Category Archives: NSA

Richard Ledgett became deputy director in 2014 after spending a year leading the investigation of Edward Snowdens surveillance leaks. | AP Photo

By Eric Geller

02/03/17 06:27 PM EST

Updated 02/04/17 11:34 AM EST

The No. 2 official at the NSA will soon leave his post, the agency confirmed today.

NSA Deputy Director Richard Ledgett has announced his plans to retire in the spring, an NSA spokesman told POLITICO.

Story Continued Below

It has been anticipated years of service to the nation, spokesman Michael Halbig said in an email.

The agency did not explain the timing of Ledgett's decision, including whether it is related to the advent of the Trump administration.

George Barnes will replace Ledgett, according to several people familiar with the decision. Barnes has worked in several capacities at the the NSA, including as director of Workforce and Support Activities.

Ledgett became deputy director in 2014 after spending a year leading the investigation of Edward Snowdens surveillance leaks. Prior to that, he headed the agencys Threat Operations Center from 2012 to 2013.

Ledgett joined the NSA in 1988.

April Doss, who served as associate general counsel for intelligence law at the NSA from 2003 to 2016, said Ledgetts departure would be keenly felt at NSA headquarters in Fort Meade, Md., and throughout Washington.

I am surprised to hear that hes stepping down, she said. Its going to be a huge loss for the intelligence community.

After Snowdens leaks sent the NSA scrambling to respond, Ledgett became one of the public faces of its public-relations operation.

He granted a rare interview to CBSs 60 Minutes to discuss the secretive agencys mission and even appeared remotely at a TED conference a few days after Snowden did the same.

Susan Hennessey, a former NSA attorney, "it's hard to know what to make" of Ledgett's departure.

"Certainly, Ledgett has been a sort of 'canary in the coal mine' for people concerned about NSA under [President] Donald Trump," she told POLITICO in an email. "He is universally recognized as someone who has served with a great deal of integrity. So the fact that he was the deputy director was some reassurance; nothing bad was going to happen on his watch."

Continued here:
NSA deputy director resigning this spring - Politico

After a never-before-seen group announced it was in possession of a trove of malware developed by the elite hacking arm of the National Security Agency early this week, professional security researchers began working to try and determine whether the code the group released was truly developed by the NSA.

Working off of hints they found in the code, which was released by a group calling itself the Shadow Broker, researchers guessed it was authenticbut new documentation straight from the source appears to confirm the codes provenance.

According to NSA documents obtained by Edward Snowden and reviewed by The Intercept, several elements in the released code line up with details in the agencys own manuals and materials.

One manual, for example, instructs agents to use a specific 16-character string, ace02468bdf13579, to track a certain strain of government-developed malware as it makes its way through networks. That string shows up character-for-character in one of the leaked hacking tools, SECONDDATE.

The tool allows the NSA to execute man-in-the-middle attacks, which intercept traffic on a network as its traveling from its origin to its destination. The agency used it to redirect users who think theyre browsing safe websites to NSA-run servers that infect their computers with malwareand then back to their destination before they know what happened. In a slide deck, the NSA used cnn.com as an example of the sort of site it could exploit to deliver its malicious code.

The documents released by The Intercept reveal that SECONDDATE has been used to spy on systems in Pakistan and in Lebanon, where it gained access to data belonging to Hezbollah.

Its still not clear how the tools leaked from the NSA. Snowden speculated on Twitter that the tools could have been found on a server it used to infect a target, but former NSA staffers interviewed by Motherboard said the leak could be the work of a rogue insider, claiming that some of the files in the leak would never had made it to an outside server.

See the article here:
Confirmed: The NSA Got Hacked - The Atlantic

When Bill Binney, former NSA analyst and head of the anti-terror ThinThread metadata program sits in front of you and says he is not afraid of the government, you have to admire him. A wheel-chair-bound U.S. serviceman who rose in the ranks of intelligence to work in top-secret NSA programs, Binney created ThinThread prior to September 11, 2001, and says it mathematically broke down all phone communications anywhere in the world without any infringement on Constitutional rights. Identities were protected, except in suspected terrorism cases, and the program was self-running. More important, it worked.

In A Good American, the new documentary from executive producer Oliver Stone and director Friedrich Moser, audiences are taken on a tense and frightening ride through Binney and his colleagues experience developing and deploying ThinThread in tests, only to see its funding pulled just weeks before 9/11 in favor of an expensive and ineffective but job-creating program called TrailBlazer, which the NSA preferred. Binney contends that ThinThread would have identified the terrorists who planned and executed the 9/11 terror attacks, thereby preventing them from occurring. Understandably, he remains disappointed and angry about this, all these years later.

The docu-thriller is a candid portrait of how exploding information in the digital age found government agencies both behind the technology of terrorism and struggling to keep current. When Binney and his small team developed ThinThread, it was an effort to help the NSA be attentive to the code-breaking needs of the modern era. ThinThread represented a home run for intelligence: Itwas highly effective at sorting data and protecting privacy, two huge challenges of working with large amounts of small bits of information. But when ThinThreads plug was pulled, Binney and his team challenged their NSA bosses, and in the process found themselves at odds with the U.S. government and in a complex web of lies and corruption. Thus, when Binney said he remains unafraid of possible repercussions or retaliation tied to the films thesis, its not hard to believe. What else can they do to me? he asks. Theyve already tried everything to stop me.

