Tag: National Security Agency

The NSA Has Become More Honest and Open

Believe it or not, the National Security Agency (NSA) has a set of core values. Those values are little more than doublespeak but the NSA has finally decided to be a bit more honest and open about its intentions:

Since at least May 2016, the surveillance agency had featured honesty as the first of four “core values” listed on NSA.gov, alongside “respect for the law,” “integrity,” and “transparency.” The agency vowed on the site to “be truthful with each other.”

On January 12, however, the NSA removed the mission statement page – which can still be viewed through the Internet Archive – and replaced it with a new version. Now, the parts about honesty and the pledge to be truthful have been deleted. The agency’s new top value is “commitment to service,” which it says means “excellence in the pursuit of our critical mission.”

This reminds me of a picture I saw of a homeless guy holding up a sign that read something along the lines of, “I need money for booze and cigarettes. Hey, at least I’m not bullshitting you.” By removing honesty and truthfulness from its core values, the NSA has ceased bullshitting us as much. While that doesn’t help us plebs who are being constantly surveilled by the agency, we at least have a better idea of what we’re getting.

NSA Told to Sod Off

After the National Security Agency (NSA) was caught cryptographic algorithms to enhance its surveillance abilities, trust for the agency fell to an all time low. This distrust lead the International Standards Organization (ISO) to reject two encryption algorithms recently submitted by the NSA:

SAN FRANCISCO (Reuters) – An international group of cryptography experts has forced the U.S. National Security Agency to back down over two data encryption techniques it wanted set as global industry standards, reflecting deep mistrust among close U.S. allies.

In interviews and emails seen by Reuters, academic and industry experts from countries including Germany, Japan and Israel worried that the U.S. electronic spy agency was pushing the new techniques not because they were good encryption tools, but because it knew how to break them.

The NSA has now agreed to drop all but the most powerful versions of the techniques – those least likely to be vulnerable to hacks – to address the concerns.

The dispute, which has played out in a series of closed-door meetings around the world over the past three years and has not been previously reported, turns on whether the International Organization of Standards should approve two NSA data encryption techniques, known as Simon and Speck.

This is an appropriate response. The NSA has a track record of manipulating standards organizations in order to make its surveillance apparatus more effective. In security trust is everything. Since the NSA has proven itself to be untrustworthy, it only makes sense to reject any proposals from the agency.

Once Data Is Retained You Lose All Control

Apologists for the National Security Agency (NSA) claim that Americans have no need to worry since the agency’s focus is on foreigners. Sometimes they even claim that the NSA cannot legally act on any of the domestic communications it collects so there is no danger to Americans regardless of how expansive its surveillance apparatus is. These arguments are irrelevant though because once your data is retained you have no control over how it is used.

Case in point, the NSA has been sharing data with domestic law enforcement agencies:

The Justice Department is investigating the FBI’s use of information taken directly from mass surveillance conducted by the National Security Agency (NSA)’s collection of telephone metadata.

[…]

Another ongoing Justice Department investigation is examining the Drug Enforcement Administration (DEA)’s use of “parallel construction.”

Parallel construction is a controversial investigative technique that takes information gained from sources like the NSA’s mass surveillance, covers up or lies about the sources, and then utilizes them in criminal investigations inside the United States. The information was passed to other federal agencies like the Internal Revenue Service (IRS).

While the NSA itself may be restricted to some extent from using any data it collects on domestic individuals there is nothing stopping it from handing that data to an agency that isn’t. The Federal Bureau of Investigations (FBI), Drug Enforcement Agency (DEA), and Internal Revenue Service (IRS) are all agencies that can act on data collected on domestic individuals by the NSA. Furthermore, due to the secrecy of the NSA’s program, these domestic law enforcers can made defending against any collected data extremely difficult. You only have a right to face your accuser publicly if your accuser isn’t hiding behind the nebulous label of “national security,” after all.

