07-06-2013, 00:51 #1
[EN] U.S. mining data from 9 leading Internet firms
By Barton Gellman and Laura Poitras, Updated: Thursday, June 6, 10:09 PM
The National Security Agency and the FBI are tapping directly into the central servers of nine leading U.S. Internet companies, extracting audio and video chats, photographs, e-mails, documents, and connection logs that enable analysts to track one target or trace a whole network of associates, according to a top-secret document obtained by The Washington Post.
The program, code-named PRISM, has not been made public until now. It may be the first of its kind. The NSA prides itself on stealing secrets and breaking codes, and it is accustomed to corporate partnerships that help it divert data traffic or sidestep barriers. But there has never been a Google or Facebook before, and it is unlikely that there are richer troves of valuable intelligence than the ones in Silicon Valley.
Equally unusual is the way the NSA extracts what it wants, according to the document: “Collection directly from the servers of these U.S. Service Providers: Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple.”
PRISM was launched from the ashes of President George W. Bush’s secret program of warrantless domestic surveillance in 2007, after news media disclosures, lawsuits and the Foreign Intelligence Surveillance Court forced the president to look for new authority.
Congress obliged with the Protect America Act in 2007 and the FISA Amendments Act of 2008, which immunized private companies that cooperated voluntarily with U.S. intelligence collection. PRISM recruited its first partner, Microsoft, and began six years of rapidly growing data collection beneath the surface of a roiling national debate on surveillance and privacy. Late last year, when critics in Congress sought changes in the FISA Amendments Act, the only lawmakers who knew about PRISM were bound by oaths of office to hold their tongues.
The court-approved program is focused on foreign communications traffic, which often flows through U.S. servers even when sent from one overseas location to another. Between 2004 and 2007, Bush administration lawyers persuaded federal FISA judges to issue surveillance orders in a fundamentally new form. Until then the government had to show probable cause that a particular “target” and “facility” were both connected to terrorism or espionage.
In four new orders, which remain classified, the court defined massive data sets as “facilities” and agreed to occasionally certify that the government had reasonable procedures in place to minimize collection of “U.S. persons” data without a warrant.
Several companies contacted by The Post said they had no knowledge of the program and responded only to individual requests for information.
“We do not provide any government organization with direct access to Facebook servers,” said Joe Sullivan, chief security officer for Facebook. “When Facebook is asked for data or information about specific individuals, we carefully scrutinize any such request for compliance with all applicable laws, and provide information only to the extent required by law.”
“We have never heard of PRISM,” an Apple spokesman said. “We do not provide any government agency with direct access to our servers, and any government agency requesting customer data must get a court order.”
Government officials and the document itself made clear that the NSA regarded the identities of its private partners as PRISM’s most sensitive secret, fearing that they would withdraw from the program if exposed. “98 percent of PRISM production is based on Yahoo, Google and Microsoft; we need to make sure we don’t harm these sources,” the briefing’s author wrote in his speaker’s notes.
An internal presentation of 41 briefing slides on PRISM, dated April 2013 and intended for senior analysts in the NSA’s Signals Intelligence Directorate, described the new tool as the most prolific contributor to the President’s Daily Brief, which cited PRISM data in 1,477 articles last year. According to the slides and other supporting materials obtained by The Post, “NSA reporting increasingly relies on PRISM” as its leading source of raw material, accounting for nearly 1 in 7 intelligence reports.
That is a remarkable figure in an agency that measures annual intake in the trillions of communications. It is all the more striking because the NSA, whose lawful mission is foreign intelligence, is reaching deep inside the machinery of American companies that host hundreds of millions of American-held accounts on American soil.
The technology companies, which knowingly participate in PRISM operations, include most of the dominant global players of Silicon Valley, according to the document. They are listed on a roster that bears their logos in order of entry into the program: “Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple.” PalTalk, although much smaller, has hosted significant traffic during the Arab Spring and in the ongoing Syrian civil war.
Dropbox, the cloud storage and synchronization service, is described as “coming soon.”
Government officials declined to comment for this article.
“I would just push back on the idea that the court has signed off on it, so why worry?” said Jameel Jaffer, deputy legal director of the American Civil Liberties Union. “This is a court that meets in secret, allows only the government to appear before it, and publishes almost none of its opinions. It has never been an effective check on government.”
Roots in the ’70s
PRISM is an heir, in one sense, to a history of intelligence alliances with as many as 100 trusted U.S. companies since the 1970s. The NSA calls these Special Source Operations, and PRISM falls under that rubric.
The Silicon Valley operation works alongside a parallel program, code-named BLARNEY, that gathers up “metadata” — address packets, device signatures and the like — as it streams past choke points along the backbone of the Internet. BLARNEY’s top-secret program summary, set down alongside a cartoon insignia of a shamrock and a leprechaun hat, describes it as “an ongoing collection program that leverages IC [intelligence community] and commercial partnerships to gain access and exploit foreign intelligence obtained from global networks.”
07-06-2013, 00:57 #2
But the PRISM program appears to more nearly resemble the most controversial of the warrantless surveillance orders issued by President George W. Bush after the al-Qaeda attacks of Sept. 11, 2001. Its history, in which President Obama presided over exponential growth in a program that candidate Obama criticized, shows how fundamentally surveillance law and practice have shifted away from individual suspicion in favor of systematic, mass collection techniques.
