Appearing by telepresence robot, Edward Snowden speaks at TED2014 about surveillance and Internet freedom. The right to data privacy, he suggests, is not a partisan issue, but requires a fundamental rethink of the role of the internet in our lives — and the laws that protect it. “Your rights matter,” he say, “because you never know when you’re going to need them.” Chris Anderson interviews, with special guest Tim Berners-Lee.

Key Quotes:

“I am living proof that an individual can go head to head with the most powerful intelligence agencies around the world — and win,” – Edward Snowden

“Is it really terrorism that we’re stopping? I say no…The bottom line is that terrorism …has always been a cover for actions. Terrorism evokes an emotional response.” – Edward Snowden

“I don’t want to harm my government. The fact that they’re willing to ignore due process and declare guilt without a trial … these are things we need to work against as a society.” – Edward Snowden

“There are absolutely more revelations to come. Some of the most important reporting is yet to come.” – Edward Snowden

Source: TED

—-
Alternative Free Press -fair use-

NSA surveillance program reaches ‘into the past’ to retrieve, replay phone calls

By Barton Gellman and Ashkan Soltani
Washington Post: March 18, 2014

The National Security Agency has built a surveillance system capable of recording “100 percent” of a foreign country’s telephone calls, enabling the agency to rewind and review conversations as long as a month after they take place, according to people with direct knowledge of the effort and documents supplied by former contractor Edward Snowden.

A senior manager for the program compares it to a time machine — one that can replay the voices from any call without requiring that a person be identified in advance for surveillance.

The voice interception program, called MYSTIC, began in 2009. Its RETRO tool, short for “retrospective retrieval,” and related projects reached full capacity against the first target nation in 2011. Planning documents two years later anticipated similar operations elsewhere.

In the initial deployment, collection systems are recording “every single” conversation nationwide, storing billions of them in a 30-day rolling buffer that clears the oldest calls as new ones arrive, according to a classified summary.

The call buffer opens a door “into the past,” the summary says, enabling users to “retrieve audio of interest that was not tasked at the time of the original call.” Analysts listen to only a fraction of 1 percent of the calls, but the absolute numbers are high. Each month, they send millions of voice clippings, or “cuts,” for processing and long-term storage.

At the request of U.S. officials, The Washington Post is withholding details that could be used to identify the country where the system is being employed or other countries where its use was envisioned.

No other NSA program disclosed to date has swallowed a nation’s telephone network whole. Outside experts have sometimes described that prospect as disquieting but remote, with notable implications for a growing debate over the NSA’s practice of “bulk collection” abroad.

Bulk methods capture massive data flows “without the use of discriminants,” as President Obama put it in January. By design, they vacuum up all the data they touch — meaning that most of the conversations collected by RETRO would be irrelevant to U.S. national security interests.

In the view of U.S. officials, however, the capability is highly valuable.

In a statement, Caitlin Hayden, spokeswoman for the National Security Council, declined to comment on “specific alleged intelligence activities.” Speaking generally, she said that “new or emerging threats” are “often hidden within the large and complex system of modern global communications, and the United States must consequently collect signals intelligence in bulk in certain circumstances in order to identify these threats.”

NSA spokeswoman Vanee Vines, in an e-mailed statement, said that “continuous and selective reporting of specific techniques and tools used for legitimate U.S. foreign intelligence activities is highly detrimental to the national security of the United States and of our allies, and places at risk those we are sworn to protect.”

Some of the documents provided by Snowden suggest that high-volume eavesdropping may soon be extended to other countries, if it has not been already. The RETRO tool was built three years ago as a “unique one-off capability,” but last year’s secret intelligence budget named five more countries for which the MYSTIC program provides “comprehensive metadata access and content,” with a sixth expected to be in place by last October.

The budget did not say whether the NSA now records calls in quantity in those countries or expects to do so. A separate document placed a high priority on planning “for MYSTIC accesses against projected new mission requirements,” including “voice.”

Ubiquitous voice surveillance, even overseas, pulls in a great deal of content from Americans who telephone, visit and work in the target country. It may also be seen as inconsistent with Obama’s Jan. 17 pledge “that the United States is not spying on ordinary people who don’t threaten our national security,” regardless of nationality, “and that we take their privacy concerns into account.”

In a presidential policy directive, Obama instructed the NSA and other agencies that bulk acquisition may be used only to gather intelligence related to one of six specified threats, including nuclear proliferation and terrorism. The directive, however, also noted that limits on bulk collection “do not apply to signals intelligence data that is temporarily acquired to facilitate targeted collection.”

The emblem of the MYSTIC program depicts a cartoon wizard with a telephone-headed staff. Among the agency’s bulk collection programs disclosed over the past year, its focus on the spoken word is unique. Most of the programs have involved the bulk collection of metadata — which does not include call content — or text, such as e-mail address books.

Telephone calls are often thought to be more ephemeral and less suited than text for processing, storage and search. And there are indications that the call-recording program has been hindered by the NSA’s limited capacity to store and transmit bulky voice files.

In the first year of its deployment, a program officer wrote that the project “has long since reached the point where it was collecting and sending home far more than the bandwidth could handle.”

Because of similar capacity limits across a range of collection programs, the NSA is leaping forward with cloud-based collection systems and a gargantuan new “mission data repository” in Utah. According to its overview briefing, the Utah facility is designed “to cope with the vast increases in digital data that have accompanied the rise of the global network.”

Christopher Soghoian, the principal technologist for the American Civil Liberties Union, said history suggests that “over the next couple of years they will expand to more countries, retain data longer and expand the secondary uses.”

Spokesmen for the NSA and the office of Director of National Intelligence James R. Clapper Jr. declined to confirm or deny expansion plans or discuss the criteria for any change.

Based on RETRO’s internal reviews, the NSA has a strong motive to deploy it elsewhere. In the documents and in interviews, U.S. officials said RETRO is uniquely valuable when an analyst uncovers a new name or telephone number of interest.

With up to 30 days of recorded conversations in hand, the NSA can pull an instant history of the subject’s movements, associates and plans. Some other U.S. intelligence agencies also have access to RETRO.

Highly classified briefings cite examples in which the tool offered high-stakes intelligence that would not have existed under traditional surveillance programs in which subjects are identified for targeting in advance. In contrast with most of the government’s public claims about the value of controversial programs, the briefings supply names, dates, locations and fragments of intercepted calls in convincing detail.

Present and former U.S. officials, speaking on the condition of anonymity to provide context for a classified program, acknowledged that large numbers of conversations involving Americans would be gathered from the country where RETRO operates.

The NSA does not attempt to filter out their calls, defining them as communications “acquired incidentally as a result of collection directed against appropriate foreign intelligence targets.”

Until about 20 years ago, such incidental collection was unusual unless an American was communicating directly with a foreign intelligence target. In bulk collection systems, which are exponentially more capable than the ones in use throughout the Cold War, calls and other data from U.S. citizens and permanent residents are regularly ingested by the millions.

Under the NSA’s internal “minimization rules,” those intercepted communications “may be retained and processed” and included in intelligence reports. The agency generally removes the names of U.S. callers, but there are several broadly worded exceptions.

An independent group tasked by the White House to review U.S. surveillance policies recommended that incidentally collected U.S. calls and e-mails — including those obtained overseas — should nearly always “be purged upon detection.” Obama did not accept that recommendation.

Vines, in her statement, said the NSA’s work is “strictly conducted under the rule of law.”

RETRO and MYSTIC are carried out under Executive Order 12333, the traditional grant of presidential authority to intelligence agencies for operations outside the United States.