NSA Officially Allowed to Continue Spying Operation

Many people were too euphoric about the expiration of Section 215 of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (the whole name of the act doesn’t get printed out enough, which is a shame because somebody spent a tremendous amount of time trying to think of a backronym for USA PATRIOT) Act to take a moment to consider what it really meant. I noted that the expiration didn’t actually change anything but governments love their redundancy so the Foreign Intelligence Surveillance Court ruled that the National Security Agency (NSA) could resume (implying it didn’t simply continue its surveillance program after the expiration) wholesale spying on American citizens:

WASHINGTON — The Foreign Intelligence Surveillance Court ruled late Monday that the National Security Agency may temporarily resume its once-secret program that systematically collects records of Americans’ domestic phone calls in bulk.

[…]

In a 26-page opinion made public on Tuesday, Judge Michael W. Mosman of the surveillance court rejected the challenge by FreedomWorks, which was represented by a former Virginia attorney general, Ken Cuccinelli, a Republican. And Judge Mosman said the Second Circuit was wrong, too.

“Second Circuit rulings are not binding” on the surveillance court, he wrote, “and this court respectfully disagrees with that court’s analysis, especially in view of the intervening enactment of the USA Freedom Act.”

When the Second Circuit issued its ruling that the program was illegal, it did not issue any injunction ordering the program halted, saying it would be prudent to see what Congress did as Section 215 neared its June 1 expiration. Jameel Jaffer, an A.C.L.U. lawyer, said on Tuesday that the group would now ask for one.

Once again I find it necessary to reiterate that politics isn’t going to solve this problem. The government enjoys the ability to spy on the populace too much to give it up. No amount of begging, voting, or completely pointless filibustering by presidential hopefuls who don’t have a chance in Hell of winning the nomination is going make the NSA’s surveillance apparatus go away.

If you actually oppose this kind of spying then it is up to you to do something about it. Standing by and hoping you can vote somebody into office to deal with the problem for you isn’t going to cut it. You need to learn, encrypt, and decentralized.

The NSA’s program relies on the pervasive use of plaintext communications and centralization. Collecting plaintext, which is a term for any unencrypted data including e-mails and phone calls, costs very little outside of the taps on the lines and storage. Encrypted text is an entirely different beast. When the NSA scoops up encrypted communications it doesn’t know what it has obtained unless it is able to break the encryption. The documents leaked by Snowden showed us that the NSA had problems with numerous encryption tools including Pretty Good Privacy (PGP) and Off-the-Record (OTR) messaging. Even when the NSA is able to break the encryption it’s not a costless endeavor when compared to plaintext.

Another key thing the NSA relies on is centralization. It’s much easier to surveil people when they’re all using a handful of services. With the popularity of Gmail, the fact that there are only four major cell phone carriers in the country, and how many people use Facebook a lot of data is being stored in a handful of locations, which means the NSA only needs to focus its efforts on a few key spots to spy on a vast majority of American. If more people ran their own e-mail, XMPP, etc. servers it would increase the NSA’s costs as it would have to spread out its efforts. Utilizing decentralized networks, such as Wi-Fi mesh networks, instead of centralized Internet Service Providers (ISP) would even further complicate the NSA’s efforts.

Fighting the NSA’s surveillance apparatus requires increasing the agency’s costs. That can only be done by the ubiquitous use of encryption and decentralizing infrastructure. Don’t be a lazy libertarian, start learning how to utilize cryptographic tools today. As always I’m here to help.

USA FREEDOM Act Signed Into Law

The Uniting and Strengthening America by Fulfilling Rights and Ending Eavesdropping, Dragnet-collection and Online Monitoring (USA FREEDOM) Act (that backronym still impresses me) has been signed into laws:

The Senate has approved the USA Freedom Act, which will alter the way U.S. agencies conduct surveillance and gather data. A final vote on the bill came late Tuesday afternoon, after amendments to the bill failed.

[…]

Following an expedited enrollment process, President Obama signed the bill into law late Tuesday.

Supposedly the National Security Agency’s (NSA) spying powers expired on Sunday, even though they didn’t, but the USA FREEDOM Act explicitly authorizes the program so we’re right back to where we started (the NSA’s spying programs being legalized redundantly).

Once again, political activism isn’t going to protect you from state surveillance. If you want to defend your privacy you’ll have to take matters into your own hands and learn how to use tools to encrypt and anonymize your communications and data. Because the passage of this bill shows that any political victory is, at best, temporary.

