“A High Stakes Gamble”: The NSA Leaker’s Decision To Flee To Hong Kong Sets Up A Very Uncomfortable Diplomatic Stand-Off
Edward Snowden’s choice of Hong Kong as a haven from where to leak intelligence documents and to unmask himself as a whistleblower rests on calculations on the territory’s press freedom safeguards and its extradition treaty with the US. It is a high-stakes gamble.
Just before sovereignty over Hong Kong passed from Britain to China in 1997, the US signed a new extradition treaty with the semi-autonomous territory. Under that treaty, both parties agree to hand over fugitives from each other’s criminal justice systems, but either side has the right of refusal in the case of political offences.
Beijing, which gave its consent for Hong Kong to sign the agreement, also has a right of veto if it believes the surrender of a fugitive would harm the “defence, foreign affairs or essential public interest or policy” of the People’s Republic of China. In short, the treaty makes Snowden’s fate a matter of political expediency not just in Hong Kong but in Beijing.
In his Guardian interview, Snowden denied that his decision to fly to Hong Kong to make his allegations on NSA intrusion and infringement of American civil liberties was intended as a vote of confidence in Chinese human rights. But he noted that the people of Hong Kong have “a spirited commitment to free speech and the right of political dissent”.
Certainly in comparison with mainland China, Hong Kong is an island of press freedom and political tolerance. When the UK ended 156 years of colonial rule and Hong Kong became China’s first ‘special administrative region’, it was given special status under the principle of “one country, two systems”. Most importantly, Hong Kong passed its own constitution, its Basic Law, giving it a “high degree of autonomy” on all issues except foreign relations and defence.
The territory has multi-party politics but its chief executive is chosen by an election committee of just a few hundred electors. The freedom of the Hong Kong press, meanwhile, is being continually put to the test. When the government attempted in 2003 to impose restrictions on the grounds of sedition and national security, half a million people came out to demonstrate and the bill was withdrawn.
The tradition of commemorating the 1989 killing of Tiananmen Square demonstrators – banned in the rest of China – is vigorously upheld in Hong Kong. Attendance at a memorial ceremony in the territory’s Victoria Park last week was estimated at between 54,000 and 150,000, despite torrential rain.
The combination of a comparatively liberal civic culture and the sovereignty of Beijing, America’s great Pacific rival with which it has an often testy relationship, seems to have been a factor in Snowden’s choice of Hong Kong. It may play to his advantage that Presidents Barack Obama and Xi Jinping reportedly agreed to differ on cybersecurity issues in their weekend summit in California. Against this background, Snowden’s extradition might be seen in the party leadership in Beijing as a capitulation. But such calculations can change.
“Call me naive but I think this is going to come down to how Beijing wants to play this,” Josh Marshall argued on his Talking Points Memo blog. “If they don’t want a fight over this, Snowden’s toast. If they like the optics of it, I don’t think it matters what that extradition treaty says. China’s a big enough player and the US has enough other fish to fry with the Chinese, that the US is not going to put the bilateral relationship on the line over this guy.”
By: Julian Borger, Business Insider, June 9, 2013–This article originally appeared on guardian.co.uk
“A Misleading Media Picture”: Why The National Security Agency’s PRISM Program Is Nothing To Fear
It has been revealed that the National Security Agency has been employing PRISM, a $20-million-per-year program that monitors the movement of individuals through digital data, for roughly six years. PRISM has gained access to private information and online correspondence through nine technology companies here in the U.S. The USA PATRIOT Act and the Protect America Act of 2007 (PAA) opened the door for this surveillance program to take shape.
President Obama and the NSA have been criticized for a lack of transparency and the program’s assumed targeting of American citizens. The president said during a press conference on Friday that PRISM does not target American citizens or those living in the U.S., stating, “Nobody is listening to your telephone calls” and “They are not looking at people’s names and they are not looking at content.” The surveillance program was structured to exclusively monitor correspondence between foreign individuals—solely the lines of communication between these individuals that pass through the U.S.
PRISM may not be the top-secret program of government overreach that many are trying to portray it as. The program is lawful (as long as American citizens and individuals in the U.S. are not monitored) under PAA, and for six years the entire program was fully recognized by Congress and the Foreign Intelligence Surveillance Court. The NSA still must have a reasonable cause for intercepting communications, appeal to a federal court and gain permission to monitor any correspondence—all of which include Congressional oversight.
