Screen Shot 2015-02-22 at 6.30.19 PMPress freedom has declined in recent years

Ken Silva | February 21, 2015
The index cited “judicial harassment” of New York Times reporter James Risen, the arbitrary arrest of at least 15 journalists during the Ferguson, Missouri clashes, and the fact that U.S. journalists are still not legally entitled to protect sources who reveal confidential information about their work.

The U.S.’s slip in press freedom rankings mirrors its seven-place drop in Freedom House’s Global Press Freedom Index from 2013-2014, though the country still ranks among the 14 percent of countries whose press is classified as “free” in the latter scale.

Reality may be even worse than the rankings suggest. Legal protections for the press have only eroded since the 2006 trough year when the Bush Administration threatened to prosecute Risen for publishing stories chronicling warrantless wiretapping of citizens’ phone calls.

Since the Obama Administration took power, it has used the Espionage Act to prosecute data leakers a record seven times—more than every other president combined in the law’s nearly 100-year history—a Fox News journalist has been spied on by the Justice Department under the justification that he’s a criminal conspirator, Wikileaks creator Julian Assange has been declared “a hi-tech terrorist,” and the Supreme Court refused to overturn a lower court ruling against Risen stating that the First Amendment doesn’t protect him from refusing to testify about a whistleblower that allegedly leaked classified information about the CIA’s efforts to disrupt Iran’s nuclear program.

Reports from Pulitzer Prize-winning journalist Glenn Greenwald even suggest that media outlets routinely vet their articles with government officials before publishing them.

“This consultative process with the government, The Guardian lawyers explained, is what enables newspapers to demonstrate they have no intent to harm national security by publishing top secret documents, and thus lack the requisite criminal intent to be prosecuted,” Greenwald wrote in his 2014 book No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State, explaining that papers such as The New York Times and Washington Post often spend weeks having controversial stories reviewed by the feds.

Greenwald scoffs at what he regards as a subservient process, and even wrote that he threatened his editors at The Guardian that he would publish the stories about the National Security Administration’s massive surveillance system on his own website if they kowtowed to the government.

What’s scary, however, is the fact that no one knows what would have happened to Greenwald had he had made good on his threats, because there are no court precedents on the issue of publishing information sensitive to national security. A provision of the Espionage Act outlaws “unauthorized communication” of national defense information, and some have argued that it could indeed be used to punish the media for publishing classified information, regardless of what the First Amendment says.

So far, none of the law’s targets have been journalists. Since the “unauthorized communication” provision has never been tested against the media, watchdogs have no idea where they stand with respect to the law. Who knows what the courts might rule if such an issue is brought before them now?

Many people mistakenly think that the American press is protected by the 1971 decision in the famous Pentagon Papers case, where the Supreme Court ruled that the U.S. government did not have the authority to prevent The New York Times from printing classified documents revealing that the military had secretly bombed Cambodia and Laos in the Vietnam War, among other transgressions. However, the Pentagon Papers case only raised the issue of whether the U.S. had the power to issue an injunction against publication, not whether it could criminally prosecute someone after the fact. We still don’t know whether such a charge would withstand court scrutiny.

The inconclusive ruling even prompted legal scholars Harold Edgar and Benno Schmidt Jr. to declare that the Espionage Act remained a “loaded gun pointed at newspapers and reporters who publish foreign policy and defense secrets” in their 1973 analysis of the case in Columbia Law Review. Fast-forward four decades, and the government seems to have taken the safety off.

Granted, there have been a few victories for the press this century. In 2001 the Supreme Court ruled that a reporter wouldn’t be held liable for broadcasting a conversation that had been illegally taped, and in 2009 the government dropped its case against two lobbyists charged under the Espionage Act for essentially doing what (good) journalists do: Trying to get government officials to reveal secret information.

Those victories are small ones, though, when one considers the overall decline in press freedom since the RWB first created its rankings. In another 10 years, a journalist like Greenwald could be collecting his or her Pulitzer from behind bars if the downward trend continues.

Ken Silva is a freelance journalist.