Read more:
WATCH: The real beautiful mind belongs to Bill Binney, NSA whistleblower and metadata czar - Salon

An illustration from a government document. DIA/Public Domain

A versionof this storyoriginally appearedonMuckrock.comandGlomar Disclosure.

Last week, we looked at the early days of the CIAs foray into extrasensory espionage. Today well be following up with the veterans of the NSAs psychic wars, which they foresaw being waged well into the 90s and beyond.

The NSA document, dated from early 1981, calls for a number of steps to be taken, including identifying the potential for mind control.

Once the individuals had been identified, the Agency wanted to create cadres of talented synergized gifted people for special problem solving tests. However, the NSA was afraid that these people could be hard to control Consciousless [sic] or morbid people of talent must be strictly screened out of active programs because of the danger of severe mental illness and unscrupulous violation of security.

Beyond personnel available to the NSA, the Agency wanted to build a database of psychics around the world.

Additional NSA documents, produced by the government later in the year after MKULTRA had been shut down and all mind control programs had been disavowed, show the governments continued interest in researching mind control techniques, no matter how esoteric they seemed.

A number of predictions were made about the development of psychic warfare, including that subconscious mind control through telepathy would be possible by 1990. The report concluded grimly that there is no known countermeasure to prevent such applications.

At least one prediction came true - CREST documents show psychic trials still being performed as late as 1992.

The rest of the NSAs guidelines can be read here.

Link:
When the NSA Thought Mind Control Would Be an Actual Military Concern - Atlas Obscura

Richard Ledgett, deputy director of the National Security Agency, has announced he will retire this spring, the agency confirmed to CyberScoop Friday.

Ledgett, 59, has been deputy director the agencys top civilian since January 2014, when he succeeded Chris Inglis. Prior to that, according to his official biography,He led the NSA Media Leaks Task Force responsible for integrating and overseeing the totality of NSAs efforts surrounding the Ed Snowden megaleaks.

Ledgett joined the NSAin 1988 and and rose to be, during 2012-13, director of the agencysThreat Operations Center, the famed NTOC. Before that, he served a a stint 2010-12 in various posts in the Office of the Director of National Intelligence, including being the the first national intelligence manager for cyber.

He is a recipient of the National Intelligence Superior Service Medal and was for a time an instructor andand course developer at the National Cryptologic School.

It has been anticipated that he would retire in 2017 and he decided the time is right this spring after nearly 40 years of service to the nation, the agency said in an emailed statement.

Last year, Ledgett presented a gloomy picture of the connected future, warning about the dangers of the Internet of Things. Hetoldthe U.S. Chamber of Commerces 5th Annual Cybersecurity Summit that theconnection to our networks of hundreds of thousands, maybe millions, ofinternet-connecteddevices that come from multiple vendors and havediffering software and hardware upgrade paths without a coherent security plan means that there are vulnerabilities[created]in those networks.

Read more here:
NSA's No. 2, its top civilian, will retire shortly - CyberScoop

With weeks to go in his tenure, President Obama on Friday moved to end the controversial dual-hat arrangement under which the National Security Agency and the nations cyberwarfare command are headed by the same military officer.

It is unclear whether President-elect Donald Trump will support such a move. A transition official, who spoke on the condition of anonymity to discuss the next administrations plans, said only that cybersecurity has been and will be a central focus of the transition effort.

Pressure had grown on Obama to make such a move on the grounds that the two jobs are too large for one person to handle, that the two organizations have fundamentally different missions and that U.S. Cyber Command, or Cybercom, needed its own leader to become a full-fledged fighting force.

[Obama to be urged to split cyberwar command from NSA

While the dual-hat arrangement was once appropriate in order to enable a fledgling Cybercom to leverage NSAs advanced capabilities and expertise, Cybercom has since matured to the point where it needs its own leader, Obama said in a statement accompanying his signing of the 2017 defense authorization bill.

Cybercoms mission is, when ordered, to disrupt and destroy adversaries networks. It is also to defend the nation against incoming threats to critical systems and to protect the militarys computers from cyberattack.

The NSA also has a defensive mission to protect the governments classified networks but is better known for its role in conducting electronic spying on overseas targets to gather intelligence on adversaries and foreign governments.

Cybercom, established in 2009 inside the NSA headquarters at Fort Meade, Md., has long depended on the spy agencys capabilities. NSA and Cybercom personnel sit side by side and use the same networks that were built by the NSA.

The two organizations should have separate leaders who are able to devote themselves to each organizations respective mission and responsibilities, but should continue to leverage the shared capabilities and synergies developed under the dual-hat arrangement, Obama wrote.

Defense Secretary Ashton B. Carter and Director of National Intelligence James R. Clapper Jr. earlier recommended to Obama that the two organizations have separate heads.

Obama had been on the verge of ending the dual-hat leadership in late 2013 but was persuaded to hold off when senior officials, including the NSAs director at the time, Army Gen. Keith B. Alexander, argued that the two agencies needed one leader to ensure that the NSA did not withhold resources from Cybercom.

Others, including a presidential review commission, recommended that each of the two groups have its own leader and that the NSA director be a civilian. Since its inception in 1952, the NSA has been led by military officers.

