Google, Facebook & other companies allow the NSA to spy on our emails & phones calls
US intelligence chiefs have confirmed that the National Security Agency has used a "back door" in surveillance law to perform warrantless searches on Americans’ communications.
The NSA's collection programs are ostensibly targeted at foreigners, but the Guardian revealed a secret rule change allowing NSA analysts to search for Americans' details within the databases.
Now, in a letter to Senator Ron Wyden, an Oregon Democrat on the intelligence committee, the director of national intelligence, James Clapper, has confirmed for the first time the use of this legal authority to search for data related to “US persons”.
“There have been queries, using US person identifiers, of communications lawfully acquired to obtain foreign intelligence targeting non-US persons reasonably believed to be located outside the United States,” Clapper wrote in the letter.
“These queries were performed pursuant to minimization procedures approved by the Fisa court and consistent with the statute and the fourth amendment.”
"This is unacceptable. It raises serious constitutional questions, and poses a real threat to the privacy rights of law-abiding Americans," Wyden and Sen. Mark Udall, a Colorado Democrat, said in a statement.
"If a government agency thinks that a particular American is engaged in terrorism or espionage, the Fourth Amendment requires that the government secure a warrant or emergency authorization before monitoring his or her communications," the senators said. "This fact should be beyond dispute."
Glenn Greenwald recently told Democracy Now that “the goal of the NSA really is the elimination of privacy worldwide,” the idea that the NSA might have made some lists that have yet to be revealed should not come as a terrible shock.
The language of the House Intelligence Bill provides a list of “business records,” the bulk collection of which, if passed, would be prohibited under Section 215 of the Patriot Act:
Some but not all library and book records
Firearm sales records
Tax return records
Education records
Some but not all medical records
A similar list has been compiled by Senators Ron Wyden and Mark Udall in a letter they wrote to Director of National Intelligence James Clapper on June 27, 2013, in which they sought additional information on secretive collection practices and registries under Section 215.
The list from the Wyden/Udall letter, which was co-signed by 25 other senators, is instructive as a point of comparison to the list in the House bill. Wyden et. al note that the scope of the Patriot Act’s “Business Record” allowances is very expansive, documenting such other categories of information that can be collected under this authority to include the following:
Credit card purchases
Pharmacy records
Library records
Firearm sales records
Financial information
A range of other sensitive subjects
The legal authority to perform the searches, revealed in top-secret NSA documents provided to the Guardian by Edward Snowden, was denounced by Wyden as a “backdoor search loophole.”
Many of the NSA's most controversial programs collect information under the law affected by the so-called loophole. These include Prism, which allows the agency to collect data from Google, Apple, Facebook, Yahoo and other tech companies, and the agency's Upstream program – a huge network of internet cable taps.
Clapper did not disclose how many warrantless searches had been performed by the NSA.
It's unclear how many Americans have been affected by the surveillance, though the program is presumably much smaller than the NSA's bulk collection of millions of phone records. But unlike that bulk data collection, Section 702 allows the NSA to listen to calls and read emails.
Confirmation that the NSA has searched for Americans’ communications in its phone call and email databases complicates President Barack Obama’s initial defenses of the broad surveillance in June.
“When it comes to telephone calls, nobody is listening to your telephone calls. That’s not what this program’s about,” Obama said. “As was indicated, what the intelligence community is doing is looking at phone numbers and durations of calls. They are not looking at people’s names, and they’re not looking at content.”
"Senior officials have sometimes suggested that government agencies do not deliberately read Americans' emails, monitor their online activity or listen to their phone calls without a warrant," the senators said. "However, the facts show that those suggestions were misleading, and that intelligence agencies have indeed conducted warrantless searches for Americans' communications."
According to the Attorney General and the Director of National Intelligence, President Obama has renewed the NSA's authority to collect all of the telephone records of all American telephone customers.
The "Section 215" program exceeded Congressional authority and was found to be ineffective by two expert panels. At a speech on January 17, 2014, President Obama ordered a transition that will end the Section 215 bulk telephony metadata program as it currently exists.