Screen Shot 2015-02-20 at 6.20.04 PM

Based on documents leaked by NSA whistleblower Edward Snowden

A new investigation by The Intercept reveals the National Security Agency and its British counterpart, the GCHQ, hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe. The secret operation targeted the Dutch company Gemalto. Its clients include AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers around the world. It produces two billionSIM cards a year. According to The Intercept, the stolen encryption keys give intelligence agencies the ability to monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments. According to The Intercept, agents from theNSA and GCHQ formed the Mobile Handset Exploitation Team in 2010 to specifically target vulnerabilities in cellphones. The Intercept’s report was written by Jeremy Scahill and Josh Begley. It was based on documents leaked by NSA whistleblower Edward Snowden. We speak to Chris Soghoian, principal technologist at the American Civil Liberties Union. He is also a visiting fellow at Yale Law School’s Information Society Project.


This is a rush transcript. Copy may not be in its final form.

JUAN GONZÁLEZ: A new investigation by The Interceptreveals the National Security Agency and its British counterpart, the GCHQ, hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe. The secret operation targeted the Dutch company Gemalto. Its clients include AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers around the world. It produces two billion SIM cards a year. According to The Intercept, the stolen encryption keys give intelligence agencies the ability to monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments.

AMY GOODMAN: Agents from the NSA and the GCHQ formed the Mobile Handset Exploitation Team in 2010 to specifically target vulnerabilities in cellphones. The intelligence agencies obtained the encryption keys by hacking into the email and Facebook accounts of engineers and other employees of Gemalto and other major companies. Some of the employees were singled out for sending PGP-encrypted files.The Intercept’s report was written by Jeremy Scahill and Josh Begley. It was based on documents leaked by NSA whistleblower Ed Snowden.

To talk more about the significance of this story, we’re joined by Chris Soghoian. He is the principal technologist at the American Civil Liberties Union, also a visiting fellow at Yale Law School’s Information Society Project. “The Great SIM Heist: How Spies Stole the Keys to the Encryption Castle” is the name of the story.

Chris, welcome to Democracy Now!, joining us from Charlottesville, Virginia, today. Talk about the significance. What is the great SIM heist?

CHRISTOPHER SOGHOIAN: Well, what we’ve learned is that GCHQ has been engaged in an extremely aggressive effort to obtain these encryption keys. In essence, over the last probably five years or so, telecom companies, wireless carriers around the world have upgraded their networks and moved from older, less secure, second-generation phone technology to more secure, 3G and 4G technology, and as the networks have moved to this newer technology, it’s become much more difficult for governments to spy on communications that take place outside of their own countries. So, for GCHQ, forNSA, for the Chinese and for the Russian governments to be able to spy on telephone calls everywhere in the world, they need these kinds of keys. What we’ve learned just yesterday is that by hacking into one of the largest manufacturers of SIM card keys—or, of SIM cards and the keys that are on them, GCHQ has really acquired a huge amount of information that will make—that will make bulk surveillance of telephone communications very, very easy.

JUAN GONZÁLEZ: [inaudible] technically work? Would they be sweeping up in real time all of the conversations and then storing them someplace to be able to look back at them further? I mean, how exactly would it work?

CHRISTOPHER SOGHOIAN: Right. So there’s a special NSA outfit, an NSA-CIA outfit called the Special Collection Service, SCS. And so, they’re based out of embassies and consulates around the world, and they install these antennas on the roofs of embassies and other buildings. And with those antennas, they’re able to grab the data from phones as it’s sent over the air. And so, what they’ll do is they’ll set up these what are called spy nests and grab as many telephone communications as they possibly can and save them. But these telephone communications, telephone calls, text messages and other information are encrypted. And so they save the information, and then once they have the keys, either because they hack into a company like Gemalto or they bribe an engineer or blackmail an engineer, then they can decrypt the communications. And so, essentially, wiretapping then just becomes a mere task of installing an antenna somewhere and recording data.

AMY GOODMAN: You compare the use of encryption keys on SIM cards to the way Social Security numbers are used today. Can you explain?

CHRISTOPHER SOGHOIAN: Sure. So, Social Security numbers were designed in the 1930s for a pretty mundane and basic task, which was keeping track of one’s contributions to their retirement account, their government retirement account. But today they’re used as a quasi-national identification number. We’re supposed to give our Social Security numbers to, you know, a huge number of organizations. It’s how we’re tracked. And the reason we sort of have this system is because there was no formal national identity number. Everyone wants to have one, and so the Social Security number has sort of been forced into that role, but it’s a role that it was never designed or intended for.

