Share This

Showing posts with label National Security Agency. Show all posts
Showing posts with label National Security Agency. Show all posts

Thursday 20 March 2014

NSA's secret MYSTIC system is capable recording 100% of foreign country's telephone calls



WASHINGTON, D.C. – The United States National Security Agency has built a surveillance system capable of recording “100 percent” of a foreign country’s telephone calls, enabling the agency to rewind and review conversations as long as a month after they take place, according to people with direct knowledge of the effort and documents supplied by former contractor Edward Snowden.

A senior manager for the program compares it to a time machine – one that can replay the voices from any call without requiring that a person be identified in advance for surveillance.

 http://wapo.st/1gyqVaz

The voice interception program, called MYSTIC, began in 2009. Its RETRO tool, short for “retrospective retrieval,” and related projects reached full capacity against the first target nation in 2011. Planning documents two years later anticipated similar operations elsewhere.

In the initial deployment, collection systems are recording “every single” conversation nationwide, storing billions of them in a 30-day rolling buffer that clears the oldest calls as new ones arrive, according to a classified summary.

The call buffer opens a door “into the past,” the summary says, enabling users to “retrieve audio of interest that was not tasked at the time of the original call.” Analysts listen to only a fraction of 1 percent of the calls, but the absolute numbers are high. Each month, they send millions of voice clippings, or “cuts,” for processing and long-term storage.

At the request of U.S. officials, The Washington Post is withholding details that could be used to identify the country where the system is being employed or other countries where its use was envisioned.

No other NSA program disclosed to date has swallowed a nation’s telephone network whole. Outside experts have sometimes described that prospect as disquieting but remote, with notable implications for a growing debate over the NSA’s practice of “bulk collection” abroad.

Bulk methods capture massive data flows “without the use of discriminants,” as President Barack Obama put it in January. By design, they vacuum up all the data they touch – meaning that most of the conversations collected by RETRO would be irrelevant to U.S. national security interests.

In the view of U.S. officials, however, the capability is highly valuable.

In a statement, Caitlin Hayden, spokeswoman for the National Security Council, declined to comment on “specific alleged intelligence activities.” Speaking generally, she said “new or emerging threats” are “often hidden within the large and complex system of modern global communications, and the United States must consequently collect signals intelligence in bulk in certain circumstances in order to identify these threats.”

NSA spokeswoman Vanee Vines, in an emailed statement, said that “continuous and selective reporting of specific techniques and tools used for legitimate U.S. foreign intelligence activities is highly detrimental to the national security of the United States and of our allies, and places at risk those we are sworn to protect.”

Some of the documents provided by Snowden suggest that high-volume eavesdropping may soon be extended to other countries, if it has not been already. The RETRO tool was built three years ago as a “unique one-off capability,” but last year’s secret intelligence budget named five more countries for which the MYSTIC program provides “comprehensive metadata access and content,” with a sixth expected to be in place by last October.

The budget did not say whether the NSA now records calls in quantity in those countries, or expects to do so. A separate document placed high priority on planning “for MYSTIC accesses against projected new mission requirements,” including “voice.”

Ubiquitous voice surveillance, even overseas, pulls in a great deal of content from U.S. citizens who telephone, visit and work in the target country. It may also be seen as inconsistent with Obama’s Jan. 17 pledge “that the United States is not spying on ordinary people who don’t threaten our national security,” regardless of nationality, “and that we take their privacy concerns into account.”

In a presidential policy directive, Obama instructed the NSA and other agencies that bulk acquisition may be used only to gather intelligence on one of six specified threats, including nuclear proliferation and terrorism. The directive, however, also noted that limits on bulk collection “do not apply to signals intelligence data that is temporarily acquired to facilitate targeted collection.”

The emblem of the MYSTIC program depicts a cartoon wizard with a telephone-headed staff. Among the agency’s bulk collection programs disclosed over the past year, its focus on the spoken word is unique. Most of the programs have involved the bulk collection of either metadata – which does not include content – or text, such as email address books.

Telephone calls are often thought to be more ephemeral and less suited than text for processing, storage and search. Indeed, there are indications that the call-recording program has been hindered by the NSA’s limited capacity to store and transmit bulky voice files.

In the first year of its deployment, a program officer wrote that the project “has long since reached the point where it was collecting and sending home far more than the bandwidth could handle.”

Because of similar capacity limits across a range of collection programs, the NSA is leaping forward with cloud-based collection systems and a gargantuan new “mission data repository” in Utah. According to its overview briefing, the Utah facility is designed “to cope with the vast increases in digital data that have accompanied the rise of the global network.”

