December 23, 2024

Obama to Unveil NSA Reforms, Response to Snowden

Posted on January 17, 2014 by in Security

WASHINGTON – President Barack Obama will Friday announce plans to stop the National Security Agency hoarding hundreds of millions of telephone call records, among reforms to US surveillance programs exposed by Edward Snowden.

A senior US official, speaking ahead of Obama’s speech on NSA programs, said that Obama believed trawling for telephone “metadata” was vital to fighting terrorism, but needed to be reformed to preserve civil liberties.

“In his speech, the president will say that he is ordering a transition that will end the Section 215 telephone metadata program as it currently exists,” the senior official told AFP.

The president foresees a move to a program “that preserves the capabilities we need without the government holding this bulk metadata.”

“The president believes that the 215 program addresses important capabilities that allow us to counter terrorism, but that we can and should be able to preserve those capabilities while addressing the privacy and civil liberties concerns that are raised by the government holding this metadata.”

It was not immediately clear how Obama would accomplish the reform or whether he would leave it up to Congress to decide which entity should hold the call data.

Telecommunications companies have balked at suggestions that data on the destination and duration of calls should be held within their servers and be accessed by US spies armed with court permission.

Some activists have suggested a third party company could be charged with holding the data.

Obama will also order Friday another immediate change to the system of telephone data dragnets, requiring a judicial finding before the NSA can query the database, the official said.

Obama has also asked Attorney General Eric Holder and the intelligence community to report to him by March 28 on how the program can be preserved without the government holding the metadata.

Snowden, a fugitive US contractor now exiled in Russia, has fueled months of revelations by media organizations over data mining and spying on foreign leaders by the NSA in one of the biggest security breaches in US history.

The disclosures have infuriated US allies, embarrassed Obama administration diplomats and shocked privacy campaigners and lawmakers.

The White House has assured Americans that data on phone calls and Internet use is only collected to build patterns of contacts between terror suspects — and that US spies are not listening in.

But Obama has said that one of his goals in Friday’s speech at the US Justice Department is to restore public confidence in the clandestine community.

His appearance follows a prolonged period of soul-searching and policy reviews by the White House.

On the eve of the speech, Britain’s Guardian newspaper and Channel 4 News splashed the latest revelations from Snowden.

Their reports said the NSA had collected almost 200 million mobile phone text messages a day from around the world, and used them to extract data on the location, contact networks and credit card details of mobile users.

Civil liberties activists are bracing themselves for disappointment.

Michelle Richardson, legislative counsel for the American Civil Liberties Union, said Thursday that Obama would likely neither outlaw nor significantly reform bulk collection of telephone and Internet metadata.

“We are looking to the president tomorrow to make a very bold statement about reclaiming privacy. We are looking to him to take leadership about reining in this programs,” she said.

“Will our government continue to spy on everyday Americans?”

Kevin Bankston, policy director of the Open Technology Institute at the New America Foundation, warned that if Obama did not announce specific reforms, the battle would shift to Congress.

“President Obama’s trajectory on these issues from reformer to supporter of these programs has been very dispiriting,” Bankston said.

“If he does fail to take a stand and exercise the bold leadership that is necessary, it will become Congress’s responsibility to step into the breach and we look forward to working with them to do so.”

Intelligence chiefs say the programs are perfectly legal, but their opponents say they are unconstitutional.

Obama is also expected to back extra privacy protections for foreigners swept up by the programs and limits to spying on friendly world leaders.

His challenge will be to prove that data mining programs, made possible by swift advances in technology, can enhance national security while restoring public confidence that individual freedoms are safe.

During his deliberations, Obama has had to reconcile his duties as a commander-in-chief sworn to keep Americans safe and his oath to uphold the US Constitution.

Not to mention guard his political flank — Obama knows his Republican enemies would pounce if a future terror attack could be pinned on restrictions he placed on spy agency capabilities.

The president’s speech will also be closely watched for any changes to the PRISM program, which mainly sweeps up Internet data on foreigners, based on records acquired from Internet companies like Google, Yahoo and Apple.

