vacuum
4th October 2013, 04:34 PM
I don't think I've ever seen something so documented...
http://www.washingtonsblog.com/2013/10/security-expert-the-details-matter-less-and-less-we-have-to-assume-that-the-nsa-has-everyone-who-uses-electronic-communications-under-constant-surveillance.html
Security Expert: “We Have To Assume That The NSA Has EVERYONE Who Uses Electronic Communications Under CONSTANT Surveillance” Posted on October 4, 2013 (http://www.washingtonsblog.com/2013/10/security-expert-the-details-matter-less-and-less-we-have-to-assume-that-the-nsa-has-everyone-who-uses-electronic-communications-under-constant-surveillance.html) by WashingtonsBlog (http://www.washingtonsblog.com/author/washingtonsblog)
Government Is Spying On Us Through Our Computers, Phones, Cars, Buses, Streetlights, at Airports and On The Street, Via Mobile Scanners and Drones, Through Our Smart Meters, and In Many Other Ways Security expert Bruce Schneier confirms (https://www.schneier.com/blog/archives/2013/10/nsa_storing_int.html) what we’ve been saying for years … don’t get too distracted by the details, because the government is spying on everything:
Honestly, I think the details matter less and less. We have to assume that the NSA has EVERYONE who uses electronic communications under CONSTANT surveillance (https://www.schneier.com/blog/archives/2013/09/metadata_equals.html). New details about hows and whys will continue to emerge — for example, now we know the NSA’s repository contains travel data (http://papersplease.org/wp/2013/09/29/how-the-nsa-obtains-and-uses-airline-reservations/) — but the big picture will remain the same.
John Lanchester writes (http://www.theguardian.com/world/2013/oct/03/edward-snowden-files-john-lanchester) in the Guardian:
This is the central point about what our spies and security services can now do. They can, for the first time, monitor everything about us, and they can do so with a few clicks of a mouse and – to placate the lawyers – a drop-down menu of justifications.
As shown below, Schneier and Lanchester are right.
The NSA is tapping the very backbone of the Internet (http://www.washingtonsblog.com/2013/09/nsa-spying-on-everything.html). It then stores metadata on everyone for up to a year (http://www.theguardian.com/world/2013/sep/30/nsa-americans-metadata-year-documents).
As the New York Times reported this week, the NSA is also constructing sophisticated graphs of our social connections (http://www.nytimes.com/2013/09/29/us/nsa-examines-social-networks-of-us-citizens.html?pagewanted=all):
Since 2010, the National Security Agency has been exploiting its huge collections of data to create sophisticated graphs of some Americans’ social connections that can identify their associates, their locations at certain times, their traveling companions and other personal information, according to newly disclosed documents and interviews with officials.
The spy agency began allowing the analysis of phone call and e-mail logs in November 2010 to examine Americans’ networks of associations for foreign intelligence purposes after N.S.A. officials lifted restrictions on the practice, according to documents provided by Edward J. Snowden, the former N.S.A. contractor.
***
The agency can augment the communications data with material from public, commercial and other sources, including bank codes, insurance information, Facebook profiles, passenger manifests, voter registration rolls and GPS location information, as well as property records and unspecified tax data, according to the documents. They do not indicate any restrictions on the use of such “enrichment” data, and several former senior Obama administration officials said the agency drew on it for both Americans and foreigners.
***
The decision to revise the limits concerning Americans was made in secret, without review by the nation’s intelligence court or any public debate. As far back as 2006, a Justice Department memo warned of the potential for the “misuse” of such information without adequate safeguards.
***
The agency has multiple collection programs and databases, the former officials said, adding that the social networking analyses relied on both domestic and international metadata.
***
A series of agency PowerPoint presentations and memos describe how the N.S.A. has been able to develop software and other tools — one document cited a new generation of programs that “revolutionize” data collection and analysis — to unlock as many secrets about individuals as possible.
***
Phone and e-mail logs, for example, allow analysts to identify people’s friends and associates, detect where they were at a certain time, acquire clues to religious or political affiliations, and pick up sensitive information like regular calls to a psychiatrist’s office, late-night messages to an extramarital partner or exchanges with a fellow plotter.
“Metadata can be very revealing,” said Orin S. Kerr, a law professor at George Washington University. “Knowing things like the number someone just dialed or the location of the person’s cellphone is going to allow them to assemble a picture of what someone is up to. It’s the digital equivalent of tailing a suspect.”
***
The N.S.A. performed the social network graphing in a pilot project for 1 ½ years “to great benefit,” according to the 2011 memo.
***
In the 2011 memo explaining the shift, N.S.A. analysts were told that they could trace the contacts of Americans as long as they cited a foreign intelligence justification. That could include anything from ties to terrorism, weapons proliferation or international drug smuggling to spying on conversations of foreign politicians, business figures or activists. [This definition is so broad that knowing a cheese maker in France or a climate activist in England could drag an American into the NSA surveillance net.]
**
The documents show that significant amounts of information from the United States go into Mainway. An internal N.S.A. bulletin, for example, noted that in 2011 Mainway was taking in 700 million phone records per day. In August 2011, it began receiving an additional 1.1 billion cellphone records daily from an unnamed American service provider ….
***
The budget document, disclosed by Mr. Snowden, shows that the agency is pouring money and manpower into creating a metadata repository capable of taking in 20 billion “record events” daily and making them available to N.S.A. analysts within 60 minutes.
***
A top-secret document titled “Better Person Centric Analysis” describes how the agency looks for 94 “entity types,” including phone numbers, e-mail addresses and IP addresses. In addition, the N.S.A. correlates 164 “relationship types” to build social networks and what the agency calls “community of interest” profiles, using queries like “travelsWith, hasFather, sentForumMessage, employs.”
A 2009 PowerPoint presentation provided more examples of data sources available in the “enrichment” process, including location-based services like GPS and TomTom, online social networks, billing records and bank codes for transactions in the United States and overseas.