Since August, Sen. Dianne Feinstein (D-Calif.), the chairman of the Senate Intelligence Committee, and others on that panel have been working on plans to assert a greater oversight role for intelligence-gathering abroad. Some legislators are considering whether Congress should also draft new laws to govern those operations.

Experts say there is not much legislation that governs overseas intelligence work.

“Much of the U.S. government’s intelligence collection is not regulated by any statute passed by Congress,” said Timothy H. Edgar, the former director of privacy and civil liberties on Obama’s national security staff. “There’s a lot of focus on the Foreign Intelligence Surveillance Act, which is understandable, but that’s only a slice of what the intelligence community does.”

All surveillance must be properly authorized for a legitimate intelligence purpose, he said, but that “still leaves a gap for activities that otherwise basically aren’t regulated by law, because they’re not covered by FISA.”

Beginning in 2007, Congress loosened 40-year-old restrictions on domestic surveillance because so much foreign data crossed U.S. territory. There were no comparable changes to protect the privacy of U.S. citizens and residents whose calls and e-mails now routinely cross international borders.

(Read the full article and the leaked source documents at Washington Post)

—-
Alternative Free Press -fair use-

By Ron Paul
Ron Paul Institute For Peace & Prosperity: March 16, 2014

The reaction of Sen. Dianne Feinstein (D-CA) to last week’s revelations that the CIA secretly searched Senate Intelligence Committee computers reveals much about what the elites in government think about the rest of us. “Spy on thee, but not on me!”

The hypocrisy of Sen. Feinstein is astounding. She is the biggest backer of the NSA spying on the rest of us, but when the tables are turned and her staff is the target she becomes irate. But there is more to it than that. There is an attitude in Washington that the laws Congress passes do not apply to Members. They can trample our civil liberties, they believe, but it should never affect their own freedom.

Remember that much of this started when politicians rushed to past the PATRIOT Act after 9/11. Those of us who warned that such new powers granted to the state would be used against us someday were criticized as alarmist and worse. The violations happened just as we warned, but when political leaders discovered the breach of our civil liberties they did nothing about it. It was not until whistleblowers like Edward Snowden and others informed us of the abuses that the “debate” over surveillance that President Obama claimed to welcome could even begin to take place! Left to politicians like Dianne Feinstein, Mike Rogers, and President Obama, we would never have that debate because we would not know.

Washington does not care about our privacy. When serious violations are discovered they most often rush to protect the status quo instead of defending the Constitution. Senator Feinstein did just that as the NSA spying revelations began to create pressure on the Intelligence Community. Her NSA reform legislation was nothing but a smokescreen: under the guise of “reform” it would have codified in law the violations already taking place. When that fact became too obvious to deny, the Senate was forced to let the legislation die in the committee.

What is interesting, and buried in the accusations and denials, is that the alleged CIA monitoring was over an expected 6,000 page Senate Intelligence Committee report on the shameful and un-American recent CIA history of torture at the “gulag archipelago” of secret prisons it set up across the world after the attacks of 9/11. We can understand why the CIA might have been afraid of that information getting out.

When CIA whistleblower John Kiriakou exposed the CIA’s role in torturing prisoners he was sent to prison for nearly three years. But Senator Feinstein and her colleagues didn’t lift a finger to support him. So again you have the double standards and hypocrisy.

The essence of this problem has to do with the difficulty in managing the US empire. When the government behaves as an empire rather than as a republic, lying to the rest of us is permissible. They spy on everybody because they don’t trust anybody. The answer is obvious: rein in the CIA; remove its authority to conduct these kinds of covert actions. Rein in government. Lawmakers should not defend Fourth Amendment rights only when their staffs have been violated. They should do it all the time for all of us. The people’s branch of government must stand up for the people. Let’s hope that Sen. Feinstein has had her wake-up call and will now finally start defending the rest of us against a government that increasingly sees us as the enemy.

(Source: Ron Paul Institute For Peace & Prosperity)

—-
Alternative Free Press -fair use-

By Ryan Gallagher and Glenn Greenwald
The Intercept: March 12, 2014

Top-secret documents reveal that the National Security Agency is dramatically expanding its ability to covertly hack into computers on a mass scale by using automated systems that reduce the level of human oversight in the process.

The classified files – provided previously by NSA whistleblower Edward Snowden – contain new details about groundbreaking surveillance technology the agency has developed to infect potentially millions of computers worldwide with malware “implants.” The clandestine initiative enables the NSA to break into targeted computers and to siphon out data from foreign Internet and phone networks.

The covert infrastructure that supports the hacking efforts operates from the agency’s headquarters in Fort Meade, Maryland, and from eavesdropping bases in the United Kingdom and Japan. GCHQ, the British intelligence agency, appears to have played an integral role in helping to develop the implants tactic.

In some cases the NSA has masqueraded as a fake Facebook server, using the social media site as a launching pad to infect a target’s computer and exfiltrate files from a hard drive. In others, it has sent out spam emails laced with the malware, which can be tailored to covertly record audio from a computer’s microphone and take snapshots with its webcam. The hacking systems have also enabled the NSA to launch cyberattacks by corrupting and disrupting file downloads or denying access to websites.

The implants being deployed were once reserved for a few hundred hard-to-reach targets, whose communications could not be monitored through traditional wiretaps. But the documents analyzed by The Intercept show how the NSA has aggressively accelerated its hacking initiatives in the past decade by computerizing some processes previously handled by humans. The automated system – codenamed TURBINE – is designed to “allow the current implant network to scale to large size (millions of implants) by creating a system that does automated control implants by groups instead of individually.”

In a top-secret presentation, dated August 2009, the NSA describes a pre-programmed part of the covert infrastructure called the “Expert System,” which is designed to operate “like the brain.” The system manages the applications and functions of the implants and “decides” what tools they need to best extract data from infected machines.

Mikko Hypponen, an expert in malware who serves as chief research officer at the Finnish security firm F-Secure, calls the revelations “disturbing.” The NSA’s surveillance techniques, he warns, could inadvertently be undermining the security of the Internet.

“When they deploy malware on systems,” Hypponen says, “they potentially create new vulnerabilities in these systems, making them more vulnerable for attacks by third parties.”

Hypponen believes that governments could arguably justify using malware in a small number of targeted cases against adversaries. But millions of malware implants being deployed by the NSA as part of an automated process, he says, would be “out of control.”

“That would definitely not be proportionate,” Hypponen says. “It couldn’t possibly be targeted and named. It sounds like wholesale infection and wholesale surveillance.”

The NSA declined to answer questions about its deployment of implants, pointing to a new presidential policy directive announced by President Obama. “As the president made clear on 17 January,” the agency said in a statement, “signals intelligence shall be collected exclusively where there is a foreign intelligence or counterintelligence purpose to support national and departmental missions, and not for any other purposes.”

“Owning the Net”

The NSA began rapidly escalating its hacking efforts a decade ago. In 2004, according to secret internal records, the agency was managing a small network of only 100 to 150 implants. But over the next six to eight years, as an elite unit called Tailored Access Operations (TAO) recruited new hackers and developed new malware tools, the number of implants soared to tens of thousands.

To penetrate foreign computer networks and monitor communications that it did not have access to through other means, the NSA wanted to go beyond the limits of traditional signals intelligence, or SIGINT, the agency’s term for the interception of electronic communications. Instead, it sought to broaden “active” surveillance methods – tactics designed to directly infiltrate a target’s computers or network devices.