© AFP 2013


SecurityWeek RSS Feed

Obama to Unveil Spying Reforms on January 17

Posted on January 11, 2014 by in Security

WASHINGTON – US President Barack Obama will unveil reforms to the country’s spying activities on January 17, his spokesman said Friday, following a review of the National Security Agency (NSA).

White House spokesman Jay Carney said that Obama’s remarks next Friday would show the “outcomes of the work that has been done on the review process.”

The White House said on Thursday that the president was nearing the end of his soul searching about US spying reforms as he met lawmakers who oversee the intelligence community.

Obama met the delegation in Washington as part of consultations with players on all sides of the debate on how best to balance US security and privacy rights, following revelations of massive spy agency snooping by fugitive contractor Edward Snowden.

The meeting included several prominent critics of NSA phone and data sweeps. Obama says revelations over the program by Snowden have undermined public confidence in the work of the US intelligence community and reforms are needed.

Republican House Judiciary Committee Chairman Bob Goodlatte, who was one of the lawmakers in the meeting, called on the president to explain why such vast data mining programs — which spy chiefs say help piece together links between terror suspects worldwide — were necessary.

Senior US officials have indicated Obama is considering whether to permit the programs to continue while requiring data to be held either by technology companies or a third party instead of the NSA. Intelligence officers would have to obtain court permission to access the phone records.

© AFP 2013

Tags:


SecurityWeek RSS Feed

US Appeals Court Ruling Invalidating NSA Surveillance

Posted on January 6, 2014 by in Security

WASHINGTON – The US government said Friday it is appealing a judge’s ruling that the National Security Agency’s bulk collection of phone records is unconstitutional and “almost Orwellian.”

The Justice Department filed a notice of appeal with the court following last month’s ruling by Judge Richard Leon.

Arguments and briefs in the case will be filed at a later date.

The scathing December 16 ruling by the federal judge in Washington was stayed pending appeal, but if upheld it could lead to the spy agency being barred from indiscriminately monitoring millions of private calls.

“I cannot imagine a more indiscriminate and arbitrary invasion than this systematic and high-tech collection and retention of personal data on virtually every single citizen,” Leon said in his opinion.

It is among several court cases pending which challenge the vast surveillance programs spearheaded by NSA and disclosed in documents leaked by fugitive former NSA contractor Edward Snowden.

On December 27, Federal Judge William Pauley in New York dismissed a petition from the American Civil Liberties Union and said the NSA program on phone data was a vital tool to help prevent an Al-Qaeda terror attack on American soil. The ACLU said it would appeal that decision.

The apparently contradictory rulings make it likely the US Supreme Court will decide on the constitutionality of the NSA programs.

Separately Friday, a civil rights group asked the US Supreme Court to review a case challenging the authority of NSA surveillance.

The Center for Constitutional Rights petitioned the Supreme Court said the Snowden revelations provide new information which should lead the justices to revisit the matter.

“We have always been confident that our communications — including privileged attorney-client phone calls — were being unlawfully monitored by the NSA, but Edward Snowden’s revelations of a massive, indiscriminate NSA spying program changes the picture,” said CCR attorney Shayana Kadidal.

“Federal courts have dismissed surveillance cases, including ours, based on criteria established before Snowden’s documents proved that such concerns are obviously well-founded.”

In a related matter, more than 250 academics from around the world signed an online petition this week calling for an end to “blanket mass surveillance” by intelligence agencies.

The petition said revelations of mass surveillance in documents leaked Snowden violate “a fundamental right” protected by international treaties, including the International Covenant on Civil and Political Rights and the European Convention on Human Rights.

“This has to stop,” said the petition (academicsagainstsurveillance.net), an initiative of four academics from the University of Amsterdam.

“Without privacy people cannot freely express their opinions or seek and receive information. Moreover, mass surveillance turns the presumption of innocence into a presumption of guilt… secret and unfettered surveillance practices violate fundamental rights and the rule of law, and undermine democracy.