***
If the N.S.A. does not immediately use the phone and e-mail logging data of an American, it can be stored for later use, at least under certain circumstances, according to several documents.
An internal briefing paper from the N.S.A. Office of Legal Counsel showed that the agency was allowed to collect and retain raw traffic, which includes both metadata and content, about “U.S. persons” for up to five years online and for an additional 10 years offline for “historical searches.”
The NSA chief (http://hosted.ap.org/dynamic/stories/U/US_NSA_SURVEILLANCE_SOCIAL_NETWORKS?SITE=AP&SECTION=HOME&TEMPLATE=DEFAULT&CTIME=2013-10-02-11-33-15) and Director of Intelligence (http://www.nytimes.com/2013/10/03/us/nsa-experiment-traced-us-cellphone-locations.html?hp&_r=0) have largely confirmed the program.
The government is spying on you through your phone … and may even remotely turn on your camera and microphone when your phone is off (http://www.washingtonsblog.com/2013/06/the-single-most-important-step-to-protect-yourself-from-government-spying.html).
As one example, the NSA has inserted its code into Android’s operating system … bugging three-quarters of the world’s smartphones (http://www.businessweek.com/articles/2013-07-03/security-enhanced-android-nsa-edition#r=nav-fs). Google – or the NSA – can remotely turn on your phone’s camera and recorder (http://www.businessinsider.com/facebook-android-app-camera-security-2013-5) at any time.
Moreover, Google knows just about every WiFi password in the world (http://blogs.computerworld.com/android/22806/google-knows-nearly-every-wi-fi-password-world) … and so the NSA does as well, since it spies so widely on Google.
But it’s not just the Android. In reality, the NSA can spy on just about everyone’s (http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html) smart phone.
Cell towers track where your phone is (http://www.propublica.org/article/thats-no-phone.-thats-my-tracker) at any moment, and the major cell carriers, including Verizon and AT&T, responded to at least 1.3 million law enforcement requests (http://www.nytimes.com/2012/07/09/us/cell-carriers-see-uptick-in-requests-to-aid-surveillance.html?pagewanted=all) for cell phone locations and other data in 2011. (And – given that your smartphone routinely sends your location information (http://online.wsj.com/article/SB10001424052748703983704576277101723453610.html) back to Apple or Google – it would be child’s play for the government to track your location that way.) Your iPhone (http://online.wsj.com/article/SB10001424052748704123204576283580249161342.html), or other brand of smartphone (http://www.forbes.com/sites/adriankingsleyhughes/2012/10/03/how-your-android-smartphone-could-be-used-to-spy-on-you/) is spying on virtually everything you do (http://us.gizmodo.com/5863849/your-android-phone-is-secretly-recording-everything-you-do) (ProPublica notes: “That’s No Phone. That’s My Tracker (http://www.propublica.org/article/thats-no-phone.-thats-my-tracker)“). Remember, that might be happening even when your phone is turned off (https://www.techdirt.com/articles/20130723/12395923907/even-powering-down-cell-phone-cant-keep-nsa-tracking-its-location.shtml).
The NSA has gathered all of that cellphone location information (http://www.washingtonpost.com/world/national-security/nsa-had-test-project-to-collect-data-on-americans-cellphone-locations-director-says/2013/10/02/65076278-2b71-11e3-8ade-a1f23cda135e_story.html?hpid=z5).
The government might be spying on you through your computer’s webcam or microphone (http://www.washingtonsblog.com/2013/06/is-the-government-spying-on-you-through-your-own-webcam-or-microphone.html). The government might also be spying on you through the “smart meter” on your own home (http://www.washingtonsblog.com/2013/06/is-your-smart-meter-spying-on-you.html).
NSA also sometimes uses “man-in-the-middle” tactics, to pretend that it is Google or other popular websites (http://www.motherjones.com/politics/2013/09/flying-pig-nsa-impersonates-google) to grab your information.
The FBI wants a backdoor to all software. (http://www.wnd.com/2013/06/now-fbi-wants-back-door-to-all-software/) But leading (http://www.heise.de/mediadaten/english.shtml) European computer publication Heise said in 1999 that the NSA had already built a backdoor into all Windows software (http://www.heise.de/tp/artikel/5/5263/1.html).
Microsoft has long worked hand-in-hand with the NSA (http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data) and FBI so that encryption doesn’t block the government’s ability to spy on users of Skype, Outlook, Hotmail and other Microsoft services.
And Microsoft informs intelligence agencies of with information about bugs in its popular software before it publicly releases a fix (http://www.bloomberg.com/news/2013-06-14/u-s-agencies-said-to-swap-data-with-thousands-of-firms.html), so that information can be used by the government to access computers. (Software vulnerabilities are also sold (http://www.nytimes.com/2013/07/14/world/europe/nations-buying-as-hackers-sell-computer-flaws.html?pagewanted=all&_r=0) to the highest bidder (http://online.wsj.com/article/SB10001424052970203611404577044192607407780.html). )
A top expert in the ‘microprocessors’ or ‘chips’ inside every computer – having helped start two semiconductor companies and a supercomputer firm – also says (http://www.afr.com/p/technology/intel_chips_could_be_nsa_key_to_ymrhS1HS1633gCWKt5 tFtI):
He would be “surprised” if the US National Security Agency was not embedding “back doors” inside chips produced by Intel and AMD, two of the world’s largest semiconductor firms, giving them the possibility to access and control machines.
***
[The expert] said when he learned the NSA had secured “pre-encryption stage (http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data)” access to Microsoft’s email products via the PRISM leaks, he recognised that “pretty much all our computers have a way for the NSA to get inside their hardware” before a user can even think about applying encryption or other defensive measures.
Leading security experts say that the NSA might have put a backdoor in all encryption standards years ago (http://www.wired.com/politics/security/commentary/securitymatters/2007/11/securitymatters_1115). … meaning that the NSA could easily hack (http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security) into all encrypted communications. And the NSA hacks into encrypted “VPN” connections (http://www.informationweek.com/security/privacy/nsa-surveillance-can-penetrate-vpns/240159261), and TOR (http://www.theguardian.com/world/2013/oct/04/nsa-gchq-attack-tor-network-encryption).