In the documents, the agency describes such techniques as “a more aggressive approach to SIGINT” and says that the TAO unit’s mission is to “aggressively scale” these operations.

But the NSA recognized that managing a massive network of implants is too big a job for humans alone.

“One of the greatest challenges for active SIGINT/attack is scale,” explains the top-secret presentation from 2009. “Human ‘drivers’ limit ability for large-scale exploitation (humans tend to operate within their own environment, not taking into account the bigger picture).”

The agency’s solution was TURBINE. Developed as part of TAO unit, it is described in the leaked documents as an “intelligent command and control capability” that enables “industrial-scale exploitation.”

TURBINE was designed to make deploying malware much easier for the NSA’s hackers by reducing their role in overseeing its functions. The system would “relieve the user from needing to know/care about the details,” the NSA’s Technology Directorate notes in one secret document from 2009. “For example, a user should be able to ask for ‘all details about application X’ and not need to know how and where the application keeps files, registry entries, user application data, etc.”

In practice, this meant that TURBINE would automate crucial processes that previously had to be performed manually – including the configuration of the implants as well as surveillance collection, or “tasking,” of data from infected systems. But automating these processes was about much more than a simple technicality. The move represented a major tactical shift within the NSA that was expected to have a profound impact – allowing the agency to push forward into a new frontier of surveillance operations.

The ramifications are starkly illustrated in one undated top-secret NSA document, which describes how the agency planned for TURBINE to “increase the current capability to deploy and manage hundreds of Computer Network Exploitation (CNE) and Computer Network Attack (CNA) implants to potentially millions of implants.” (CNE mines intelligence from computers and networks; CNA seeks to disrupt, damage or destroy them.)

Eventually, the secret files indicate, the NSA’s plans for TURBINE came to fruition. The system has been operational in some capacity since at least July 2010, and its role has become increasingly central to NSA hacking operations.

Earlier reports based on the Snowden files indicate that the NSA has already deployed between 85,000 and 100,000 of its implants against computers and networks across the world, with plans to keep on scaling up those numbers.

The intelligence community’s top-secret “Black Budget” for 2013, obtained by Snowden, lists TURBINE as part of a broader NSA surveillance initiative named “Owning the Net.”

The agency sought $67.6 million in taxpayer funding for its Owning the Net program last year. Some of the money was earmarked for TURBINE, expanding the system to encompass “a wider variety” of networks and “enabling greater automation of computer network exploitation.”

Circumventing Encryption

The NSA has a diverse arsenal of malware tools, each highly sophisticated and customizable for different purposes.

One implant, codenamed UNITEDRAKE, can be used with a variety of “plug-ins” that enable the agency to gain total control of an infected computer.

An implant plug-in named CAPTIVATEDAUDIENCE, for example, is used to take over a targeted computer’s microphone and record conversations taking place near the device. Another, GUMFISH, can covertly take over a computer’s webcam and snap photographs. FOGGYBOTTOM records logs of Internet browsing histories and collects login details and passwords used to access websites and email accounts. GROK is used to log keystrokes. And SALVAGERABBIT exfiltrates data from removable flash drives that connect to an infected computer.

The implants can enable the NSA to circumvent privacy-enhancing encryption tools that are used to browse the Internet anonymously or scramble the contents of emails as they are being sent across networks. That’s because the NSA’s malware gives the agency unfettered access to a target’s computer before the user protects their communications with encryption.

It is unclear how many of the implants are being deployed on an annual basis or which variants of them are currently active in computer systems across the world.

Previous reports have alleged that the NSA worked with Israel to develop the Stuxnet malware, which was used to sabotage Iranian nuclear facilities. The agency also reportedly worked with Israel to deploy malware called Flame to infiltrate computers and spy on communications in countries across the Middle East.

According to the Snowden files, the technology has been used to seek out terror suspects as well as individuals regarded by the NSA as “extremist.” But the mandate of the NSA’s hackers is not limited to invading the systems of those who pose a threat to national security.

In one secret post on an internal message board, an operative from the NSA’s Signals Intelligence Directorate describes using malware attacks against systems administrators who work at foreign phone and Internet service providers. By hacking an administrator’s computer, the agency can gain covert access to communications that are processed by his company. “Sys admins are a means to an end,” the NSA operative writes.

The internal post – titled “I hunt sys admins” – makes clear that terrorists aren’t the only targets of such NSA attacks. Compromising a systems administrator, the operative notes, makes it easier to get to other targets of interest, including any “government official that happens to be using the network some admin takes care of.”

Similar tactics have been adopted by Government Communications Headquarters, the NSA’s British counterpart. As the German newspaper Der Spiegel reported in September, GCHQ hacked computers belonging to network engineers at Belgacom, the Belgian telecommunications provider.

The mission, codenamed “Operation Socialist,” was designed to enable GCHQ to monitor mobile phones connected to Belgacom’s network. The secret files deem the mission a “success,” and indicate that the agency had the ability to covertly access Belgacom’s systems since at least 2010.

Infiltrating cellphone networks, however, is not all that the malware can be used to accomplish. The NSA has specifically tailored some of its implants to infect large-scale network routers used by Internet service providers in foreign countries. By compromising routers – the devices that connect computer networks and transport data packets across the Internet – the agency can gain covert access to monitor Internet traffic, record the browsing sessions of users, and intercept communications.

Two implants the NSA injects into network routers, HAMMERCHANT and HAMMERSTEIN, help the agency to intercept and perform “exploitation attacks” against data that is sent through a Virtual Private Network, a tool that uses encrypted “tunnels” to enhance the security and privacy of an Internet session.

The implants also track phone calls sent across the network via Skype and other Voice Over IP software, revealing the username of the person making the call. If the audio of the VOIP conversation is sent over the Internet using unencrypted “Real-time Transport Protocol” packets, the implants can covertly record the audio data and then return it to the NSA for analysis.

But not all of the NSA’s implants are used to gather intelligence, the secret files show. Sometimes, the agency’s aim is disruption rather than surveillance. QUANTUMSKY, a piece of NSA malware developed in 2004, is used to block targets from accessing certain websites. QUANTUMCOPPER, first tested in 2008, corrupts a target’s file downloads. These two “attack” techniques are revealed on a classified list that features nine NSA hacking tools, six of which are used for intelligence gathering. Just one is used for “defensive” purposes – to protect U.S. government networks against intrusions.

“Mass exploitation potential”

Before it can extract data from an implant or use it to attack a system, the NSA must first install the malware on a targeted computer or network.

According to one top-secret document from 2012, the agency can deploy malware by sending out spam emails that trick targets into clicking a malicious link. Once activated, a “back-door implant” infects their computers within eight seconds.

There’s only one problem with this tactic, codenamed WILLOWVIXEN: According to the documents, the spam method has become less successful in recent years, as Internet users have become wary of unsolicited emails and less likely to click on anything that looks suspicious.

Consequently, the NSA has turned to new and more advanced hacking techniques. These include performing so-called “man-in-the-middle” and “man-on-the-side” attacks, which covertly force a user’s internet browser to route to NSA computer servers that try to infect them with an implant.

To perform a man-on-the-side attack, the NSA observes a target’s Internet traffic using its global network of covert “accesses” to data as it flows over fiber optic cables or satellites. When the target visits a website that the NSA is able to exploit, the agency’s surveillance sensors alert the TURBINE system, which then “shoots” data packets at the targeted computer’s IP address within a fraction of a second.