The bill that Obama signed bars the splitting of the leadership role until the defense secretary and the chairman of the Joint Chiefs of Staff jointly certify that to do so would not diminish Cybercoms effectiveness.

Obama took a swipe at Congress for imposing that requirement on him.

The Congress ... should not place unnecessary and bureaucratic administrative burdens and conditions on ending the dual-hat arrangement at a time when the speed and nature of cyber threats requires agility in making decisions about how best to organize and manage the nations cyber capabilities, he wrote.

Obama said that the Pentagon and the Office of the Director of National Intelligence have planned a phased transition during which the NSA can continue to provide vital operational support to Cybercom.

Original post:
Obama moves to split cyberwarfare command from the NSA

Click here for more on NSA Surveillance

What if it emerged that the President of the United States was flagrantly violating the Constitution and a law passed by the Congress to protect Americans against abuses by a super-secret spy agency? What if, instead of apologizing, he said, in essence, "I have the power to do that, because I say I can." That frightening scenario is exactly what we are now witnessing in the case of the warrantless NSA spying ordered by President Bush that was reported December 16, 2005 by the New York Times.

According to the Times, Bush signed a presidential order in 2002 allowing the National Security Agency to monitor without a warrant the international (and sometimes domestic) telephone calls and e-mail messages of hundreds or thousands of citizens and legal residents inside the United States. The program eventually came to include some purely internal controls - but no requirement that warrants be obtained from the Foreign Intelligence Surveillance Court as the 4th Amendment to the Constitution and the foreign intelligence surveillance laws require.

In other words, no independent review or judicial oversight.

That kind of surveillance is illegal. Period.

The day after this shocking abuse of power became public, President Bush admitted that he had authorized it, but argued that he had the authority to do so. But the law governing government eavesdropping on American citizens is well-established and crystal clear. President Bush's claim that he is not bound by that law is simply astounding. It is a Presidential power grab that poses a challenge in the deepest sense to the integrity of the American system of government - the separation of powers between the legislative and executive branches, the concept of checks and balances on executive power, the notion that the president is subject to the law like everyone else, and the general respect for the "rule of law" on which our democratic system depends.

The ACLU ran the following advertisement in the December 29, 2005 edition of The New York Times:

The tensions between the need for intelligence agencies to protect the nation and the danger that they would become a domestic spy agency have been explicitly and repeatedly fought out in American history. The National Security Act of 1947 contained a specific ban on intelligence operatives from operating domestically. In the 1970s, America learned about the extensive domestic political spying carried out by the FBI, the military, the CIA, and the NSA, and Congress passed new laws to prevent a repeat of those abuses. Surveillance laws were debated and modified under presidents Ford, Carter, Reagan, Bush Sr. and Clinton.

But, President Bush would sweep aside this entire body of democratically debated and painstakingly crafted restrictions on domestic surveillance by the executive branch with his extraordinary assertion that he can simply ignore this law because he is the Commander-in-Chief. In a December 17 radio address, for example, Bush asserted that the spying was "fully consistent with my constitutional responsibilities and authorities." But his constitutional duty is to "take care that the laws be faithfully executed" (Article II, Section 3); the law here clearly establishes well-defined procedures for eavesdropping on U.S. persons, and the fact is, Bush ordered that those procedures not be followed.

Government eavesdropping on Americans is an extremely serious matter; the ability to intrude on the private realm is a tremendous power that can be used to monitor, embarass, control, disgrace, or ruin an individual. Because it is so invasive, the technology of wiretapping has been subject to carefully crafted statutory controls almost since it was invented. Ignoring those controls and wiretapping without a court order is a crime that carries a significant prison sentence (in fact, criminal violations of the wiretap statute were among the articles of impeachment that were drafted against President Nixon shortly before his resignation).

Unfortunately, although the law in this matter is crystal clear, many Americans, faced with President Bush's bold assertions of "inherent" authority for these actions, will not know what to believe. There are only 5 points they need to understand:

The law on surveillance begins with the Fourth Amendment to the Constitution, which states clearly that Americans' privacy may not be invaded without a warrant based on probable cause.

United States Constitution Fourth Amendment

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. (emphasis added)

The US Supreme Court (US v. Katz 389 US 347) has made it clear that this core privacy protection does cover government eavesdropping. As a result, all electronic surveillance by the government in the United States is illegal, unless it falls under one of a small number of precise exceptions specifically carved out in the law.

United States Code Title 50, Chapter 36, Subchapter 1 Section 1809. Criminal sanctions

(a) Prohibited activities A person is guilty of an offense if he intentionally-

(1) engages in electronic surveillance under color of law except as authorized by statute

In other words, the NSA can only spy where it is explicitly granted permission to do so by statute. Citizens concerned about surveillance do not have to answer the question, "what law restricts the NSA's spying?" Rather, the government is required to supply an answer to the question "what law permits the NSA to spy?"

There are only three laws that authorize any exceptions to the ban on electronic eavesdropping by the government. Congress has explicitly stated that these three laws are the exclusive means by which domestic electronic surveillance can be carried out (18 USC, Section 2511(2)(f)). They are:

Title III and ECPA govern domestic criminal wiretaps and are not relevant to the NSA's spying. FISA is the law under which the NSA should have operated. It authorizes the government to conduct surveillance in certain situations without meeting all of the requirements of the Fourth Amendment that apply under criminal law, but requires that an independent Foreign Intelligence Surveillance Court oversee that surveillance to make sure that Americans who have no ties to foreign terrorist organizations or other "foreign powers" are not spied upon.