It’s gotten so bad that some of the largest encryption companies are warning that their encryption tools are compromised (http://www.bbc.co.uk/news/technology-24173977).
“Black boxes” are currently installed in between 90% (http://www.courierpress.com/news/2012/dec/09/black-box-recorders-snitch-on-motorists-starts/) and 96% (http://www.edmunds.com/car-technology/car-black-box-recorders-capture-crash-data.html) of all new cars. And starting in 2014, all new cars (http://cnsnews.com/news/article/obama-bypasses-congress-mandate-black-boxes-all-cars-beginning-14) will include black boxes that can track your location.
License plate readers mounted on police cars (http://news.yahoo.com/driving-somewhere-theres-govt-record-140052644.html) allow police to gather millions of records on drivers (http://cironline.org/reports/license-plate-readers-let-police-collect-millions-records-drivers-4883) … including photos of them in their cars (http://online.wsj.com/article/SB10000872396390443995604578004723603576296.html).
If you have a microphone in your car, that might also open you up to snoopers. As CNET points out (http://news.cnet.com/2100-1029_3-6140191.html):
Surreptitious activation of built-in microphones by the FBI has been done before. A 2003 lawsuit (http://news.cnet.com/Court-to-FBI-No-spying-on-in-car-computers/2100-1029_3-5109435.html) revealed that the FBI was able to surreptitiously turn on the built-in microphones in automotive systems like General Motors’ OnStar to snoop on passengers’ conversations.
When FBI agents remotely activated the system and were listening in, passengers in the vehicle could not tell that their conversations were being monitored.
A security expert and former NSA software developer says that hackers can access private surveillance cameras (http://uk.reuters.com/article/2013/06/17/uk-surveilance-hackers-idUKBRE95G10620130617). Given that the NSA apparently already monitors public cameras (http://www.businessinsider.com/trapwire-everything-you-need-to-know-2012-8) using facial recognition software (http://www.youtube.com/watch?v=HBWN7qi9C9E) (and see this (http://www.nytimes.com/2013/08/21/us/facial-scanning-is-making-gains-in-surveillance.html?ref=technology&_r=1&)), and that the FBI is building a system which will track “public and private surveillance cameras around the country” (http://rt.com/usa/epic-surveillance-ngi-fbi-645/), we can assume that government agencies might already be hacking into private surveillance cameras.
The CIA wants to spy on you through your dishwasher (http://www.wired.com/dangerroom/2012/03/petraeus-tv-remote/) and other “smart” appliances. As Slate notes (http://www.slate.com/blogs/future_tense/2012/03/19/smart_appliances_could_help_cia_spy_says_petraeus_ .html):
Watch out: the CIA may soon be spying on you—through your beloved, intelligent household appliances, according to Wired (http://www.wired.com/dangerroom/2012/03/petraeus-tv-remote/).
In early March, at a meeting for the CIA’s venture capital firm In-Q-Tel, CIA Director David Petraeus reportedly noted that “smart appliances” connected to the Internet could someday be used by the CIA to track individuals. If your grocery-list-generating refrigerator knows when you’re home, the CIA could, too, by using geo-location data from your wired appliances, according to SmartPlanet (http://www.smartplanet.com/blog/thinking-tech/cia-well-spy-on-you-through-your-refrigerator/10717).
“The current ‘Internet of PCs’ will move, of course, toward an ‘Internet of Things’—of devices of all types—50 to 100 billion of which will be connected to the Internet by 2020,” Petraeus said in his speech (https://www.cia.gov/news-information/speeches-testimony/2012-speeches-testimony/in-q-tel-summit-remarks.html). He continued:
Items of interest will be located, identified, monitored, and remotely controlled through technologies such as radio-frequency identification, sensor networks, tiny embedded servers, and energy harvesters—all connected to the next-generation Internet using abundant, low cost, and high-power computing—the latter now going to cloud computing, in many areas greater and greater supercomputing, and, ultimately, heading to quantum computing.
***
ITworld’s Kevin Fogarty thinks that J. Edgar Hoover, were he still with us, would “die of jealousy (http://www.pcworld.com/article/252057/cia_eager_to_enlist_inanimate_internet_spies.html) ” upon hearing about the tools soon to be at Petraeus’ disposal.
And they’re probably bluffing and exaggerating, but the Department of Homeland Security claims they will soon be able to know your adrenaline level, what you ate for breakfast and what you’re thinking … from 164 feet away (http://www.washingtonsblog.com/2012/07/government-will-soon-be-able-to-know-your-adrenaline-level-what-you-ate-your-breakfast-and-what-youre-thinking-from-164-feet-away.html). (In addition, people will probably soon be swallowing tracking devices for medical purposes (http://www.nature.com/news/2011/110527/full/news.2011.323.html))
The government is allegedly (http://abcnews.go.com/Technology/story?id=2134464#.UdmlDW1GR8U) scanning (http://www.motherjones.com/blue-marble/2012/04/department-of-defense-neuroscience-bioethics-brains-law) prisoners’ brains without their consent at Guantanamo. In the near future, brain scanners may be able to literally read our thoughts (http://www.youtube.com/watch?feature=player_embedded&v=CTvLRVXuTYM) (and see this (http://www.youtube.com/watch?v=vhZZtSOvoBA&feature=player_embedded)).
The government is currently testing systems for use in public spaces which can screen for “pre-crime”. As Nature reports (http://www.nature.com/news/2011/110527/full/news.2011.323.html):
Like a lie detector, FAST measures a variety of physiological indicators, ranging from heart rate to the steadiness of a person’s gaze, to judge a subject’s state of mind. But there are major differences from the polygraph. FAST relies on non-contact sensors, so it can measure indicators as someone walks through a corridor at an airport, and it does not depend on active questioning of the subject.
