The NSA knows all about your spending habits & has created an internal branch titled "Follow The Money"
With the NSA already tracking and recording every form of communication and electronic data exchange, it would hardly come as a surprise that the final piece of the puzzle was also actively being intercepted and collected by General Keith Alexander's superspy army: money, or rather tracking the global flow thereof.
Which is why we were not surprised to learn just this, following the latest report from Germany's Spiegel that "The National Security Agency (NSA) widely monitors international payments, banking and credit card transactions" and has even created an internal branch titled appropriately enough "Follow The Money" (FTM). Once collected, the data then flows into the NSA's own financial databank, called "Tracfin," which in 2011 contained 180 million records. Some 84 percent of the data is from credit card transactions.
Stated simply: every time you "charge it" and a credit card is swiped, literally or metaphorically, the NSA knows all about it and if it triggers a specific filter, congratulations: the NSA will be tracking your every transaction in perpetuity.
Further NSA documents from 2010 show that the NSA also targets the transactions of customers of large credit card companies like VISA for surveillance. NSA analysts at an internal conference that year described in detail how they had apparently successfully searched through the US company's complex transaction network for tapping possibilities.
Their aim was to gain access to transactions by VISA customers in Europe, the Middle East and Africa, according to one presentation. The goal was to "collect, parse and ingest transactional data for priority credit card associations, focusing on priority geographic regions." In response to a SPIEGEL inquiry, however, a VISA spokeswoman ruled out the possibility that data could be taken from company-run networks.
Odd: we fail to recall smartphone makers admitting the NSA has full back door access to their products, and only got confirmation following yet another report from Spiegel last weekend. Which is why we tend to take VISA's "ruling out" of any possibility with a grain of salt, and would rather be far more curious what if any backdoor funding channels exist between credit card processors and the espionage service to the US government. You know, to help soothe their consciences and what not.
But while collecting credit card data was to be expected, what is even worse is that the NSA has also secretly planted itself in the nexus of the entire global USD-intermediated financial transactions system courtesy of SWIFT.
The NSA's Tracfin data bank also contained data from the Brussels-based Society for Worldwide Interbank Financial Telecommunication (SWIFT), a network used by thousands of banks to send transaction information securely. SWIFT was named as a "target," according to the documents, which also show that the NSA spied on the organization on several levels, involving, among others, the agency's "tailored access operations" division. One of the ways the agency accessed the data included reading "SWIFT printer traffic from numerous banks," the documents show.
The NSA and its henchmen, in this case the GCHQ, had no qualms about violating personal privacy at every level, it is only when banks were threatened that someone feel like perhaps a line was crossed:
But even intelligence agency employees are somewhat concerned about spying on the world finance system, according to one document from the UK's intelligence agency GCHQ concerning the legal perspectives on "financial data" and the agency's own cooperations with the NSA in this area.
http://www.zerohedge.com/news/2013-09-15/swift-takeover-follow-money-nsa-knows-all-about-your-spending-habits
http://www.techdirt.com/articles/20130916/06383524529/nsa-is-also-grabbing-millions-credit-card-records.shtml
The NSA is delighted by people voluntarily giving fingerprints to access their smartphones & computers:
The NSA has welcomed Apple adding fingerprint scanners to their devices, saying it will really add depth to their illegally obtained database of information about you.
The fingerprint scanner introduced by Apple will store your fingerprint on a secure chip inside the device, which as we speak NSA operatives and other covert intelligent services are attempting to hack.
An NSA insider told us, “There are literally hundreds of millions of people out there about whom we have no biometric data – this will change everything.”
“We already know who you call, email and transact with – but now we’ll be able to find you an entirely new way, too!”
“It would be useful if Samsung could develop a nice mobile friendly DNA scanner, that would really complete the set.”
Privacy campaigners have already insisted that people voluntarily giving their fingerprints to an Internet connected device to save typing in four numbers deserve to have the biometric data held by any government that wants it.