By the same token, SIM cards were never really intended to provide strong confidentiality of communications. They weren’t intended to provide strong encryption or strong protection of our communications. Instead, they were really intended to protect telephone numbers and telephone accounts from fraud. In the ’80s and 1990s, there was a huge wave of fraud where people were doing what’s called cellphone cloning, and they were billing calls to other people’s accounts. And this was a huge problem for the phone companies. They needed a solution. And SIM cards and the encryption keys within them were the solution that they came up with.

You know, we should understand that SIM cards probably cost, you know, 50 cents or a dollar in bulk. These are not, you know, extremely sophisticated, high-security devices. They are basic bits of technology that are designed for one job, which is fraud, that we now depend on for so much more. And if this story demonstrates one thing and one thing alone, it’s that SIM cards and the system of security that surrounds them just isn’t up to the job of protecting our communications.

JUAN GONZÁLEZ: But I want to go back to something you said before about U.S. embassies being used basically as the centers for grabbing this data in these different countries. In effect, what you’re saying is that virtually every U.S. embassy is basically a spying operation, possibly breaking laws in the very countries that they are—that they’re located in.

CHRISTOPHER SOGHOIAN: My understanding is that’s the norm for embassies around the world, not just the U.S. You know, intelligence agencies operate out of embassies, sometimes with cover. You know, last summer, Der Spiegel published a slide listing the locations of NSA-CIA Special Collection Service sites around the world. This is something that’s been written about in books before. It’s not a big secret. And after the Merkel, Angela Merkel, spying story first broke, one of the German newspapers even published thermal imaging photographs of the spy nest on the roof of the U.S. Embassy in Berlin before the story and after the story, showing that the station had been shut down and was—as it was thus generating much less heat and using much less electricity.

AMY GOODMAN: Chris, when asked for comment by Reuters, GCHQ said its work, quote, “is carried out in accordance with a strict legal and policy framework, which ensures that our activities are authorised, necessary and proportionate,” they said. Can you respond to that and—we just have less than a minute—how the GCHQ and NSAhacked into the emails and Facebook accounts of employees of telecom companies?

CHRISTOPHER SOGHOIAN: Right. So GCHQ and NSA believe that, essentially, anything is justified as long as it gets them to where they want to be. The engineers at Gemalto were not accused of breaking the law. Gemalto itself is not a criminal enterprise. But these governments want the keys that Gemalto has, and so they’re willing to do anything it takes to get that.

You know, in the last few moments that I have, I really want to let your listeners know that there are things that you can do right now to protect your communications, that the telephone companies have not shown any interest in providing us with secure communications. You cannot trust the voice or text message services provided by your wireless carrier, so you need to download apps. There are some built into the iPhone—iMessage and FaceTime. There are tools like WhatsApp that are—that’s distributed by Facebook. And there are some even better tools like Signal, which is supported by the U.S. government, actually. You can download apps and services and make encrypted telephone calls, send encrypted text messages, that governments cannot easily intercept. But those tools will not be provided to you by your telephone company. You need to take steps and take matters into your own hand.

AMY GOODMAN: Chris Soghoian, I want to thank you for being with us, privacy researcher and activist with the ACLU.

Companies forced to anonymously fight back against FBI surveillance

Screen Shot 2015-02-18 at 3.59.40 PM

Two companies are asking the United States government to let Twitter publish details about secret requests the social media site has received from law enforcement, but the Justice Department says national security requires those entities to not be named.

The fate of the United States government’s ability to silently serve tech companies with a type of court order that compels firms to hand over private user data to federal authorities is currently being fought, predictably, cloak-and-dagger.

A lawsuit filed in the Northern District of California late last year by Twitter, the social networking platform, seeks to have a federal court judge say that the Federal Bureau of Investigation’s practice of serving companies with National Security Letters, or NSLs – a type of administrative subpoena issued often with gag orders and almost always absent judicial oversight – violates the Constitution.

Now in what some have already hailed as being Kafkaesque, two companies that want to advocate before the court against NSLs on Twitter’s behalf have been told that they can only do so on the condition that they do so anonymously.