CBS News points out (http://www.cbsnews.com/stories/2011/10/07/tech/cnettechnews/main20117207.shtml):
FAST is designed to track and monitor, among other inputs, body movements, voice pitch changes, prosody (http://en.wikipedia.org/wiki/Prosody_%28linguistics%29) changes (alterations in the rhythm and intonation of speech), eye movements, body heat changes, and breathing patterns. Occupation and age are also considered. A government source told CNET that blink rate and pupil variation are measured too.
A field test of FAST has been conducted in at least one undisclosed location in the northeast. “It is not an airport, but it is a large venue that is a suitable substitute for an operational setting,” DHS spokesman John Verrico told (http://www.nature.com/news/2011/110527/full/news.2011.323.html) Nature.com in May.
Although DHS has publicly suggested that FAST could be used at airport checkpoints–the Transportation Security Administration is part of the department, after all–the government appears to have grander ambitions. One internal DHS document (PDF (http://epic.org/privacy/fastinstallation.pdf)) also obtained by EPIC through the Freedom of Information Act says a mobile version of FAST “could be used at security checkpoints such as border crossings or at large public events such as sporting events or conventions.”
The risk of false positives is very real. As Computer World notes (http://blogs.computerworld.com/18388/homeland_security_testing_mind_reading_terrorist_p re_crime_detectors):
Tom Ormerod, a psychologist in the Investigative Expertise Unit at Lancaster University, UK, told Nature, “Even having an iris scan or fingerprint read at immigration is enough to raise the heart rate of most legitimate travelers.” Other critics have been concerned about “false positives.” For example, some travelers might have some of the physical responses that are supposedly signs of mal-intent if they were about to be groped by TSA agents in airport security.
Various “pre-crime” sensing devices have already been deployed (http://www.dailymail.co.uk/sciencetech/article-2154861/U-S-surveillance-cameras-use-eyes-pre-crimes-detecting-suspicious-behaviour-alerting-guards.html) in public spaces in the U.S.
The government has also worked on artificial intelligence for “pre-crime” detection on the Web (http://www.washingtonsblog.com/2013/06/the-next-nsa-spying-shoe-to-drop-artificial-intelligence.html). And given that programs which can figure out your emotions (http://www.forbes.com/sites/rogerdooley/2013/06/19/nsa-emotions/) are being developed using your webcam, every change in facial expression could be tracked.
According to the NSA’s former director of global digital data – William Binney – the NSA’s new data storage center in Utah will have so much storage capacity that (http://www.npr.org/2013/06/10/190160772/amid-data-controversy-nsa-builds-its-biggest-data-farm):
“They would have plenty of space … to store at least something on the order of 100 years worth of the worldwide communications, phones and emails and stuff like that,” Binney asserts, “and then have plenty of space left over to do any kind of parallel processing to try to break codes.”
***
Despite its capacity, the Utah center does not satisfy NSA’s data demands. Last month, the agency broke ground on its next data farm at its headquarters at Ft. Meade, Md. But that facility will be only two-thirds the size of the mega-complex in Utah.
The NSA is building next-generation quantum computers (http://www.newstatesman.com/sci-tech/2013/06/what-could-nsa-do-quantum-computer) to process all of the data.
NBC News reports (https://twitter.com/nbcnightlynews/status/342771225195597824):
NBC News has learned that under the post-9/11 Patriot Act, the government has been collecting records on [B]every phone call made in the U.S.
This includes metadata … which can tell the government a lot about you (http://www.washingtonsblog.com/2013/06/metadata-can-tell-the-government-more-about-you-than-the-content-of-your-phonecalls.html). And it also includes content (http://www.washingtonsblog.com/2013/06/the-governments-spying-is-not-as-bad-as-the-whistleblower-said-its-worse.html).
The documents leaked by Edward Snowden to Glenn Greenwald show (http://www.huffingtonpost.com/2013/06/29/glenn-greenwald-nsa-cell-phone-calls_n_3520424.html):
But what we’re really talking about here is a localized system that prevents any form of electronic communication from taking place without its being stored and monitored by the National Security Agency.
It doesn’t mean that they’re listening to every call, it means they’re storing every call and have the capability to listen to them at any time, and it does mean that they’re collecting millions upon millions upon millions of our phone and email records.
In addition, a government expert told the Washington Post that the government “quite literally can watch your ideas form as you type.” (http://www.washingtonsblog.com/2013/06/the-government-can-quite-literally-can-watch-your-ideas-form-as-you-type.html) (And see this (http://www.theguardian.com/world/2013/jul/31/nsa-top-secret-program-online-data).) A top NSA executive confirmed to Washington’s Blog that the NSA is intercepting and storing virtually all digital communications on the Internet (http://www.washingtonsblog.com/2013/06/exclusive-top-nsa-whistleblower-spills-the-beans-on-the-real-scope-of-the-spying-program.html).
McClatchy notes (http://www.mcclatchydc.com/2013/07/02/195606/hints-surface-that-nsa-building.html):
FBI Director Robert Mueller told a Senate committee on March 30, 2011, that “technological improvements” now enable the bureau “to pull together past emails and future ones as they come in so that it does not require an individualized search.”
The administration is building a facility in a valley south of Salt Lake City that will have the capacity to store massive amounts of records – a facility that former agency whistleblowers say has no logical purpose if it’s not going to be a vault holding years of phone and Internet data.
***
Thomas Drake, a former NSA senior executive who challenged the data collection for several years, said the agency’s intent seems obvious.
“One hundred million phone records?” he asked in an interview. “Why would they want that each and every day? Of course they’re storing it.”
***
Lending credence to his worries, The Guardian’s latest report quoted a document in which Alexander purportedly remarked during a 2008 visit to an NSA intercept station in Britain: “Why can’t we collect all the signals all the time?”
***
One former U.S. security consultant, who spoke on condition of anonymity to protect his connections to government agencies, told McClatchy he has seen agency-installed switches across the country that draw data from the cables.