Christopher Soghoian, the principal technologist for the American Civil Liberties Union, said history suggests that “over the next couple of years they will expand to more countries, retain data longer and expand the secondary uses.”

Spokesmen for the NSA and the Office of Director of National Intelligence James Clapper declined to confirm or deny expansion plans or discuss the criteria for any change.

Based on RETRO’s internal reviews, the NSA has strong motive to deploy it elsewhere. In the documents and interviews, U.S. officials said RETRO is uniquely valuable when an analyst first uncovers a new name or telephone number of interest.

With up to 30 days of recorded conversations in hand, the NSA can pull an instant history of the subject’s movements, associates and plans. Some other U.S. intelligence agencies also have access to RETRO.

Highly classified briefings cite examples in which the tool offered high-stakes intelligence that would not have existed under traditional surveillance programs in which subjects were identified for targeting in advance. Unlike most of the government’s public claims about the value of controversial programs, the briefings supply names, dates, locations and fragments of intercepted calls in convincing detail.

Present and former U.S. officials, speaking on the condition of anonymity to provide context for a classified program, acknowledged that large numbers of conversations involving U.S. citizens would be gathered from the country where RETRO operates.

The NSA does not attempt to filter out their calls, defining them as communications “acquired incidentally as a result of collection directed against appropriate foreign intelligence targets.”

Until about 20 years ago, such incidental collection was unusual unless a U.S. citizen was communicating directly with a foreign intelligence target. In bulk collection systems, which are exponentially more capable than the ones in use throughout the Cold War, calls and other data from U.S. citizens and permanent residents are regularly ingested by the millions.

Under the NSA’s internal “minimization rules,” those intercepted communications “may be retained and processed” and included in intelligence reports. The agency generally removes the names of U.S. callers, but there are several broadly worded exceptions.

An independent group tasked by the White House to review U.S. surveillance policies recommended that incidentally collected U.S. calls and emails – including those obtained overseas – should nearly always “be purged upon detection.” Obama did not accept that recommendation.

Vines, in her statement, said the NSA’s work is “strictly conducted under the rule of law.”

RETRO and MYSTIC are carried out under Executive Order 12333, the traditional grant of presidential authority to intelligence agencies for operations outside the United States.

Since August, Sen. Dianne Feinstein, D-Calif., the chairman of the Senate Intelligence Committee, and others on that panel have been working on plans to assert a greater oversight role for intelligence gathering abroad. Some legislators are now considering whether Congress should also draft new laws to govern those operations.

Experts say there is not much legislation that governs overseas intelligence work.

“Much of the U.S. government’s intelligence collection is not regulated by any statute passed by Congress,” said Timothy H. Edgar, the former director of privacy and civil liberties on Obama’s national security staff. “There’s a lot of focus on the Foreign Intelligence Surveillance Act, which is understandable, but that’s only a slice of what the intelligence community does.”

All surveillance must be properly authorized for a legitimate intelligence purpose, he said, but that “still leaves a gap for activities that otherwise basically aren’t regulated by law because they’re not covered by FISA.”

Beginning in 2007, Congress loosened 40-year-old restrictions on domestic surveillance because so much foreign data crossed U.S. territory. There were no comparable changes to protect the privacy of U.S. citizens and residents whose calls and emails now routinely cross international borders.

Vines noted that the NSA’s job is to “identify threats within the large and complex system of modern global communications,” where ordinary people share fiber-optic cables with legitimate intelligence targets.

For Peter Swire, a member of the president’s review group, the fact that U.S. citizens and foreigners use the same devices, software and networks calls for greater care to safeguard privacy.

“It’s important to have institutional protections so that advanced capabilities used overseas don’t get turned against our democracy at home,” he said.

© 2014, The Washington Post/http://www.ticotimes.net

Related post:

Sunday 23 June 2013

No privacy on the Net !

Revelations about PRISM, a US government program that harvests data on the Internet, has sparked concerns about privacy and civil rights violations. But has there ever been real privacy and security on the WWW?

 Demonstrators hold posters during a demonstration against the US Internet surveillance program of the NSA, PRISM, at Checkpoint Charlie in Berlin, Germany, ahead of US President Barack Obama’s visit to the German capital.

IMAGINE a time before email, when all your correspondence was sent through the post. How would you feel if you knew that somebody at the post office was recording the details of all the people you were corresponding with, “just in case” you did something wrong?

I think quite a few of you would be upset about it.