The PRISM program is not a dragnet, exactly. From inside a company’s data stream the NSA is capable of pulling out anything it likes, but under current rules the agency does not try to collect it all.
Analysts who use the system from a Web portal in Fort Meade, Md., key in “selectors,” or search terms, that are designed to produce at least 51 percent confidence in a target’s “foreignness.” That is not a very stringent test. Training materials obtained by The Post instruct new analysts to submit accidentally collected U.S. content for a quarterly report but add that “it’s nothing to worry about.”
Even when the system works just as advertised, with no American singled out for targeting, the NSA routinely collects a great deal of American content. That is described as “incidental,” and it is inherent in contact chaining, one of the basic tools of the trade. To collect on a suspected spy or foreign terrorist means, at minimum, that everyone in the suspect’s inbox or outbox is swept in. Intelligence analysts are typically taught to chain through contacts two “hops” out from their target, which increases “incidental collection” exponentially. The same math explains the aphorism, from the John Guare play, that no one is more than “six degrees of separation” from any other person.
Sens. Ron Wyden (D-Ore.) and Mark Udall (D-Colo.), who had classified knowledge of the program as members of the Senate Intelligence Committee, were unable to speak of it when they warned in a Dec. 27, 2012, floor debate that the FISA Amendments Act had what both of them called a “back-door search loophole” for the content of innocent Americans who were swept up in a search for someone else.
“As it is written, there is nothing to prohibit the intelligence community from searching through a pile of communications, which may have been incidentally or accidentally been collected without a warrant, to deliberately search for the phone calls or e-mails of specific Americans.”
In exchange for immunity from lawsuits, companies such as Yahoo and AOL are obliged to accept a “directive” from the attorney general and the director of national intelligence to open their servers to the FBI’s Data Intercept Technology Unit, which handles liaison to U.S. companies from the NSA. In 2008, Congress gave the Justice Department authority for a secret order from the Foreign Surveillance Intelligence Court to compel a reluctant company “to comply.”
In practice, there is room for a company to maneuver, delay or resist. When a clandestine intelligence program meets a highly regulated industry, said a lawyer with experience in bridging the gaps, neither side wants to risk a public fight. The engineering problems are so immense, in systems of such complexity and frequent change, that the FBI and NSA would be hard pressed to build in back doors without active help from each company.
Apple demonstrated that resistance is possible when it held out for more than five years, for reasons unknown, after Microsoft became PRISM’s first corporate partner in May 2007. Twitter, which has cultivated a reputation for aggressive defense of its users’ privacy, is still conspicuous by its absence from the list of “private sector partners.”
“Google cares deeply about the security of our users’ data,” a company spokesman said. “We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government ‘back door’ into our systems, but Google does not have a ‘back door’ for the government to access private user data.”
Like market researchers, but with far more privileged access, collection managers in the NSA’s Special Source Operations group, which oversees the PRISM program, are drawn to the wealth of information about their subjects in online accounts. For much the same reason, civil libertarians and some ordinary users may be troubled by the menu available to analysts who hold the required clearances to “task” the PRISM system.
There has been “continued exponential growth in tasking to Facebook and Skype,” according to the PRISM slides. With a few clicks and an affirmation that the subject is believed to be engaged in terrorism, espionage or nuclear proliferation, an analyst obtains full access to Facebook’s “extensive search and surveillance capabilities against the variety of online social networking services.”
According to a separate “User’s Guide for PRISM Skype Collection,” that service can be monitored for audio when one end of the call is a conventional telephone and for any combination of “audio, video, chat, and file transfers” when Skype users connect by computer alone. Google’s offerings include Gmail, voice and video chat, Google Drive files, photo libraries, and live surveillance of search terms.
Firsthand experience with these systems, and horror at their capabilities, is what drove a career intelligence officer to provide PowerPoint slides about PRISM and supporting materials to The Washington Post in order to expose what he believes to be a gross intrusion on privacy. “They quite literally can watch your ideas form as you type,” the officer said.
Poitras is a documentary filmmaker and MacArthur Fellow. Julie Tate and Robert O’Harrow Jr. contributed to this report.
Graphic: NSA slides explain the PRISM data-collection program
U.S Intelligence mining data from nine U.S. Internet companies in broad secret program
07-06-2013, 01:06 #3
‘No Such Agency’ spies on the communications of the world
By Anne Gearan, Updated: Thursday, June 6, 6:35 PM
The National Security Agency, nicknamed “No Such Agency” because of its ultra-secrecy, is the government’s eavesdropper-in-chief.
Charged primarily with electronic spying around the globe, the NSA collects billions of pieces of intelligence from foreign phone calls, e-mail and other communications. But in the past two days, the focus has shifted to its role in compiling massive amounts of the same information on millions of ordinary Americans.
Regarded as the most secretive of the nation’s intelligence agencies, the NSA is part of the military but answers to the director of national intelligence. Its major operations are housed in uber-
secrecy at Maryland’s Fort Meade Army base, the site of the court-martial of Pfc. Bradley Manning, who is charged with stealing government electronic communications and passing them to ***the anti-secrecy organization WikiLeaks.