Dumbest Thing You’ll Read All Day

Salon has a long running track record of trying to disagree with libertarians on everything. Sometimes this causes it problem. For example, due to the publication’s idiotic claims that Rand Paul is a libertarian (he’s not by any definition I use) it has to disagree with everything he does. Rand has been claiming he opposes the National Security Agency’s (NSA) surveillance program and that means Salon has had to find a reason to back peddle on its previous opposition of the same so it doesn’t find itself on the same side as Rand. Ladies and gentlemen, I present you the dumbest thing you’ll read all day:

Perhaps to those like Sen. Rand Paul who’ve never had to fight assumptions based on one’s ethnicity or the color of one’s skin, the thought of cell phone data being pooled and analyzed is disconcerting. However, as someone who regularly puts up with extra scrutiny, whether it’s at an airport or a shopping mall, I welcome the leveling of the playing field that bulk data collection brings. I urge our government not to follow the Russian method of profiling, but, instead, to use bulk data collection to arrive at objective analyses.

That’s right, opposing surveillance is now white privilege. I’m not sure how that is since persecuted minorities have the most to lose from the NSA’s surveillance. The data it collects isn’t used to clear anybody, it’s only used when it can lead to somebody’s prosecution. With everything being illegal in this country anything you say at any point is likely incriminating to the right prosecutor. If you’re part of a targeted minority, such as Muslims, the last thing you want to do is have the NSA collect your phone calls because something you said could very well be used to fabricate charges to justify putting you in a cage.

Section 215 of the PATRIOT Act Expire, Nothing Changes

At midnight Section 215 of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act expired. For those of you unfamiliar Section 215 was the part that authorized the National Security Agency (NSA) to collect information pertaining to phone calls, surveil people just because they switched out cell phone periodically, and spy on anybody who is labeled a “lone wolf” (which is vague enough to basically mean anybody). Many are cheering this momentous accomplishment. I’d let them celebrate in blissful ignorance but I’m kind of a prick. While Section 215 did expire that changes absolutely nothing:

Anti-surveillance groups have been split over the possible sunset of the Patriot Act powers. The American Civil Liberties Union had favored letting the Patriot Act expire, while groups like Access saw a compromise bill like the USA Freedom Act as the best chance for lasting reform. It’s unclear how the NSA and other groups will respond to the sunset of Section 215, but some have speculated that the result will be an increased reliance on national security letters and investigation-specific surveillance powers, continuing the same basic surveillance under different legal powers. Significant collection also occurs under non-legislative powers like Executive Order 12333, which remains unaffected.

There are always redundancies for state power. Later this week the Senate is still scheduled to codify the NSA’s phone surveillance program that wasn’t that clearly defined in the PATRIOT Act so this “expiration” will likely last all of a few days.

I do have some good news though. Those of us in CryptoPartyMN will be hosting a full blown CryptoParty at B-Sides MPS on June 13th and 14th. B-Sides MSP is a free event. At the CryptoParty we will be teaching you how to use tools to encrypt and anonymize your communications and data. By utilizing these tools you can defend your privacy against the state’s surveillance and not have to concern yourself with what particular provision will be used to justify spying on you. Unlike political activism, cryptography works and it requires less of your time to boot!

Remember When Obama Opposed Surveillance

Rewind to 2008. George W. Bush was finishing up his eighth year as president and many people were furious about all of the civil liberties he wiped his ass with since 2001. In comes Barack Obama who promises to curtail the surveillance powers enacted under Bush. Now we’re approaching Obama’s eighth year as president and he has not only failed to curtail the state’s surveillance powers but he’s actively campaigning to preserve it:

President Barack Obama called on the Senate Tuesday to extend key Patriot Act provisions before they expire five days from now, including the government’s ability to search Americans’ phone records.

“This needs to get done,” he told reporters in the Oval Office. “It’s necessary to keep the American people safe and secure.”

Is there any question why I don’t believe politicians?