Similarly, some Americans are furious over revelations made about a system called PRISM. In the last few weeks, an allegation has been made that the US government is harvesting data on the Internet by copying what travels through some of its Internet Service Providers.

The US Director of National Intelligence has said that PRISM “is not an undisclosed collection or data mining program”, but its detractors are not convinced that this doesn’t mean no such program exists.

I think there are mainly two kinds of responses to this revelation: “Oh my God!” and “What took them so long?”.

The Internet has never really been secure. Because your data usually has to travel via systems owned by other people, you are at their mercy as to what they do with it. The indications are that this is already being done elsewhere.

Countries such as China, India, Russia, Sweden and the United Kingdom allegedly already run similar tracking projects on telecommunications and the Internet, mostly modelled on the US National Security Agency’s (unconfirmed) call monitoring programme. For discussion, I’ll limit myself for the moment to just emails – something that most people would recognise as being private and personal.

I find many people are surprised when I tell them that sending email over the Internet is a little bit like sending your message on a postcard. Just because you need a password to access it, doesn’t mean it’s secure during transmission.

The analogy would be that your mailbox is locked so only you can open it, but those carrying the postcard can read it before it reaches its final destination. Of course, there are ways to mitigate this. One has to be careful about what one put in emails in the first place. Don’t send anything that would be disastrous if it were forwarded to someone else without your permission.

You could also encrypt your email, so only the receiver with the correct password or key could read it, but this is difficult for most end users to do. (For those interested in encrypting emails, I would recommend looking at a product called PGP.)

The analogy holds up for other Internet traffic. It’s easy to monitor, given enough money and time. And as easy as it is for the Good Guys to try to monitor the Bad Guys, it’s just as easy for the Bad Guys to monitor us hapless members of the public.

But who do we mean by the Bad Guys? Specifically, should the government and law-enforcement agencies be categorised as ‘Bad Guys’ for purposes of privacy? Generally, the line oft quoted is “if you have nothing to hide, then you have nothing to worry about”.

Yet, I think we all accept that there should be a fundamental right to privacy, for everybody from anybody. An interesting corollary to being able to express your thoughts freely is that you should also be able to decide when and how you make them public.

The fault in relying on organisations that say “trust us” isn’t in the spirit of their objectives, but in how the humans in them are flawed in character and action.

An example quoted regularly at the moment is how the FBI collected information about Martin Luther King because they considered him the “most dangerous and effective Negro leader in the country”.

One way of defining the boundaries are by codifying them in laws. For example, the Malaysian Personal Data Protection Act prohibits companies from sharing personal data with third parties without the original owner’s consent.

However, this law explicitly does not apply to the federal and state governments of Malaysia. Another clause indicates that consent is not necessary if it is for the purpose of “administration of justice”, or for the “exercise of any functions conferred on any person by or under any law”.

In relation to the revelations of PRISM, several questions come to mind: Can Internet traffic (or a subset of it) be considered “personal data”? Is it possible for government agencies to collect and store such data without your consent?

And if so, what safeguards are there to ensure that this personal data is accurate, is used correctly and is relevant for storage in the first place?

This should be a sharp point of debate, not just in terms of which of our secrets the government can be privy to, but also of which of the government’s information should be readily accessible by us.

True, there is so much data out there that analysing it is not a trivial task. However, companies such as Google are doing exactly that kind of work on large volumes of unstructured data so that you can search for cute kittens. The technology is already on its way.

Perhaps I am being over-cautious, but it seems a bit fantastical that people can know your deepest and darkest secrets by just monitoring a sequence of 1’s and 0’s. But, to quote science fiction author Phillip K. Dick, “It’s strange how paranoia can link up with reality now and then”.

Contradictheory
By DZOF AZMI

> Logic is the antithesis of emotion but mathematician-turned-scriptwriter Dzof Azmi’s theory is that people need both to make sense of life’s vagaries and contradictions. Speak to him at star2@thestar.com.my.

Related post:

US Spy Snowden Says U.S. Hacking China Since 2009

Monday 17 June 2013

Upset over US cyber spying!

There are increasingly strong reactions to revelations that United States agencies are spying on Internet use by Americans and foreigners as well as planning cyber actions on foreign targets.

 
Weekend News Round-up: US cyber spying whistle-blower revealed; is Snapchat worth US$1bn?

THE revelations of data collection on a massive scale by the United States’ security agencies of details of telephone calls and Internet use of its citizens and foreigners are having reverberations around the world.

Much of the responses have been on the potential invasion of privacy of individuals not only in the United States but anywhere in the world who use US-based Internet servers.