The agency is so secretive that estimates of the number of employees range from the official figure of about 35,000 to as high as 55,000. In addition to its main campus behind the walls of Fort Meade, the NSA will operate a new surveillance center in the Utah desert. The million-square-foot building will cost about $2 billion when it’s finished, perhaps as early as the fall.
The center is designed to capture all forms of communication for the nation’s intelligence agencies, ranging from e-mail and cellphone calls to Internet searches and personal data. James Bamford, a best-selling author who has written extensively about the NSA in books with telling titles including “The Puzzle Palace” and “The Shadow Factory,” has estimated the surveillance center could store data equal to 500 quintillion pages.
“It’s the largest intelligence agency in the world,” Bamford said in an interview Thursday. And what it produces “is far more accurate and has far more intelligence value than human intelligence.”
That’s one way of saying that the NSA, with its charge to vacuum up all manner of electronic intelligence, can quickly paint a more accurate picture of a person or network than is possible by piecing together information gathered by old-fashioned human spies.
Protecting U.S. secrets and cracking the codes of its enemies are as old as the war for independence. The NSA’s origins are traced to military radio interceptions and code breaking during World Wars I and II.
In the decades that followed, the agency’s mission expanded dramatically, following advances in communications. The result is that the NSA has grown into the largest and most technologically sophisticated spying organization in the nation and possibly the world. And, in the view of some civil liberties experts, it is one of the most intrusive.
Today, the agency listens to millions of phone calls worldwide, analyzes the content and cracks codes, all essentially defensive activities. Little is known about the other side of the coin: the extent of the offensive work by the NSA, such as planting computer viruses or otherwise disrupting suspected terrorist communications.
Declassified documents show that since at least 1997, the NSA has been charged with developing ways to attack hostile computer networks. For example, the Stuxnet virus, developed to damage Iran’s nuclear programs, was a collaboration between scientists and technicians at the NSA and their counterparts within the espionage apparatus of the Israeli government, according to U.S. officials.
The NSA’s main mission remains collecting and analyzing electronic data. But since the Sept. 11, 2001, terror attacks, the agency has increasingly focused on protecting U.S. government computer networks.
The budget is classified. Matthew Aid, who wrote a 2009 history of the agency based largely on declassified documents, estimated the annual budget at $8 billion at that time. No one thinks it has dropped since then.
Aid estimates that NSA personnel could number as high as 55,000, including 30,000 military and civilian employees in the United States and overseas for the agency and an additional 25,000 monitoring and intercepting phone calls, radio signals and radar for the military branches.
Gen. Keith B. Alexander took over as head of the NSA in 2005. More recently, he also became head of U.S. Cyber Command, which develops new types of warfare.
At the end of Alexander’s first year at the NSA, the New York Times disclosed that the George W. Bush administration had authorized the agency to run a vast, warrantless domestic spying program. The extensive surveillance has continued under the Obama administration, although officials contend it operates within the parameters of the Patriot Act.
Two weeks ago at a conference in Washington, Alexander argued that the NSA has its hands full keeping tabs on potential terrorists and does not have the bandwidth to read the 420 billion e-mails generated by Americans daily. Some foreign governments are trying to do just that, he said.
“The great irony is we’re the only ones not spying on the American people,” the Reuters news agency quoted him as saying.
Max Fisher contributed to this report.
‘No Such Agency’ spies on the communications of the world - The Washington Post
07-06-2013, 01:11 #4
NSA collecting phone records of millions of Verizon customers daily
Exclusive: Top secret court order requiring Verizon to hand over all call data shows scale of domestic surveillance under Obama
The National Security Agency is currently collecting the telephone records of millions of US customers of Verizon, one of America's largest telecoms providers, under a top secret court order issued in April.
The order, a copy of which has been obtained by the Guardian, requires Verizon on an "ongoing, daily basis" to give the NSA information on all telephone calls in its systems, both within the US and between the US and other countries.
The document shows for the first time that under the Obama administration the communication records of millions of US citizens are being collected indiscriminately and in bulk – regardless of whether they are suspected of any wrongdoing.
The secret Foreign Intelligence Surveillance Court (Fisa) granted the order to the FBI on April 25, giving the government unlimited authority to obtain the data for a specified three-month period ending on July 19.
Under the terms of the blanket order, the numbers of both parties on a call are handed over, as is location data, call duration, unique identifiers, and the time and duration of all calls. The contents of the conversation itself are not covered.
The disclosure is likely to reignite longstanding debates in the US over the proper extent of the government's domestic spying powers.
Under the Bush administration, officials in security agencies had disclosed to reporters the large-scale collection of call records data by the NSA, but this is the first time significant and top-secret documents have revealed the continuation of the practice on a massive scale under President Obama.
The unlimited nature of the records being handed over to the NSA is extremely unusual. Fisa court orders typically direct the production of records pertaining to a specific named target who is suspected of being an agent of a terrorist group or foreign state, or a finite set of individually named targets.
The Guardian approached the National Security Agency, the White House and the Department of Justice for comment in advance of publication on Wednesday. All declined. The agencies were also offered the opportunity to raise specific security concerns regarding the publication of the court order.
The court order expressly bars Verizon from disclosing to the public either the existence of the FBI's request for its customers' records, or the court order itself.