FISA was significantly loosened by the Patriot Act (which, for example, allowed it to be used for some criminal investigations), and parts of it now stand in clear violation of the Constitution's Fourth Amendment in the view of the ACLU and many others. However, even the post-Patriot Act version of FISA does not authorize the president to conduct warrantless eavesdropping on U.S. citizens or permanent legal residents in the U.S. without an order from the FISA Court. Yet it is that very court order requirement - imposed to protect innocent Americans - that the President has ignored.

In fact, one member of the FISA Court, Judge James Roberston, has apparently resigned from the court in protest of President Bush's secret authorization of this program. And the New York Times reported that the court's chief judge complained about the program when she was (belatedly) notified of it, and refused to allow information gathered under the program to be used as the basis for FISA wiretap orders.

Congress after 9/11 approved an Authorization to Use Military Force against those responsible for the attacks in order to authorize the president to conduct foreign military operations such as the invasion of Afghanistan.

But that resolution contains no language changing, overriding or repealing any laws passed by Congress. Congress does not repeal legislation through hints and innuendos, and the Authorization to Use Military Force does not authorize the president to violate the law against surveillance without a warrant any more than it authorizes him to carry out an armed robbery or seize control of Citibank in order to pay for operations against terrorists. In fact, when President Truman tried to seize control of steel mills that were gripped by strikes in 1952, the Supreme Court decisively rejected his authority to make such a seizure, even in the face of arguments that the strike would interfere with the supply of weapons and ammunition to American troops then under fire on the battlefields of the Korean War.

U.S. Supreme Court YOUNGSTOWN CO. v. SAWYER, 343 U.S. 579 (1952)

"The order cannot properly be sustained as an exercise of the President's military power as Commander in Chief of the Armed Forces. . . .

"Nor can the seizure order be sustained because of the several constitutional provisions that grant executive power to the President. . . . The Constitution limits his functions in the lawmaking process to the recommending of laws he thinks wise and the vetoing of laws he thinks bad. And the Constitution is neither silent nor equivocal about who shall make laws which the President is to execute. . . .

"The Founders of this Nation entrusted the lawmaking power to the Congress alone in both good and bad times."

The Supreme Court also rejected similar assertions of inherent executive power by Richard Nixon.

In fact, FISA contains explicit language describing the president's powers "during time of war" and provides that "the President, through the Attorney General, may authorize electronic surveillance without a court order under this title to acquire foreign intelligence information for a period not to exceed fifteen days following a declaration of war by the Congress." 50 U.S.C. 1811 (emphasis added). So even if we accept the argument that the use-of-force resolution places us on a war footing, warrantless surveillance would have been legal for only 15 days after the resolution was passed on September 18, 2001.

Point #5: The need for quick action does not justify an end-run around the courts The FISA law takes account of the need for emergency surveillance, and the need for quick action cannot be used as a rationale for going outside the law. FISA allows wiretapping without a court order in an emergency; the court must simply be notified within 72 hours. The government is aware of this emergency power and has used it repeatedly. In addition, the Foreign Intelligence court is physically located in the Justice Department building, and the FISA law requires that at least two of the FISA judges reside in the Washington, DC area, for precisely the reason that rapid action is sometimes needed.

If President Bush still for some reason finds these provisions to be inadequate, he must take his case to Congress and ask for the law to be changed, not simply ignore it.

President Bush's claim that he has "inherent authority" as Commander-in-Chief to use our spy agencies to eavesdrop on Americans is astonishing, and such spying is clearly illegal. It must be halted immediately, and its origins must be thoroughly investigated by Congress and by a special counsel. (See letter from the ACLU to Attorney General Gonzales calling for a special counsel).

Given the extensive (indeed, excessive) surveillance powers that the government already possesses, the Administration's blatantly illegal use of warrantless surveillance raises an important question: why? One possibility, raised by the New York Times in a Dec. 24, 2005 story ("Spy Agency Mined Vast Data Trove, Officials Report"), is that the NSA is relying on assistance from several unnamed telecommunications companies to "trace and analyze large volumes of communications" and is "much larger than the White House has acknowledged."

This, as security expert Bruce Schneier has noted, suggests the Bush Administration has developed a "a whole new surveillance paradigm" - exploiting the NSA's well known capabilities to spy on individuals not one at a time, as FISA permits, but to run communications en masse through computers in the search for suspicious individuals or patterns. This "new paradigm" may well be connected to the NSA program sometimes known as "Echelon," which carries out just that kind of mass collection of communications (see http://www.nsawatch.org). This "wholesale" surveillance, as Schneier calls it, would constitute an illegal invasion of Americans' privacy on a scale that has never before been seen. (See Schneier, "NSA and Bush's Illegal Eavesdropping," Salon.com)

According to the Times, several telecommunications companies provided the NSA with direct access to streams of communications over their networks. In other words, the NSA appears to have direct access to a large volume of Americans' communications - with not simply the assent, but the cooperation of the companies handling those communications.

We do not know from the report which companies are involved or precisely how or what the NSA can access. But this revelation raises questions about both the legal authority of the NSA to request and receive this data, and whether these companies may have violated either the Federal laws protecting these communications or their own stated privacy polices (which may, for example, provide that they will only turn over their customers' data with their consent or in response to a proper order).