Also revealed is a US presidential directive to security agencies to draw up a list of potential overseas targets for US cyber-attacks.

This lays the Unites States open to charges of double standards and hypocrisy: accusing other countries of engaging in Internet snooping or hacking and cyber warfare, when it has itself established the systems to do both on a mega scale.

The revelations, published in the Guardian and Wall Street Journal, and based on a leak by a former US intelligence official, include that US security agencies have access to telephone data of Verizon Communications, AT&T and Sprint Nextel, as well as from credit card transactions.

They also can access data from major Internet companies – Google, Yahoo, Microsoft, Facebook, AOL, Apple, PalTalk, Skype and YouTube—under the Prism surveillance programme.

Millions of Internet users around the world use the servers or web-based services of the companies mentioned.

Two American citizen groups, the American Civil Liberties Union (ACLU) and the New York Civil Liberties Union, have filed a lawsuit against the US administration.

“Those programmes constitute unreasonable intrusions into American’s private lives that’s protected by the Fourth Amendment (on search and seizure),” said Brett Kaufman of the ACLU, as quoted by IPS news agency.

Governments and people outside the United States are equally upset, or more so, that they apparently are also covered by the massive US surveillance programme.

The European Union’s commissioner of justice Viviane Reding has written to the US attorney general asking if European citizens’ personal information had been part of the intelligence gathering, and what avenues are available for Europeans to find out if they had been spied on.

In China, commentators and opinion makers are citing double standards on the part of the United States.

An article in the China Daily commented that the massive US global surveillance programme as revealed is certain to stain Washington’s overseas image and test developing China-US ties.

An editorial in another Chinese paper, Global Daily, stated: “China needs to seek an explanation from Washington.

“We are not bystanders. The issue of whether the United States as an Internet superpower has abused its powers touches on our vital interests directly.”

In their summit last week in California, United States President Barack Obama reportedly pressed Chinese President Xi Jinpeng to curb cyber-spying by Chinese agencies and companies.

The breaking news about the United States snooping on Internet users must have caused some discomfort to Obama when bringing up this issue.

A Chinese Foreign Ministry spokesperson last week reiterated that “China is also a victim to the most sophisticated cyber hacking”.

Though less publicised, a part of the leaks published in the Guardian, was a 18-page directive from President Obama to his security and intelligence officials to draw up a list of potential overseas targets for US cyber-attacks.

The October 2012 directive states that what it calls Offensive Cyber Effects Operations (OCEO) “can offer unique and unconventional capabilities to advance US national objectives around the world with little or no warning to the adversary or target and with potential effects ranging from subtle to severely damaging”, according to the June 7 Guardian article by Glenn Greenwald and Ewen MacAskill.

The directive says the government will “identify potential targets of national importance where OCEO can offer a favorable balance of effectiveness and risk as compared with other instruments of national power”.

The aim of the document was “to put in place tools and a framework to enable government to make decisions” on cyber actions, a senior administration official told the Guardian.

Obama’s move to establish a potentially aggressive cyber warfare doctrine will heighten fears over the increasing militarisation of the Internet, comments the Guardian article.

It adds that the United States is understood to have already participated in at least one major cyber attack, the use of the Stuxnet computer worm targeted on Iranian uranium enrichment centrifuges, the legality of which has been the subject of controversy.

In the presidential directive, the criteria for offensive cyber operations in the directive is not limited to retaliatory action but vaguely framed as advancing “US national objectives around the world”.

Obama further authorised the use of offensive cyber attacks in foreign nations without their government’s consent whenever “US national interests and equities” require such non-consensual attacks. It expressly reserves the right to use cyber tactics as part of what it calls “anticipatory action taken against imminent threats”.

The Guardian commented: “The revelation that the US is preparing a specific target list for offensive cyber-action is likely to reignite previously raised concerns of security researchers and academics, several of whom have warned that large-scale cyber operations could easily escalate into full-scale military conflict.”

Meanwhile, UN Human Rights Council’s Special Rapporteur Frank La Rue issued a report on June 4 on the increasing use of surveillance, warning that unfettered state access to surveillance technologies could compromise human rights to privacy and freedom of expression, as protected by the Universal Declaration of Human Rights and the International Covenant on Civil and Political Rights (ICCPR).

The report warned too against the use of “an amorphous concept of national security” as a reason to invade people’s rights to privacy and freedom of expression, arguing that such an invasion potentially “threatens the foundations of a democratic society”.