"We decline comment," said Ed McFadden, a Washington-based Verizon spokesman.
The order, signed by Judge Roger Vinson, compels Verizon to produce to the NSA electronic copies of "all call detail records or 'telephony metadata' created by Verizon for communications between the United States and abroad" or "wholly within the United States, including local telephone calls".
The order directs Verizon to "continue production on an ongoing daily basis thereafter for the duration of this order". It specifies that the records to be produced include "session identifying information", such as "originating and terminating number", the duration of each call, telephone calling card numbers, trunk identifiers, International Mobile Subscriber Identity (IMSI) number, and "comprehensive communication routing information".
The information is classed as "metadata", or transactional information, rather than communications, and so does not require individual warrants to access. The document also specifies that such "metadata" is not limited to the aforementioned items. A 2005 court ruling judged that cell site location data – the nearest cell tower a phone was connected to – was also transactional data, and so could potentially fall under the scope of the order.
While the order itself does not include either the contents of messages or the personal information of the subscriber of any particular cell number, its collection would allow the NSA to build easily a comprehensive picture of who any individual contacted, how and when, and possibly from where, retrospectively.
It is not known whether Verizon is the only cell-phone provider to be targeted with such an order, although previous reporting has suggested the NSA has collected cell records from all major mobile networks. It is also unclear from the leaked document whether the three-month order was a one-off, or the latest in a series of similar orders.
The court order appears to explain the numerous cryptic public warnings by two US senators, Ron Wyden and Mark Udall, about the scope of the Obama administration's surveillance activities.
For roughly two years, the two Democrats have been stridently advising the public that the US government is relying on "secret legal interpretations" to claim surveillance powers so broad that the American public would be "stunned" to learn of the kind of domestic spying being conducted.
Because those activities are classified, the senators, both members of the Senate intelligence committee, have been prevented from specifying which domestic surveillance programs they find so alarming. But the information they have been able to disclose in their public warnings perfectly tracks both the specific law cited by the April 25 court order as well as the vast scope of record-gathering it authorized.
Julian Sanchez, a surveillance expert with the Cato Institute, explained: "We've certainly seen the government increasingly strain the bounds of 'relevance' to collect large numbers of records at once — everyone at one or two degrees of separation from a target — but vacuuming all metadata up indiscriminately would be an extraordinary repudiation of any pretence of constraint or particularized suspicion." The April order requested by the FBI and NSA does precisely that.
The law on which the order explicitly relies is the so-called "business records" provision of the Patriot Act, 50 USC section 1861. That is the provision which Wyden and Udall have repeatedly cited when warning the public of what they believe is the Obama administration's extreme interpretation of the law to engage in excessive domestic surveillance.
In a letter to attorney general Eric Holder last year, they argued that "there is now a significant gap between what most Americans think the law allows and what the government secretly claims the law allows."
"We believe," they wrote, "that most Americans would be stunned to learn the details of how these secret court opinions have interpreted" the "business records" provision of the Patriot Act.
Privacy advocates have long warned that allowing the government to collect and store unlimited "metadata" is a highly invasive form of surveillance of citizens' communications activities. Those records enable the government to know the identity of every person with whom an individual communicates electronically, how long they spoke, and their location at the time of the communication.
Such metadata is what the US government has long attempted to obtain in order to discover an individual's network of associations and communication patterns. The request for the bulk collection of all Verizon domestic telephone records indicates that the agency is continuing some version of the data-mining program begun by the Bush administration in the immediate aftermath of the 9/11 attack.
The NSA, as part of a program secretly authorized by President Bush on 4 October 2001, implemented a bulk collection program of domestic telephone, internet and email records. A furore erupted in 2006 when USA Today reported that the NSA had "been secretly collecting the phone call records of tens of millions of Americans, using data provided by AT&T, Verizon and BellSouth" and was "using the data to analyze calling patterns in an effort to detect terrorist activity." Until now, there has been no indication that the Obama administration implemented a similar program.
These recent events reflect how profoundly the NSA's mission has transformed from an agency exclusively devoted to foreign intelligence gathering, into one that focuses increasingly on domestic communications. A 30-year employee of the NSA, William Binney, resigned from the agency shortly after 9/11 in protest at the agency's focus on domestic activities.
In the mid-1970s, Congress, for the first time, investigated the surveillance activities of the US government. Back then, the mandate of the NSA was that it would never direct its surveillance apparatus domestically.
At the conclusion of that investigation, Frank Church, the Democratic senator from Idaho who chaired the investigative committee, warned: "The NSA's capability at any time could be turned around on the American people, and no American would have any privacy left, such is the capability to monitor everything: telephone conversations, telegrams, it doesn't matter."
Additional reporting by Ewen MacAskill and Spencer Ackerman
NSA collecting phone records of millions of Verizon customers daily | World news | The Guardian
07-06-2013, 01:19 #5
NSA taps in to internet giants' systems to mine user data, secret files reveal
Top secret PRISM program claims direct access to servers of firms including Google, Facebook and Apple
The National Security Agency has obtained direct access to the systems of Google, Facebook, Apple and other US internet giants, according to a top secret document obtained by the Guardian.