“Do I know they copied it? Yes,” said the consultant. “Do I know if they kept it? No.”
http://www.washingtonsblog.com/2013/10/security-expert-the-details-matter-less-and-less-we-have-to-assume-that-the-nsa-has-everyone-who-uses-electronic-communications-under-constant-surveillance.html
Security Expert: “We Have To Assume That The NSA Has EVERYONE Who Uses Electronic Communications Under CONSTANT Surveillance” Posted on October 4, 2013 (http://www.washingtonsblog.com/2013/10/security-expert-the-details-matter-less-and-less-we-have-to-assume-that-the-nsa-has-everyone-who-uses-electronic-communications-under-constant-surveillance.html) by WashingtonsBlog (http://www.washingtonsblog.com/author/washingtonsblog)
Government Is Spying On Us Through Our Computers, Phones, Cars, Buses, Streetlights, at Airports and On The Street, Via Mobile Scanners and Drones, Through Our Smart Meters, and In Many Other Ways Security expert Bruce Schneier confirms (https://www.schneier.com/blog/archives/2013/10/nsa_storing_int.html) what we’ve been saying for years … don’t get too distracted by the details, because the government is spying on everything:
Honestly, I think the details matter less and less. We have to assume that the NSA has EVERYONE who uses electronic communications under CONSTANT surveillance (https://www.schneier.com/blog/archives/2013/09/metadata_equals.html). New details about hows and whys will continue to emerge — for example, now we know the NSA’s repository contains travel data (http://papersplease.org/wp/2013/09/29/how-the-nsa-obtains-and-uses-airline-reservations/) — but the big picture will remain the same.
John Lanchester writes (http://www.theguardian.com/world/2013/oct/03/edward-snowden-files-john-lanchester) in the Guardian:
This is the central point about what our spies and security services can now do. They can, for the first time, monitor everything about us, and they can do so with a few clicks of a mouse and – to placate the lawyers – a drop-down menu of justifications.
As shown below, Schneier and Lanchester are right.
The NSA is tapping the very backbone of the Internet (http://www.washingtonsblog.com/2013/09/nsa-spying-on-everything.html). It then stores metadata on everyone for up to a year (http://www.theguardian.com/world/2013/sep/30/nsa-americans-metadata-year-documents).
As the New York Times reported this week, the NSA is also constructing sophisticated graphs of our social connections (http://www.nytimes.com/2013/09/29/us/nsa-examines-social-networks-of-us-citizens.html?pagewanted=all):
Since 2010, the National Security Agency has been exploiting its huge collections of data to create sophisticated graphs of some Americans’ social connections that can identify their associates, their locations at certain times, their traveling companions and other personal information, according to newly disclosed documents and interviews with officials.
The spy agency began allowing the analysis of phone call and e-mail logs in November 2010 to examine Americans’ networks of associations for foreign intelligence purposes after N.S.A. officials lifted restrictions on the practice, according to documents provided by Edward J. Snowden, the former N.S.A. contractor.
***
The agency can augment the communications data with material from public, commercial and other sources, including bank codes, insurance information, Facebook profiles, passenger manifests, voter registration rolls and GPS location information, as well as property records and unspecified tax data, according to the documents. They do not indicate any restrictions on the use of such “enrichment” data, and several former senior Obama administration officials said the agency drew on it for both Americans and foreigners.
***
The decision to revise the limits concerning Americans was made in secret, without review by the nation’s intelligence court or any public debate. As far back as 2006, a Justice Department memo warned of the potential for the “misuse” of such information without adequate safeguards.
***
The agency has multiple collection programs and databases, the former officials said, adding that the social networking analyses relied on both domestic and international metadata.
***
A series of agency PowerPoint presentations and memos describe how the N.S.A. has been able to develop software and other tools — one document cited a new generation of programs that “revolutionize” data collection and analysis — to unlock as many secrets about individuals as possible.
***
Phone and e-mail logs, for example, allow analysts to identify people’s friends and associates, detect where they were at a certain time, acquire clues to religious or political affiliations, and pick up sensitive information like regular calls to a psychiatrist’s office, late-night messages to an extramarital partner or exchanges with a fellow plotter.
“Metadata can be very revealing,” said Orin S. Kerr, a law professor at George Washington University. “Knowing things like the number someone just dialed or the location of the person’s cellphone is going to allow them to assemble a picture of what someone is up to. It’s the digital equivalent of tailing a suspect.”
***
The N.S.A. performed the social network graphing in a pilot project for 1 ½ years “to great benefit,” according to the 2011 memo.
***
In the 2011 memo explaining the shift, N.S.A. analysts were told that they could trace the contacts of Americans as long as they cited a foreign intelligence justification. That could include anything from ties to terrorism, weapons proliferation or international drug smuggling to spying on conversations of foreign politicians, business figures or activists. [This definition is so broad that knowing a cheese maker in France or a climate activist in England could drag an American into the NSA surveillance net.]
**
The documents show that significant amounts of information from the United States go into Mainway. An internal N.S.A. bulletin, for example, noted that in 2011 Mainway was taking in 700 million phone records per day. In August 2011, it began receiving an additional 1.1 billion cellphone records daily from an unnamed American service provider ….
***
The budget document, disclosed by Mr. Snowden, shows that the agency is pouring money and manpower into creating a metadata repository capable of taking in 20 billion “record events” daily and making them available to N.S.A. analysts within 60 minutes.
***
A top-secret document titled “Better Person Centric Analysis” describes how the agency looks for 94 “entity types,” including phone numbers, e-mail addresses and IP addresses. In addition, the N.S.A. correlates 164 “relationship types” to build social networks and what the agency calls “community of interest” profiles, using queries like “travelsWith, hasFather, sentForumMessage, employs.”
A 2009 PowerPoint presentation provided more examples of data sources available in the “enrichment” process, including location-based services like GPS and TomTom, online social networks, billing records and bank codes for transactions in the United States and overseas.
***
If the N.S.A. does not immediately use the phone and e-mail logging data of an American, it can be stored for later use, at least under certain circumstances, according to several documents.
