Posts tagged ·

PRISM

·...

The list of shame

Comments Off

Over the last years, Wikileaks has collected and published a set of files detailing the companies involved in implementing and assisting mass surveillance. The “Spy Files” includes mostly public product sheets, sales brochures and company catalogues. Below is the list of all the company names mentioned in all the Wikileaks Spy Files.

There’s a lot of interesting reading there. From not so well known hardware companies across the world, to big names like HP, Ericsson, and Siemens. Some of them are selling “investigation platforms” for law enforcement, while others offer products for covert operations. There’s data sheets on network taps like those from NetOptics, and network traffic surveillance and retention from Packet Forensics, to give some examples. There’s marketing material, like Ernst & Young 2011 brochure with the title Biometrics: time to evangelise the benefits. (They want biometric identification pretty much everywhere: From border control to benefit payments, and Internet access).

In other words, these are the companies which implement the police and surveillance state. Employees from these companies do the dirty-work of the NSAs and GCHQs around the world. If you are working for or with one of these, now is a very good time to consider your stance on democracy, human rights, and privacy. If your set of values does not align with that of your company, it might be time to do something about that. “I was just doing my job and following orders” is not an excuse which will hold up in court when judgement comes.

AAPPRO
ABILITY
AcmePacket
ADAE
ADS
ADS UKTI Defence & Security Organisation
Agnitio
AGT International
AI Solve
ALCATEL-LUCENT
ALTRON
AMECS
Amesys
AQSACOM
Arpege
ATIS
ATIS Systems GmbH
Atis Uher
Autonomy
BEA
Berkeley Varitronics Systems
Bivio
BLUECOAT
BrightPlanet
Cambridge Consultants
Cassidian
Cassidian (EADS)
CCT Cecratech
CELLEBRITE
ClearTrail
Cobham
CommsAudit
CRFS
CRYPTON-M
Cyveillance
DATAKOM
DATONG
Delta SPA
DETICA
Dialogic
Digital Barriers
DigiTask
DREAMLAB
Dreamlab
Dreamlab Gamma
EBS Electronic
ELAMAN
ELAMAN GAMMA
Elektron
ELEXO
ELSAG
ELTA
Endace
Enterprise Europe Network
ERICSSON
Ernst & Young
Eskan
ETIgroup
ETSI
ETSI TC-LI
Evidence Talks Ltd.
EVIDIAN
Expert System
FCO Services
Forensic Telecommunications Services
FOXIT
Freightwatch Security Net
FROST & SULLIVAN UTIMACO
Gamma
Glimmerglass
Glimmerglass Networks
GRIFFCOMM
GROUP2000
GTEN
GUIDANCE
HackingTeam
Harris
HiddenTechnology Systems International Ltd.
HP
HP Defence and Security
Human Recognition Systems
i2 Group
INNOVA SPA
Innov Telek IZT
INVEATECH
IPOQUE
IPS
IPS Intelligence
ISS
Kapow Software
L3 ASA
LOQUENDO
Mantaro
Medav
MEDAV
Metronome
NeoSoft
NETI
NetOptics
NetQuest
Netronome
NETWORK Instruments
NEWPORT NETWORKS
NICE Systems
Nokia Siemens Networks
Ntrepid
NTREPID
OCKHAM
OCULUS
OnPath
OXYGEN
Packet Forensics
PAD
PALADION
PANOPTECH
Phonexia
Pine Digital Security
PLATH
Protei
PV labs
QCC Interscan
Qinetiq
QOSMOS
RETENTIA
RHEINMETALL DEFENCE
Roke Manor Research
Safran
Scan & Target
SEARTECH
Septier
Septier Communication Ltd.
Seqtor
SESP
SHOGI
SIEMENS
Silicom
Silicom Dreamlab
Siltec
Simena
Speech Technology Center
SPEI
Spektor Forensic Intelligence
SS8
STRATIGN
Tamara
telesoft
Telesoft Technologies
Thales
TRACESPAN
TRACIP
Trovicor
Utimaco
Utimaco Safeware AG
VAStech
Virtus
Visual Analytics Inc
VuPen
VUPEN Security

Comments Off

The mind of a megalomaniac: NSA chief Keith Alexander

Comments Off

Glenn Greenwald recently had a nice story in the Guardian which showed how completely out of touch with society and reality NSA’s surveillance operation has become. NSA chief Keith Alexander have built a command centre and war room modelled after Star Trek’s Enterprise bridge. The pictures below are from the Guardian article.