Regardless of the scale of this spying, we are facing a historic moment: the President of the United States has claimed a sweeping wartime power to brush aside the clear limits on his power set by our Constitution and laws - a chilling assertion of presidential power that has not been seen since Richard Nixon.

View original post here:
NSA Spying on Americans Is Illegal | American Civil Liberties ...

The FBI, National Security Agency and CIA are likely to gain expanded surveillance powers under President-elect Donald Trump and a Republican-controlled Congress, a prospect that has privacy advocates and some lawmakers trying to mobilize opposition.

Trumps first two choices to head law enforcement and intelligence agencies -- Republican Senator Jeff Sessions for attorney general and Republican Representative Mike Pompeo for director of the Central Intelligence Agency -- are leading advocates for domestic government spying at levels not seen since the aftermath of the Sept. 11, 2001, terrorist attacks.

Exclusive insights on technology around the world.

Get Fully Charged, from Bloomberg Technology.

Business

Your guide to the most important business stories of the day, every day.

Politics

The latest political news, analysis, charts, and dispatches from the campaign trail.

Markets

The most important market news of the day. So you can sleep an extra five minutes.

Pursuits

What to eat, drink, wear and drive in real life and your dreams.

Game Plan

The school, work and life hacks you need to get ahead.

An already over-powerful surveillance state is about to be let loose on the American people, said Daniel Schuman, policy director for Demand Progress, an internet and privacy advocacy organization.

In a reversal of curbs imposed after Edward Snowdens revelations in 2013 about mass data-gathering by the NSA, Trump and Congress may move to reinstate the collection of bulk telephone records, renew powers to collect the content of e-mails and other internet activity, ease restrictions on hacking into computers and let the FBI keep preliminary investigations open longer.

Read more: Apple, the FBI and encryption -- a QuickTake

A first challenge for privacy advocates comes this week: A new rule is set to go into effect on Dec. 1 letting the FBI get permission from a judge in a single jurisdiction to hack into multiple computers whose locations arent known.

Under the proposed rules, the government would now be able to obtain a single warrant to access and search thousands or millions of computers at once; and the vast majority of the affected computers would belong to the victims, not the perpetrators, of a cybercrime, Senator Ron Wyden, an Oregon Democrat who serves on the Intelligence Committee, said in a statement.

Wyden is one of seven senators, including libertarian Republican Rand Paul, who have introduced a bill, S. 3475, to delay the new policy until July to give Congress time to debate its merits and consider amendments.

Sessions, Pompeo and officials with national security and law enforcement agencies have argued that expanded surveillance powers are needed, especially because of the threat of small, deadly terrorist plots that are hard to detect, like the killing of 49 people at a gay nightclub in Orlando, Florida, in June and 14 people in San Bernardino, California, last year.

The FBI had at one point opened a preliminary investigation into the Orlando killer, Omar Mateen, but didnt have the authority to keep it going for lack of evidence of wrongdoing.

Whats needed is a fundamental upgrade to Americas surveillance capabilities, Pompeo and a co-author wrote in a Wall Street Journal commentary in January. Legal and bureaucratic impediments to surveillance should be removed.

Pompeo and Sessions want to repeal a 2015 law that prohibits the FBI and NSA from collecting bulk phone records -- metadata such as numbers called and dates and times -- on Americans who arent suspected of wrongdoing.

"Congress should pass a law re-establishing collection of all metadata, and combining it with publicly available financial and lifestyle information into a comprehensive, searchable database," Pompeo wrote.

Press aides for Sessions and Pompeo declined to comment.

Sessions has opposed restraints on NSA surveillance and said in June that he supported legislation to expand the types of internet data the FBI can intercept without warrants.

Congress is also expected to consider legislation early next year that would renew the governments ability to collect the content of e-mail and other internet activity from companies such as Google and Facebook Inc.

Under the Prism program, investigators pursuing suspected terrorists can intercept the content of electronic communications believed to come from outside the U.S. without specific warrants even if one end of the communications is inside the country or involves an American.

Prism came under criticism when it was exposed by Snowden, the former NSA contractor who stole hundreds of thousands of documents on agency surveillance programs. Section 702 of the USA Patriot Act, under which Prism and other spy programs are conducted, is set to expire at the end of 2017 if it isnt reauthorized by Congress.

James Comey, director of the Federal Bureau of Investigation, has said he also wants to renew a debate early next year about whether Apple and other companies can resist court warrants seeking to unlock encrypted communications. The agency went to court trying to force Apple to create new software to crack password protection on a phone used by the shooter in San Bernardino.

Boycott Apple until they give up the information, Trump said at a rally in South Carolina in February. He said Tim Cook, Apples chief executive officer, is looking to do a big number, probably to show how liberal he is. Apple should give up.

While the FBI dropped that case against Apple after buying a tool to hack into the phone, the increasing use of encryption on mobile devices and messaging services remains a challenge to national security and law enforcement agencies.

Republicans led by Senate Intelligence Committee Chairman Richard Burr of North Carolina are expected to re-introduce legislation requiring companies to give investigators access to encrypted communications.

The FBI is also seeking legislation that would allow it to obtain non-content electronic communication transactional records, such as browsing histories and computer Internet Protocol addresses, without court oversight or a warrant.