“The signatories of this declaration call upon nation states to take action. Intelligence agencies must be subjected to transparency and accountability. People must be free from blanket mass surveillance conducted by intelligence agencies from their own or foreign countries.”

The signatories include academics in the Netherlands, Britain, Germany and the United States.

Among them are Oxford University’s Joss Wright, Alessandro Acquisti of Carnegie Mellon University, Aleecia McDonald of the Center for Internet & Society at Stanford University and Bruce Schneier of the Berkman Institute for Internet and Society at Harvard Law School.

Other signatories included academics from Australia, Hong Kong and New Zealand.

On Thursday, a report indicated that the NSA is making strides toward building a “quantum computer” that could break nearly any kind of encryption.

The Washington Post said leaked documents from Snowden indicate the computer would allow the secret intelligence agency to break encryption used to protect banking, medical, business and government records around the world.

© AFP 2013


SecurityWeek RSS Feed

NSA Spying on Europe-Asia Undersea Telecom Cables: Report

Posted on December 29, 2013 by in Security

BERLIN – The US National Security Agency has collected sensitive data on key telecommunications cables between Europe, north Africa and Asia, German news magazine Der Spiegel reported Sunday citing classified documents.

Spiegel quoted NSA papers dating from February and labelled “top secret” and “not for foreigners” describing the agency’s success in spying on the so-called Sea-Me-We 4 undersea cable system.

The massive bundle of fibre optic cables originates near the southern French city of Marseille and links Europe with north Africa and the Gulf states, continuing through Pakistan and India to Malaysia and Thailand.

“Among the companies that hold ownership stakes in it are France Telecom, now known as Orange and still partly government-owned, and Telecom Italia Sparkle,” Spiegel said.

It said NSA specialists had hacked an internal website belonging to the operator consortium to mine documents about technical infrastructure including circuit mapping and network management information.

“More operations are planned in the future to collect more information about this and other cable systems,” Spiegel quoted the NSA documents as saying.

Der Spiegel has over the last several months reported on mass NSA spying on targets in the United States and abroad using documents provided by fugitive intelligence contractor Edward Snowden.

A White House-picked panel this month recommended curbing the secretive powers of the NSA, warning that its spying sweeps in the “war on terror” had gone too far.

US President Barack Obama plans to address the report in January.

© AFP 2013


SecurityWeek RSS Feed

Alleged NSA Payment to RSA Raises New Fears of Gov’t Undermining Crypto Security

Posted on December 23, 2013 by in Security

During the past several months, leaks about the NSA’s electronic surveillance operations have pooled into a river that has spilled into calls for reform.

The most recent drop in that river is a report from Reuters that the NSA paid RSA $ 10 million to ensure a vulnerable encryption algorithm was used by default in RSA’s BSAFE toolkit. RSA, now a division of EMC, denied ever entering into a contract or being involved in any project with the intention of weakening its products. Still, the report, which was based on sources familiar with the contract, has sparked additional questions about collusion between the tech industry and intelligence agencies.

“The bad part is – if the story is true – the very, very large downside is that it’s compromising a security product,” said John Pescatore, director of emerging security trends at SANS Institute. “It’s one thing if somebody buys a switch or a typewriter or whatever you are not expecting it to sort of protect you…crypto, you are. You’re buying security products with the assumption that the company selling them to you is selling the most secure products. So if NSA has been successful at getting companies like RSA or Microsoft or any of them to compromise the security of their products,  that’s sort of taking it to a different level than we have seen in the past.”

In September, leaks by former NSA contractor Edward Snowden led to media reports that the NSA had engaged in an to insert vulnerabilities into commerical encryption systems so that it could more easily decrypt communications. Last week, Reuters reported the agency created a backdoor in the Dual Elliptic Curve Deterministic Random Bit Generator (Dual EC DRBG) that could be exploited and then pushed for RSA to adopt it. Problems with the algorithm have been known for several years, though RSA continued to use it in BSAFE until NIST [National Institute of Standards and Technology] withdrew its support for the standard in September in the wake of growing concerns.  

