Tag Archives: NSA

NSA Bulk Metadata ruled likely unconstitutional

Posted on by

Today was a pretty big day for privacy fans. The NSA’s bulk collection of metadata has been ruled likely unconstitutional. Why is this a big deal? It’s “Just” metadata. Well, as the CBS 60 Minutes report showed the NSA is able to convert that information into a network. Networks show everyone that you talked with and despite assurances otherwise that phone numbers weren’t used, it’s fairly easy to unmask a person in a network based on the network characteristics. I wrote a blog post about this a while back that talked about a paper showing the power of metadata. I think it’s important to reiterate here what that is.

In the article, titled Using Metadata to find Paul Revere, the author explains by using who talks who it is possible to construct a large network and that it was likely to determine the major players of the US revolutionary war. Just using club membership, it wasn’t even what they talked about, just what groups they were members of and how they were all associated. Based on the metadata Paul Revere is a pretty central figure and knows a lot of the other leaders of the revolution.

The NSA would take this view and say, “See it could have caught those terrorists back before the revolution!” However, the judge in this case says that the government did not do a sufficient job showing that this actually worked. It is, in fact, likely that the British had some of this membership information but wasn’t able to put it to good use. In this case, the judge ruled that the collection of Bulk metadata is a violation of the 4th amendment.

What can we expect next? Well, the ACLU has a very similar case that is being heard. If the judge rules differently the Supreme Court may need to weigh in to deal with the problem once and for all. Which depending on how these cases are dealt with could be a good or bad thing.

It is unclear at this point how this will change the conversation in DC, it will likely just lead to more denials from the NSA and White House. They will argue it’s still legal and that they will appeal to the highest court that they can. If they lose this case, it will likely lead to a lot of other questions being asked and possibly calls for impeachment and resignations. I would not be surprised if some of the more extreme on the right call for Obama’s arrest as well.

The other piece that is of interest to me is the question about the companies that have been complicit with sharing of our metadata. Are they going to be in the clear or not? In the case of AT&T there was a law that protected them retroactively. I am interested to know if that will also be ruled unconstitutional as it enabled the government to break the law farther than it could have before.

In general this is something really good, but I believe it opens many more questions than it answers about the long term repercussions of this program. I will continue to blog about this topic!

The NSA, FBI, and Internet Security

Posted on by

Over the past few months we’ve learned a lot about how the US government looks at its own citizens. We’ve learned this through the actions of Edward Snowden. He’s done us a great service by forcing a conversation that the NSA and FBI didn’t want us to have. The NSA lied to the Senate recently by claiming that it never tracked US citizens through Cell Phones. We would never have known about these activities if it wasn’t for Snowden.

Snowden was using email to send information back and forth between himself and Glenn Greenwald. Since email is in one of those fuzzy gray areas of the law around data retention and government access to it this has caused a bit of a problem. It make things more difficult Snowden used an encrypted email service called Lavabit. It’s encryption was at such a level that when the FBI requested data from it, they were confounded and essentially attempted to blackmail (legally of course) the owner into handing over the encryption key. This would have effectively rendered the service these people were paying for worthless. They were paying to have their email traffic be secured from both public and private entities.

As we hear and more about how the US government has been behaving towards internet security, the more we’re learning that the NSA and other US agencies are doing their best to thwart it. They have worked with the NIST and weakened the encryption key they developed. The problem with these backdoors is that if it’s there for the “good guys” (whoever that might be) it’s also there for the “bad guys” (whoever that might be). This isn’t just general encryption keys, it’s things that we use every day without using it. Whenever we are using any website that includes “https” we are using a basic encryption protocol called SSL. Think about when you’re banking, you see the https. Google now allows you to use this when you send information to and from them. This encryption has also been broken by the NSA. This is our personal stuff and if it’s broken by the NSA it can be broken by other people. Now does this mean we’re likely to have a rash of new fraud cases or theft cases? No, as it’s been compromised for some time. However, people do know about it now and this of course is a greater cause for concern.