In one man-on-the-side technique, codenamed QUANTUMHAND, the agency disguises itself as a fake Facebook server. When a target attempts to log in to the social media site, the NSA transmits malicious data packets that trick the target’s computer into thinking they are being sent from the real Facebook. By concealing its malware within what looks like an ordinary Facebook page, the NSA is able to hack into the targeted computer and covertly siphon out data from its hard drive. A top-secret animation demonstrates the tactic in action.

The documents show that QUANTUMHAND became operational in October 2010, after being successfully tested by the NSA against about a dozen targets.

According to Matt Blaze, a surveillance and cryptography expert at the University of Pennsylvania, it appears that the QUANTUMHAND technique is aimed at targeting specific individuals. But he expresses concerns about how it has been covertly integrated within Internet networks as part of the NSA’s automated TURBINE system.

“As soon as you put this capability in the backbone infrastructure, the software and security engineer in me says that’s terrifying,” Blaze says.

“Forget about how the NSA is intending to use it. How do we know it is working correctly and only targeting who the NSA wants? And even if it does work correctly, which is itself a really dubious assumption, how is it controlled?”

In an email statement to The Intercept, Facebook spokesman Jay Nancarrow said the company had “no evidence of this alleged activity.” He added that Facebook implemented HTTPS encryption for users last year, making browsing sessions less vulnerable to malware attacks.

Nancarrow also pointed out that other services besides Facebook could have been compromised by the NSA. “If government agencies indeed have privileged access to network service providers,” he said, “any site running only [unencrypted] HTTP could conceivably have its traffic misdirected.”

A man-in-the-middle attack is a similar but slightly more aggressive method that can be used by the NSA to deploy its malware. It refers to a hacking technique in which the agency covertly places itself between computers as they are communicating with each other.

This allows the NSA not only to observe and redirect browsing sessions, but to modify the content of data packets that are passing between computers.

The man-in-the-middle tactic can be used, for instance, to covertly change the content of a message as it is being sent between two people, without either knowing that any change has been made by a third party. The same technique is sometimes used by criminal hackers to defraud people.

A top-secret NSA presentation from 2012 reveals that the agency developed a man-in-the-middle capability called SECONDDATE to “influence real-time communications between client and server” and to “quietly redirect web-browsers” to NSA malware servers called FOXACID. In October, details about the FOXACID system were reported by the Guardian, which revealed its links to attacks against users of the Internet anonymity service Tor.

But SECONDDATE is tailored not only for “surgical” surveillance attacks on individual suspects. It can also be used to launch bulk malware attacks against computers.

According to the 2012 presentation, the tactic has “mass exploitation potential for clients passing through network choke points.”

Blaze, the University of Pennsylvania surveillance expert, says the potential use of man-in-the-middle attacks on such a scale “seems very disturbing.” Such an approach would involve indiscriminately monitoring entire networks as opposed to targeting individual suspects.

“The thing that raises a red flag for me is the reference to ‘network choke points,’” he says. “That’s the last place that we should be allowing intelligence agencies to compromise the infrastructure – because that is by definition a mass surveillance technique.”

To deploy some of its malware implants, the NSA exploits security vulnerabilities in commonly used Internet browsers such as Mozilla Firefox and Internet Explorer.

The agency’s hackers also exploit security weaknesses in network routers and in popular software plugins such as Flash and Java to deliver malicious code onto targeted machines.

The implants can circumvent anti-virus programs, and the NSA has gone to extreme lengths to ensure that its clandestine technology is extremely difficult to detect. An implant named VALIDATOR, used by the NSA to upload and download data to and from an infected machine, can be set to self-destruct – deleting itself from an infected computer after a set time expires.

In many cases, firewalls and other security measures do not appear to pose much of an obstacle to the NSA. Indeed, the agency’s hackers appear confident in their ability to circumvent any security mechanism that stands between them and compromising a computer or network. “If we can get the target to visit us in some sort of web browser, we can probably own them,” an agency hacker boasts in one secret document. “The only limitation is the ‘how.’”

Covert Infrastructure

The TURBINE implants system does not operate in isolation.

It is linked to, and relies upon, a large network of clandestine surveillance “sensors” that the agency has installed at locations across the world.

The NSA’s headquarters in Maryland are part of this network, as are eavesdropping bases used by the agency in Misawa, Japan and Menwith Hill, England.

The sensors, codenamed TURMOIL, operate as a sort of high-tech surveillance dragnet, monitoring packets of data as they are sent across the Internet.

When TURBINE implants exfiltrate data from infected computer systems, the TURMOIL sensors automatically identify the data and return it to the NSA for analysis. And when targets are communicating, the TURMOIL system can be used to send alerts or “tips” to TURBINE, enabling the initiation of a malware attack.

The NSA identifies surveillance targets based on a series of data “selectors” as they flow across Internet cables. These selectors, according to internal documents, can include email addresses, IP addresses, or the unique “cookies” containing a username or other identifying information that are sent to a user’s computer by websites such as Google, Facebook, Hotmail, Yahoo, and Twitter.

Other selectors the NSA uses can be gleaned from unique Google advertising cookies that track browsing habits, unique encryption key fingerprints that can be traced to a specific user, and computer IDs that are sent across the Internet when a Windows computer crashes or updates.

What’s more, the TURBINE system operates with the knowledge and support of other governments, some of which have participated in the malware attacks.

Classification markings on the Snowden documents indicate that NSA has shared many of its files on the use of implants with its counterparts in the so-called Five Eyes surveillance alliance – the United Kingdom, Canada, New Zealand, and Australia.

(Read the full article and view source documents at: The Intercept)

—-
Alternative Free Press -fair use-

An online Magna Carta: Berners-Lee calls for bill of rights for web

By Jemima Kiss
The Guardian: March 12 2014

The inventor of the world wide web believes an online “Magna Carta” is needed to protect and enshrine the independence of the medium he created and the rights of its users worldwide.

Sir Tim Berners-Lee told the Guardian the web had come under increasing attack from governments and corporate influence and that new rules were needed to protect the “open, neutral” system.

Speaking exactly 25 years after he wrote the first draft of the first proposal for what would become the world wide web, the computer scientist said: “We need a global constitution – a bill of rights.”

Berners-Lee’s Magna Carta plan is to be taken up as part of an initiative called “the web we want”, which calls on people to generate a digital bill of rights in each country – a statement of principles he hopes will be supported by public institutions, government officials and corporations.

“Unless we have an open, neutral internet we can rely on without worrying about what’s happening at the back door, we can’t have open government, good democracy, good healthcare, connected communities and diversity of culture. It’s not naive to think we can have that, but it is naive to think we can just sit back and get it.”

Berners-Lee has been an outspoken critic of the American and British spy agencies’ surveillance of citizens following the revelations by National Security Agency whistleblower Edward Snowden. In the light of what has emerged, he said, people were looking for an overhaul of how the security services were managed.

His views also echo across the technology industry, where there is particular anger about the efforts by the NSA and Britain’s GCHQ to undermine encryption and security tools – something many cybersecurity experts say has been counterproductive and undermined everyone’s security.

Principles of privacy, free speech and responsible anonymity would be explored in the Magna Carta scheme. “These issues have crept up on us,” Berners-Lee said. “Our rights are being infringed more and more on every side, and the danger is that we get used to it. So I want to use the 25th anniversary for us all to do that, to take the web back into our own hands and define the web we want for the next 25 years.”

The web constitution proposal should also examine the impact of copyright laws and the cultural-societal issues around the ethics of technology.

While regional regulation and cultural sensitivities would vary, Berners-Lee said he believed a shared document of principle could provide an international standard for the values of the open web.

He is optimistic that the “web we want” campaign can be mainstream, despite the apparent lack of awareness of public interest in the Snowden story.