Screen Shot 2015-02-18 at 4.02.08 PM
The two firms – described in court documents only as a phone service provider and “an internet company” that are past NSL recipients – submitted an amicus curiae brief, or friend-of-the-court filings, on Wednesday this week in support of Twitter’s case. In compliance with the court’s orders, however, the names of these companies whose arguments may very well help rewrite the government’s use of secret administrative subpoenas as it exists today must remain underseal [PDF].

According to a 19-page brief filed in District Court on Tuesday, attorneys with the Electronic Frontier Foundation are now representing “Corporations 1 & 2” as those unnamed entities attempt to convince Judge Yvonne Gonzalez Rogers that national security need not require that companies are kept from telling their customers how often they’re served with secret court orders.

“The Supreme Court as well as courts across the land have recognized that a prior restraint – preventing speech in the first instance instead of imposing a penalty after the speech – is a serious and dangerous step,” EFF legal fellow Andrew Crocker said in a statement this week. “Yet with NSLs, we have prior restraints imposed at the government’s whim, without any judicial oversight or review.”

“Our clients want to talk about their experience with these NSLs, but the government is unconstitutionally shielding itself from any criticism or critique of their procedures,” Crocker said.

When Twitter filed suit against US Attorney General Eric Holder last November, the company said it opted to do as much only after its attempts to disclose basic details about NSLs were quashed by the government over supposed national security concerns. NSLs can compel a company to provide authorities with sensitive user records, and unbeknownst to the customer in question if accompanied by a gag order. Companies including Twitter have asked that the government let them publish details about these requests, albeit largely unsuccessfully.

“Specifically, if the government will not allow us to publish the actual number of requests, we want the freedom to provide that information in much smaller ranges that will be more meaningful to Twitter’s users, and more in line with the relatively small number of non-national security information requests we receive,” Jeremy Kessel, Twitter’s senior manager for global legal policy, argued last July before the matter was brought to court.

Three months later, Twitter sued Holder in his official capacity as head of the Justice Department – the executive branch agency that oversees the FBI – and said the microblogging serve was seeking to publish its full Transparency Report and “asking the court to declare these restrictions on our ability to speak about government surveillance as unconstitutional under the First Amendment.”

“It’s our belief that we are entitled under the First Amendment to respond to our users’ concerns and to the statements of US government officials by providing information about the scope of US government surveillance – including what types of legal process have not been received. We should be free to do this in a meaningful way, rather than in broad, inexact ranges,” the vice president of Twitter’s legal department, Ben Lee, blogged in October.

Last month, the US government once again countered Twitter’s argument.

“The additional material that Twitter seeks to publish is information that the Government has judged is properly protected classified national security information, the disclosure of which would risk serious harm to national security,” the DOJ wrote in a motion filed with the court in early January.

As of last week, attorneys for the DOJ and Twitter are slated to once again square off in court next month on March 31 in Oakland, California. Meanwhile, “Corporations 1 & 2” are not the only firms filing amici on Twitter’s behalf: Court records obtained by RT reveal that no fewer than a dozen other groups, including a journalistic rights organization and some of America’s biggest media outlets, have written briefs on Twitter’s behalf that were entered with the court this week – name attached and all.

“Edward Snowden’s revelations in 2013 about the National Security Agency’s surveillance programs sparked an intense and ongoing international debate over the proper balance between privacy interests and national security,” attorneys representing Buzzfeed, First Look Media, National Public Radio and the Washington Post, among others, argue in one of the briefs filed this week [PDF]. “But if ‘debate on public issues’ is to be “uninhibited, robust and wide-open,”’ – and if the First Amendment is to continue to preserve the conditions for informed debate in our democracy – the government must be held to a high burden before fundamental First Amendment freedoms can be sacrificed in the name of national security.”

“Imposing a classic prior restraint, communications service providers such as Twitter are prohibited from publishing – and the media are prevented from reporting on – the aggregate numbers of National Security Letters,” attorneys for the media groups argued.

The Freedom of the Press Foundation, a nonprofit journalism rights group, filed a brief of their own with the court on Tuesday this week, as well, again citing the disclosures attributed to Snowden, one of its own board members, by acknowledging that, “after eighteen months of new revelations published in some of the nation’s largest newspapers, the public is currently engaged in the most robust and important debate about government surveillance in the United States” since the 1970s [PDF].