Sessions and Burr supported the legislation earlier this year, while it was opposed by major technology groups as well as Google and Facebook.

See the original post:
FBI and NSA Poised to Gain New Surveillance Powers Under ...

We all know that the NSA uses word games to hide and downplay its activities. Words like "collect," "conversations," "communications," and even "surveillance" have suffered tortured definitions that create confusion rather than clarity.

Theres another one to watch: "targeted" v. "mass" surveillance.

Since 2008, the NSA has seized tens of billions of Internet communications. It uses the Upstream and PRISM programswhich the government claims are authorized under Section 702 of the FISA Amendments Actto collect hundreds of millions of those communications each year. The scope is breathtaking, including the ongoing seizure and searching of communications flowing through key Internet backbone junctures,[1]the searching of communications held by service providers like Google and Facebook, and, according to the government's own investigators, the retention of significantly more than 250 million Internet communications per year.[2]

Yet somehow, the NSA and its defenders still try to pass 702 surveillance off as "targeted surveillance," asserting that it is incorrect when EFF and many others call it "mass surveillance."

Our answer: if "mass surveillance" includes the collection of the content of hundreds of millions of communications annually and the real-time search of billions more, then the PRISM and Upstream programs under Section 702 fully satisfy that definition.

This word game is important because Section 702 is set to expire in December 2017. EFF and our colleagues who banded together to stop the Section 215 telephone records surveillance are gathering our strength for this next step in reining in the NSA. At the same time, the government spin doctors are trying to avoid careful examination by convincing Congress and the American people that this is just "targeted" surveillance and doesnt impact innocent people.

PRISM and Upstream surveillance are two types of surveillance that the government admits that it conducts under Section 702 of the FISA Amendments Act, passed in 2008. Each kind of surveillance gives the U.S. government access to vast quantities of Internet communications.[3]

Upstream gives the NSA access to communications flowing through the fiber-optic Internet backbone cables within the United States.[4] This happens because the NSA, with the help of telecommunications companies like AT&T, makes wholesale copies of the communications streams passing through certain fiber-optic backbone cables. Upstream is at issue in EFFs Jewel v. NSA case.

PRISM gives the government access to communications in the possession of third-party Internet service providers, such as Google, Yahoo, or Facebook. Less is known about how PRISM actually works, something Congress should shine some light on between now and December 2017.[5]

Note that those two programs existed prior to 2008they were just done under a shifting set of legal theories and authorities.[6] EFF has had evidence of the Upstream program from whistleblower Mark Klein since 2006, and we have been suing to stop it ever since.

Despite government claims to the contrary, heres why PRISM and Upstream are "mass surveillance":

(1) Breadth of acquisition: First, the scope of collection under both PRISM and Upstream surveillance is exceedingly broad. The NSA acquires hundreds of millions, if not billions, of communications under these programs annually.[7] Although, in the U.S. governments view, the programs are nominally "targeted," that targeting sweeps so broadly that the communications of innocent third parties are inevitably and intentionally vacuumed up in the process. For example, a review of a "large cache of intercepted conversations" provided by Edward Snowden and analyzed by the Washington Post revealed that 9 out of 10 account holders "were not the intended surveillance targets but were caught in a net the agency had cast for somebody else."[8] The material reviewed by the Post consisted of 160,000 intercepted e-mail and instant message conversations, 7,900 documents (including "medical records sent from one family member to another, resumes from job hunters and academic transcripts of schoolchildren"), and more than 5,000 private photos.[9] In all, the cache revealed the "daily lives of more than 10,000 account holders who were not targeted [but were] catalogued and recorded nevertheless."[10] The Post estimated that, at the U.S. governments annual rate of "targeting," collection under Section 702 would encompass more than 900,000 user accounts annually. By any definition, this is "mass surveillance."

(2) Indiscriminate full-content searching. Second, in the course of accomplishing its so-called "targeted" Upstream surveillance, the U.S. government, in part through its agent AT&T, indiscriminately searches the contents of billions of Internet communications as they flow through the nations domestic, fiber-optic Internet backbone. This type of surveillance, known as "about surveillance," involves the NSA's retention of communications that are neither to nor from a target of surveillance; rather, it authorizes the NSA to obtain any communications "about" the target.[11] Even if the acquisition of communications containing information "about" a surveillance target could, somehow, still be considered "targeted," the method for accomplishing that surveillance cannot be: "about" surveillance entails a content search of all, or substantially all, international Internet communications transiting the United States.[12] Again, by any definition, Upstream surveillance is "mass surveillance." For PRISM, while less is known, it seems the government is able to search throughor require the companies like Google and Facebook to search throughall the customer data stored by the corporations for communications to or from its targets.

To accomplish Upstream surveillance, the NSA copies (or has its agents like AT&T copy) Internet traffic as it flows through the fiber-optic backbone. This copying, even if the messages are only retained briefly, matters under the law. Under U.S. constitutional law, when the federal government "meaningfully interferes"with an individuals protected communications, those communications have been "seized" for purposes of the U.S. Constitutions Fourth Amendment. Thus, when the U.S. government copies (or has copied) communications wholesale and diverts them for searching, it has "seized" those communications under the Fourth Amendment.