(Read the full article at: The Guardian)

—-
Alternative Free Press -fair use-

Challengers Slam Lindsey Graham’s Hypocrisy on Surveillance

Joshua Cook
Ben Swann: March 12, 2014

It seems like South Carolina’s Lindsey Graham only likes domestic spying if you are being spied on — not his staff.

Upon learning about the CIA’s snooping on Senate computers, Graham growled: “This is Richard Nixon stuff.”

Graham told reporters. “This is dangerous to the democracy. Heads should roll, people should go to jail if it’s true. If it is, the legislative branch should declare war on the CIA.”

Yes, this is the same Senator who said he was “glad” that the government was collecting cellular phone data from companies like Verizon.

“I’m a Verizon customer. I don’t mind Verizon turning over records to the government if the government is going to make sure that they try to match up a known terrorist phone with somebody in the United States. I don’t think you’re talking to the terrorists. I know you’re not. I know I’m not. So we don’t have anything to worry about,” Graham said on Fox & Friends.

)

(Read the full article at: Ben Swann)

—-
Alternative Free Press -fair use-

By Cary Darling
Star-Telegram: March 11, 2014

AUSTIN — Declaring that the U.S. government is “setting fire to the future of the Internet” by spying on Americans and being unaccountable for that, former National Security Agency contractor Edward Snowden came across as determined and defiant in a videoconference interview Monday morning at South by Southwest Interactive.

Speaking from Russia, where he turned up after leaving his NSA eavesdropping station in Hawaii last year with classified government information, and leaking some of it to The Guardian and The Washington Post, Snowden spoke to a capacity audience of about 3,000 at an exhibit hall at the Austin Convention Center.

It was the same venue in which WikiLeaks founder Julian Assange spoke via Skype on Saturday.

A copy of the U.S. Constitution appeared behind Snowden on the large screen.

Like Assange, he offered few clues about his life in exile and gave no hints about how long he plans to stay in Russia. Instead, he and moderators Chris Sogohian and legal counsel Ben Wizner, both of the ACLU, kept the focus on how private citizens can protect their online identities and how companies can be doing more to protect their customers’ identities. And they figured that SXSW, with its young, tech-savvy audience, was the right forum to make their case.

“South by Southwest and the tech community, the people in the room in Austin, they’re the folks who can fix this,” Snowden said. “There’s a political response that needs to occur, but there’s also a tech response that needs to occur.”

Encryption, a process that makes it harder for would-be spies to decipher information, is the key, they said. If customers and companies used encryption, it would make the bulk collection of digital information — which the NSA documents exposed — more expensive and time-intensive.

Like Assange, Snowden took questions via Twitter. When asked why it was worse for the government to collect information about individuals than for commercial enterprises to do so, Snowden responded: “The government has the ability to deprive you of your rights. The police have the power. They can kill you. They can surveil you. Companies can surveil you, too, and that’s bad, but they can be challenged.”

(Read the full article at: Star-Telegram)

—-
Alternative Free Press -fair use-

By Liz Gannes
Recode: March 8, 2014

“There has been a military occupation of Internet space — a very serious phenomenon,” Assange told the crowd, responding to texted questions from a moderator, and checking periodically to see if people in the cavernous ballroom could see him via show of hands.

Predictably, the U.S. government was Assange’s main rhetorical target. “There is a question if the Barack Obama administration is at all serious, and who really wears the pants,” he said. “Is it the security agencies, or the civilian part?”

The evidence to back up that allegation, according to Assange, is found in the lack of firings, prosecutions, budget cuts and other punitive actions that might have occurred in the eight months since the original Snowden revelations.

Before Wikileaks brought this style of disclosure and whistle-blowing to the headlines four years ago, “We weren’t actually living in the world, we were living in some fictitious representation of the world,” Assange argued.

Now that people are starting to understand the extent of government surveillance and secrets, the Internet has gone from an apathetic space to a political space, Assange said.

Going forward, Assange urged people to be aware that anything they do online is being watched.

And it’s troubling, he said, that control of Internet services rests with such a small number of companies. The fact that Google knows that one million Android phones are activated per day is a problem in and of itself, Assange asserted.

“There’s a single group that’s able to capture that much information,” Assange said. “That’s a surveillance nightmare.”

(Read the full article at: Recode)

—-
Alternative Free Press -fair use-

By Edward Snowden

–Introductory Statement–

I would like to thank the European Parliament for the invitation to provide testimony for your inquiry into the Electronic Mass Surveillance of EU Citizens. The suspicionless surveillance programs of the NSA, GCHQ, and so many others that we learned about over the last year endanger a number of basic rights which, in aggregate, constitute the foundation of liberal societies.

The first principle any inquiry must take into account is that despite extraordinary political pressure to do so, no western government has been able to present evidence showing that such programs are necessary. In the United States, the heads of our spying services once claimed that 54 terrorist attacks had been stopped by mass surveillance, but two independent White House reviews with access to the classified evidence on which this claim was founded concluded it was untrue, as did a Federal Court.

Looking at the US government’s reports here is valuable. The most recent of these investigations, performed by the White House’s Privacy and Civil Liberties Oversight Board, determined that the mass surveillance program investigated was not only ineffective — they found it had never stopped even a single imminent terrorist attack — but that it had no basis in law. In less diplomatic language, they discovered the United States was operating an unlawful mass surveillance program, and the greatest success the program had ever produced was discovering a taxi driver in the United States transferring $8,500 dollars to Somalia in 2007.

After noting that even this unimpressive success – uncovering evidence of a single unlawful bank transfer — would have been achieved without bulk collection, the Board recommended that the unlawful mass surveillance program be ended. Unfortunately, we know from press reports that this program is still operating today.

I believe that suspicionless surveillance not only fails to make us safe, but it actually makes us less safe. By squandering precious, limited resources on “collecting it all,” we end up with more analysts trying to make sense of harmless political dissent and fewer investigators running down real leads. I believe investing in mass surveillance at the expense of traditional, proven methods can cost lives, and history has shown my concerns are justified.

Despite the extraordinary intrusions of the NSA and EU national governments into private communications world-wide, Umar Farouk Abdulmutallab, the “Underwear Bomber,” was allowed to board an airplane traveling from Europe to the United States in 2009. The 290 persons on board were not saved by mass surveillance, but by his own incompetence, when he failed to detonate the device. While even Mutallab’s own father warned the US government he was dangerous in November 2009, our resources were tied up monitoring online games and tapping German ministers. That extraordinary tip-off didn’t get Mutallab a dedicated US investigator. All we gave him was a US visa.

Nor did the US government’s comprehensive monitoring of Americans at home stop the Boston Bombers. Despite the Russians specifically warning us about Tamerlan Tsarnaev, the FBI couldn’t do more than a cursory investigation — although they did plenty of worthless computer-based searching – and failed to discover the plot. 264 people were injured, and 3 died. The resources that could have paid for a real investigation had been spent on monitoring the call records of everyone in America.

This should not have happened. I worked for the United States’ Central Intelligence Agency. The National Security Agency. The Defense Intelligence Agency. I love my country, and I believe that spying serves a vital purpose and must continue. And I have risked my life, my family, and my freedom to tell you the truth.

The NSA granted me the authority to monitor communications world-wide using its mass surveillance systems, including within the United States. I have personally targeted individuals using these systems under both the President of the United States’ Executive Order 12333 and the US Congress’ FAA 702. I know the good and the bad of these systems, and what they can and cannot do, and I am telling you that without getting out of my chair, I could have read the private communications of any member of this committee, as well as any ordinary citizen. I swear under penalty of perjury that this is true.

