US ‘cuts’ spying cooperation with Germany over data leak

Screen Shot 2015-05-23 at 5.53.56 PM

The US Director of National Intelligence James Clapper has ordered a review of cooperation between the National Security Agency (NSA) and the German intelligence agency BND, Bild newspaper reports.

Citing an unnamed source in US intelligence, Bild says Clapper is unhappy with Berlin’s “inability to contain secret data”. According to the report, the Bundestag committee on investigating the recent secret service scandals handed some secret documents to the media.

Read more

‘German intelligence dependent on NSA’ – Berlin’s spy chief

For the US it is “more dangerous than what Snowden did,” Bild quoted the source as saying, referring to former NSA contractor Edward Snowden’s revelations of worldwide surveillance.

Now, the US secret services are reviewing the areas in which cooperation with the BND can be reduced or ended altogether, the paper reports. Several joint projects have already been canceled, it says.

Both the German government and the US embassy in Berlin refused to comment on the report.

READ MORE: German intelligence halts internet surveillance for NSA – reports

In April, German media reported that over the past decade, the BND helped NSA in spying all over Europe. The US agency sent its German colleagues so-called “selectors”, which included IP addresses, emails, and phone numbers guiding what targets must be spied on.

READ MORE: Germany provides NSA with staggering 1.3bn pieces of metadata per month – report

One report suggested that the BND sends about 1.3 billion pieces of phone and text data to NSA per month.

The public outrage over those allegations and the subsequent investigation cost Chancellor Angela Merkel about a third of her approval rating. In late April, her government was accused of lying to parliament saying it had no knowledge of Washington’s surveillance activities in Germany.

FBI ADMITS NO MAJOR CASES CRACKED WITH PATRIOT ACT SNOOPING POWERS

Screen Shot 2015-05-22 at 11.15.54 AM

FBI agents can’t point to any major terrorism cases they’ve cracked thanks to the key snooping powers in the Patriot Act

By Maggie Ybarra – The Washington Times – Thursday, May 21, 2015
FBI agents can’t point to any major terrorism cases they’ve cracked thanks to the key snooping powers in the Patriot Act, the Justice Department’s inspector general said in a report Thursday that could complicate efforts to keep key parts of the law operating.

Inspector General Michael E. Horowitz said that between 2004 and 2009, the FBI tripled its use of bulk collection under Section 215 of the Patriot Act, which allows government agents to compel businesses to turn over records and documents, and increasingly scooped up records of Americans who had no ties to official terrorism investigations.

The FBI did finally come up with procedures to try to minimize the information it was gathering on nontargets, but it took far too long, Mr. Horowitz said in the 77-page report, which comes just as Congress is trying to decide whether to extend, rewrite or entirely nix Section 215.

Backers say the Patriot Act powers are critical and must be kept intact, particularly with the spread of the threat from terrorists. But opponents have doubted the efficacy of Section 215, particularly when it’s used to justify bulk data collection such as in the case of the National Security Agency’s phone metadata program, revealed in leaks from former government contractor Edward Snowden.

The new report adds ammunition to those opponents, with the inspector general concluding that no major cases have been broken by use of the Patriot Act’s records-snooping provisions.

“The agents we interviewed did not identify any major case developments that resulted from use of the records obtained in response to Section 215 orders,” the inspector general concluded — though he said agents did view the material they gathered as “valuable” in developing other leads or corroborating information.

The report said agents bumped their number of bulk-data requests under Section 215 from seven in 2004 to 21 in 2009 as a result of technological advances and legislative changes that the intelligence community believed expanded the reach of the law.

Increasingly, that meant scooping up information on those who weren’t targets of a terrorism investigation, Mr. Horowitz said. He said that while Section 215 authority allows the government to do that, the FBI needed more checks to make sure it was using the power properly.

“While the expanded scope of these requests can be important uses of Section 215 authority, we believe these expanded uses require continued significant oversight,” he concluded.

The report was an update to a previous study done in 2008 that urged the department to figure out ways to minimize the amount of data it was gathering on ordinary Americans even as it was targeting terrorists.