An internal briefing paper from the N.S.A. Office of Legal Counsel showed that the agency was allowed to collect and retain raw traffic, which includes both metadata and content, about “U.S. persons” for up to five years online and for an additional 10 years offline for “historical searches.”
The NSA chief (http://hosted.ap.org/dynamic/stories/U/US_NSA_SURVEILLANCE_SOCIAL_NETWORKS?SITE=AP&SECTION=HOME&TEMPLATE=DEFAULT&CTIME=2013-10-02-11-33-15) and Director of Intelligence (http://www.nytimes.com/2013/10/03/us/nsa-experiment-traced-us-cellphone-locations.html?hp&_r=0) have largely confirmed the program.
The government is spying on you through your phone … and may even remotely turn on your camera and microphone when your phone is off (http://www.washingtonsblog.com/2013/06/the-single-most-important-step-to-protect-yourself-from-government-spying.html).
As one example, the NSA has inserted its code into Android’s operating system … bugging three-quarters of the world’s smartphones (http://www.businessweek.com/articles/2013-07-03/security-enhanced-android-nsa-edition#r=nav-fs). Google – or the NSA – can remotely turn on your phone’s camera and recorder (http://www.businessinsider.com/facebook-android-app-camera-security-2013-5) at any time.
Moreover, Google knows just about every WiFi password in the world (http://blogs.computerworld.com/android/22806/google-knows-nearly-every-wi-fi-password-world) … and so the NSA does as well, since it spies so widely on Google.
But it’s not just the Android. In reality, the NSA can spy on just about everyone’s (http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html) smart phone.
Cell towers track where your phone is (http://www.propublica.org/article/thats-no-phone.-thats-my-tracker) at any moment, and the major cell carriers, including Verizon and AT&T, responded to at least 1.3 million law enforcement requests (http://www.nytimes.com/2012/07/09/us/cell-carriers-see-uptick-in-requests-to-aid-surveillance.html?pagewanted=all) for cell phone locations and other data in 2011. (And – given that your smartphone routinely sends your location information (http://online.wsj.com/article/SB10001424052748703983704576277101723453610.html) back to Apple or Google – it would be child’s play for the government to track your location that way.) Your iPhone (http://online.wsj.com/article/SB10001424052748704123204576283580249161342.html), or other brand of smartphone (http://www.forbes.com/sites/adriankingsleyhughes/2012/10/03/how-your-android-smartphone-could-be-used-to-spy-on-you/) is spying on virtually everything you do (http://us.gizmodo.com/5863849/your-android-phone-is-secretly-recording-everything-you-do) (ProPublica notes: “That’s No Phone. That’s My Tracker (http://www.propublica.org/article/thats-no-phone.-thats-my-tracker)“). Remember, that might be happening even when your phone is turned off (https://www.techdirt.com/articles/20130723/12395923907/even-powering-down-cell-phone-cant-keep-nsa-tracking-its-location.shtml).
The NSA has gathered all of that cellphone location information (http://www.washingtonpost.com/world/national-security/nsa-had-test-project-to-collect-data-on-americans-cellphone-locations-director-says/2013/10/02/65076278-2b71-11e3-8ade-a1f23cda135e_story.html?hpid=z5).
The government might be spying on you through your computer’s webcam or microphone (http://www.washingtonsblog.com/2013/06/is-the-government-spying-on-you-through-your-own-webcam-or-microphone.html). The government might also be spying on you through the “smart meter” on your own home (http://www.washingtonsblog.com/2013/06/is-your-smart-meter-spying-on-you.html).
NSA also sometimes uses “man-in-the-middle” tactics, to pretend that it is Google or other popular websites (http://www.motherjones.com/politics/2013/09/flying-pig-nsa-impersonates-google) to grab your information.
The FBI wants a backdoor to all software. (http://www.wnd.com/2013/06/now-fbi-wants-back-door-to-all-software/) But leading (http://www.heise.de/mediadaten/english.shtml) European computer publication Heise said in 1999 that the NSA had already built a backdoor into all Windows software (http://www.heise.de/tp/artikel/5/5263/1.html).
Microsoft has long worked hand-in-hand with the NSA (http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data) and FBI so that encryption doesn’t block the government’s ability to spy on users of Skype, Outlook, Hotmail and other Microsoft services.
And Microsoft informs intelligence agencies of with information about bugs in its popular software before it publicly releases a fix (http://www.bloomberg.com/news/2013-06-14/u-s-agencies-said-to-swap-data-with-thousands-of-firms.html), so that information can be used by the government to access computers. (Software vulnerabilities are also sold (http://www.nytimes.com/2013/07/14/world/europe/nations-buying-as-hackers-sell-computer-flaws.html?pagewanted=all&_r=0) to the highest bidder (http://online.wsj.com/article/SB10001424052970203611404577044192607407780.html). )
A top expert in the ‘microprocessors’ or ‘chips’ inside every computer – having helped start two semiconductor companies and a supercomputer firm – also says (http://www.afr.com/p/technology/intel_chips_could_be_nsa_key_to_ymrhS1HS1633gCWKt5 tFtI):
He would be “surprised” if the US National Security Agency was not embedding “back doors” inside chips produced by Intel and AMD, two of the world’s largest semiconductor firms, giving them the possibility to access and control machines.
***
[The expert] said when he learned the NSA had secured “pre-encryption stage (http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data)” access to Microsoft’s email products via the PRISM leaks, he recognised that “pretty much all our computers have a way for the NSA to get inside their hardware” before a user can even think about applying encryption or other defensive measures.
Leading security experts say that the NSA might have put a backdoor in all encryption standards years ago (http://www.wired.com/politics/security/commentary/securitymatters/2007/11/securitymatters_1115). … meaning that the NSA could easily hack (http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security) into all encrypted communications. And the NSA hacks into encrypted “VPN” connections (http://www.informationweek.com/security/privacy/nsa-surveillance-can-penetrate-vpns/240159261), and TOR (http://www.theguardian.com/world/2013/oct/04/nsa-gchq-attack-tor-network-encryption).