These are not the capabilities in which free societies invest. Mass surveillance violates our rights, risks our safety, and threatens our way of life.

If even the US government, after determining mass surveillance is unlawful and unnecessary, continues to operate to engage in mass surveillance, we have a problem. I consider the United States Government to be generally responsible, and I hope you will agree with me. Accordingly, this begs the question many legislative bodies implicated in mass surveillance have sought to avoid: if even the US is willing to knowingly violate the rights of billions of innocents — and I say billions without exaggeration — for nothing more substantial than a “potential” intelligence advantage that has never materialized, what are other governments going to do?

Whether we like it or not, the international norms of tomorrow are being constructed today, right now, by the work of bodies like this committee. If liberal states decide that the convenience of spies is more valuable than the rights of their citizens, the inevitable result will be states that are both less liberal and less safe. Thank you.

I will now respond to the submitted questions. Please bear in mind that I will not be disclosing new information about surveillance programs: I will be limiting my testimony to information regarding what responsible media organizations have entered into the public domain. For the record, I also repeat my willingness to provide testimony to the United States Congress, should they decide to consider the issue of unconstitutional mass surveillance.

–Rapporteur Claude Moraes MEP, S&D Group–

Given the focus of this Inquiry is on the impact of mass surveillance on EU citizens, could you elaborate on the extent of cooperation that exists between the NSA and EU Member States in terms of the transfer and collection of bulk data of EU citizens?

– A number of memos from the NSA’s Foreign Affairs Directorate have been published in the press.

One of the foremost activities of the NSA’s FAD, or Foreign Affairs Division, is to pressure or incentivize EU member states to change their laws to enable mass surveillance. Lawyers from the NSA, as well as the UK’s GCHQ, work very hard to search for loopholes in laws and constitutional protections that they can use to justify indiscriminate, dragnet surveillance operations that were at best unwittingly authorized by lawmakers. These efforts to interpret new powers out of vague laws is an intentional strategy to avoid public opposition and lawmakers’ insistence that legal limits be respected, effects the GCHQ internally described in its own documents as “damaging public debate.”

In recent public memory, we have seen these FAD “legal guidance” operations occur in both Sweden and the Netherlands, and also faraway New Zealand. Germany was pressured to modify its G-10 law to appease the NSA, and it eroded the rights of German citizens under their constitution. Each of these countries received instruction from the NSA, sometimes under the guise of the US Department of Defense and other bodies, on how to degrade the legal protections of their countries’ communications. The ultimate result of the NSA’s guidance is that the right of ordinary citizens to be free from unwarranted interference is degraded, and systems of intrusive mass surveillance are being constructed in secret within otherwise liberal states, often without the full awareness of the public.

Once the NSA has successfully subverted or helped repeal legal restrictions against unconstitutional mass surveillance in partner states, it encourages partners to perform “access operations.” Access operations are efforts to gain access to the bulk communications of all major telecommunications providers in their jurisdictions, normally beginning with those that handle the greatest volume of communications. Sometimes the NSA provides consultation, technology, or even the physical hardware itself for partners to “ingest” these massive amounts of data in a manner that allows processing, and it does not take long to access everything. Even in a country the size of the United States, gaining access to the circuits of as few as three companies can provide access to the majority of citizens’ communications. In the UK, Verizon, British Telecommunications, Vodafone, Global Crossing, Level 3, Viatel, and Interoute all cooperate with the GCHQ, to include cooperation beyond what is legally required.

By the time this general process has occurred, it is very difficult for the citizens of a country to protect the privacy of their communications, and it is very easy for the intelligence services of that country to make those communications available to the NSA — even without having explicitly shared them. The nature of the NSA’s “NOFORN,” or NO FOREIGN NATIONALS classification, when combined with the fact that the memorandum agreements between NSA and its foreign partners have a standard disclaimer stating they provide no enforceable rights, provides both the NSA with a means of monitoring its partner’s citizens without informing the partner, and the partner with a means of plausible deniability.

The result is a European bazaar, where an EU member state like Denmark may give the NSA access to a tapping center on the (unenforceable) condition that NSA doesn’t search it for Danes, and Germany may give the NSA access to another on the condition that it doesn’t search for Germans. Yet the two tapping sites may be two points on the same cable, so the NSA simply captures the communications of the German citizens as they transit Denmark, and the Danish citizens as they transit Germany, all the while considering it entirely in accordance with their agreements. Ultimately, each EU national government’s spy services are independently hawking domestic accesses to the NSA, GCHQ, FRA, and the like without having any awareness of how their individual contribution is enabling the greater patchwork of mass surveillance against ordinary citizens as a whole.

The Parliament should ask the NSA and GCHQ to deny that they monitor the communications of EU citizens, and in the absence of an informative response, I would suggest that the current state of affairs is the inevitable result of subordinating the rights of the voting public to the prerogatives of State Security Bureaus. The surest way for any nation to become subject to unnecessary surveillance is to allow its spies to dictate its policy.

The right to be free unwarranted intrusion into our private effects — our lives and possessions, our thoughts and communications — is a human right. It is not granted by national governments and it cannot be revoked by them out of convenience. Just as we do not allow police officers to enter every home to fish around for evidence of undiscovered crimes, we must not allow spies to rummage through our every communication for indications of disfavored activities.

Could you comment on the activities of EU Member States intelligence agencies in these operations and how advanced their capabilities have become in comparison with the NSA?

– The best testimony I can provide on this matter without pre-empting the work of journalists is to point to the indications that the NSA not only enables and guides, but shares some mass surveillance systems and technologies with the agencies of EU member states. As it pertains to the issue of mass surveillance, the difference between, for example, the NSA and FRA is not one of technology, but rather funding and manpower. Technology is agnostic of nationality, and the flag on the pole outside of the building makes systems of mass surveillance no more or less effective.

In terms of the mass surveillance programmes already revealed through the press, what proportion of the mass surveillance activities do these programmes account for? Are there many other programmes, undisclosed as of yet, that would impact on EU citizens rights?

– There are many other undisclosed programs that would impact EU citizens’ rights, but I will leave the public interest determinations as to which of these may be safely disclosed to responsible journalists in coordination with government stakeholders.

–Shadow Rapporteur Sophie Int’Veld MEP, ALDE Group–

Are there adequate procedures in the NSA for staff to signal wrongdoing?

– Unfortunately not. The culture within the US Intelligence Community is such that reporting serious concerns about the legality or propriety of programs is much more likely to result in your being flagged as a troublemaker than to result in substantive reform. We should remember that many of these programs were well known to be problematic to the legal offices of agencies such as the GCHQ and other oversight officials. According to their own documents, the priority of the overseers is not to assure strict compliance with the law and accountability for violations of law, but rather to avoid, and I quote, “damaging public debate,” to conceal the fact that for-profit companies have gone “well beyond” what is legally required of them, and to avoid legal review of questionable programs by open courts. (http://www.theguardian.com/uk- news/2013/oct/25/leaked-memos-gchq-mass-surveillance-secret-snowden) In my personal experience, repeatedly raising concerns about legal and policy matters with my co-workers and superiors resulted in two kinds of responses.

The first were well-meaning but hushed warnings not to “rock the boat,” for fear of the sort of retaliation that befell former NSA whistleblowers like Wiebe, Binney, and Drake. All three men reported their concerns through the official, approved process, and all three men were subject to armed raids by the FBI and threats of criminal sanction. Everyone in the Intelligence Community is aware of what happens to people who report concerns about unlawful but authorized operations.