In Thursday’s report Mr. Horowitz said the administration finally came up with procedures — five years later. He said it never should have taken that long but that he considers that issue solved.

The report was heavily redacted, and key details were deleted. The entire chart showing the number of Section 215 requests made from 2007 through 2009 was blacked out, as was the breakdown of what types of investigations they stemmed from: counterintelligence, counterterrorism, cyber or foreign intelligence investigations.

Section 215 of the Patriot Act is slated to expire at the end of this month. The House, in an overwhelming bipartisan vote, passed a bill to renew it but also to limit it so the government could no longer do bulk collection such as the NSA phone data program. That legislation is known as the USA Freedom Act.

But Senate Republican leaders have balked, insisting the NSA program and Section 215 should be kept intact as is.

Majority Leader Mitch McConnell, who is leading the fight to protect the NSA program, is counting on his opponents not being able to muster the 60 votes needed to pass the bill, leaving them with the choice of either extending Section 215 or seeing all of the powers expire — including those that would go after specific terrorist suspects. Mr. McConnell believes that, faced with that choice, enough of his colleagues will vote to extend all of the powers.

FBI Director James B. Comey asked Congress this week to make sure Section 215 and two other parts of the Patriot Act, also slated to expire at the end of the month, are preserved. Those other powers include the ability to target lone wolf actors and to switch wiretaps if suspects switch their phones.

As for Section 215, Mr. Comey said Congress should at least preserve the power to go after individuals’ records.

“If we lose that authority, which I don’t think is controversial with folks, that is a big problem,” he said Wednesday at a forum at the Georgetown University Law Center.

But most of the Section 215 debate has revolved around bulk collection. Earlier this month a federal appeals court ruled that the Patriot Act does not envision the kind of phone program the NSA has been running, which gathers and stores five years’ worth of records of the numbers, dates and durations of calls made in the U.S.

For anti-bulk surveillance advocates, Thursday’s report further undermines Section 215.

“This report adds to the mounting evidence that Section 215 has done little to protect Americans and should be put to rest,” said American Civil Liberties Union Staff Attorney Alex Abdo.

Bulk data collection creates false leads, ties up investigative resources and, essentially, undermines national security, said Stephen Kohn, an attorney at Kohn, Kohn & Colapinto, LLP and advocate for government whistleblowers. Also, increased FBI dependency on that bulk data collection indicates that the agency is lacking the appropriate resources for conducting successful counterterrorism operations, Mr. Kohn said.

“They have a large amount of agents who are working counterterrorism that have no human resources, no leads, no infiltrations, so they have nothing else to do,” he said. “In other words, when they staffed up and made [counterterrorism] a major priority, these agents need to do something. And they’re doing what they know to do, and that’s electronic surveillance.”

But former FBI agents said opponents wanted to callously cripple one of the government’s investigative agencies by depriving it of a critical data collection tool at a time of new terror threats.

“ISIS is singing a siren song, calling people to their death to crash on the rocks — and it’s the rocks that ISIS will take credit for,” said Ron Hosko, president of Law Enforcement Legal Defense Fund and former assistant director of the FBI. “They’re looking for those who are disaffected, disconnected and willing to commit murder. So if we’re willing to take away tools, OK, congressman, stand behind it [and] take the credit for putting the FBI in the dark.”

• Stephen Dinan contributed to this report.

Read more: http://www.washingtontimes.com/news/2015/may/21/fbi-admits-patriot-act-snooping-powers-didnt-crack/#ixzz3asw6Le8i
Follow us: @washtimes on Twitter

‘Weaponizing Vulnerabilities': New Snowden Doc Reveals Spy Agencies Targeted Smartphones

Capture

Find new ways to exploit smartphone technology for spying operations

by RINF | May 21, 2015

The ‘Five Eyes’ alliance exploited weaknesses in popular browser and planned to hijack links to app stores to implant spyware on mobile phones, new documents show

(Common Dreams) – The intelligence alliance known as Five Eyes—comprising the U.S., Canada, New Zealand, the United Kingdom, and Australia—exploited security weaknesses in one of the world’s most popular browsers to obtain data about users and planned to use links to Google and Samsung app stores to infect smartphones with spyware, a top secret National Security Agency (NSA) document published Wednesday has revealed.