Similarly, U.S. wiretapping law triggers a wiretap at the point of "interception by a device," which occurs when the Upstream mechanisms gain access to our communications.[13]

Why does the government insist that its targeted? For Upstream, it may be because the initial collection and searching of the communicationsdone by service providers like AT&T on the governments behalfis really, really fast and much of the information initially collected is then quickly disposed of. In this way the Upstream collection is unlike the telephone records collection where the NSA kept all of the records it seized for years. Yet this difference should not change the conclusion that the surveillance is "mass surveillance." First, all communications flowing through the collection points upstream are seized and searched, including content and metadata. Second, as noted above, the amount of information retainedover 250 million Internet communications per yearis astonishing.

Thus, regardless of the time spent, the seizure and search are comprehensive and invasive. Using advanced computers, the NSA and its agents can do a full-text, content search within a blink of an eye through billions, if not trillions of your communications, including emails, social media, and web searches. Second, as demonstrated above, the government retains a huge amount of the communicationsfar more about innocent people than about its targetsso even based on what is retained the surveillance is better described as "mass" rather than "targeted."

So it is completely correct to characterize Section 702 as mass surveillance. It stems from the confluence of: (1) the method NSA employs to accomplish its surveillance, particularly Upstream, and (2) the breadth of that surveillance.

Next time you see the government or its supporters claim that PRISM and Upstream are "targeted" surveillance programs, youll know better.

[1] See, e.g., Charlie Savage, NSA Said to Search Content of Messages to and From U.S., N.Y. Times (Aug 8, 2013) (The National Security Agency is searching the contents of vast amounts of Americans e-mail and text communications into and out of the country[.]). This article describes an NSA practice known as about surveillancea practice that involves searching the contents of communications as they flow through the nations fiber-optic Internet backbone.

[2] FISA Court Opinion by Judge Bates entitled [Caption Redacted], at 29 (NSA acquires more than two hundred fifty million Internet communications each year pursuant to Section 702), https://www.eff.org/document/october-3-2011-fisc-opinion-holding-nsa-surveillance-unconstitutional (Hereinafter, Bates Opinion). According to the PCLOB report, the current number is significantly higher than 250 million communications. PCLOB Report on 702 at 116.

[3] Bates Opinion at 29; PCLOB at 116.

[6] First, the Bush Administration relied solely on broad claims of Executive power, grounded in secret legal interpretations written by the Department of Justice. Many of those interpretations were subsequently abandoned by later Bush Administration officials. Beginning in 2006, DOJ was able to turn to the Foreign Intelligence Surveillance Court to sign off on its surveillance programs. In 2007, Congress finally stepped into the game, passing the Protect America Act; which, a year later, was substantially overhauled and passed again as the FISA Amendments Act. While neither of those statutes mention the breadth of the surveillance and it was not discussed publicly during the Congressional processes, both have been cited by the government as authorizing it.

[11] Bates Opinion at 15.

[12] PCLOB report at 119-120.

[13] See 18 U.S.C 2511(1)(a); U.S. v. Councilman, 418 F.3d 67, 70-71, 79 (1st Cir. 2005) (en banc).

Original post:
Word Games: What the NSA Means by Targeted Surveillance ...

The heads of the Pentagon and the nations intelligence community have recommended to President Obama that the director of the National Security Agency, Adm. Michael S. Rogers, be removed.

The recommendation, delivered to the White House last month, was made by Defense Secretary Ashton B. Carter and Director of National Intelligence James R. Clapper Jr., according to several U.S. officials familiar with the matter.

Action has been delayed, some administration officials said, because relieving Rogers of his duties is tied to another controversial recommendation: to create separate chains of command at the NSA and the militarys cyberwarfare unit, a recommendation by Clapper and Carter that has been stalled because of other issues.

The news comes as Rogers is being considered by President-elect Donald Trump to be his nominee for director of national intelligence to replace Clapper as the official who oversees all 17 U.S. intelligence agencies. In a move apparently unprecedented for a military officer, Rogers, without notifying superiors, traveled to New York to meet with Trump on Thursday at Trump Tower. That caused consternation at senior levels of the administration, according to the officials, who spoke on the condition of anonymity to discuss internal personnel matters.

The White House, Pentagon and Office of the Director of National Intelligence declined to comment. The NSA did not respond to requests for comment. Carter has concerns with Rogerss performance, officials said. The driving force for Clapper, meanwhile, was the separation of leadership roles at the NSA and U.S. Cyber Command, and his stance that the NSA should be headed by a civilian.

In a speech before the National Press Club on July 16, Adm. Michael S. Rogers, director of the National Security Agency, said that the agency is increasingly involved in responding to cyberthreats. (C-SPAN)

[Trumps security picks signals intent to keep hard-line promises]

Rep. Devin Nunes (R-Calif.), chairman of the House Intelligence Committee, on Saturday sent Clapper and Carter a letter defending Rogers. I have been consistently impressed with his leadership and accomplishments, said Nunes, who is also a member of Trumps transition team. His professionalism, expertise and deckplate leadership have been remarkable during an extremely challenging period for NSA. I know other members of Congress hold him in similarly high esteem.

Nunes said he will call a hearing on the matter.