What can we do about this? Well, first, look into more secure encryption methods. I wouldn’t be surprised if Google and applications like HTTPS everywhere will change their algorithm in result. Second, contact your representative and your senator. I’m lucky my senator in Oregon is very vocal (Ron Wyden) not everyone is so please help inform your leaders. Third, buy from companies that you know haven’t given up data to the NSA, don’t use Facebook and the like and basically try to follow the great writing that Sean did several months ago over on KBMOD. He nailed it then and it’s even more pressing than before to keep up with security.

Why now in Syria?

Posted on by

Today Obama announced that we’re going to begin military aid to the Syria rebel group Supreme Military Council. Supposedly, this is because the Syrian regime has used chemical weapons on rebels and civilians. Despite the fact that we’ve repeatedly condemned Russia for seeking to aid the Syrian regime, we’re going to do the opposite and arm the opposition which has a massive group of hardline extremists that will likely turn against the US as soon as they are in the position to do so. Furthermore, there are rumors, according to the UN, that the Syrian rebellion has also used chemical weapons. This combined with the fact that 93,000 civilians have been compared to the 150 killed with the chemical weapons usage makes me think that this is a shaky argument at best. I certainly hope we don’t find ourselves arming a group that also used chemical weapons.

Before this announcement and continuing after, John McCain has and is calling for a “No Fly Zone” in Syria, while the Obama administration has declined to implement one because of Syria’s air capabilities. However, it’s been effectively confirmed that Israel has in the past bombed Syria. A no fly zone would preclude Israel from bombing Syria in anyway shape or form. In fact, when Russia wanted to enact a no Israeli fly zone, through providing anti aircraft weapons (only capable of hitting planes), the US condemned this as aiding the Syrian regime. It’s also likely that those same systems would have been able to hit the majority of US planes as well as the Israeli Air Force, so we were as much protesting anything that would have prevented our Air Force from dominating the sky above Syria.

Based on the interviews I’ve heard, I don’t think the end result in Syria is going to be a beneficial one for the US unless something magical happens. Where we arm the right people and they are the only ones we help and they automagically kick the Syrian Regime out of the country. It’s not going to happen. Even after Assad is overthrown (if he is) it’s likely that Syria will continue to be consumed by a civil war, which will likely be even more of a religious civil war than it is now. Now it’s as much ethic based as not.

On Reddit, there’s a meme that’s arguing that the reason we entered Syria now is an attempt to distract the US media from the NSA and Prism debacles. This could be on the right trail. The news is dominated by the fact that we’re supplying aid to the rebels, what the implications of these actions will be and what won’t be. I think getting involved in another conflict in any manner isn’t good for the US, especially if the side we backs fails, which it is still likely to do so. We’ve lost any moral authority we had with Russia in an argument regarding supplying weapons to either side.

I do not think that this will pull people away from the NSA issue, we’re going to keep seeing it. I’m going to keep writing about it – I just wanted to post something about the hypocrisy of the US entering the Syrian civil war. The big story for this week and next week is still the NSA and PRISM. We are going to continue seeing new developments in this area and we need to keep our eyes on it. If we don’t keep pushing this, it will become ‘ok’ through passive consent. That’s not acceptable.

NSA and Edward Snowden

Posted on by

Today saw the unveiling of the NSA leaker, Edward Snowden, a highschool dropout that worked his way through sheer capabilities as a programmer. To me this guy is pretty amazing. He cares about the people that he could have put in harms way, he made sure that he did not release any information that would put anyone in harms way, even though he had the capabilities. He learned from Bradley Manning and worked to ensure there would be no risks of physical injury. He felt that these actions violated the constitution and decided to expose these deeds to the public even though he knew his life was over. He believes he’s likely to be targeted by the US government or an agent, such as a member of the Triad gang (he’s in Hong Kong), to be executed.

Not only he is clearly concerned, but the media seems to think that this is also true. My roommate was watching ABC news with Diane Sawyer and during one segue she mentioned that he may have left because he feared for his life and was likely in danger. Think about it. It’s publicly acknowledged by our press, that it’s likely a whistleblower might be killed by the US government. This is a US citizen that has a family history of serving (father a member of the coast guard and mother a legal clerk) the US government. He is afraid for his life because he believes that the US government would murder him. If he dies and his body is found the blame will automatically fall upon the government. Edward will not be able to answer phone calls, call anyone, and is essentially on his own to make it to a country that has no extradition treaty with the US. This is a travesty – the fact that many people believe this man is going to die within the next few weeks – killed by his own government without his right to a trial.