According to the 2012 document, leaked by whistleblower Edward Snowden and published jointly by CBC News and The Intercept, the NSA and its international counterparts took part in a series of workshops between November 2011 and February 2012 to find new ways to exploit smartphone technology for spying operations.

The Intercept reports:

As part of a pilot project codenamed IRRITANT HORN, the agencies were developing a method to hack and hijack phone users’ connections to app stores so that they would be able to send malicious “implants” to targeted devices. The implants could then be used to collect data from the phones without their users noticing.

CBC continues:

The Five Eyes alliance targeted servers where smartphones get directed whenever users download or update an app from Google and Samsung stores.

…Ultimately, the spy agencies wanted to implant spyware on certain smartphones to take control of a person’s device or extract data from it, the document suggests.

The spy agencies also sought to match their targets’ smartphone devices to their online activities, using databases of emails, chats and browsing histories kept in the Five Eyes’ powerful XKeyScore tool to help build profiles on the people they were tracking.

The project emerged in part due to concerns about the possibility of “another Arab spring,” referring to the 2011 wave of revolutionary actions in Tunisia, Egypt, and other countries in the Middle East and North Africa where several autocratic, Western-backed leaders were ousted.

“Respecting agreements not to spy on each others’ citizens, the spying partners focused their attention on servers in non-Five Eyes countries, the document suggests,” write CBC‘s Amber Hildebrandt and Dave Seglins. “The agencies targeted mobile app servers in France, Switzerland, the Netherlands, Cuba, Morocco, the Bahamas and Russia.”

The spy agencies also began targeting UC Browser—a popular app in India and China with growing usage in North America—in late 2011 after learning that it had leaked information about its half-billion users.

According to the reporting, the operation was launched by a joint surveillance unit called the Network Tradecraft Advancement Team, which includes spies from each of the Five Eyes nations.

The document frames the plan as a move for national security, with the agencies seeking to collect data or spy indefinitely on mobile phones of “suspected terrorists.” But they did so without alerting the public or the phone companies of the browser’s weaknesses, which “potentially put millions of users in danger of their data being accessed by other governments’ agencies, hackers or criminals,” Hildebrandt and Seglins write.

“Of course, the security agencies don’t [disclose the information],” Ron Deibert, executive director of digital rights group Citizen Lab, which identified security gaps in UC Browser and alerted the company to those issues in April, told CBC. “Instead, they harbor the vulnerability. They essentially weaponize it.”

Apple, Google and 140+ tech firms urge Obama not to give police ‘backdoor’ access to encrypted phone data

Capture

Apple, Google, and a host of other tech companies and cryptology experts have signed a letter sent to President Obama calling on his administration to stem any proposal that seeks to weaken encryption security to benefit policing agencies.

More than 140 firms, technologists, and security experts sent a letter to the White House on Tuesday calling for the protection of encrypted data on smartphones and other communication devices from law enforcement.

“Strong encryption is the cornerstone of the modern information economy’s security,” the letter reads, adding that the Obama administration must “fully support and not undermine efforts to create encryption standards” and not “in any way subvert, undermine, weaken or make vulnerable” commercial software.

The message is in response to top law enforcement officials’ unease with Apple and Google offering phones with such strong encryption that even police with a warrant are unable to gain access. The likes of FBI Director James Comey have claimed such strong protection is a threat to public safety.

“There’s no doubt that all of us should care passionately about privacy, but we should also care passionately about protecting innocent people,” Comey said recently, according to The Washington Post, which first reported on the letter.

Comey said he was “concerned” after Google and Apple announced their encryption efforts last year.

“I am a huge believer in the rule of law, but I also believe that no one in this country is beyond the law,” he said.

“What concerns me about this is companies marketing something expressly to allow people to place themselves beyond the law.”

The US Justice Department says it supports encryption that allows users to protect their data from intrusion. Yet the department also wants to have access for itself, ultimately claiming that strictly-private data is a threat to public safety.