The NSA recently declassified a slideshow that outlines PRISM on a very basic level. This is what is currently known about the surveillance program: There were a total of nine technology companies included in PRISM—Microsoft in September, 2007, Yahoo in March, 2008, Google, Facebook, and PalTalk in 2009, YouTube in September, 2010, Skype and AOL in early 2011, and Apple in October of 2012.
While officials from AOL, PalTalk, Facebook, Yahoo, and Apple have all denied any knowledge of PRISM or working with the U.S. government on such a program, the NSA would still be within legal parameters if they monitored any data from these companies with a court order.
According to the PRISM slideshow, the types of materials they seek are email, video and voice chat, videos, photos, stored data, VoIP (phone calls made over the internet), file transfers, video conferencing, log-ins, time stamps, and any information provided on social networking sites.
The NSA slideshow makes three points defining the necessity of such a program: “Much of the world’s communications flow through the U.S.,” “A target’s phone call, email or chat will take the cheapest path, not the physically most direct path—you can’t always predict the path,” and “Your target’s communications could easily be flowing into and through the U.S.”
Basically, what we’ve learned about the NSA and PRISM is nothing new. Senator Saxby Chambliss (R-GA) said of PRISM, “Every member of the United States Senate has been advised of this, and to my knowledge we have not had any citizen who has registered a complaint relative to the gathering of this information.” In other words, these actions have been lawfully taking place for six years and were approved by Congress with the effortless passages of the PATRIOT Act in 2001 and the Protect America Act in 2007.
The picture that is being painted of PRISM—a secretive surveillance program that unlawfully delves into the average American’s private life—is misleading. PRISM, if carried out properly, is only used to monitor suspicious patterns of communications abroad. If individuals choose to use means of communication that are based here in the U.S., the U.S. government, with the proper court approval, is entirely within its rights to seek out information it deems necessary for national security purpose—as long as Congress continues to authorize the laws that allow such programs.
By: Allison Brito, The National Memo, June 7, 2013
“Who Watches The Watchers?”: The Government Wouldn’t Be Able To Accumulate Data On Citizens If Companies Weren’t Collecting It
Yesterday, President Obama for the first time publicly addressed the controversies surrounding the National Security Agency’s Internet snooping, noting that there’s an important discussion to be had about the balance between security and liberty in a free country. “I welcome this debate,” he said.
I wonder, though, whether this debate is too narrowly drawn: Is the nub of the problem too much government surveillance or too much surveillance, period? After all, the government wouldn’t be able to so easily accumulate all this data on private citizens if private companies weren’t collecting it first.
In case you live under a rock, the kerfuffle involves a pair of National Security Agency programs. In one the agency spent years collecting the nation’s phone records – who called whom when and from where. In the other, codenamed PRISM, it has reportedly mined data – emails, chats and photographs, for example – of ostensibly foreign targets from prominent Internet providers like Microsoft, Yahoo, Google, Facebook, AOL and Apple, to name a few. (For their part, these companies have issued various types of denials regarding their cooperation in the program.)
But as I said, the government surveillance, which is deeply unsettling, raises a larger question about corporate surveillance. Amie Stepanovich of the Electronic Privacy Information Center points out that none of the information in question would be sharable if Internet and telecommunications companies encrypted it to protect privacy. In other words, it’s not a given that corporations must collect vast amounts of information from and about us. But failing to do so wouldn’t be good for business.
Somebody’s watching you. As security technologist Bruce Schneier has written, “The Internet is a surveillance state.” The mere act of visiting websites means you’re being tracked whether you’re aware of it or not. “Click tracking is a huge source of personal data that most people aren’t aware is being collected,” says Stephen Wicker, a Cornell University professor and author of the forthcoming “Cellular Convergence and the Death of Privacy.” He adds that “sites that you would think are relatively benign are actually hosting third party click trackers that take this data and then resell it.”
Indeed, earlier this year The Atlantic’s Alexis Madrigal dug into the world of Internet tracking and discovered 105 companies that had tracked him in a 36-hour period of normal Web surfing. “Every move you make on the Internet is worth some tiny amount to someone, and a panoply of companies want to make sure that no step along your Internet journey goes unmonetized,” he wrote. (Full – or at least partial – disclosure: I do not know whether and to what extent usnews.com employs click trackers.)
Or consider the big data kid on the block: Google. Many people probably view the company as a search engine, or a map provider, or a mobile phone company or a cloud repository for documents. What Google is, in fact, is a data collection company: It collects data on you 15 ways to Sunday, sorts it, chops it up and sells it. And as Robert Epstein pointed out on this site in May, it’s not just when you’re using the Google search engine or Gmail (though it is assuredly the case then).