It’s gotten so bad that some of the largest encryption companies are warning that their encryption tools are compromised (http://www.bbc.co.uk/news/technology-24173977).
“Black boxes” are currently installed in between 90% (http://www.courierpress.com/news/2012/dec/09/black-box-recorders-snitch-on-motorists-starts/) and 96% (http://www.edmunds.com/car-technology/car-black-box-recorders-capture-crash-data.html) of all new cars. And starting in 2014, all new cars (http://cnsnews.com/news/article/obama-bypasses-congress-mandate-black-boxes-all-cars-beginning-14) will include black boxes that can track your location.
License plate readers mounted on police cars (http://news.yahoo.com/driving-somewhere-theres-govt-record-140052644.html) allow police to gather millions of records on drivers (http://cironline.org/reports/license-plate-readers-let-police-collect-millions-records-drivers-4883) … including photos of them in their cars (http://online.wsj.com/article/SB10000872396390443995604578004723603576296.html).
If you have a microphone in your car, that might also open you up to snoopers. As CNET points out (http://news.cnet.com/2100-1029_3-6140191.html):
Surreptitious activation of built-in microphones by the FBI has been done before. A 2003 lawsuit (http://news.cnet.com/Court-to-FBI-No-spying-on-in-car-computers/2100-1029_3-5109435.html) revealed that the FBI was able to surreptitiously turn on the built-in microphones in automotive systems like General Motors’ OnStar to snoop on passengers’ conversations.
When FBI agents remotely activated the system and were listening in, passengers in the vehicle could not tell that their conversations were being monitored.
A security expert and former NSA software developer says that hackers can access private surveillance cameras (http://uk.reuters.com/article/2013/06/17/uk-surveilance-hackers-idUKBRE95G10620130617). Given that the NSA apparently already monitors public cameras (http://www.businessinsider.com/trapwire-everything-you-need-to-know-2012-8) using facial recognition software (http://www.youtube.com/watch?v=HBWN7qi9C9E) (and see this (http://www.nytimes.com/2013/08/21/us/facial-scanning-is-making-gains-in-surveillance.html?ref=technology&_r=1&)), and that the FBI is building a system which will track “public and private surveillance cameras around the country” (http://rt.com/usa/epic-surveillance-ngi-fbi-645/), we can assume that government agencies might already be hacking into private surveillance cameras.
The CIA wants to spy on you through your dishwasher (http://www.wired.com/dangerroom/2012/03/petraeus-tv-remote/) and other “smart” appliances. As Slate notes (http://www.slate.com/blogs/future_tense/2012/03/19/smart_appliances_could_help_cia_spy_says_petraeus_ .html):
Watch out: the CIA may soon be spying on you—through your beloved, intelligent household appliances, according to Wired (http://www.wired.com/dangerroom/2012/03/petraeus-tv-remote/).
In early March, at a meeting for the CIA’s venture capital firm In-Q-Tel, CIA Director David Petraeus reportedly noted that “smart appliances” connected to the Internet could someday be used by the CIA to track individuals. If your grocery-list-generating refrigerator knows when you’re home, the CIA could, too, by using geo-location data from your wired appliances, according to SmartPlanet (http://www.smartplanet.com/blog/thinking-tech/cia-well-spy-on-you-through-your-refrigerator/10717).
“The current ‘Internet of PCs’ will move, of course, toward an ‘Internet of Things’—of devices of all types—50 to 100 billion of which will be connected to the Internet by 2020,” Petraeus said in his speech (https://www.cia.gov/news-information/speeches-testimony/2012-speeches-testimony/in-q-tel-summit-remarks.html). He continued:
Items of interest will be located, identified, monitored, and remotely controlled through technologies such as radio-frequency identification, sensor networks, tiny embedded servers, and energy harvesters—all connected to the next-generation Internet using abundant, low cost, and high-power computing—the latter now going to cloud computing, in many areas greater and greater supercomputing, and, ultimately, heading to quantum computing.
***
ITworld’s Kevin Fogarty thinks that J. Edgar Hoover, were he still with us, would “die of jealousy (http://www.pcworld.com/article/252057/cia_eager_to_enlist_inanimate_internet_spies.html) ” upon hearing about the tools soon to be at Petraeus’ disposal.
And they’re probably bluffing and exaggerating, but the Department of Homeland Security claims they will soon be able to know your adrenaline level, what you ate for breakfast and what you’re thinking … from 164 feet away (http://www.washingtonsblog.com/2012/07/government-will-soon-be-able-to-know-your-adrenaline-level-what-you-ate-your-breakfast-and-what-youre-thinking-from-164-feet-away.html). (In addition, people will probably soon be swallowing tracking devices for medical purposes (http://www.nature.com/news/2011/110527/full/news.2011.323.html))
The government is allegedly (http://abcnews.go.com/Technology/story?id=2134464#.UdmlDW1GR8U) scanning (http://www.motherjones.com/blue-marble/2012/04/department-of-defense-neuroscience-bioethics-brains-law) prisoners’ brains without their consent at Guantanamo. In the near future, brain scanners may be able to literally read our thoughts (http://www.youtube.com/watch?feature=player_embedded&v=CTvLRVXuTYM) (and see this (http://www.youtube.com/watch?v=vhZZtSOvoBA&feature=player_embedded)).
The government is currently testing systems for use in public spaces which can screen for “pre-crime”. As Nature reports (http://www.nature.com/news/2011/110527/full/news.2011.323.html):
Like a lie detector, FAST measures a variety of physiological indicators, ranging from heart rate to the steadiness of a person’s gaze, to judge a subject’s state of mind. But there are major differences from the polygraph. FAST relies on non-contact sensors, so it can measure indicators as someone walks through a corridor at an airport, and it does not depend on active questioning of the subject.