The NSA access is part of a previously undisclosed program called PRISM, which allows officials to collect material including search history, the content of emails, file transfers and live chats, the document says.
The Guardian has verified the authenticity of the document, a 41-slide PowerPoint presentation – classified as top secret with no distribution to foreign allies – which was apparently used to train intelligence operatives on the capabilities of the program. The document claims "collection directly from the servers" of major US service providers.
Although the presentation claims the program is run with the assistance of the companies, all those who responded to a Guardian request for comment on Thursday denied knowledge of any such program.
In a statement, Google said: "Google cares deeply about the security of our users' data. We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government 'back door' into our systems, but Google does not have a back door for the government to access private user data."
Several senior tech executives insisted that they had no knowledge of PRISM or of any similar scheme. They said they would never have been involved in such a program. "If they are doing this, they are doing it without our knowledge," one said.
An Apple spokesman said it had "never heard" of PRISM.
The NSA access was enabled by changes to US surveillance law introduced under President Bush and renewed under Obama in December 2012.
he program facilitates extensive, in-depth surveillance on live communications and stored information. The law allows for the targeting of any customers of participating firms who live outside the US, or those Americans whose communications include people outside the US.
It also opens the possibility of communications made entirely within the US being collected without warrants.
Disclosure of the PRISM program follows a leak to the Guardian on Wednesday of a top-secret court order compelling telecoms provider Verizon to turn over the telephone records of millions of US customers.
The participation of the internet companies in PRISM will add to the debate, ignited by the Verizon revelation, about the scale of surveillance by the intelligence services. Unlike the collection of those call records, this surveillance can include the content of communications and not just the metadata.
Some of the world's largest internet brands are claimed to be part of the information-sharing program since its introduction in 2007. Microsoft – which is currently running an advertising campaign with the slogan "Your privacy is our priority" – was the first, with collection beginning in December 2007.
It was followed by Yahoo in 2008; Google, Facebook and PalTalk in 2009; YouTube in 2010; Skype and AOL in 2011; and finally Apple, which joined the program in 2012. The program is continuing to expand, with other providers due to come online.
Collectively, the companies cover the vast majority of online email, search, video and communications networks.
The extent and nature of the data collected from each company varies.
Companies are legally obliged to comply with requests for users' communications under US law, but the PRISM program allows the intelligence services direct access to the companies' servers. The NSA document notes the operations have "assistance of communications providers in the US".
The revelation also supports concerns raised by several US senators during the renewal of the Fisa Amendments Act in December 2012, who warned about the scale of surveillance the law might enable, and shortcomings in the safeguards it introduces.
When the FAA was first enacted, defenders of the statute argued that a significant check on abuse would be the NSA's inability to obtain electronic communications without the consent of the telecom and internet companies that control the data. But the PRISM program renders that consent unnecessary, as it allows the agency to directly and unilaterally seize the communications off the companies' servers.
A chart prepared by the NSA, contained within the top-secret document obtained by the Guardian, underscores the breadth of the data it is able to obtain: email, video and voice chat, videos, photos, voice-over-IP (Skype, for example) chats, file transfers, social networking details, and more.
The document is recent, dating to April 2013. Such a leak is extremely rare in the history of the NSA, which prides itself on maintaining a high level of secrecy.
The PRISM program allows the NSA, the world's largest surveillance organisation, to obtain targeted communications without having to request them from the service providers and without having to obtain individual court orders.
07-06-2013, 01:20 #6
With this program, the NSA is able to reach directly into the servers of the participating companies and obtain both stored communications as well as perform real-time collection on targeted users.
The presentation claims PRISM was introduced to overcome what the NSA regarded as shortcomings of Fisa warrants in tracking suspected foreign terrorists. It noted that the US has a "home-field advantage" due to housing much of the internet's architecture. But the presentation claimed "Fisa constraints restricted our home-field advantage" because Fisa required individual warrants and confirmations that both the sender and receiver of a communication were outside the US.
"Fisa was broken because it provided privacy protections to people who were not entitled to them," the presentation claimed. "It took a Fisa court order to collect on foreigners overseas who were communicating with other foreigners overseas simply because the government was collecting off a wire in the United States. There were too many email accounts to be practical to seek Fisas for all."
The new measures introduced in the FAA redefines "electronic surveillance" to exclude anyone "reasonably believed" to be outside the USA – a technical change which reduces the bar to initiating surveillance.
The act also gives the director of national intelligence and the attorney general power to permit obtaining intelligence information, and indemnifies internet companies against any actions arising as a result of co-operating with authorities' requests.
In short, where previously the NSA needed individual authorisations, and confirmation that all parties were outside the USA, they now need only reasonable suspicion that one of the parties was outside the country at the time of the records were collected by the NSA.
The document also shows the FBI acts as an intermediary between other agencies and the tech companies, and stresses its reliance on the participation of US internet firms, claiming "access is 100% dependent on ISP provisioning".
In the document, the NSA hails the PRISM program as "one of the most valuable, unique and productive accesses for NSA".
It boasts of what it calls "strong growth" in its use of the PRISM program to obtain communications. The document highlights the number of obtained communications increased in 2012 by 248% for Skype – leading the notes to remark there was "exponential growth in Skype reporting; looks like the word is getting out about our capability against Skype". There was also a 131% increase in requests for Facebook data, and 63% for Google.
