "disposition matrix" has been developed and will be overseen by the National Counterterrorism Center (NCTC). One of its purposes is "to augment" the "separate but overlapping kill lists" maintained by the CIA and the Pentagon: to serve, in other words, as the centralized clearinghouse for determining who will be executed without due process based upon how one fits into the executive branch's "matrix". (Fantastic pre-Snowden article by Glenn Greenwald)

Good night – and good luck.
/More Later