As one told us, “Seriously, we want to campaign for the privacy of the individual – but if you can’t see why this is a bad idea, then you’re beyond our help.”
“But if you don’t see an issue with it, why not just cut out the middle-man and volunteer your fingerprints to the local police?”
http://newsthump.com/2013/09/12/nsa-delighted-by-people-voluntarily-giving-fingerprints-to-computers/
Apple’s fingerprint ID may mean smartphone users can’t ‘Take the Fifth’
Because the constitutional protection of the Fifth Amendment, which guarantees that “no person shall be compelled in any criminal case to be a witness against himself,” may not apply when it comes to biometric-based fingerprints (things that reflect who we are) as opposed to memory-based passwords and PINs (things we need to know and remember).
The privilege against self-incrimination is an important check on the government’s ability to collect evidence directly from a witness. The Supreme Court has made it clear that the Fifth Amendment broadly applies not only during a criminal prosecution, but also to any other proceeding “civil or criminal, formal or informal,” where answers might tend to incriminate us. It’s a constitutional guarantee deeply rooted in English law dating back to the 1600s, when it was used to protect people from being tortured by inquisitors to force them to divulge information that could be used against them.
For the privilege to apply, however, the government must try to compel a person to make a “testimonial” statement that would tend to incriminate him or her. When a person has a valid privilege against self-incrimination, nobody — not even a judge — can force the witness to give that information to the government.
But a communication is “testimonial” only when it reveals the contents of your mind. We can’t invoke the privilege against self-incrimination to prevent the government from collecting biometrics like fingerprints, DNA samples, or voice exemplars. Why? Because the courts have decided that this evidence doesn’t reveal anything you know. It’s not testimonial.
The important feature about PINs and passwords is that they’re generally something we know (unless we forget them, of course). These memory-based authenticators are the type of fact that benefit from strong Fifth Amendment protection should the government try to make us turn them over against our will. Indeed, last year a federal appeals court held that a man could not be forced by the government to decrypt data.
But if we move toward authentication systems based solely on physical tokens or biometrics — things we have or things we are, rather than things we remember — the government could demand that we produce them without implicating anything we know. Which would make it less likely that a valid privilege against self-incrimination would apply.
Biometric authentication may make it easier for normal, everyday users to protect the data on their phones. But as wonderful as technological innovation is, it sometimes creates unintended consequences — including legal ones. If Apple’s move leads us to abandon knowledge-based authentication altogether, we risk inadvertently undermining the legal rights we currently enjoy under the Fifth Amendment.
http://www.wired.com/opinion/2013/09/the-unexpected-result-of-fingerprint-authentication-that-you-cant-take-the-fifth/
Police don't have the right to answer a suspects incoming cell phone calls:
California - Consenting to a police search of your cellphone does not empower the officer to answer your incoming calls, the 9th Circuit ruled, suppressing evidence behind alien-smuggling charges.
Two border patrol agents had stopped Andres Lopez-Cruz near Jacumba, Calif., when they saw him driving a vehicle that they did not recognize as from the area.
While they questioned him, one agent asked about two cellphones he saw in the vehicle's center console. Lopez told the agent the phones belonged to his friend, and when the agent asked if he could search the phones, Lopez replied "yes."
Within a minute, a series of calls came into the phone, including one where the caller told the agent, who was pretending to be Lopez, the location of a house where two people were waiting to be picked up.
Following the caller's instructions, the agents picked up the two people who admitted to being in the United States illegally.
Lopez was then arrested and charged with conspiracy to transport illegal aliens, but a federal judge in San Diego suppressed the phone evidence.
"Lopez had possession of the phones and was using them," Judge Stephen Reinhardt wrote for a three-judge panel. "He certainly had the right to exclude others from using the phones. He also had a reasonable expectation of privacy in incoming calls and a reasonable expectation that the contents of those calls 'would remain free from governmental intrusion.'"
Prosecutors failed to persuade the judge that the agent's actions were akin to opening an incoming text message.