The NSA document indicates that it is planning to add Dropbox as a PRISM provider. The agency also seeks, in its words, to "expand collection services from existing providers".
The revelations echo fears raised on the Senate floor last year during the expedited debate on the renewal of the FAA powers which underpin the PRISM program, which occurred just days before the act expired.
Senator Christopher Coons of Delaware specifically warned that the secrecy surrounding the various surveillance programs meant there was no way to know if safeguards within the act were working.
"The problem is: we here in the Senate and the citizens we represent don't know how well any of these safeguards actually work," he said.
"The law doesn't forbid purely domestic information from being collected. We know that at least one Fisa court has ruled that the surveillance program violated the law. Why? Those who know can't say and average Americans can't know."
Other senators also raised concerns. Senator Ron Wyden of Oregon attempted, without success, to find out any information on how many phone calls or emails had been intercepted under the program.
When the law was enacted, defenders of the FAA argued that a significant check on abuse would be the NSA's inability to obtain electronic communications without the consent of the telecom and internet companies that control the data. But the PRISM program renders that consent unnecessary, as it allows the agency to directly and unilaterally seize the communications off the companies' servers.
When the NSA reviews a communication it believes merits further investigation, it issues what it calls a "report". According to the NSA, "over 2,000 PRISM-based reports" are now issued every month. There were 24,005 in 2012, a 27% increase on the previous year.
In total, more than 77,000 intelligence reports have cited the PRISM program.
Jameel Jaffer, director of the ACLU's Center for Democracy, that it was astonishing the NSA would even ask technology companies to grant direct access to user data.
"It's shocking enough just that the NSA is asking companies to do this," he said. "The NSA is part of the military. The military has been granted unprecedented access to civilian communications.
"This is unprecedented militarisation of domestic communications infrastructure. That's profoundly troubling to anyone who is concerned about that separation."
A senior administration official said in a statement: "The Guardian and Washington Post articles refer to collection of communications pursuant to Section 702 of the Foreign Intelligence Surveillance Act. This law does not allow the targeting of any US citizen or of any person located within the United States.
"The program is subject to oversight by the Foreign Intelligence Surveillance Court, the Executive Branch, and Congress. It involves extensive procedures, specifically approved by the court, to ensure that only non-US persons outside the US are targeted, and that minimize the acquisition, retention and dissemination of incidentally acquired information about US persons.
"This program was recently reauthorized by Congress after extensive hearings and debate.
"Information collected under this program is among the most important and valuable intelligence information we collect, and is used to protect our nation from a wide variety of threats.
"The Government may only use Section 702 to acquire foreign intelligence information, which is specifically, and narrowly, defined in the Foreign Intelligence Surveillance Act. This requirement applies across the board, regardless of the nationality of the target."
Additional reporting by James Ball and Dominic Rushe
NSA has direct access to tech giants' systems for user data, secret files reveal | World news | The Guardian
07-06-2013, 02:32 #7
US spy chief clarifies Internet tapping policy
US spy chief James Clapper has admitted the government collects communications from Internet firms, but says the policy only targets "non-US persons".
The director of national intelligence was responding to articles about an alleged secret programme, Prism.
The Washington Post said US agencies tapped directly into the servers of nine internet firms to track people.
But leading US internet giants denied giving government agents direct access to their central servers.
The reports about Prism will raise fresh questions about how far the US government should encroach on citizens' privacy in the interests of national security.
Earlier on Thursday, the National Security Agency (NSA) confirmed that it had been secretly collecting millions of phone records.
Prism was reportedly developed in 2007 out of a programme of domestic surveillance without warrants that was set up by President George W Bush after the 9/11 attacks.
Prism reportedly does not collect user data, but is able to pull out material that matches a set of search terms.
In a statement late on Thursday, Mr Clapper said reports by the Washington Post and by the Guardian about Prism contained "numerous inaccuracies," although he did not offer any details.
He said the communications-collection programme was "designed to facilitate the acquisition of foreign intelligence information concerning non-US persons located outside the United States".
"It cannot be used to intentionally target any US citizen, any other US person, or anyone located within the United States," he added.
Mr Clapper said the programme, under Section 702 of the Foreign Intelligence Surveillance Act, was recently reauthorised by Congress after hearings and debate.
"Information collected under this program is among the most important and valuable foreign intelligence information we collect, and is used to protect our nation from a wide variety of threats," he added.
But while US citizens were not intended to be the targets of surveillance, the Washington Post says large quantities of content from Americans are nevertheless screened in order to track or learn more about the target.
The data gathered through Prism has grown to become a major contributor to the president's daily briefing and accounts for almost one in seven intelligence reports, it adds.
The Washington Post named the nine companies participating in the programme as Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube and Apple.
Microsoft said in a statement to the BBC that it only turned over customer data when given a legally binding order, and only complied with orders for specific accounts.
"If the government has a broader voluntary national security program to gather customer data we don't participate in it," Microsoft said.
Meanwhile, Yahoo, Apple and Facebook said they did not give the government direct access to their servers.
In a statement, Google said: "Google does not have a 'back door' for the government to access private user data."