Lawyers for Cloudfare,, Wickr and Wikimedia Foundation – “small Internet companies and communication service providers that want to be open and honest with our users and the public about the number of national security requests we receive from the government,” according to their own brief – filed paperwork with the court as well [PDF].

“The outcome of this case is important for small internet companies and communication service providers working to be transparent about their practices and provide meaningful information to the public. Reporting national security requests in the manner approved by the Justice Department obfuscates rather than illuminates the volume of national security requests a small company receives. We simply want to offer useful, accurate information and respond to the concerns of our users,” their attorneys wrote.

As do the two unnamed amicus who submitted briefs this week through the EFF, according to their filing. The brief entered this week reveals that both entities have previously received NSLs in their own right from the FBI and fought them in federal court, but the rulings in those matters have each been stayed for the time being.

“Both amici support Twitter’s desire to publish a transparency report that provides more specific information about the number of NSLs Twitter has received,” that filing reads.

“As they explained to the Ninth Circuit, ‘transparency is a core concern for both [amici] and their customers,’ and it is therefore ‘vital to [them] that government requests for data be disclosed to customers and discussed in the public debate, and that in the rare situations where a gag may be appropriate, . . . courts play their necessary and discerning oversight role to ensure that First Amendment and other rights are adequately protected.’”

“This brief will aid the court in understanding amici’s pending Ninth Circuit challenge to the NSL statute’s gag provision, a proceeding the government characterizes as likely controlling of Twitter’s claims,” the EFF wrote. “This brief corrects misstatements made by the government in this case regarding amici’s cases and the appeal, and will otherwise provide insight to the court regarding amici’s cases.”

Last month, the White House said it was proposing rules that would require the FBI to “presumptively terminate National Security Letter nondisclosure orders at the earlier of three years” after the opening of an investigation. Meanwhile, Julian Assange, the editor of antisecrecy group Wikileaks, claimed in a 2012 interview with RT that “hundreds of national security letters every day” are being issued by the US government.

NSA able to spy on hard drives, researchers find

Screen Shot 2015-02-17 at 3.20.48 PM

By Julian Hattem – 02/17/15 08:09 AM EST

U.S. spies are able to secretly infect and reprogram computer hard drives made by more than a dozen top companies, according to a sweeping new report from a team of cybersecurity researchers.

By reprogramming that firmware, the National Security Agency (NSA) is able to inject malicious code on a computer that can launch whenever a machine is booted up and consistently evade detection.

Along with other techniques to spy on foreign governments, militaries, telecommunications companies, Islamic activists and others, the new powers unveiled by the Russia-based Kaspersky Lab in a report on Monday detail how the spy agency “surpasses anything known in terms of complexity and sophistication of techniques.”
The group charted more than 500 attacks in more than 30 countries around the globe, including Iran, Russia, Libya and Iraq, among others. Because many of the infections have a “self-destruct” mechanism, the actual number of attacks is likely much higher, according to Kaspersky — potentially in the tens of thousands.

The lab did not mention the NSA by name in its report, and instead referred to it as “Equation Group” because of their penchant for algorithms and obscurity. However, the team of hackers was linked to the Stuxnet virus that was built by the NSA intended to disable the Iranian nuclear regime and discovered in 2010.

A former NSA official confirmed to Reuters that the lab’s analysis was correct and said that the agency values the programs it unveiled as much as they did Stuxnet, which destroyed one-fifth of Iran’s nuclear centrifuges.

“The Equation Group is probably one of the most sophisticated cyber attack groups in the world; and they are the most advanced threat actor we have seen,” the lab said.

In addition to the hard drive-cracking bugs, the lab’s new report also detailed the existence of the “Fanny” worm, which was created specifically to penetrate computers on networks kept off the Internet — a common security technique for ultra-sensitive work. The worm is inserted onto a hidden storage area of a USB stick and scoops up data about those “air-gapped” networks, only to send it back whenever the USB stick is plugged into a machine connected to the Internet.

The Fanny worm took advantage of software bugs that were late uncovered in the investigation into Stuxnet.

In other instances, NSA secretly intercepted CD-ROM disks being sent via the mail, added a computer bug and then sent it back to its intended recipient.