Security experts say that encryption is essentially weakened if a “backdoor” is built into technology for police access. This security vulnerability also allows exploitation from hackers or foreign governments, they add.

The letter was also signed by three of the five members of an Obama-appointed review group that was tasked in 2013 with analyzing US technology policy following major revelations of government spying supplied by former intelligence contractor Edward Snowden.

Richard Clarke, a former cybersecurity adviser to President George W. Bush, was one of those three members. He said similar government efforts to require phone companies to supply backdoors to encrypted voice calls in the 1990s were unsuccessful.

“If they couldn’t pull it off at the end of the Cold War, they sure as hell aren’t going to pull it off now,” he told the Post.

In March, more than 40 companies and civil liberties groups wrote a letter to Congressand the Obama administration that called on Washington to change its spying laws in the wake of the National Security Agency spying scandal.

“Now is the time to take on meaningful legislative reforms to the nation’s surveillance programs that maintain national security while preserving privacy, transparency and accountability,” the group said in the letter.

“[T]he status quo is untenable and it is urgent that Congress move forward with reform.”

The companies, shown ultimately complicit in NSA surveillance programs, have since attempted many times to call for reform of US surveillance policies that they say undermines their products and consumer trust.

Snowden leaks show gaps in official account of bin Laden raid

Screen Shot 2015-05-19 at 11.36.54 AM

While documents from the archive of National Security Agency whistleblower Edward Snowden don’t explicitly back the claims made by investigative reporter Seymour Hersh, they do show gaps in the official US account of the 2011 raid on Osama bin Laden.

The US government continues to insist that the raid on bin Laden’s Abbottabad compound in Pakistan was the result of the CIA’s signal intelligence (“SIGINT”) capturing the movements of an Al-Qaeda courier, identified as Ibrahim Saeed Ahmed (alias Abu Ahmed al Kuwaiti). Likewise, the official version claims that Pakistan did not know about the raid or of bin Laden’s whereabouts.

Hersh’s recent expose in the London Review of Books challenges these assertions, and documents obtained by Snowden and published Monday by the Intercept show that “this apparent intelligence coup surfaces rarely” in internal NSA files.

Screen Shot 2015-05-19 at 11.38.31 AM

A 2012 CIA budget request, also known as the “black budget,” claims that the agency conducted a “pattern of life analysis” on “a collection of assets in Pakistan to identify any potential linkages, as well as digital footprints.” This analysis, the document claims, “paired with other technical tests, increased confidence in each asset’s authenticity, reliability, and freedom from hostile control and directly contributed information leading to the successful mission on UBL’s compound.”

In the internal NSA newsletter, SIDToday, the agency’s associate deputy director for counterterrorism at the time, Jon Darby, claims the NSA “played a key role in identifying the compound where bin Laden was found.” However, Darby also said that the NSA lost “SIGINT access” to bin Laden back in 1998, and does not mention a courier.

A congratulatory article in SIDToday from November 2011, by Director of Signals Intelligence Teresa Shea, mentions “a dedicated group of SIGINT professionals” who would not give up the search for almost a decade, “and their persistence paid off in substantive contributions at critical points on the road to Abbottabad.” What those contributions may have been, though, Shea did not say.

Read more

Down the rabbit hole: Bin Laden raid was staged after extensive Pakistan-US negotiations – report

Four military intelligence reports quoted by the Intercept, meanwhile, do not suggest the death of bin Laden impacted the Taliban insurgency in any major way. A May 2011 NATO intelligence report speculated that the death of Al-Qaeda’s leader “offers an opportunity for the Taliban to highlight that they were not harboring [bin Laden], in an attempt to detach themselves from international terrorism and increase their political and moral legitimacy.”

There is little in the reports to show that Pakistani authorities were outraged by the US raid on Abbottabad, which seems unusual given Washington’s insistence that Pakistan was not consulted about the raid. The reports indicate that Islamabad’s hardening position towards the US was primarily due to the mounting pressure in the media and the general public.