On Wednesday, it emerged that the NSA was collecting the phone records of tens of millions of Americans, after the Guardian published a secret order for the Verizon phone company to hand over its records.
Mr Clapper said late on Thursday that the report about the court order "threatens potentially long-lasting and irreversible harm to our ability to identify and respond to the many threats facing our nation".
A senior congressman, House intelligence committee chairman Mike Rogers, told reporters that collecting Americans' phone records was legal, authorised by Congress and had not been abused by the Obama administration.
He also said it had prevented a "significant" attack on the US "within the past few years", but declined to offer more information.
The order requires Verizon - one of the largest phone companies in the US - to disclose to the NSA the metadata of all calls it processes, both domestic and international, in which at least one party is in the US.
Such metadata includes telephone numbers, calling card numbers, the serial numbers of phones used and the time and duration of calls. It does not include the content of a call or the callers' addresses or financial information.
BBC News - US spy chief clarifies internet tapping policy
07-06-2013, 02:34 #8
NSA Building $860 Million Data Center in Maryland
By: Rich Miller
June 6th, 2013
As its current data collection makes headlines, the National Security Agency is continuing to expand its data storage and processing capabilities. The agency recently broke ground on an $860 million data center at Fort Meade, Maryland that will span more than 600,000 square feet, including 70,000 square feet of technical space.
Last month the NSA and the U.S. Army Corps of Engineers began building the High Performance Computing Center-2, an NSA-run facility that will be located on base at Fort Meade, which is home to much of the agency’s existing data center operations. The data center will be supported by 60 megawatts of power capacity, and will use both air-cooled and liquid-cooled equipment.
The NSA is already building a massive data center in Utah, investing up to $1.5 billion in a project that will feature up to 1 million square feet of facilities.
The construction at Fort Meade will see investment of $400 million in fiscal 2013 and $431 million in fiscal 2014. Up to 6,000 workers will be involved in the construction and development phase, the NSA said.
Scheduled for completion in 2016, the center’s mission will be to protect national security networks and providing U.S. authorities with intelligence and warnings about cyber threats. The project is part of the Comprehensive National Cybersecurity Initiative (CNCI), which the White House launched in 2008 to provide a unified approach to securing America’s digital infrastructure.
“With this new state-of-the-art computing center, Maryland and the NSA will continue to protect America from cyber terrorists, spies, and thugs,” said Sen. Barbara A. Mikulski of Maryland, Chairwoman of the Appropriations Committee and senior member of the Senate Select Committee on Intelligence. “Maryland is the global epicenter of cybersecurity, leading the way in finding cyber-tech solutions that make our country safer, and creating cyber-warrior jobs that make our economy stronger.”
07-06-2013, 02:57 #9
NYT: President Obama’s Dragnet
Within hours of the disclosure that federal authorities routinely collect data on phone calls Americans make, regardless of whether they have any bearing on a counterterrorism investigation, the Obama administration issued the same platitude it has offered every time President Obama has been caught overreaching in the use of his powers: Terrorists are a real menace and you should just trust us to deal with them because we have internal mechanisms (that we are not going to tell you about) to make sure we do not violate your rights.
Those reassurances have never been persuasive — whether on secret warrants to scoop up a news agency’s phone records or secret orders to kill an American suspected of terrorism — especially coming from a president who once promised transparency and accountability.
The administration has now lost all credibility on this issue. Mr. Obama is proving the truism that the executive branch will use any power it is given and very likely abuse it. That is one reason we have long argued that the Patriot Act, enacted in the heat of fear after the Sept. 11, 2001, attacks by members of Congress who mostly had not even read it, was reckless in its assignment of unnecessary and overbroad surveillance powers.
Based on an article in The Guardian published Wednesday night, we now know that the Federal Bureau of Investigation and the National Security Agency used the Patriot Act to obtain a secret warrant to compel Verizon’s business services division to turn over data on every single call that went through its system. We know that this particular order was a routine extension of surveillance that has been going on for years, and it seems very likely that it extends beyond Verizon’s business division. There is every reason to believe the federal government has been collecting every bit of information about every American’s phone calls except the words actually exchanged in those calls.
Articles in The Washington Post and The Guardian described a process by which the N.S.A. is also able to capture Internet communications directly from the servers of nine leading American companies. The articles raised questions about whether the N.S.A. separated foreign communications from domestic ones.
A senior administration official quoted in The Times online Thursday afternoon about the Verizon order offered the lame observation that the information does not include the name of any caller, as though there would be the slightest difficulty in matching numbers to names. He said the information “has been a critical tool in protecting the nation from terrorist threats,” because it allows the government “to discover whether known or suspected terrorists have been in contact with other persons who may be engaged in terrorist activities, particularly people located inside the United States.”
That is a vital goal, but how is it served by collecting everyone’s call data? The government can easily collect phone records (including the actual content of those calls) on “known or suspected terrorists” without logging every call made. In fact, the Foreign Intelligence Surveillance Act was expanded in 2008 for that very purpose.
Essentially, the administration is saying that without any individual suspicion of wrongdoing, the government is allowed to know whom Americans are calling every time they make a phone call, for how long they talk and from where.