CBS News points out (http://www.cbsnews.com/stories/2011/10/07/tech/cnettechnews/main20117207.shtml):
FAST is designed to track and monitor, among other inputs, body movements, voice pitch changes, prosody (http://en.wikipedia.org/wiki/Prosody_%28linguistics%29) changes (alterations in the rhythm and intonation of speech), eye movements, body heat changes, and breathing patterns. Occupation and age are also considered. A government source told CNET that blink rate and pupil variation are measured too.
A field test of FAST has been conducted in at least one undisclosed location in the northeast. “It is not an airport, but it is a large venue that is a suitable substitute for an operational setting,” DHS spokesman John Verrico told (http://www.nature.com/news/2011/110527/full/news.2011.323.html) Nature.com in May.
Although DHS has publicly suggested that FAST could be used at airport checkpoints–the Transportation Security Administration is part of the department, after all–the government appears to have grander ambitions. One internal DHS document (PDF (http://epic.org/privacy/fastinstallation.pdf)) also obtained by EPIC through the Freedom of Information Act says a mobile version of FAST “could be used at security checkpoints such as border crossings or at large public events such as sporting events or conventions.”
The risk of false positives is very real. As Computer World notes (http://blogs.computerworld.com/18388/homeland_security_testing_mind_reading_terrorist_p re_crime_detectors):
Tom Ormerod, a psychologist in the Investigative Expertise Unit at Lancaster University, UK, told Nature, “Even having an iris scan or fingerprint read at immigration is enough to raise the heart rate of most legitimate travelers.” Other critics have been concerned about “false positives.” For example, some travelers might have some of the physical responses that are supposedly signs of mal-intent if they were about to be groped by TSA agents in airport security.
Various “pre-crime” sensing devices have already been deployed (http://www.dailymail.co.uk/sciencetech/article-2154861/U-S-surveillance-cameras-use-eyes-pre-crimes-detecting-suspicious-behaviour-alerting-guards.html) in public spaces in the U.S.
The government has also worked on artificial intelligence for “pre-crime” detection on the Web (http://www.washingtonsblog.com/2013/06/the-next-nsa-spying-shoe-to-drop-artificial-intelligence.html). And given that programs which can figure out your emotions (http://www.forbes.com/sites/rogerdooley/2013/06/19/nsa-emotions/) are being developed using your webcam, every change in facial expression could be tracked.
According to the NSA’s former director of global digital data – William Binney – the NSA’s new data storage center in Utah will have so much storage capacity that (http://www.npr.org/2013/06/10/190160772/amid-data-controversy-nsa-builds-its-biggest-data-farm):
“They would have plenty of space … to store at least something on the order of 100 years worth of the worldwide communications, phones and emails and stuff like that,” Binney asserts, “and then have plenty of space left over to do any kind of parallel processing to try to break codes.”
***
Despite its capacity, the Utah center does not satisfy NSA’s data demands. Last month, the agency broke ground on its next data farm at its headquarters at Ft. Meade, Md. But that facility will be only two-thirds the size of the mega-complex in Utah.
The NSA is building next-generation quantum computers (http://www.newstatesman.com/sci-tech/2013/06/what-could-nsa-do-quantum-computer) to process all of the data.
NBC News reports (https://twitter.com/nbcnightlynews/status/342771225195597824):
NBC News has learned that under the post-9/11 Patriot Act, the government has been collecting records on [B]every phone call made in the U.S.
This includes metadata … which can tell the government a lot about you (http://www.washingtonsblog.com/2013/06/metadata-can-tell-the-government-more-about-you-than-the-content-of-your-phonecalls.html). And it also includes content (http://www.washingtonsblog.com/2013/06/the-governments-spying-is-not-as-bad-as-the-whistleblower-said-its-worse.html).
The documents leaked by Edward Snowden to Glenn Greenwald show (http://www.huffingtonpost.com/2013/06/29/glenn-greenwald-nsa-cell-phone-calls_n_3520424.html):
But what we’re really talking about here is a localized system that prevents any form of electronic communication from taking place without its being stored and monitored by the National Security Agency.
It doesn’t mean that they’re listening to every call, it means they’re storing every call and have the capability to listen to them at any time, and it does mean that they’re collecting millions upon millions upon millions of our phone and email records.
In addition, a government expert told the Washington Post that the government “quite literally can watch your ideas form as you type.” (http://www.washingtonsblog.com/2013/06/the-government-can-quite-literally-can-watch-your-ideas-form-as-you-type.html) (And see this (http://www.theguardian.com/world/2013/jul/31/nsa-top-secret-program-online-data).) A top NSA executive confirmed to Washington’s Blog that the NSA is intercepting and storing virtually all digital communications on the Internet (http://www.washingtonsblog.com/2013/06/exclusive-top-nsa-whistleblower-spills-the-beans-on-the-real-scope-of-the-spying-program.html).
McClatchy notes (http://www.mcclatchydc.com/2013/07/02/195606/hints-surface-that-nsa-building.html):
FBI Director Robert Mueller told a Senate committee on March 30, 2011, that “technological improvements” now enable the bureau “to pull together past emails and future ones as they come in so that it does not require an individualized search.”
The administration is building a facility in a valley south of Salt Lake City that will have the capacity to store massive amounts of records – a facility that former agency whistleblowers say has no logical purpose if it’s not going to be a vault holding years of phone and Internet data.
***
Thomas Drake, a former NSA senior executive who challenged the data collection for several years, said the agency’s intent seems obvious.
“One hundred million phone records?” he asked in an interview. “Why would they want that each and every day? Of course they’re storing it.”
***
Lending credence to his worries, The Guardian’s latest report quoted a document in which Alexander purportedly remarked during a 2008 visit to an NSA intercept station in Britain: “Why can’t we collect all the signals all the time?”
***
One former U.S. security consultant, who spoke on condition of anonymity to protect his connections to government agencies, told McClatchy he has seen agency-installed switches across the country that draw data from the cables.
“Do I know they copied it? Yes,” said the consultant. “Do I know if they kept it? No.”