Director of National Intelligence James Clapper, filed an application with the FISC to reauthorize the existing program as previously modified for 90 days, and the FISC issued an order approving the government's application.
http://www.theguardian.com/world/2014/apr/01/nsa-surveillance-loophole-americans-data
http://arstechnica.com/tech-policy/2014/04/what-besides-phone-records-does-the-nsa-bulk-collect/
http://www.nationaljournal.com/tech/how-the-nsa-used-a-loophole-to-spy-on-americans-20140401
Google and Facebook are still spying on your emails etc.
If you’ve been reading the news recently, you might think that corporate America is doing its best to thwart NSA surveillance.
Google just announced that it is encrypting Gmail when you access it from your computer or phone, and between data centers. Last week, Mark Zuckerberg personally called President Obama to complain about the NSA using Facebook as a means to hack computers, and Facebook's Chief Security Officer explained to reporters that the attack technique has not worked since last summer.
Yahoo, Google, Microsoft, and others are now regularly publishing "transparency reports," listing approximately how many government data requests the companies have received and complied with.
The NSA's General Counsel Rajesh De seemed to have thrown those companies under a bus by stating that—despite their denials—they knew all about the NSA's collection of data under both the PRISM program and some unnamed "upstream" collections on the communications links.
It may seem like the the public/private surveillance partnership has frayed—but, unfortunately, it is alive and well. The main focus of massive Internet companies and government agencies both still largely align: to keep us all under constant surveillance. When they bicker, it’s mostly role-playing designed to keep us blasé about what's really going on.
The big Internet companies know of PRISM—although not under that code name—because that's how the program works; the NSA serves them with FISA orders. Those same companies did not know about any of the other surveillance against their users conducted on the far more permissive EO 12333. Google and Yahoo did not know about MUSCULAR, the NSA's secret program to eavesdrop on their trunk connections between data centers. Facebook did not know about QUANTUMHAND, the NSA's secret program to attack Facebook users. And none of the target companies knew that the NSA was harvesting their users' address books and buddy lists.
These companies are certainly pissed that the publicity surrounding the NSA's actions is undermining their users' trust in their services, and they're losing money because of it. Cisco, IBM, cloud service providers, and others have announced that they're losing billions, mostly in foreign sales.
These companies are doing their best to convince users that their data is secure. But they're relying on their users not understanding what real security looks like. IBM's letter to its clients last week is an excellent example. The letter lists five "simple facts" that it hopes will mollify its customers, but the items are so qualified with caveats that they do the exact opposite to anyone who understands the full extent of NSA surveillance. And IBM’s spending $1.2B on data centers outside the U.S. will only reassure customers who don’t realize that National Security Letters require a company to turn over data, regardless of where in the world it is stored.
Google’s recent actions, and similar actions of many Internet companies, will definitely improve its users' security against surreptitious government collection programs—both the NSA's and other governments'—but their assurances deliberately ignores the massive security vulnerability built into its services by design. Google, and by extension, the U.S. government, still has access to your communications on Google's servers.
Google could change that. It could encrypt your e-mail so only you could decrypt and read it. It could provide for secure voice and video so no one outside the conversations could eavesdrop.
It doesn’t. And neither does Microsoft, Facebook, Yahoo, Apple, or any of the others.
Why not? They don’t partly because they want to keep the ability to eavesdrop on your conversations. Surveillance is still the business model of the Internet, and every one of those companies wants access to your communications and your metadata. Your private thoughts and conversations are the product they sell to their customers. We also have learned that they read your e-mail for their own internal investigations.
The biggest Internet companies don’t offer real security because the U.S. government won't permit it.
At SXSW earlier this month, CEO Eric Schmidt tried to reassure the audience by saying that he was "pretty sure that information within Google is now safe from any government's prying eyes." A more accurate statement might be, "Your data is safe from governments, except for the ways we don't know about and the ways we cannot tell you about. And, of course, we still have complete access to it all, and can sell it at will to whomever we want."
http://www.theatlantic.com/technology/archive/2014/03/don-t-listen-to-google-and-facebook-the-public-private-surveillance-partnership-is-still-going-strong/284612/