This sort of tracking can reveal a lot of personal and intimate information about an individual. To casually permit this surveillance — with the American public having no idea that the executive branch is now exercising this power — fundamentally shifts power between the individual and the state, and it repudiates constitutional principles governing search, seizure and privacy.
The defense of this practice offered by Senator Dianne Feinstein of California, who as chairwoman of the Senate Intelligence Committee is supposed to be preventing this sort of overreaching, was absurd. She said on Thursday that the authorities need this information in case someone might become a terrorist in the future. Senator Saxby Chambliss of Georgia, the vice chairman of the committee, said the surveillance has “proved meritorious, because we have gathered significant information on bad guys and only on bad guys over the years.”
But what assurance do we have of that, especially since Ms. Feinstein went on to say that she actually did not know how the data being collected was used?
The senior administration official quoted in The Times said the executive branch internally reviews surveillance programs to ensure that they “comply with the Constitution and laws of the United States and appropriately protect privacy and civil liberties.”
That’s no longer good enough. Mr. Obama clearly had no intention of revealing this eavesdropping, just as he would not have acknowledged the killing of Anwar al-Awlaki, an American citizen, had it not been reported in the press. Even then, it took him more than a year and a half to acknowledge the killing, and he is still keeping secret the protocol by which he makes such decisions.
We are not questioning the legality under the Patriot Act of the court order disclosed by The Guardian. But we strongly object to using that power in this manner. It is the very sort of thing against which Mr. Obama once railed, when he said in 2007 that the surveillance policy of the George W. Bush administration “puts forward a false choice between the liberties we cherish and the security we provide.”
Two Democrats on the Senate Intelligence Committee, Ron Wyden of Oregon and Mark Udall of Colorado, have raised warnings about the government’s overbroad interpretation of its surveillance powers. “We believe most Americans would be stunned to learn the details of how these secret court opinions have interpreted Section 215 of the Patriot Act,” they wrote last year in a letter to Attorney General Eric Holder Jr. “As we see it, there is now a significant gap between what most Americans think the law allows and what the government secretly claims the law allows. This is a problem, because it is impossible to have an informed public debate about what the law should say when the public doesn’t know what its government thinks the law says.”
On Thursday, Representative Jim Sensenbrenner, Republican of Wisconsin, who introduced the Patriot Act in 2001, said that the National Security Agency overstepped its bounds by obtaining a secret order to collect phone log records from millions of Americans.
“As the author of the Patriot Act, I am extremely troubled by the F.B.I.’s interpretation of this legislation,” he said in a statement. “While I believe the Patriot Act appropriately balanced national security concerns and civil rights, I have always worried about potential abuses.” He added: “Seizing phone records of millions of innocent people is excessive and un-American.”
Stunning use of the act shows, once again, why it needs to be sharply curtailed if not repealed.
07-06-2013, 16:55 #10
Obama diz que programas de espionagem contam com 'amplo apoio' bipartidárioWashington, 7 jun (EFE).- O presidente americano, Barack Obama, assegurou nesta sexta-feira que os programas de espionagem de chamadas e comunicações na Internet contam com um 'amplo apoio bipartidário' no Congresso e são continuamente supervisionados.
Obama disse na Califórnia - onde hoje se reunirá com o presidente da China, Xi Jinping - que estes programas 'ajudam a prevenir ataques terroristas' e foram revisados por sua equipe de assessores, pelo Congresso e pelo Poder Judiciário.
Segundo o presidente, 'não se pode ter 100% de privacidade e 100% de segurança', assegurando que se conseguiu 'o equilíbrio adequado' apesar das comparações com o 'Big Brother' dos programas de espionagem revelados pela imprensa esta semana.
O jornal britânico 'The Guardian' revelou esta semana que a NSA (Agência de Segurança Nacional) e o FBI recolhem todos os dias registros de chamadas de milhões de clientes das operadoras de telefonia, em virtude de uma ordem judicial secreta.
Além disso, ontem foi divulgado que também eram recolhidos dados dos servidores das grandes empresas americanas de internet, entre elas Microsoft, Yahoo!, Facebook, Skype e Apple, sobre comunicações no exterior.
Obama assegurou hoje que 'ninguém escuta o conteúdo das ligações telefônicas' (algo que deve contar com ordem judicial) e assinalou que o programa secreto que recolhe os dados de contatos telefônicos nos EUA se limita a obter detalhes como duração da chamada e número de telefone para investigar conexões terroristas.
'O Congresso é informado continuamente sobre como se realiza (a espionagem secreta), há uma grande categoria de salvaguardas e os juízes federais supervisionam todo o programa', disse o presidente, reiterando o apoio existente tanto entre republicanos como de democratas.
No que se refere ao programa de espionagem de servidores de gigantes de internet da NSA, conhecido como 'PRISM' (Prisma), Obama assinalou que 'não é aplicado a cidadãos americanos ou pessoas que vivam nos Estados Unidos'.
O presidente americano também criticou os vazamentos destes programas classificados por parte da imprensa, e assegurou que não compartilha que eles sejam apresentados como medidas 'de alguma maneira suspeitas'.
'Se cada passo que dermos para tentar prevenir o terrorismo acaba na primeira página de um jornal ou na televisão, presumivelmente as pessoas que tentam nos atacar serão capazes de se esquivar de nossas medidas preventivas', concluiu o presidente.