mykeystrokes.com

"Do or Do not. There is no try."

“Access Granted Vs Access Gained?”: Did Edward Snowden Overstate Claims On National Security Agency Leaks?

Security experts questioned Monday how, three years after Army Pfc. Bradley Manning downloaded a trove of secret material, low-level computer specialist Edward Snowden was able to copy documents that are far more sensitive and walk them out of his National Security Agency workplace in Hawaii.

After Manning released hundreds of thousands of classified documents — for which he is now being court-martialed — government officials vowed to curtail the broad access to intelligence that came into being after the Sept. 11 attacks. But Snowden appeared to have access to far more sensitive secrets, including the first order from the Foreign Intelligence Surveillance Court to be leaked in its 35-year history.

“I do think it raises questions about how good our controls are on our system,” said Stewart Baker, a former general counsel for the NSA. “Because anything that he was able to move to a thumb drive to exfiltrate could also be exfiltrated by Russian or Chinese hackers.”

Snowden is almost certainly facing serious charges related to espionage and the conveyance of national defense information, said a former senior FBI official who would not be quoted by name because of the sensitive subject matter.

The FBI is interviewing Snowden’s family members, as it would in any similar investigation, to “gain insight into his motivation and mind-set, to include communications, emails, phone calls, writings,” and also to determine whether he was communicating with a foreign power or had been recruited by an intelligence service, the former FBI official said. He said Snowden’s choice of Hong Kong as a refuge raises questions about possible cooperation with China.

After acquiring a government security clearance when he worked for the CIA, Snowden moved into a contractor job with his clearance still active. Most recently, before decamping for Hong Kong, he was working for government contractor Booz Allen Hamilton in Hawaii.

“The question that a lot of people are asking is why did the CIA grant him a clearance,” said a former senior government official who demanded anonymity because he was not authorized to speak about the case.

Snowden described himself to the Guardian newspaper in London, which first published details of a massive telephone-data collection program, as a computer systems administrator who performed technical rather than operational functions. His job, however, gave him access to a wide swath of secrets.

Baker pointed out that computer network maintenance jobs “are self-taught jobs in some respects, and the guy is clearly an impressive autodidact.”

But analysts said that Snowden seems to have greatly exaggerated the amount of information available to him and people like him.

Any NSA analyst “at any time can target anyone, any selector, anywhere,” Snowden told the Guardian. “I, sitting at my desk, certainly had the authorities to wiretap anyone from you or your accountant to a federal judge to even the president if I had a personal email.”

Robert Deitz, a former top lawyer at the NSA and CIA, called the claim a “complete and utter” falsehood.

“First of all it’s illegal,” he said. “There is enormous oversight. They have keystroke auditing. There are, from time to time, cases in which some analyst is [angry] at his ex-wife and looks at the wrong thing and he is caught and fired,” he said.

NSA analysts who have the authority to query databases of metadata such as phone records — or Internet content, such as emails, videos or chat logs — are subject to stringent internal supervision and also the external oversight of the foreign surveillance court, former NSA officials said.

“It’s actually very difficult to do your job,” said a former senior NSA operator, who also declined be quoted by name because of the sensitive nature of the case. “There are all these checks that don’t allow you to move agilely enough.”

For example, the former operator said, he had go through an arduous process to obtain FISA court permission to gather Internet data on a foreign nuclear weapons proliferator living abroad because some of the data was passing through U.S. wires.

“When he’s saying he could just put any phone number in and look at phone calls, it just doesn’t work that way,” he said. ” It’s absurd. There are technical limits, and then there are people who review these sorts of queries.”

He added, “Let’s say I have your email address. In order to get that approved, you would have to go through a number of wickets. Some technical, some human. An individual analyst can’t just say, ‘Oh, I found this email address or phone number.’ It’s not simple to do it on any level, even for purely foreign purposes.”

The former senior government official said that as a computer expert, Snowden could have gained access on the NSA computer network to some of the documents he purportedly leaked. But other documents he claims that he provided to the Guardian and the Washington Post, such as the FISA order, are in theory supposed to be kept more tightly held, he said.

One of the issues investigators will be examining is “what access was he granted and what access did he gain” himself in order to obtain the documents, the former official said.