The second were similarly well-meaning but more pointed suggestions, typically from senior officials, that we should let the issue be someone else’s problem. Even among the most senior individuals to whom I reported my concerns, no one at NSA could ever recall an instance where an official complaint had resulted in an unlawful program being ended, but there was a unanimous desire to avoid being associated with such a complaint in any form.

Do you feel you had exhausted all avenues before taking the decision to go public?

– Yes. I had reported these clearly problematic programs to more than ten distinct officials, none of whom took any action to address them. As an employee of a private company rather than a direct employee of the US government, I was not protected by US whistleblower laws, and I would not have been protected from retaliation and legal sanction for revealing classified information about lawbreaking in accordance with the recommended process.

It is important to remember that this is legal dilemma did not occur by mistake. US whistleblower reform laws were passed as recently as 2012, with the US Whistleblower Protection Enhancement Act, but they specifically chose to exclude Intelligence Agencies from being covered by the statute. President Obama also reformed a key executive Whistleblower regulation with his 2012 Presidential Policy Directive 19, but it exempted Intelligence Community contractors such as myself. The result was that individuals like me were left with no proper channels.

Do you think procedures for whistleblowing have been improved now?

– No. There has not yet been any substantive whistleblower reform in the US, and unfortunately my government has taken a number of disproportionate and persecutory actions against me. US government officials have declared me guilty of crimes in advance of any trial, they’ve called for me to be executed or assassinated in private and openly in the press, they revoked my passport and left me stranded in a foreign transit zone for six weeks, and even used NATO to ground the presidential plane of Evo Morales – the leader of Bolivia – on hearing that I might attempt to seek and enjoy asylum in Latin America.

What is your relationship with the Russian and Chinese authorities, and what are the terms on which you were allowed to stay originally in Hong Kong and now in Russia?

– I have no relationship with either government.

–Shadow Rapporteur Jan Philipp Albrecht MEP, Greens Group–

Could we help you in any way, and do you seek asylum in the EU?

– If you want to help me, help me by helping everyone: declare that the indiscriminate, bulk collection of private data by governments is a violation of our rights and must end. What happens to me as a person is less important than what happens to our common rights.

As for asylum, I do seek EU asylum, but I have yet to receive a positive response to the requests I sent to various EU member states. Parliamentarians in the national governments have told me that the US, and I quote, “will not allow” EU partners to offer political asylum to me, which is why the previous resolution on asylum ran into such mysterious opposition. I would welcome any offer of safe passage or permanent asylum, but I recognize that would require an act of extraordinary political courage.

Can you confirm cyber-attacks by the NSA or other intelligence agencies on EU institutions, telecommunications providers such as Belgacom and SWIFT, or any other EU-based companies?

– Yes. I don’t want to outpace the efforts of journalists, here, but I can confirm that all documents reported thus far are authentic and unmodified, meaning the alleged operations against Belgacom, SWIFT, the EU as an institution, the United Nations, UNICEF, and others based on documents I provided have actually occurred. And I expect similar operations will be revealed in the future that affect many more ordinary citizens.

–Shadow Rapporteur Cornelia Ernst MEP, GUE Group–

In your view, how far can the surveillance measures you revealed be justified by national security and from your experience is the information being used for economic espionage? What could be done to resolve this?

– Surveillance against specific targets, for unquestionable reasons of national security while respecting human rights, is above reproach. Unfortunately, we’ve seen a growth in untargeted, extremely questionable surveillance for reasons entirely unrelated to national security. Most recently, the Prime Minister of Australia, caught red-handed engaging in the most blatant kind of economic espionage, sought to argue that the price of Indonesian shrimp and clove cigarettes was a “security matter.” These are indications of a growing disinterest among governments for ensuring intelligence activities are justified, proportionate, and above all accountable. We should be concerned about the precedent our actions set.

The UK’s GCHQ is the prime example of this, due to what they refer to as a “light oversight regime,” which is a bureaucratic way of saying their spying activities are less restricted than is proper (http://www.theguardian.com/uk/2013/jun/21/legal-loopholes-gchq-spy-world). Since that light oversight regime was revealed, we have learned that the GCHQ is intercepting and storing unprecedented quantities of ordinary citizens’ communications on a constant basis, both within the EU and without http://www.theguardian.com/uk/2013/jun/21/gchq-cables-secret- world-communications-nsa). There is no argument that could convince an open court that such activities were necessary and proportionate, and it is for this reason that such activities are shielded from the review of open courts.

In the United States, we use a secret, rubber-stamp Foreign Intelligence Surveillance Court that only hears arguments from the government. Out of approximately 34,000 government requests over 33 years, the secret court rejected only 11. It should raise serious concerns for this committee, and for society, that the GCHQ’s lawyers consider themselves fortunate to avoid the kind of burdensome oversight regime that rejects 11 out of 34,000 requests. If that’s what heavy oversight looks like, what, pray tell, does the GCHQ’s “light oversight” look like?

Let’s explore it. We learned only days ago that the GCHQ compromised a popular Yahoo service to collect images from web cameras inside citizens’ homes, and around 10% of these images they take from within people’s homes involve nudity or intimate activities (http://www.theguardian.com/world/2014/feb/27/gchq-nsa-webcam-images-internet-yahoo). In the same report, journalists revealed that this sort of webcam data was searchable via the NSA’s XKEYSCORE system, which means the GCHQ’s “light oversight regime” was used not only to capture bulk data that is clearly of limited intelligence value and most probably violates EU laws, but to then trade that data with foreign services without the knowledge or consent of any country’s voting public.

We also learned last year that some of the partners with which the GCHQ was sharing this information, in this example the NSA, had made efforts to use evidence of religious conservatives’ association with sexually explicit material of the sort GCHQ was collecting as a grounds for destroying their reputations and discrediting them (http://www.huffingtonpost.com/2013/11/26/nsa-porn-muslims_n_4346128.html). The “Release to Five Eyes” classification of this particular report, dated 2012, reveals that the UK government was aware of the NSA’s intent to use sexually explicit material in this manner, indicating a deepening and increasingly aggressive partnership. None of these religious conservatives were suspected of involvement in terrorist plots: they were targeted on the basis of their political beliefs and activism, as part of a class the NSA refers to as “radicalizers.”

I wonder if any members of this committee have ever advocated a position that the NSA, GCHQ, or even the intelligence services of an EU member state might attempt to construe as “radical”? If you were targeted on the basis of your political beliefs, would you know? If they sought to discredit you on the basis of your private communications, could you discover the culprit and prove it was them? What would be your recourse?

And you are parliamentarians. Try to imagine the impact of such activities against ordinary citizens without power, privilege, or resources. Are these activities necessary, proportionate, and an unquestionable matter of national security? A few weeks ago we learned the GCHQ has hired scientists to study how to create divisions amongst activists and disfavored political groups, how they attempt to discredit and destroy private businesses, and how they knowingly plant false information to misdirect civil discourse (https://firstlook.org/theintercept/2014/02/24/jtrig-manipulation/).

To directly answer your question, yes, global surveillance capabilities are being used on a daily basis for the purpose of economic espionage. That a major goal of the US Intelligence Community is to produce economic intelligence is the worst kept secret in Washington.

In September, we learned the NSA had successfully targeted and compromised the world’s major financial transaction facilitators, such as Visa and SWIFT, which released documents describe as providing “rich personal information,” even data that “is not about our targets” (http://www.spiegel.de/international/world/spiegel-exclusive-nsa-spies-on-international-bank-transactions-a-922276.html). Again, these documents are authentic and unmodified – a fact the NSA itself has never once disputed.