Rogers, 57, took the helm of the NSA and Cyber Command in April 2014 in the wake of revelations by a former intelligence contractor of broad surveillance activities that shook public confidence in the agency. The contractor, Edward Snowden, had secretly downloaded vast amounts of digital documents that he shared with a handful of journalists. His disclosures prompted debate over the proper scale of surveillance and led to some reforms.

But they also were a black eye for an agency that prides itself on having the most skilled hackers and cybersecurity professionals in government. Rogers was charged with making sure another insider breach never happened again.

Instead, in the past year and a half, officials have discovered two major compromises of sensitive hacking tools by personnel working at the NSAs premier hacking unit: the Tailored Access Operations (TAO). One involved a Booz Allen Hamilton contractor, Harold T. Martin III, who is accused of carrying out the largest theft of classified government material. Although some of his activity took place before Rogers arrived and at other agencies, some of it including the breach of some of the most sensitive tools continued on Rogerss watch, the officials said.

Martins alleged theft was discovered when some of the tools he is accused of stealing were mysteriously released online in August. They included computer code based on obscure software flaws that could be used to take control of firewalls and networks what one former TAO operator called the keys to the kingdom.

A federal contractor suspected in the leak of powerful National Security Agency hacking tools has been arrested and charged with stealing classified information from the U.S. government, according to court records and U.S. officials familiar with the case. (Monica Akhtar/The Washington Post)

Martin, who moved from the NSA to a job in a Defense Department acquisitions agency last year, was arrested in August. The news broke last month.

[Government alleges NSA contractor stole astonishing quantity of classified material]

But there was a second, previously undisclosed breach of cybertools, discovered in the summer of 2015, which was also carried out by a TAO employee, one official said. That individual also has been arrested, but his case has not been made public. The individual is not thought to have shared the material with another country, the official said.

Rogers was put on notice by his two bosses Clapper and Carter that he had to get control of internal security and improve his leadership style. There have been persistent complaints from NSA personnel that Rogers is aloof, frequently absent and does not listen to staff input. The NSA is an intelligence agency but part of the Defense Department, hence the two overseers.

FBI agents investigating the Martin breach were appalled at how lax security was at the TAO, officials said. [Rogers] is a guy who has been at the helm of the NSA at the time of some of the most egregious security breaches, most recently Hal Martin, a senior administration official said. Clearly its a sprawling bureaucracy ... but I think theres a compelling case that can be made that some of the safeguards that should have been put in place were either not fully put in place or not implemented properly.

At the same time, Rogers has not impressed Carter with his handling of U.S. Cyber Commands cyberoffensive against the Islamic State. Over the past year or so, the commands operations against the terrorist groups networks in Syria and Iraq have not borne much fruit, officials said. In the past month, military hackers have been successful at disrupting some Islamic State networks, but it was the first time they had done that, the officials said.

The expectation had been that Rogers would be replaced before the Nov. 8 election, but as part of an announcement about the change in leadership structure at the NSA and Cyber Command, a second administration official said.

It was going to be part of a full package, the official said. The idea was not for any kind of public firing. In any case, Rogerss term at the NSA and Cyber Command is due to end in the spring, officials said.

The president would then appoint an acting NSA director, enabling his successor to nominate their own person. But a key lawmaker, Sen. John McCain (R-Ariz.), the chairman of the Senate Armed Services Committee, threatened to block any such nominee if the White House proceeded with the plan to split the leadership at the NSA and Cyber Command.

The rationale for splitting what is called the dual-hat arrangement is that the agencies missions are fundamentally different, that the nations cyberspies and military hackers should not be competing to use the same networks, and that the job of leading both organizations is too big for one person.

But McCain is concerned that placing Cyber Command under its own leadership will hinder its effectiveness, as it is highly dependent on the NSA for capabilities.

Meanwhile, in February, Rogers announced a major reorganization, which he called NSA21, at the NSA to better adapt to the digital age. He has merged the agencys spying and hacking arms with its computer-security division into one Directorate of Operations. That reorganization has only intensified the discontent that has marked Rogerss tenure at the agency, current and former officials said.

The morale is horrible, one former senior official said. Especially during a period of change, a leader needs to be present, the official said. Any leader knows that when you institute change, you have to be there. You have to help heal the wounds, be very active. He was not.

But Saxby Chambliss, a former Republican senator from Georgia who served on the Select Committee on Intelligence, said that he thinks highly of Rogers. When it comes to the world of cyber, theres nobody more capable than Mike Rogers in the military world today, he said.

Nonetheless, Rogers has seen other embarrassing network breaches on his watch. In 2013, Iranian hackers managed to penetrate the Navys unclassified network when Rogers was head of the 10th Fleet/Navy Cyber Command, the unit responsible for protecting the Navys networks. It took months to expel the attackers.

Rogers is a Navy cryptologist whose military career spans 35 years. He began his career as a surface-warfare officer in 1981. A Chicago native, he also has served as head of the Chairmans Action Group, an in-house Pentagon think tank to advise on policy and long-term issues, under the then-chairman of the Joint Chiefs of Staff, Gen. Peter Pace, and as director of intelligence at Pacific Command and then on the Joint Staff.

Read more:

Trumps security picks deepen Muslim worries about an anti-Islamic White House

Intelligence community is already feeling a sense of dread about Trump

Makeup helps women look more attractive: This employee dress memo went around Lt. Gen. Michael Flynns DIA

Read the original post:
Obama Urged to Fire NSA Director