 

By: Ken Dilanian and Barbara Demick, Los Angeles Times, Washington Bureau, June 10, 2013

June 14, 2013 Posted by | National Security | , , , , , , , | Leave a comment

“A Misleading Media Picture”: Why The National Security Agency’s PRISM Program Is Nothing To Fear

It has been revealed that the National Security Agency has been employing PRISM, a $20-million-per-year program that monitors the movement of individuals through digital data, for roughly six years. PRISM has gained access to private information and online correspondence through nine technology companies here in the U.S. The USA PATRIOT Act and the Protect America Act of 2007 (PAA) opened the door for this surveillance program to take shape.

President Obama and the NSA have been criticized for a lack of transparency and the program’s assumed targeting of American citizens. The president said during a press conference on Friday that PRISM does not target American citizens or those living in the U.S., stating, “Nobody is listening to your telephone calls” and “They are not looking at people’s names and they are not looking at content.” The surveillance program was structured to exclusively monitor correspondence between foreign individuals—solely the lines of communication between these individuals that pass through the U.S.

PRISM may not be the top-secret program of government overreach that many are trying to portray it as. The program is lawful (as long as American citizens and individuals in the U.S. are not monitored) under PAA, and for six years the entire program was fully recognized by Congress and the Foreign Intelligence Surveillance Court. The NSA still must have a reasonable cause for intercepting communications, appeal to a federal court and gain permission to monitor any correspondence—all of which include Congressional oversight.

The NSA recently declassified a slideshow that outlines PRISM on a very basic level. This is what is currently known about the surveillance program: There were a total of nine technology companies included in PRISM—Microsoft in September, 2007, Yahoo in March, 2008, Google, Facebook, and PalTalk in 2009, YouTube in September, 2010, Skype and AOL in early 2011, and Apple in October of 2012.

While officials from AOL, PalTalk, Facebook, Yahoo, and Apple have all denied any knowledge of PRISM or working with the U.S. government on such a program, the NSA would still be within legal parameters if they monitored any data from these companies with a court order.

According to the PRISM slideshow, the types of materials they seek are email, video and voice chat, videos, photos, stored data, VoIP (phone calls made over the internet), file transfers, video conferencing, log-ins, time stamps, and any information provided on social networking sites.

The NSA slideshow makes three points defining the necessity of such a program: “Much of the world’s communications flow through the U.S.,” “A target’s phone call, email or chat will take the cheapest path, not the physically most direct path—you can’t always predict the path,” and “Your target’s communications could easily be flowing into and through the U.S.”

Basically, what we’ve learned about the NSA and PRISM is nothing new. Senator Saxby Chambliss (R-GA) said of PRISM, “Every member of the United States Senate has been advised of this, and to my knowledge we have not had any citizen who has registered a complaint relative to the gathering of this information.” In other words, these actions have been lawfully taking place for six years and were approved by Congress with the effortless passages of the PATRIOT Act in 2001 and the Protect America Act in 2007.

The picture that is being painted of PRISM—a secretive surveillance program that unlawfully delves into the average American’s private life—is misleading. PRISM, if carried out properly, is only used to monitor suspicious patterns of communications abroad. If individuals choose to use means of communication that are based here in the U.S., the U.S. government, with the proper court approval, is entirely within its rights to seek out information it deems necessary for national security purpose—as long as Congress continues to authorize the laws that allow such programs.

By: Allison Brito, The National Memo, June 7, 2013

June 10, 2013 Posted by | National Security | , , , , , , , , | 2 Comments

“Paranoid Concerns”: Making A Mountain Out Of A Digital Molehill

The revelations this week that the federal government has been scooping up records of telephone calls inside the United States for seven years, and secretly collecting information from Internet companies on foreigners overseas for nearly six years, have elicited predictable outrage from liberals and civil libertarians.

Is the United States no better than those governed by repressive dictators who have no regard for individual rights? Could President Obama credibly raise human rights issues with his Chinese counterpart, Xi Jinping, at a summit meeting on Friday, if America is running its own vast surveillance state? Has Mr. Obama, for all his talk of ending the “war on terror,” taken data mining to new levels unimagined by his predecessor, George W. Bush?

Hold it just a minute.