To add insult to injury, the room was dubbed “Information Dominance Center”. The arrogance of it all is astonishing. Add to that Alexander’s motto “Collect it All”, and it goes to show how totally out of control this whole operation and agency has spun. The revelations over the last months have made it crystal clear that he nor is organization can be trusted, and this small story just hammers home the point even further.

Comments Off

NSA survailance violations – a brief summary

Comments Off

A summary of the latest news and NSA revelations.

Thanks to Snowden, we now know the NSA:

  • Had James Clapper lie under oath to us – on camera – to Congress to hide the domestic spying programs Occured in March, revealed in June.
  • Warrantlessly accesses records of every phone call that routes through the US thousands of times a day JuneSeptember
  • Steals your private data from every major web company (Facebook, Google, Apple, Microsoft, et al) via PRISMJune and pays them millions for it August
  • Pays major US telecommunications providers (AT&T, Verizon, et al) between $278,000,000-$394,000,000 annually to provide secret access to all US fiber and cellular networks (in violation of the 4th amendment). August
  • Intentionally weakened the encryption standards we rely on, put backdoors into critical software, and break the crypto on our private communications September
  • NSA employees use these powers to spy on their US citizen lovers via “LOVEINT”, and only get caught if they self-confess. Though this is a felony, none were ever been charged with a crime. August
  • Lied to us again just ten days ago, claiming they never perform economic espionage (whoops!) before a new leak revealed that they do all the time. September
  • Made over fifteen thousand false certifications to the secret FISA court, leading a judge to rule they “frequently and systemically violated” court orders in a manner “directly contrary to the sworn attestations of several executive branch officials,” that 90% of their searches were unlawful, and that they “repeatedly misled the court.” September September
  • Has programs that collect data on US Supreme Court Justices and elected officials, and they secretly provide it to Israel regulated only by an honor system. September

Source

Comments Off

PRISM – The political repercussions

Comments Off

It has been about a month and half since the NSA and PRISM story broke, and we are now starting to see some of the political repercussions. As expected, they take longer to develop than news-headlines and knee-jerk Internet forum reactions, but the Snowden’s leaks will definitely have long term political effects.

Snowden

Up until now, very much of the media attention has been on Snowden himself, his whistle-blower status, and his escape from the US. Although not that interesting in themselves, his movements have drawn some very intriguing lines, more clearly showing who’s in bed with who, and which countries are willing to stand up against the US. Snowden was more or less escorted out of Hong Kong, China, and welcomed to Russia, or at least not kicked out yet. The problem is, even if he has been offered asylum from Bolivia, Nicaragua and Venezuela, he cannot travel there. First of all, because the US has cancelled his passport, but maybe more importantly, he risks being captured mid-flight. That was made clear when Bolivian president Morales’ flight was forced down in Vienna, because other European countries had blocked their airspace on suspicion that Snowden was on board the plane.

That incident very clearly showed which countries are aligned with the Americans, and is now confirmed by the fact they did apologize. The Bolivian Foreign Minister confirmed that they had received apologies from Italy, Portugal, Spain and France. However, he wants to get to the heart of the matter, even though it is blatantly obvious who was behind the request to force down the plane. Furthermore, as a reaction against these European countries, Bolivia, Brazil, Argentina, Venezuela, and Uruguay have resolved to withdraw their diplomatic missions. That is a pretty strong signal, even though it might be temporary.

Finally, on Snowden, it was interesting to note that he has been nominated for the Nobel peace prize by Swedish professor Stefan Svallfors who notes that “‘I was just following orders’ [can never be] claimed as an excuse for acts contrary to human rights and freedoms”. He continues; awarding the prize to Snowden would “help to save the Nobel Peace Prize from the disrepute incurred by the hasty and ill-conceived decision to award US President Barack Obama [the] 2009 award.” Ouch! That has to sting!

EU political effects

In addition to the four countries who closed their airspace for Morales’ flight, it is clear that more have been accomplices of the US and NSA. UK’s GCHQ (Government Communications Headquarters) have eagerly been collecting data from Internet fibre cables, and is now facing legal challenges from the UK charity Privacy International.

Signals have also been collected in Germany, although here it is less clear whether German intelligence organizations have been in on the game or not. Even the interior minister Hans-Peter Friedrich is not able to explain exactly what has been going on, and apparently he has a gag-order from the US. Chancellor Angela Merkel seems more ambiguous, on the one side urging people to wait for US’ investigation, but also calling for stronger EU data protection laws, and at the same time bringing sanity and common sense to the discussion with the quote: “Just because something is technically possible doesn’t mean you should do it”.

Meanwhile, on EU level, the European Parliament has voted for a resolution to 1) let their Civil Liberties Committee launch an inquiry into the PRISM scandal (with a report due towards the end of the year); 2) warn other member states, including UK, Sweden, the Netherlands, Germany and Poland, who have been running similar programs; 3) reconsider the data sharing of air-traffic passenger information and SWIFT banking transfer with the US; 4) and offer stronger protection for whistle-blowers like Snowden. Several of these points echo similar demands by the EU Pirate Parties about a month ago.

US political effects

On US side, we’ve also seen the start of some interesting cases: Several groups, including the Electronic Privacy Information Center, have filled legal actions which seek to stop the NSA mass surveillance. In addition to the EPIC case, Electronic Frontier Foundation (EFF) has filed a lawsuit, backed by an unusual coalition of rights activists, church leaders and drug and gun rights advocates. It will probably take a long time before we see any form of outcome, or even response to these cases, but they have at least made the required move. As an example of long it can take, EFF supported the filing of a class action lawsuit in 2008, and just recently did a federal court judge reject the U.S. government’s latest attempt to dismiss the case (so it is now finally allowed start).

Just as interesting was the recent US Congressional hearing and questioning of the NSA officials James Cole, Robert S Litt and John Inglis. They revealed that the PRISM program had the capability to analyse social graph relations as much as three hops away from every person. This is significant, first, because it was previously assumed that they only had data and capabilities to perform only one (your friends) or two hops (the friends of your friends). Secondly, in an massively networked “social” world, three hops will include a lot of people. When six degrees of separation was estimated to link any two people in the world some fifty years ago, they did not have Facebook where everybody had thousands of “friends”. Now, it is estimated that any Facebook user can be linked with less than five hops. In other words, within three hops, most of us will be linked to some “bad” people. If those links are to be used against us, we will all be found suspicious.

Also worth noticing from the hearing was the comment from congressman Frank James Sensenbrenner. He was the author of the controversial 2001 Patriot Act, which probably has enabled some parts of the PRISM program. He told the NSA officials that unless they rein in their spying efforts, they would risk losing the legal provisions which enabled it. Although it is hard to believe it will come to that, it is still a quote to take note of. (Or, depending on how cynical you feel, yet another proof that you can never trust a politician).

Comments Off

PRISM – the effect

Comments Off

Another week with NSA and PRISM news has gone by, and now the reactions and comments start to take on more substance and show that people have had to the time to reflect on the various issues, rather than just posting knee-jerk headlines.

John Naughton had an interesting comment in the Guardian, where he points out that you can check out, but never leave: We are simply too used to, too entangled with, maybe even addicted to the services provided by the big Internet actors. Between the companies mentioned in the NSA slide, pretty much everybody are somehow covered. (Maybe Richard Stallman has managed to escape, however, he is probably encrypting his e-mails, and thus is up for extra scrutiny).

Another interesting article, by James Risen and Nick Wingfield of New York Times, points out the revolving door between Silicon Valley tech companies and the surveillance industry. They give the example of Max Kelly, the chief security officer for Facebook, who got recruited by NSA, and also several Silicon Valley startups which are either funded by or selling to NSA/CIA.

Finally, and most welcome, is the Anti-PRISM campaign, a joint effort by the several European Pirate Parties. They clearly and concisely point out the dangers posed to privacy and democracy by government surveillance. The language and demands contain a certain irony towards the US, noting that Europe should be become “a worldwide beacon for digital rights and privacy protection, government transparency and whistleblower protection” (referencing America’s 19th century goal of becoming “a beacon to the world”).

Their demands are clear political and regulative goals. It’s a great opportunity for these parties to grow beyond the copyright infringement fight, show that they have a broader political agenda, and gain more mainstream support. I’m guessing the two main points to watch are: First the “uncovering of the facts”, which gives a concrete proposal to form a European Parliament committee to investigate the details of the PRISM program, and how it relates to EU states. Secondly, the point about repealing of the Data Retention Directive is interesting. It mentions that three countries have already rejected this 2006 directive in national courts. It will be interesting to see if the latest news and politics will have an effect on other EU countries as well.

Comments Off

Privacy – A great opertunity for Free software, and funny news

Comments Off

It has been an entertaining week in the privacy and security headlines. Since the NSA stories broke last week, protecting ourselves from state surveillance suddenly became mainstream. We’ll see if that lasts, but at the very least the topic is on the table now. Security and privacy is no longer the domain of conspiracy theorist, but one of many points in a cost/benefit analysis of which service or software to use.

Perhaps the best to come out of this story is the raised awareness of alternative software and services which put users Freedoms first. A critical part of that is Free software, which allows users to inspect the software which run on their device and control who is given access to what. Taking that to the Internet, there are many solutions which give users greater control, security and privacy than do central providers.

The site prism-break.org has been set up to list some of these alternatives. However, it seems it has become so popular, that it often fails to load. Other privacy centric services has also seen significant user increase, like the search engine DuckDuckGo, which promises not to track user’s search queries.

Other headlines have been more on the funny or cute side: As expected, somebody called for impeachment of Obama (at least he didn’t smoke cigars). Then there was the Mozilla letter which asks congress to “stop watching us”. It is of course a valid request, but it might have been taken a bit more seriously if it wasn’t for the teenage troll-board 4chan listing as its first signer (due to alphabetically listing the organizations, and numbers listing before letters). Finally, there’s the hero at the centre, a 29-year old with the cool name Snowden. He was the NSA contractor who revealed the awfully designed PowerPoint presentations, and has now fled to Hong Kong. As somebody pointed out: Never had I believed I would live to see that day when an American citizen would seek political asylum in China.

Comments Off

NSA surveillance – business as usual

1 comment

This week saw two interesting, and supposedly shocking, stories about the scale of the US government’s Internet surveillance. Starting Thursday with the news that the phone operator Verizon had been ordered to hand over all meta-data on its customers’ communications to the NSA. The following day, a different program was revealed, leaked by the means of a terribly amateurishly looking PowerPoint slide deck, which showed that the NSA had direct access to all customer data and content from all the major Internet service providers, including Google, Facebook, Microsoft, and more.

The reaction to the first story is interesting in that it involves only meta-data. The same type of data collection was enacted in law by the EU in the 2006 Data Retention Directive. This directive was no secret at the time, and the scrimmage in individual member countries which started to implement it a few years back was mostly around who would pay for it; the Internet and phone providers or the government. At any rate, by now any EU citizen should expect this kind of system to be in place. It is therefore somewhat ironic when the US press pretends that there are stronger privacy protections in place on their side. The last decade has for the most shown the opposite to be true.

The second story, around the full content access, should be no big surprise either. A similar story broke seven years ago, although it was and still is considered “warrantless”. Another example from the post-911 area is the Information Awareness Office, which despite heavy criticisms in 2002, still lives on. And even before that, it has always been speculated that the US government, through CIA, NSA, FBI or other TLAs, was listening in on phone and Internet communication. Take for example the ECHELON project, which probably has been around since the cold war area. It was investigated by a committee of the European Parliament, which amongst other things concluded: “the existence of a global system for intercepting communications, operating by means of cooperation proportionate to their capabilities among the USA, the UK, Canada, Australia and New Zealand under the UKUSA Agreement, is no longer in doubt”.

So why the outrage just now? We don’t have to look further than The Guardian’s summary: “Obama defends secret NSA surveillance programs – Insists surveillance is essential for national security.” In that light, it no longer seems like a coincidence that two completely separate NSA programs were leaked on two consecutive days. As a political cheap shot, it seems to have worked very well. What’s more, Obama took the bait, and swallowed it hook, line and sinker.

So even though these stories are akin to declaring water wet, from a privacy and security point of view, it is useful that more people are made aware of and start to ponder the risks of the information systems we surround ourselves with. We just have to make sure that the outrage is directed towards the right institutions, and that any change is implemented where users need it. Voting, joining a political party, and working for change within that system is definitely a noble goal, however, it will unfortunately not protect your data any time soon. Asking the various ISP and service providers to improve their security, encrypt our data, and not hand it over to the government is also appropriate. It’s just that they are required by law to hand over data, so we cannot trust that to not happen.

The only way to make sure your own data is secure from government hands, and be aware of any requests that might be made against it, is to store it yourself. If you are storing something they are after, that will of course not stop them from knocking on your door, but at the very least you will know.

The right response to these stories is not blind rage, resignation, or declaring defeat. Rather it should be to decentralize: Avoid large scale, single point of failure, services. Build and maintain your own systems, based on free and open source software, so you can be confident that no warrantless access is granted. Make sure data is encrypted, communication is encrypted and signed, and nothing flies in plain-text over the Internet. If you are dealing with sensitive information, maybe as a lawyer, as a doctor, or a secret business deal, anything else is simply incompetent, or possibly gross neglect.