The Intercept’s reporters caution that absence of evidence is not necessarily evidence of absence.

“Given how vast the intelligence community is — and its compartmentalization and secrecy — its members may be unaware of what other agencies, or even units within their own agency, are doing,” the publication wrote.

Screen Shot 2015-05-19 at 11.39.54 AM

Meanwhile, in the rush to take credit for the killing of alleged Islamic State (IS, formerly ISIS) leader Abu Sayyaf in Syria last week, the Pentagon has actually revealed its intelligence and operational capabilities – something US officials have groundlessly accused Snowden of doing, noted journalist Trevor Timm.

“Government officials will use any situation to say the most outlandish things possible in an attempt to smear his whistleblowing—regardless of their basis in reality,” Timm wrote. He used the example of Mike Morell, a “former CIA deputy director and torture advocate,” who told NPR last week that Snowden’s leaks caused Al-Qaeda groups in Pakistan, Yemen and Iraq to change their communication habits, and that they “morphed into ISIS.”

Timm contrasts that with the New York Times’ description of the Abu Sayyaf raid, citing “American officials” crediting “information gleaned from a small but growing network of informants the CIA and the Pentagon have painstakingly developed in Syria, as well as satellite imagery, drone reconnaissance and electronic eavesdropping.”

“Either leaks exposing the ‘sources and methods’ of surveillance are damaging to national security or they are not. Administration officials can’t have it both ways,” Timm argues.

ATTORNEY: SPY CHIEF HAD ‘FORGOTTEN’ ABOUT NSA PROGRAM WHEN HE MISLED CONGRESS

Screen Shot 2015-05-09 at 6.36.46 PM

He just forgot

Getty Images

By Julian Hattem05/08/15 05:30 PM EDT

Director of National Intelligence Jim Clapper wasn’t lying when he wrongly told Congress in 2013 that the government does not “wittingly” collect information about millions of Americans, according to his top lawyer.

He just forgot.

“This was not an untruth or a falsehood. This was just a mistake on his part,” Robert Litt, the general counsel for the Office of the Director of National Intelligence, said during a panel discussion hosted by the Advisory Committee on Transparency on Friday.

“We all make mistakes.”

The comments add to the years of criticism that Clapper has received for his testimony in the 2013 Senate Intelligence Committee hearing.

In the public session, longtime surveillance critic Sen. Ron Wyden (D-Ore.) had asked Clapper whether or not the NSA collected “any type of data at all on millions of Americans.”

“No sir,” Clapper responded. “There are cases where they could inadvertently perhaps collect, but not wittingly.”

Just a few months later, however, leaks from Edward Snowden proved Clapper wrong. As documents released by Snowden made clear, the NSA collects records about millions of Americans’ phone calls under a program the government has said is authorized by Section 215 of the Patriot Act.

After the fact, Clapper has said that his statement was the “least untruthful” possible answer, given the secrecy of the program at the time. 

Still, critics such as Sen. Rand Paul (R-Ky.) have called for Clapper to resign over the flap, which they say amounts to perjury. 

Litt on Friday said that Clapper merely did not have a chance to prepare an answer for Wyden and forgot about the phone records program when asked about it on the spot.

“We were notified the day before that Sen. Wyden was going to ask this question and the director of national intelligence did not get a chance to review it,” Litt said.

“He was hit unaware by the question,” Litt added. “After this hearing I went to him and I said, ‘Gee, you were wrong on this.’ And it was perfectly clear that he had absolutely forgotten the existence of the 215 program.”

Instead, Litt said, Clapper had been thinking about separate programs authorized under Section 702 of the Foreign Intelligence Surveillance Act, which the NSA has used to collect massive amounts of foreigners’ Internet data. The law explicitly prohibits the government from gathering the same kind of data about Americans, unless t is “incidental.”

“If you read his answer it is perfectly clear that he was thinking about the 702 program,” Litt said. “When he is talking about not wittingly collecting, he is talking about incidental collection.”

Litt, he said, also erred after the hearing by not sending a letter to the panel to correct the mistake.

“I wish we’d done that at the time,” he said on Friday.