In August, we learned the NSA had targeted Petrobras, an energy company (http://g1.globo.com/fantastico/noticia/2013/09/nsa-documents-show-united-states-spied-brazilian-oil-giant.html). It would be the first of a long list of US energy targets. But we should be clear these activities are not unique to the NSA or GCHQ. Australia’s DSD targeted Sri Mulyani Indrawati, a finance minister and Managing Director of the World Bank (http://www.theguardian.com/world/2013/nov/18/australia-tried-to-monitor-indonesian-presidents-phone). Report after report has revealed targeting of G-8 and G-20 summits. Mass surveillance capabilities have even been used against a climate change summit.

Recently, governments have shifted their talking points from claiming they only use mass surveillance for “national security” purposes to the more nebulous “valid foreign intelligence purposes.” I suggest this committee consider that this rhetorical shift is a tacit acknowledgment by governments that they recognize they have crossed beyond the boundaries of justifiable activities. Every country believes its “foreign intelligence purposes” are “valid,” but that does not make it so. If we are prepared to condemn the economic spying of our competitors, we must be prepared to do the same of our allies. Lasting peace is founded upon fundamental fairness.

The international community must agree to common standards of behavior, and jointly invest in the development of new technical standards to defend against mass surveillance. We rely on common systems, and the French will not be safe from mass surveillance until Americans, Argentines, and Chinese are as well.

The good news is that there are solutions. The weakness of mass surveillance is that it can very easily be made much more expensive through changes in technical standards: pervasive, end-to-end encryption can quickly make indiscriminate surveillance impossible on a cost- effective basis. The result is that governments are likely to fall back to traditional, targeted surveillance founded upon an individualized suspicion. Governments cannot risk the discovery of their exploits by simply throwing attacks at every “endpoint,” or computer processor on the end of a network connection, in the world. Mass surveillance, passive surveillance, relies upon unencrypted or weakly encrypted communications at the global network level.

If there had been better independent and public oversight over the intelligence agencies, do you think this could have prevented this kind of mass surveillance? What conditions would need to be fulfilled, both nationally and internationally?

– Yes, better oversight could have prevented the mistakes that brought us to this point, as could an understanding that defense is always more important than offense when it comes to matters of national intelligence. The intentional weakening of the common security standards upon which we all rely is an action taken against the public good.

The oversight of intelligence agencies should always be performed by opposition parties, as under the democratic model, they always have the most to lose under a surveillance state. Additionally, we need better whistleblower protections, and a new commitment to the importance of international asylum. These are important safeguards that protect our collective human rights when the laws of national governments have failed.

European governments, which have traditionally been champions of human rights, should not be intimidated out of standing for the right of asylum against political charges, of which espionage has always been the traditional example. Journalism is not a crime, it is the foundation of free and informed societies, and no nation should look to others to bear the burden of defending its rights.

Shadow Rapporteur Axel Voss MEP, EPP Group

Why did you choose to go public with your information?

– Secret laws and secret courts cannot authorize unconstitutional activities by fiat, nor can classification be used to shield an unjustified and embarrassing violation of human rights from democratic accountability. If the mass surveillance of an innocent public is to occur, it should be authorized as the result of an informed debate with the consent of the public, under a framework of laws that the government invites civil society to challenge in open courts.

That our governments are even today unwilling to allow independent review of the secret policies enabling mass surveillance of innocents underlines governments’ lack of faith that these programs are lawful, and this provides stronger testimony in favor of the rightfulness of my actions than any words I might write.

Did you exhaust all possibilities before taking the decision to go public?

– Yes. I had reported these clearly problematic programs to more than ten distinct officials, none of whom took any action to address them. As an employee of a private company rather than a direct employee of the US government, I was not protected by US whistleblower laws, and I would not have been protected from retaliation and legal sanction for revealing classified information about lawbreaking in accordance with the recommended process.

It is important to remember that this is legal dilemma did not occur by mistake. US whistleblower reform laws were passed as recently as 2012, with the US Whistleblower Protection Enhancement Act, but they specifically chose to exclude Intelligence Agencies from being covered by the statute. President Obama also reformed a key executive Whistleblower regulation with his 2012 Presidential Policy Directive 19, but it exempted Intelligence Community contractors such as myself. The result was that individuals like me were left with no proper channels.

Are you aware that your revelations have the potential to put at risk lives of innocents and hamper efforts in the global fight against terrorism?

– Actually, no specific evidence has ever been offered, by any government, that even a single life has been put at risk by the award-winning journalism this question attempts to implicate.

The ongoing revelations about unlawful and improper surveillance are the product of a partnership between the world’s leading journalistic outfits and national governments, and if you can show one of the governments consulted on these stories chose not to impede demonstrably fatal information from being published, I invite you to do so. The front page of every newspaper in the world stands open to you.

Did the Russian secret service approach you?

– Of course. Even the secret service of Andorra would have approached me, if they had had the chance: that’s their job.

But I didn’t take any documents with me from Hong Kong, and while I’m sure they were disappointed, it doesn’t take long for an intelligence service to realize when they’re out of luck. I was also accompanied at all times by an utterly fearless journalist with one of the biggest megaphones in the world, which is the equivalent of Kryptonite for spies. As a consequence, we spent the next 40 days trapped in an airport instead of sleeping on piles of money while waiting for the next parade. But we walked out with heads held high.

I would also add, for the record, that the United States government has repeatedly acknowledged that there is no evidence at all of any relationship between myself and the Russian intelligence service.

Who is currently financing your life?

– I am.

–Shadow Rapporteur, Timothy Kirkhope MEP, ECR Group–

You have stated previously that you want the intelligence agencies to be more accountable to citizens, however, why do you feel this accountability does not apply to you? Do you therefore, plan to return to the United States or Europe to face criminal charges and answer questions in an official capacity, and pursue the route as an official whistle-blower?

– Respectfully, I remind you that accountability cannot exist without the due process of law, and even Deutsche Welle has written about the well-known gap in US law that deprived me of vital legal protections due to nothing more meaningful than my status as an employee of a private company rather than of the government directly (http://www.dw.de/us-whistleblower-laws-offer- no-protection/a-17391500). Surely no one on the committee believes that the measure of one’s political rights should be determined by their employer.

Fortunately, we live in a global, interconnected world where, when national laws fail like this, our international laws provide for another level of accountability, and the asylum process provides a means of due process for individuals who might otherwise be wrongly deprived of it. In the face of the extraordinary campaign of persecution brought against me by my the United States government on account of my political beliefs, which I remind you included the grounding of the President of Bolivia’s plane by EU Member States, an increasing number of national governments have agreed that a grant of political asylum is lawful and appropriate.

Polling of public opinion in Europe indicates I am not alone in hoping to see EU governments agree that blowing the whistle on serious wrongdoing should be a protected act.

Do you still plan to release more files, and have you disclosed or been asked to disclose any information regarding the content of these files to Chinese and Russian authorities or any names contained within them?

-As stated previously, there are many other undisclosed programs that would impact EU citizens’ rights, but I will leave the public interest determinations as to which of these may be safely disclosed to responsible journalists in coordination with government stakeholders. I have not disclosed any information to anyone other than those responsible journalists. Thank you.

Source: http://www.europarl.europa.eu/document/activities/cont/201403/20140307ATT80674/20140307ATT80674EN.pdf

Alternative Free Press

Snowden’s written testimony to European Parliament by AlternativeFreePress.com is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.