Last week, the Obama administration’s Review Group on Intelligence and Communications Technologies released a report in which recommended the NSA abandon efforts to undermine cryptographic standards.

“The US Government should take additional steps to promote security, by (1) fully supporting and not undermining efforts to create encryption standards; (2) making clear that it will not in any way subvert, undermine, weaken, or make vulnerable generally available commercial encryption; and (3) supporting efforts to encourage the greater use of encryption technology for data in transit, at rest, in the cloud, and in storage,” according to the report.

“Recent press coverage has asserted that RSA entered into a “secret contract” with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries,” RSA said in a statement. “We categorically deny this allegation. We have worked with the NSA, both as a vendor and an active member of the security community. We have never kept this relationship a secret and in fact have openly publicized it. Our explicit goal has always been to strengthen commercial and government security.”

RSA also said it made the decision to use Dual EC DRBG back in 2004, two years before the Reuters’ report alleged NSA approached them with a deal. 

“We no longer know whom to trust,” blogged noted cryptographer Bruce Schneier today. “This is the greatest damage the NSA has done to the Internet, and will be the hardest to fix.”

Pescatore, who has worked for the NSA and U.S. Secret Service in the past, said it is a mistake for the NSA to be charged with both the offensive and defensive aspects of the cyber-war, and that the conflicting priorities of those roles can create a mindset where injecting security flaws into encryption standards make sense. Currently, both the NSA and the US Cyber Command are under the direction of NSA Director Gen. Keith Alexander. 

The idea of strong encryption getting into the wrong hands however should not be enough of a reason for the intelligence community to undermine encryption, Pescatore said. After all, if the NSA can find the backdoor, others can as well, he argued. 

“I do not think that there needs to be sort of reduced strength [in] security products in case the bad guys get a hold of them any more than I think people’s houses should use easy to pick locks just in case the police need to get in,” he said. 

Brian Prince is a Contributing Writer for SecurityWeek.

Previous Columns by Brian Prince:


SecurityWeek RSS Feed

AT&T to Join Rivals with ‘Transparency Report’

Posted on December 21, 2013 by in Security

WASHINGTON – AT&T said Friday it would join rivals in the tech and telecom sector in publishing a “transparency report” about demands for information from law enforcement agencies.

The announcement came a day after a similar announcement from sector rival Verizon, which follow releases from big technology firms including Google, Apple and Microsoft, and intense scrutiny of these firms in light of revelations of wide-ranging US government surveillance programs.

AT&T said in a statement it would release a semiannual report starting in early 2014 with information “to the extent permitted by laws and regulations.”

The report will include the total number of law enforcement agency requests in criminal cases, subpoenas, court orders and warrants.

AT&T said it believes that “any disclosures regarding classified information should come from the government, which is in the best position to determine what can be lawfully disclosed and would or would not harm national security.”

The telecom giant said that “protecting our customers’ information and privacy is paramount,” and that it complies with legal requests in the countries where it operates.

“We work hard to make sure that the requests or orders are valid and that our response to them is lawful,” the AT&T statement said.

“We’ve challenged court orders, subpoenas and other requests from local, state and federal governmental entities — and will continue to do so, if we believe they are unlawful. We do not allow any government agency to connect directly to our network to gather, review or retrieve our customers’ information.”

The announcements from AT&T and Verizon come after a period when the telecom firms were notably absent from a debate on disclosures about the scope of US surveillance programs from fugitive former intelligence contractor Edward Snowden.

But the telecom and tech firms are still barred from releasing data on national security requests from the FBI and US intelligence services.

A push by the tech sector to get authorization to release the sensitive data requests got a boost this week from an independent review board appointed by President Barack Obama, which recommended that this data be published.

Tech firms have said the sales overseas are being hurt by a perception that the US government can easily gain access to their networks.