"The agent's impersonation of the intended recipient constitutes a meaningful difference in the method and scope of the search in contrast to merely pushing a button in order to view a text message," Reinhardt wrote. "The agent is not simply viewing the contents of the phone whether incoming text messages or stored messages, but instead, is actively impersonating the intended recipient."
Reinhardt and his colleagues also disagreed with the government that Lopez's consent to the search of the phones was the same as giving the agent a search warrant.
"As a general matter, consent to search a cell phone is insufficient to allow an agent to answer that phone; rather, specific consent to answer is necessary," Reinhardt wrote.
U.S. v. Andres Lopez-Cruz ruling:
http://www.courthousenews.com/2013/09/13/smuggle.pdf
Will the Supreme Court stop cops from reading your text messages?
The Supreme Court has been askedto consider two cases—United States v. Wurieand Riley v. California—which challenge the legality of warrantless cellphone searches under the Fourth Amendment. Police (and the Obama Administration) maintain that these searches are necessary, stopping suspects from deleting crucial information about drug deals and trafficking rings, but civil liberties advocates say that's no excuse for officers not to get a warrant.
In 2007, Boston police nabbedBrima Wurie for allegedly engaging in a cocaine deal at a convenience store. After he was booked at the station, the officers noticed that the phone they had seized from Wurie was receiving calls from a number identified as "my house." They then looked at his call log without a warrant and used that information, as well as a photo of what appeared to be his girlfriend, to find his home. They then searched his residence, obtaining additional evidence that was used to charge Warie. The US Court of Appeals for the First Circuit foundthat in this case, the officers violated the Fourth Amendment.
The second case, Riley v. California, deals with David Riley, who was stopped by officers because the tags on his car were expired—but his cellphone was then seized and searched, revealing that he participated in a 2009 gang shooting in San Diego. The California Supreme Court ruled that case was not a violation of the Fourth Amendment.
In which states are these cellphone searches legal?
It depends on rulings made by state and federal courts. Only Ohio, Florida, and the First Circuit Court (which includes Maine, Massachusetts, New Hampshire, and Rhode Island) have decisively ruled that police need to get a warrant before reading your text messages. The rest of the states have either not ruled on the issue (meaning police can probably conduct the searches) or explicitly allow them. For more information on which states outlaw this practice and why, check out this awesome interactive map put together by Forbes and the Electronic Freedom Foundation(blue states outlaw these warrantless searches, red states allow them, and yellow states haven't ruled.)
http://www.motherjones.com/politics/2013/09/police-cell-phone-search-warrant-supreme-court
Mobile Cellphone Forensics Guide Sept. 2013: http://csrc.nist.gov/publications/drafts/800-101-rev1/draft_sp800_101_r1.pdf
The FBI admits it compromised Freedom Hosting’s Tor servers:
An FBI agent admitted publicly for the first time that the agency had control of a Tor hidden service operator’s company, Freedom Hosting, for a period of time. It had been widely suspected that the FBI or another American law enforcement agency used a particular Tor exploit to gain control.
Eric Eoin Marques, a dual Irish-American citizen, is currently facing extradition from Ireland to the United States on four charges of child pornography. (On Thursday, the Irish judge in the case allowed Marques to file for a new bail motion.) Marques is accused of running Freedom Hosting, a major hidden services provider on the Tor network that was notorious for hosting child porn sites.
According to the Irish Independent, “Investigators claimed that after his initial arrest at the end of July Marques managed to get back on the server—which had been taken over by the FBI—and change the passwords.”
As Ars reported previously, security researchers found malicious JavaScript embedded in Freedom Hosting pages. The attack code sent the compromised information back to a server in Virginia.
"Because this payload does not download or execute any secondary backdoor or commands it's very likely that this is being operated by an LEA [law-enforcement agent] and not by blackhats," independent researcher Vlad Tsrklevich wrote on his own website last month.
http://arstechnica.com/tech-policy/2013/09/fbi-admits-what-we-all-suspected-it-compromised-freedom-hostings-tor-servers/