The Internet behemoth is collecting information on you whether you know it or not and whether you’re using its products or not. Using Safari or Firefox? Both web browsers, Epstein wrote, use Google’s blacklist, “an ever-changing list of about 600,000 websites that Google’s bots have identified – sometimes mistakenly – as dangerous. No government agency or industry association ever gave Google the authority to maintain such a list, but it exists, and Firefox uses it.” So does Safari. If you’re visiting a website that uses Google analytics (and most major sites do) or is serviced by Google ads or has Google maps embedded in it then Google, as Epstein writes, has gotcha.
But Google’s the “Don’t be evil” company, right? (After all, they’ve just gotten Vince Vaughn and Owen Wilson to star in a two-hour movie-cum-commercial.) And don’t all major social media platforms have privacy policies to protect consumers? Maybe. But in the last few years Google, Facebook and MySpace (remember that site?) have reached settlements with the Federal Trade Commission for charges related to how they handled users’ personal and private data.
The spy in your pocket. And that doesn’t even get into the personal, portable surveillance tools practically everyone in the country voluntarily carries around with them: mobile phones and other wireless devices. Pew Research reported this week that for the first time a majority of Americans own a smart phone of some kind, while fully 91 percent of the adult population now owns some flavor of cell phone. (The wireless industry lobbying group CTIA reports that wireless devices have now reached 102 percent penetration in the U.S. and its territories, which means that the machines now outnumber the people.)
And if you’re using your mobile phone, you’re being tracked. “I don’t think people realize they’re revealing their location to their carrier just by using their device,” says Ashkan Soltani, an independent privacy researcher and consultant. A 2011 investigation by the Wall Street Journal (on which Soltani consulted) found that Apple and Android smart phones routinely send location information, including information about local Wi-Fi networks, back to Apple and Google. Separately, the Journal reported in 2011, Apple’s iPhone collected and stored location data even when users had turned off “location services” – which is to say when they thought they had opted out of being tracked.
Why? This information is a potential treasure trove for these companies. From the Journal:
Google and Apple are gathering location information as part of their race to build massive databases capable of pinpointing people’s locations via their cellphones. These databases could help them tap the $2.9 billion market for location-based services – expected to rise to $8.3 billion in 2014, according to research firm Gartner, Inc.
Google uses this information to help show on its maps where automobile traffic is especially heavy or light. Verizon sells aggregate location data to advertisers, according to Soltani, so they can know where to place billboards. The wireless companies’ viewpoint, according to Soltani, is “we got this information for free, let’s use it for this other use-case, which is the marketing data.”
And there are a lot of companies trying to get a piece of this financial pie. In another story, the Journal surveyed 101 popular iPhone and Android apps and found that “56 transmitted the phone’s unique device ID to other companies without users’ awareness or consent. Forty-seven apps transmitted the phone’s location in some way. Five sent age, gender and other personal details to outsiders.” As Soltani told a Senate subcommittee in 2011, “applications can access and transmit data which includes text messages, emails, phone numbers, contacts stored and even browser history stored on the device.”
So if you woke yourself up this morning with an alarm clock app on your phone, the instant it went off, says Soltani, not only did it transmit noise to your ears but location data back to people you don’t know. “There are times where there are 50 or 100 third parties – companies that you’ve never had a relationship with – who are able to monitor your … activities,” he says.
Not big on apps? Consider your next visit to the local mall. Carriers and other companies are installing sensors around shopping malls, Soltani says, allowing them to track where people are lingering, what’s popular and what’s not, analytics that then go to the mall.
Perverse incentive. All of this creates what Soltani calls a “perverse incentive that creates this worst case scenario for consumers.” Companies have an incentive to collect and keep user data; and that trove proves an irresistible target for the government in its ongoing war on terrorists.
Which brings us back to the current uproar over the NSA’s data collection and data mining. The outrage is justified, as is the broader concern about how the cult of secrecy has infected and distorted the government. But there is something somewhat comforting to the notion that government agencies are ultimately responsible to the voters, even if that process has become calcified and overly complex.
But the surveillance state is built upon its corporate counterpart. And who watches those watchers?