Widespread surveillance has become a sticky issue. Part of the reason for this, in my opinion, is the fact both major political parties are performing constant maneuvers to oppose whatever the other party supports. In 2008 the Republican Party fully supported the surveillance state created under Bush precisely because it was created under a Republican president. The Democrats opposed the surveillance state because the Republicans supported it. When Obama came to power the Republicans started changing course on the surveillance state. Since the Republicans were changing course the Democrats had to as well less they be on the same side of an issue as their opponent. Now we’re in a position where the Republican Party is moving away from fully supporting the surveillance state and the Democratic Party is moving towards fully supporting it. What this issue has really shown us is that neither party has any principles and bases their stances almost entirely on what the other party espouses.

As the surveillance state is convenient for whatever party is in power it will never go away. Whatever party is in power will support it while the other party opposes it (I use the word “opposes” very loosely because they don’t really have any strong feelings other than opposing what the other party supports). This is why it’s important for everybody to utilize the security tools available to them. We’re always going to be spied on by the state so we need to defend ourselves regardless of what way the political winds are blowing. Politics won’t change the surveillance state but cryptography will help you defend against it.

Everything We Do is Legal

It must be nice being the government. You get to make the laws, enforce the laws, and decided whether or not the laws are legal. So it should come as no surprise that after a very lengthy and deliberate investigation into the actions of its own surveillance apparatus the government has decided that everything it did was nice and legal:

WASHINGTON (AP) — The National Security Agency programs that collect huge volumes of Internet data within the United States pass constitutional muster and employ “reasonable” safeguards designed to protect the rights of Americans, an independent privacy and civil liberties board has found.

In a report released Tuesday night, the bipartisan, five-member Privacy and Civil Liberties Oversight Board, appointed by President Barack Obama, largely endorsed a set of NSA surveillance programs that have provoked worldwide controversy since they were disclosed last year by former NSA systems administrator Edward Snowden. However, they urged new internal intelligence agency safeguards designed to further guard against misuse.

First of all I’m glad that we now know that everything the NSA did was legal. Talk about a huge elephant in the room that was in need of being addressed! Second of all, I’m glad the government is finally getting more efficient. Why have a massive investigation involving multiple departments and every member of Congress when you can just grab five random dudes and tell them to take care of everything? Hopefully we’re witnessing the beginning of a new age of government efficiency because it would be nice to just appoint a few guys to fuck us over instead of paying thousands of people to do the same.

After Having Over a Year to Scrub Its Records the NSA Claims Snowden Never Raised Concerns

After Edward Snowden released his treasure trove of leaked data from the National Security Agency (NSA) many statists asked why he didn’t go through “proper” channels. Snowden said that he did raise concerns numerous times to no avail. It has been over a year since Snowden let us in on the NSA’s surveillance game and now the agency is claiming that Snowden never filed a complaint:

In response to claims by Edward Snowden that he raised concerns about NSA spying in emails sent to the spy agency’s legal office, the NSA released a statement and a copy of the only email it says it found from Snowden.

That email, the agency says, asked a question about legal authority and hierarchy but did not raise any concerns.

“NSA has now explained that they have found one e-mail inquiry by Edward Snowden to the Office of General Counsel asking for an explanation of some material that was in a training course he had just completed,” the NSA said in a statement. “The e-mail did not raise allegations or concerns about wrongdoing or abuse, but posed a legal question that the Office of General Counsel addressed. There was not additional follow-up noted.

“There are numerous avenues that Mr. Snowden could have used to raise other concerns or whistleblower allegations,” the statement continued. “We have searched for additional indications of outreach from him in those areas and to date have not discovered any engagements related to his claims.”

Let me get this straight. The NSA, one of the most unscrupulous agencies of the United States government (and that’s saying a lot, expects us it when it says Snowden never filed a complaint? I’m guessing that the NSA has been busy scrubbing all records of Snowden’s filed complaints just so it could claim that he never filed any.

But let’s assume he didn’t file any complaints, why does it matter? Anybody who has dealt with government bureaucracy knows that “proper channels” is synonymous with memory hole. It’s impossible to get anything done within a government agency by using the agency approved channels. The only way to get a government agency to change its ways is to create public outrage and even that isn’t a guarantee that anything will improve.