Global Trends
By MARTIN KHOR

Related posts:
US Spy Snowden Says U.S. Hacking China Since 2009 
New China-US relationship can avoid past traps 
Xi-Obama summit aims to boost ties, aspirations between China and USA 

Sunday 16 June 2013

US Spy Snowden Says U.S. Hacking China Since 2009

Support: Protesters shout slogans in support of former US spy Edward Snowden as march to the US consulate in Hong Kong

Video:
Director Robert Mueller says Edward Snowden has caused damage to national security.
http://www.dailymail.co.uk/news/article-2341451/Whistleblower-Edward-Snowden-smuggled-secrets-everyday-thumb-drive-banned-NSA-offices.html

 
The United States has hacked hundreds of Chinese civilians since 2009. But its favored hacking technique isn't to target individual PCs via advanced persistent threat (APT) attacks, in the manner of the Chinese military. Instead, it prefers to compromise foreign network backbones, thus potentially gaining access to hundreds of thousands of systems at once. 

 That revelation was delivered by whistle-blower Edward Snowden, until recently a contractor for the National Security Agency. He emerged from hiding Wednesday to grant an interview to Hong Kong's South China Morning Post.

"We hack network backbones -- like huge Internet routers, basically -- that give us access to the communications of hundreds of thousands of computers without having to hack every single one," he told the Post.

According to NSA documents reviewed by the Post, which haven't been verified, targets of the NSA's Prism program have included computers in both mainland China and Hong Kong. People targeted included systems at Hong Kong's Chinese University, as well as government officials, businesses and students in the region. But the Post reported that the program didn't appear to target Chinese military systems.

 [ Security standoff at recent U.S.-China summit: Read U.S.-Chinese Summit: 4 Information Security Takeaways. ]
 
According to Snowden, he learned of at least 61,000 such NSA hacking operations globally. The Post didn't specify whether those operations all allegedly occurred since 2009.

Why go public with the NSA's alleged hacking campaign? Snowden said he wanted to highlight "the hypocrisy of the U.S. government when it claims that it does not target civilian infrastructure, unlike its adversaries."

"Not only does it do so, but it is so afraid of this being known that it is willing to use any means, such as diplomatic intimidation, to prevent this information from becoming public," he said.

Snowden first arrived in Hong Kong May 20, and said that the choice of venue wasn't accidental. "People who think I made a mistake in picking Hong Kong as a location misunderstand my intentions. I am not here to hide from justice, I am here to reveal criminality," he said, noting that he planned to stay until "asked to leave." Noting that the U.S. government had already been "bullying" Hong Kong authorities into extraditing him, Snowden said that he would legally fight any such attempt.

How will Hong Kong handle Snowden's case? "We can't comment on individual cases," Hong Kong's chief executive, Leung Chun-ying, told Bloomberg Wednesday. "We'll handle the case according to our law."

Hong Kong is a special administrative region of China, and Beijing could influence the government's legal thinking. But when asked in a Thursday press conference if the Chinese government had received any requests from Washington related to Snowden's case, Hua Chunying, a spokeswoman for China's foreign ministry, said only: "We have no information to offer," reported The Hindu in India.

Snowden previously said he would prefer to "seek asylum in a country with shared values," and named Iceland. Asked to respond to a spokesman for Russian president Vladimir Putin recently saying that were Snowden to apply for asylum in his country, authorities would consider his request, Snowden replied: "My only comment is that I am glad there are governments that refuse to be intimidated by great power."

Snowden said he hadn't contacted his family since leaving the country, but feared for both their safety as well as his own. He also appeared disinclined to glorify what he'd done. "I'm neither traitor nor hero. I'm an American," he said. "I believe in freedom of expression. I acted in good faith but it is only right that the public form its own opinion."

How has China reacted to Snowden's revelations that the NSA is spying on the Chinese? Chinese foreign ministry spokewoman Hua said in a regular press conference Thursday that the government has been following the revelations of NSA monitoring detailed by Snowden, and she repeated calls from the Chinese government -- agreed to in principle at last week's U.S.-China summit in California -- to launch a cybersecurity working group to increase "dialogue, coordination and cooperation" between the two countries.

"We also think adoption of double standards," she said, "will bring no benefit to settlement of the relevant issue."

By  Mathew J. Schwartz
IT finally has its security priorities right, our annual survey shows. Also in the new, all-digital Strategic Security issue of InformationWeek: Five counterintuitive insights on innovation from our recent CIO Summit.

Related posts:
New China-US relationship can avoid past traps 
Xi-Obama summit aims to boost ties, aspirations between China and USA  

Rightways