By: Robert Schlesinger, U. S. News and World Report, June 8, 2013
“Non-Factual Facts”: Washington Post Hedges Claim That Google, Facebook, Gave The Government Direct Access To Their Servers
Yesterday, the Washington Post reported a shocking story about how the FBI and National Security Agency had partnered with Google, Facebook, and many other tech companies to spy on the tech companies’ hundreds of millions of users.
The government agencies, the Post said, were “tapping directly into the central servers of nine leading U.S. Internet companies, extracting audio, video, photographs, e-mails, documents and connection logs that enable analysts to track a person’s movements and contacts over time.”
This surveillance program, the Post reported, had been “knowingly” facilitated by the tech companies, which had allowed the government to tap directly into their central servers.
The Post story described a “career intelligence officer” as being so horrified by the power and privacy intrusion of this surveillance system that the officer was helping to leak the news to expose it.
“They quite literally can watch your ideas form as you type,” the officer reportedly told the Post.
Not surprisingly, the Post’s story created an instant explosion of outrage. The ire was directed at both the government and the technology companies.
The story also led to immediate, explicit denials from the technology companies. Google, Facebook, and Yahoo all said that the government did not have “direct access” to any servers. Apple said it had never even heard of the program it was supposedly partnering with.
So The Post’s claim that the companies had voluntarily given the government direct, open, un-monitored access to their servers quickly seemed suspect.
And now, 24 hours later, after more denials and questions, the Post has made at least two important changes to its spying story.
First, the Post has eliminated the assertion that the technology companies “knowingly” participated in the government spying program.
Second, and more importantly, the Post has hedged its assertion that the companies have granted the government direct access to their servers.
The latter change is subtle, but important. In the first version of its story, the Post stated as a fact that the government had been given direct access to the companies’ servers.
Now, the Post attributes the claim to a government presentation–a document that has been subjected to significant scrutiny and skepticism over the past day and that, in this respect, at least, seems inaccurate.
In other words, the Post appears to have essentially retracted the most startling and important part of its story: That the country’s largest technology companies have voluntarily given the government direct access to their central servers so the government can spy on the tech companies’ users in real time.
Specifically, here’s how the Washington Post story has changed…
Here’s the original first paragraph:
The National Security Agency and the FBI are tapping directly into the central servers of nine leading U.S. Internet companies, extracting audio, video, photographs, e-mails, documents and connection logs that enable analysts to track a person’s movements and contacts over time.
Here’s the updated paragraph (our emphasis):
The National Security Agency and the FBI are tapping directly into the central servers of nine leading U.S. Internet companies, extracting audio and video chats, photographs, e-mails, documents, and connection logs that enable analysts to track foreign targets, according to a top-secret document obtained by The Washington Post.
That change is important. The direct-access claim changes from a fact asserted by the Washington Post to a claim made in a document the Washington Post has seen–a document that might be wrong.
The idea that Google, Facebook, Apple, et al, had voluntarily given the government direct unfettered access to their servers always seemed far-fetched.
This behavior would justifiably trigger the wrath of the companies’ hundreds of millions of users worldwide and exacerbate already existing concerns that these companies routinely trample all over their users’ privacy.
Furthermore, the government’s assertions that its spying programs are directed primarily at foreigners, not US citizens, would not be viewed as comforting to Google, Facebook, et al.
Why not?
Because the vast majority of the users of these companies’ services are foreigners.
If the international users of Facebook, Google, et al, were to feel that the companies were opening their data centers in this way, the international users might revolt. So it’s hard to imagine that these companies would just voluntarily open their servers to the U.S. government (or, for that matter, any other government).
The Washington Post also broke the news about the existence of the vast government program Internet spying called PRISM, which other outlets have since confirmed. And the story illustrated how extensively the government uses Internet communications in its intelligence efforts and how important these communications are to national security.
But, a day after the Post story appeared, it seems likely that the following claims are wrong or at least need major qualification:
- that the NSA and FBI are “tapping directly into the central servers” of Facebook, Google, et al, and,
- that the government can “quite literally watch your ideas form as you type.”
By: Henry Blodget, Business Insider, June 7, 2013
“Paranoid Concerns”: Making A Mountain Out Of A Digital Molehill
The revelations this week that the federal government has been scooping up records of telephone calls inside the United States for seven years, and secretly collecting information from Internet companies on foreigners overseas for nearly six years, have elicited predictable outrage from liberals and civil libertarians.
Is the United States no better than those governed by repressive dictators who have no regard for individual rights? Could President Obama credibly raise human rights issues with his Chinese counterpart, Xi Jinping, at a summit meeting on Friday, if America is running its own vast surveillance state? Has Mr. Obama, for all his talk of ending the “war on terror,” taken data mining to new levels unimagined by his predecessor, George W. Bush?