From what has been made public, we know that the F.B.I., under the Obama administration, used its powers under the Patriot Act to seek these records; that judges with the Foreign Intelligence Surveillance Court approved these searches; and that members of Congress with oversight powers over the intelligence community were briefed about the searches. Some of them, like Senators Mark Udall, Democrat of Colorado, and Ron Wyden, Democrat of Oregon, were uncomfortable with the scope of the data gathering and made their disapproval public, even though secrecy rules prohibited them from being more specific about their concerns, until now.

It is evident, then, that all three branches of government were involved in the records search afoot at the telecommunications carriers and Internet companies. Section 215 of the Patriot Act, which Congress passed after 9/11, governed the executive branch’s search authority. Oversight committees were kept in the loop, as Senator Dianne Feinstein, the California Democrat who leads the Senate Intelligence Committee, has confirmed. And the authorizations were approved by life-tenured federal judges who are sworn to uphold the Constitution, including the Fourth Amendment, which prohibits unreasonable searches and seizures. On the surface, our system of checks and balances seems to be working.

We cannot rule out the possibility that the voluminous records obtained by the government might, some day, be illegally misused. But there is no evidence so far that that has occurred.

First, no contents of phone conversations are being provided to the government. Indeed, the Patriot Act precludes provision of call contents.

Second, the two senators who complained in public, Mr. Wyden and Mr. Udall, apparently were in a minority on the committee. Otherwise, the bipartisan committee could have held hearings, either in closed or open session, to seek further details and prepare legislation to limit the F.B.I.’s data-gathering powers.

Third, unlike you and me, federal judges on the surveillance court, established in 1978, reviewed the government’s request for information and the reasons provided to support the request. We do know that the search requests have required periodic renewal. And we know that, for reasons the judges thought sufficient, the contents of the order were sealed, with special mention that it was not to be available to foreign entities. Judge Roger Vinson, who signed the July order extending the requirement that Verizon furnish phone logs, struck a balance: he put a time limit on the data-gathering, to ensure executive accountability, but also issued a secrecy order, to protect national security.

But shouldn’t I be concerned that F.B.I. agents are trampling my rights, just like the I.R.S. might have trampled the rights of certain organizations seeking tax-exempt status? As it turns out, the answer is no. The raw “metadata” requested will not be directly seen by any F.B.I. agent.

Rather, a computer will sort through the millions of calls and isolate a very small number for further scrutiny. Perhaps one of the numbers was called by one of the Tsarnaev brothers before the Boston Marathon bombings. Or perhaps a call was placed by a Verizon customer to a known operative of Al Qaeda. The Supreme Court long ago authorized law enforcement agencies to obtain call logs — albeit on paper rather than from a computer database — without full probable cause to believe a crime had been committed.

To listen to the contents of any particular call or to place a wiretap on a particular phone, the F.B.I. would have to go back to a judge for a more detailed order, this time showing probable cause sufficient to meet stringent Fourth Amendment standards. Otherwise, the evidence from the call could not be used to prosecute the caller or call recipient. Privacy rights, in short, have been minimally intruded upon for national security protections.

Finally, let’s consider the alternative some activist groups and media organizations seek: more narrowly tailored gathering of records, and full transparency after the fact about what kinds of records have been obtained. There are obvious problems with this approach. Let’s say the judicial order leaked to The Guardian this week had specified the phone numbers about which the F.B.I. had concerns. Releasing those numbers would surely have tipped off the people using those numbers, or their associates, and caused them to change their mode of communicating. Already, there is a real probability that individuals planning terrorist activities are using channels of communication that will not show up in the databases of service providers. If the order revealed more expansively the standards the F.B.I. used to seek broad sets of records, again those seeking to avoid detection for terrorism-related activities could simply change their methods of doing business.

In short, I think I will take my chances and trust the three branches of government involved in the Verizon request to look out for my interest. Privacy advocates, civil libertarians, small-government activists and liberal media organizations are, of course, are welcome to continue working to keep them honest. But I will move back to my daily activities, free from paranoid concerns that my government is spying on me.

 

By: Charles Shanor, Op-Ed Contributor, The New York Times, June 7, 2013

June 8, 2013 Posted by | Civil Rights, National Security | , , , , , , , | Leave a comment

   

%d bloggers like this: