The Surveillance State: FISC Court Rejects Challenge to Warrantless Email Searches

In a just-released court opinion, a federal court judge overseeing government surveillance programs said he was “extremely concerned” about a series of incidents in which the Federal Bureau of Investigation and National Security Agency deviated from court-approved limits on their snooping activities.

Foreign Intelligence Surveillance Court Judge Thomas Hogan sharply criticized the two agencies over the episodes, referred to by intelligence gatherers as “compliance incidents.” He also raised concerns that the government had taken years to bring the NSA-related issues to the court’s attention and he said that delay might have run afoul of the government’s duty of candor to the court.

“The court was extremely concerned about NSA’s failure to comply with its minimization procedures—and potentially” a provision in federal law, Hogan wrote. The NSA violations appeared to involve preserving surveillance data in its systems beyond the two or five years after which it was supposed to be deleted.

“Perhaps more disappointing than the NSA’s failure to purge this information for more than four years, was the Government’s failure to convey to the Court explicitly during that time that the NSA was continuing to retain this information,” the judge wrote in the Nov. 6, 2015, opinion made public Tuesday.

In a statement, the Office of Director of National Intelligence said officials did not mean to be misleading. “The Government has informed the Court that there was no intent to leave the FISC with a misimpression or misunderstanding, and it has acknowledged that its prior representations could have been clearer,” the statement posted on ODNI’s Tumblr site said.

The NSA said in some cases it needed the data to prevent future incidents where data was accidentally collected without legal authority, like when a surveillance target enters the U.S. (At that point, officials are supposed to seek a more specific court order to continue the surveillance.) However, that wasn’t the case with all of the old data NSA was hanging onto.

The FBI’s troubles involved failing to use the required procedures when conducting surveillance of suspects overseas who are facing criminal charges in U.S. courts. In order to preserve attorney-client privilege, the FBI is supposed to have such surveillance reviewed by a “taint team” that can excise any legal communications, but that was not happening in all cases, the FBI reported.

Hogan said the FBI revealed some such incidents in 2014, but the number was redacted from the opinion made public Tuesday. “The government generally attributed those instances to individual failures or confusion, rather than a ‘systematic issue,’ ” Hogan wrote. However, more incidents occurred from mid-2014 and through 2015, although again the precise number was not released. In some instances, FBI agents believed, incorrectly, that they didn’t need to set up a review team if the indictment was under seal or outside the U.S.

“The Court was extremely concerned about these additional incidents of non-compliance,” wrote Hogan, who also serves as a federal district court judge in Washington. He was appointed by President Ronald Reagan.

At a closed hearing last October, the FBI detailed some procedures set up to remedy the problem, including additional training and a system to remind agents when such reviews are needed. Hogan said he was “satisfied” that the FBI was “taking appropriate measures” to address the issue. However, he said he “strongly encourages” the government to find any other such mistakes and he said he wanted a briefing on those efforts earlier this year.

The FBI declined to comment, and spokespeople for the NSA did not immediately respond to a request for comment on the court ruling.

Read the Original Article at Politico

Cyber-Warfare: Policing The Dark Web and How it Can Effect National Sovereignty

Cops hack into foreign computers to find cyber criminals

As crime continues to proliferate on the so-called dark web, law enforcement agencies are sometimes having to work outside of their jurisdiction. When a suspected criminal acts on the dark web, authorities are unlikely to know where in the world he or she is physically located. So if they then attempt to take action, they might be inadvertently carrying out an operation that crosses borders.

One researcher argues in a working paper that this raises serious concerns around national sovereignty, and could even lead to retaliation from affected countries or prosecution of investigators.

“Basically, it’s like playing Russian Roulette with cross-border cyber operations,” Ahmed Ghappour, visiting assistant professor at UC Hastings College of Law and author of the paper “Searching Places Unknown: Law Enforcement Jurisdiction on the Dark Web,” told Motherboard in a phone call.

In response to dark web-related crime, law enforcement agencies have moved to more non-traditional means of identifying suspects, in some cases directly hacking criminals’ computers to circumvent the protections given by the Tor anonymity network.

But, because it’s largely impossible to know where a target computer is located before it’s been hacked, the FBI and other bodies are sometimes breaking into computers overseas, without explicit consent of the host country. “At bottom, no country has consented to us hacking them, or hacking their citizens, in the same way that we haven’t consented to another country to hack us,” Ghappour said.

Read the Remainder at Motherboard

 

 

 

Inside “Eligible Receiver”

The NSA’s disturbingly successful hack of the American military

 

Excerpted from Dark Territory: The Secret History of Cyber War by Fred Kaplan. Out now from Simon & Schuster. On Wednesday, March 9, Kaplan will discuss his book in New York; for more information and to RSVP, visit the New America website.

On June 9, 1997, 25 officials of the National Security Agency—members of a security squad known as the “Red Team”—hacked into the computer networks of the Department of Defense, using only commercially available equipment and soft­ware. It was the first high-level exercise testing whether the U.S. military’s leaders, facilities, and global combatant commands were prepared for a cyber attack. And the outcome was alarming.

The simulated hack was the brainchild of the NSA director, Lt. Gen. Kenneth Minihan, who, before coming to the agency, had been commander of the Air Force Information Warfare Center in San Antonio, Texas. The center’s tech crews had been detecting frequent hackings of U.S. military computer networks, and had come up with ways to counter them—but few senior officers took notice or cared.

Each year, the Pentagon’s Joint Staff held an exercise called Eligi­ble Receiver—a simulation or war game designed to highlight some threat or opportunity on the horizon. Minihan wanted the next exercise to test the vulnerability of the U.S. military’s networks to a cyber attack. The most dramatic way to do this, he proposed, was to launch a realattack on those networks. He’d heard about small-scale exercises of this sort, against battalions or air wings of the Army or Air Force. In these war games, he’d been told, the hackers always succeeded. The NSA Red Team was part of the Information Assurance Directorate, the defensive side of the agency, stationed in FANEX, a drab brick building out near Friendship Airport, a 20-minute drive from NSA headquarters at Fort Meade, Maryland. During its most sensitive drills, the Red Team worked out of a chamber called the Pit, which was so secret that few people at NSA knew it ex­isted, and even they couldn’t enter without first passing through two combination-locked doors. In its workaday duties, the Red Team probed for vulnerabilities in new hardware or software that had been designed for the Defense Department, sometimes for the NSA itself. These systems had to clear a high bar to be deemed secure enough for government purchase and installation. The Red Team’s job was to test that bar.

Read the Remainder at Slate

Shooting Holes in the Willy Wonka “Golden Encryption Key” Myth

In response to a recent article in Motherboard, Mr. A had this to say….

 

 

This article gets it right, but fails to point out the motivations behind the ‘golden key’.

First, the idea of a ‘golden key’ is a decryption backdoor key that only the government would possess. This, we are told, is necessary in order for the government to catch criminals or terrorist by decrypting messages from common communications mediums that are encrypted. (iMessage, FaceTime, etc)

We are told that if you have nothing to hide you shouldn’t worry, and we all are at risk from criminals and terrorist.

Here’s the thing: You could create a ‘golden key’ and force businesses to use them. You cannot, however, force existing open source encryption technologies to use that golden key.

A criminal organization or terrorist cell with even a small amount of intelligence would not trust vital communications to common technologies like this. They may use them, but anything vital would be obscured with alternative terminology known to senders and recipients. Clear instructions or damning comments would be delivered by alternate means. (encrypted with PGP, OTP, hidden in images or files, uploaded on the  DarkNet for download by another party, etc)

So again, what is behind the push for a ‘golden key’?

This is about you. It’s about all seeing EYE being able to see at will everything about you.

How could it be otherwise?

Criminals will use these technologies with care or not at all. If a golden key is implemented, they will use greater care or stop altogether. They will rely on encryption without a backdoor. So it is once again about you and not the criminal.

-Mr. A