© AFP 2013


SecurityWeek RSS Feed

Obama to Release Review Panel Report Into NSA Spy Sweeps

Posted on December 18, 2013 by in Security

WASHINGTON – The White House will release a review Wednesday calling for reforms in National Security Agency spying sweeps, exposed by Edward Snowden, which have angered US allies and raised legal and privacy concerns.

President Barack Obama’s spokesman Jay Carney said the report by a review panel was being released earlier than a planned date in January due to incomplete and inaccurate media reporting about its contents.

Obama met members of the review panel earlier on Wednesday to work through the 46 recommendations in the report.

“While we had intended to release the review group’s full report in January … given the inaccurate and incomplete reports in the press about the report’s content, we felt it was important to allow people to see the full report to draw their own conclusions,” Carney said.

“For that reason, we will be doing that this afternoon — releasing the full report.”

Obama commissioned the review panel report earlier this year in the wake of explosive revelations by fugitive intelligence contractor Snowden on the stunning scope of the NSA’s operations.

He has said he wants to strike a balance between keeping Americans safe from terrorist threats and safeguarding privacy rights guaranteed by the US Constitution.

The review board comprises former White House counter-terrorism advisor Richard Clarke; Michael Morell, the ex-deputy director of the CIA; Peter Swire, an official specializing in privacy and technology issues; constitutional law professor Geoffrey Stone; and Cass Sunstein, a former regulatory official in the Obama administration.

The president has said he would try to get the shady spy agency to restrain its Internet and phone data collection operations but is expected to allow them to continue in some form.

Obama is due to consider which of the recommendations he will accept and will then make a speech to the American people in January.

The release of the report comes with intense pressure building on the administration over the programs, from political opponents, the Internet industry and even the courts.

A federal judge in Washington this week ruled that NSA programs, which have scooped up millions of details on telephone calls and Internet traffic on Americans and foreigners, were probably unconstitutional.

The ruling opened a long legal battle which is likely to end up in the Supreme Court.

© AFP 2013


SecurityWeek RSS Feed

US, Britain Spying on Global Online Gaming World: Report

Posted on December 9, 2013 by in Security

US, Britain ‘Spying on Virtual World’: Report

WASHINGTON – US and British intelligence have been spying on the global online gaming world because they fear terrorists could use the hugely popular platform to plot attacks, a report said Monday.

Spies have created characters in the fantasy worlds of Second Life and World of Warcraft to carry out surveillance, recruit informers and collect data, The New York Times said, citing newly disclosed classified documents from fugitive US intelligence leaker Edward Snowden.

The report came as eight leading US-based technology companies called on Washington to overhaul its surveillance laws following months of revelations of online eavesdropping from the former National Security Agency (NSA) contractor.

“Fearing that terrorist or criminal networks could use the games to communicate secretly, move money or plot attacks, the documents show, intelligence operatives have entered terrain populated by digital avatars that include elves, gnomes and supermodels,” the Times said.

“The spies have created make-believe characters to snoop and to try to recruit informers, while also collecting data and contents of communications between players,” the report said.

It added: “Because militants often rely on features common to video games — fake identities, voice and text chats, a way to conduct financial transactions — American and British intelligence agencies worried that they might be operating there, according to the papers.”

The report cited a 2008 NSA paper that warned that the virtual games — played by millions of people the world over — allowed intelligence suspects “a way to hide in plain sight.”

The documents do not give any examples of success from the initiative, the report said, adding that experts and former intelligence officials said “that they knew of little evidence that terrorist groups viewed the games as havens to communicate and plot operations.”

The surveillance, which also included Microsoft’s Xbox Live, could raise privacy concerns, noted the newspaper.

Apple, Facebook, Google, Microsoft, Twitter, Yahoo, AOL and LinkedIn meanwhile wrote an open letter to President Barack Obama and the US Congress calling on Washington to lead the way in a worldwide reform of state-sponsored spying.

“We understand that governments have a duty to protect their citizens. But this summer’s revelations highlighted the urgent need to reform government surveillance practices worldwide,” the letter said.

© AFP 2013


SecurityWeek RSS Feed