Hold it just a minute.
From what has been made public, we know that the F.B.I., under the Obama administration, used its powers under the Patriot Act to seek these records; that judges with the Foreign Intelligence Surveillance Court approved these searches; and that members of Congress with oversight powers over the intelligence community were briefed about the searches. Some of them, like Senators Mark Udall, Democrat of Colorado, and Ron Wyden, Democrat of Oregon, were uncomfortable with the scope of the data gathering and made their disapproval public, even though secrecy rules prohibited them from being more specific about their concerns, until now.
It is evident, then, that all three branches of government were involved in the records search afoot at the telecommunications carriers and Internet companies. Section 215 of the Patriot Act, which Congress passed after 9/11, governed the executive branch’s search authority. Oversight committees were kept in the loop, as Senator Dianne Feinstein, the California Democrat who leads the Senate Intelligence Committee, has confirmed. And the authorizations were approved by life-tenured federal judges who are sworn to uphold the Constitution, including the Fourth Amendment, which prohibits unreasonable searches and seizures. On the surface, our system of checks and balances seems to be working.
We cannot rule out the possibility that the voluminous records obtained by the government might, some day, be illegally misused. But there is no evidence so far that that has occurred.
First, no contents of phone conversations are being provided to the government. Indeed, the Patriot Act precludes provision of call contents.
Second, the two senators who complained in public, Mr. Wyden and Mr. Udall, apparently were in a minority on the committee. Otherwise, the bipartisan committee could have held hearings, either in closed or open session, to seek further details and prepare legislation to limit the F.B.I.’s data-gathering powers.
Third, unlike you and me, federal judges on the surveillance court, established in 1978, reviewed the government’s request for information and the reasons provided to support the request. We do know that the search requests have required periodic renewal. And we know that, for reasons the judges thought sufficient, the contents of the order were sealed, with special mention that it was not to be available to foreign entities. Judge Roger Vinson, who signed the July order extending the requirement that Verizon furnish phone logs, struck a balance: he put a time limit on the data-gathering, to ensure executive accountability, but also issued a secrecy order, to protect national security.
But shouldn’t I be concerned that F.B.I. agents are trampling my rights, just like the I.R.S. might have trampled the rights of certain organizations seeking tax-exempt status? As it turns out, the answer is no. The raw “metadata” requested will not be directly seen by any F.B.I. agent.
Rather, a computer will sort through the millions of calls and isolate a very small number for further scrutiny. Perhaps one of the numbers was called by one of the Tsarnaev brothers before the Boston Marathon bombings. Or perhaps a call was placed by a Verizon customer to a known operative of Al Qaeda. The Supreme Court long ago authorized law enforcement agencies to obtain call logs — albeit on paper rather than from a computer database — without full probable cause to believe a crime had been committed.
To listen to the contents of any particular call or to place a wiretap on a particular phone, the F.B.I. would have to go back to a judge for a more detailed order, this time showing probable cause sufficient to meet stringent Fourth Amendment standards. Otherwise, the evidence from the call could not be used to prosecute the caller or call recipient. Privacy rights, in short, have been minimally intruded upon for national security protections.
Finally, let’s consider the alternative some activist groups and media organizations seek: more narrowly tailored gathering of records, and full transparency after the fact about what kinds of records have been obtained. There are obvious problems with this approach. Let’s say the judicial order leaked to The Guardian this week had specified the phone numbers about which the F.B.I. had concerns. Releasing those numbers would surely have tipped off the people using those numbers, or their associates, and caused them to change their mode of communicating. Already, there is a real probability that individuals planning terrorist activities are using channels of communication that will not show up in the databases of service providers. If the order revealed more expansively the standards the F.B.I. used to seek broad sets of records, again those seeking to avoid detection for terrorism-related activities could simply change their methods of doing business.
In short, I think I will take my chances and trust the three branches of government involved in the Verizon request to look out for my interest. Privacy advocates, civil libertarians, small-government activists and liberal media organizations are, of course, are welcome to continue working to keep them honest. But I will move back to my daily activities, free from paranoid concerns that my government is spying on me.
By: Charles Shanor, Op-Ed Contributor, The New York Times, June 7, 2013
Share This Blog
Unknown Feed- An error has occurred; the feed is probably down. Try again later.
mykeystrokes.com 