Why does what he said matter? A lot of people are talking about it being only Metadata – here’s an excellent article explaining what would have happened if the British had meta data during the revolutionary war. It would have ID’d Paul Revere as a likely revolutionary based on his association. Knowing nothing else about him other than a few clubs he and 254 other people in Boston were members of it was possible to deduce the entire social network and who was at the center of the networks.

As I mentioned in my last blog post this network analysis would have caused the changes in my Facebook network to raise some red flags. I suddenly move to Europe (I didn’t list Eindhoven has my city of residence it would have been inferred from my friends), some of my first connects in Europe on Facebook were 2 Colombians, 2 Pakistanis, an Iranian, and a Turk. These changes represented a major shift in my circle of friends. I had few non-americans as friends and no Iranians or Pakistanis in my network. Using the full history of my data they wouldn’t have found much except that I liked to drink and wrote drunk posts on Facebook while in college. However, it’s likely I would have remained someone to keep an eye on, and since then I’ve written numerous posts about Anonymous, LulzSec and other controversial topics.

Anyway, it’s important to keep this in mind when selecting the companies you decide to store your information with, even if it’s “only” metadata. Where you go, who you talk to, and what you do online are all representations of you and a lot of information can be gleaned from that.

What can we do? Vote all the bums out of office next go around for one. Start companies that only hand over encrypted data that the end users are the only ones that can decrypt it. Educate your friends, family, co-workers, and anyone politically minded you know. We need to drive change otherwise this will continue and will only get worse. At what point do we need to start worrying that the NSA/US Government will start killing your friends because of who they talk to and what they believe?

NSA, Phone Records, and access to data systems

Posted on by

NSA – Nothing to See Anywhere around here. The past two days have been bad for the Obama administration for both leaks and for privacy concerns. It was leaked yesterday to the Guardian’s reporter Glenn Greenwald whom a lot of people in the US aren’t fans of because he sticks to his morals regardless of which party is in power. This leak showed something that really shouldn’t be that big of a surprise to anyone. In fact, Senators are all like, what’s the big deal this has been going on since 2007. This was originally just AT&T that was wrapped up in this, but everyone suspected other telecoms were involved. After that had come to light congress retroactively gave immunity to the telecoms, despite an ongoing law suit from the EFF – which was dismissed, although EFF filed another shortly their after.

Today was another turn of events where operation PRISM was unmasked, by both the Guardian and Washington Post. This system has direct access to major technology companies servers including Google and Facebook, although both companies deny this. Superficially, PRISM is intended to filter through to a majority of foreign based data. In this case it’s seriously the slimmest majority – only 51% – a majority though, although in the US Senate you’d never know.

How are these things possible? Two major reasons, the Patriot Act and the “Secret” FISA Court. I use quotes around “Secret” because it’s as “secret” as the drone program. However, we don’t know what decisions are being made, we don’t know what is being taken before the court, and we have no idea what sort of “do process” standards have been implemented in this court. If it’s anything like the drone program it’s likely just a few people sitting in a room talking about how bad terrorism is and data like the above to determine the guy needs to die. It’s no way to run a democracy.

With the combination of the data in our phone records and our internet usage the NSA can create a massive time based network of connections between both Americans and Foreigners. Abrupt changes in the make up of a persons network with people from countries of interest likely flag them as a risk for interacting with Terrorist. Additionally, if a new pattern was detected the NSA would likely go back and look at historic data to try to understand why this new pattern arose and what they could do to predict future shifts in networks towards engaging with these groups of people. It would also lead the NSA to create models that could indicate how likely someone is to develop behavior patterns of terrorists after their network shifts from one sub group to different subgroups. Furthermore, it’s likely that this information would be even more of interest if there’s a full shift of members of that person’s network towards more potential extremists.

We need to work to change this. The Senate knew about this and plans to hold closed door meetings to discuss it. These discussions should be public not behind closed doors. It’s a disgrace.