Mediaboss Marketing

One of the governments most powerful surveillance tools is scheduled to sunset in less than three weeks, and, for months, EFF has fought multiple legislative attempts to either extend or expand the NSAs spying powerswarning the public, Representatives, and Senators about circling bills that threaten Americans privacy. But the frenetic, deadline-pressure environment on Capitol Hill betrays the slow, years-long progress that EFF has made elsewhere: the courts.

2017 was a year for slow, procedural breakthroughs.

Here is an update on the lawsuits that EFF and other organizations have against broad NSA surveillance powers.

EFF began 2017 with significant leverage in our signature lawsuit against NSA surveillance, Jewel v. NSA. The year prior, U.S. District Court Judge Jeffrey White in Oakland, California, ordered the U.S. government to comply with EFFs discovery requestswhich are inquiries for evidence when lawsuits advance towards trial. In several lawsuits, this process can take months. In Jewel v. NSA, simply allowing the process to begin took eight years.

This year, EFF waited expectantly for the U.S. government to provide materials that could prove our plaintiff was subject to NSA surveillance through the agencys practice of tapping into the Internets backbone to collect traffic. But expectations were tempered. The U.S. governments lawyers missed the discovery deadline, asked for an extension, and were given a new, tentative deadline by the judge: August 9, 2017.

The U.S. governments lawyers missed that deadline, and asked for an extension, approved by the judge: October 9, 2017.

The U.S. governments lawyers missed that deadline, and asked for another extension, this time indefinitely.

Producing the materials, the government attorneys claimed, was simply too difficult to do on a timely basis.

[T]he volume of documents and electronic data that the government defendants must review for potentially responsive information is massive, the attorneys wrote.

EFF strongly opposed the governments request for an indefinite extension, and suggested a new deadline in January to comply with the courts previous orders. The judge agreed and put an end to the delay. The deadline is now January 22, 2018.

The basic premise of our questions is simple: we want information that explains whether the plaintiffs data was collected.

EFF hopes the government can follow the judges orders this time.

EFF filed an amicus brief this year asking the Supreme Court to overturn a lower courts ruling that allowed government agents to bypass the Fourth Amendment when searching through the electronic communications of U.S. persons.

The amicus was filed after a decision in Mohamud v. United States, a lawsuit that concerns the electronic communications of American citizen Mohamed Mohamud. In 2010, Mohamud was arrested for allegedly plotting to use a car bomb during a Christmas tree lighting ceremony in his home state of Oregon. It was only after Mohamuds conviction in U.S. v. Mohamud that he learned the government relied on evidence collected under Section 702 of the FISA Amendments Act for his prosecution.

Section 702 authorizes surveillance on non-U.S. persons not living in the United States. Mohamud fits neither of those categories. After learning that the evidence gathered against him was collected under Section 702, Mohamud challenged the use of this evidence, claiming that Section 702 was unconstitutional.

The U.S. Court of Appeals for the Ninth Circuit, which heard Mohamuds counter arguments, disagreed. In a disappointing opinion that scuttles constitutional rights, the court ruled that Americans whose communications are incidentally collected under Section 702 have no Fourth Amendment rights when those communications are searched and read by government agents.

Together with Center for Democracy & Technology and New Americas Open Technology Institute, EFF supported Mohamuds request that the U.S. Supreme Court reconsider the appellate courts opinion.

We urge the Supreme Court to review this case and Section 702, which subjects Americans to warrantless surveillance on an unknown scale, said EFF Staff Attorney Andrew Crocker. We have long advocated for reining in NSA mass surveillance, and the incidental collection of Americans private communications under Section 702 should be held unconstitutional once and for all.

EFF also filed an amicus brief in the case of U.S. v. Agron Hasbajrami, a lawsuit with striking similarities to U.S. v. Mohamud.

In 2011, Agron Hasbajrami was arrested at JFK Airport before a flight to Pakistan for allegedly providing material support to terrorists. In 2013, Hasbajrami pleaded guilty to the charges.

Hasbajramis court case was set for July 2015. Before going to trial, Hasbajrami pleaded guilty a second time.

But then something familiar happened. Much like Mohamud, Hasbajrami learned that the evidence used to charge him was collected under Section 702. And, just like Mohamud, Hasbajrami is a U.S. person living inside the United States. He is a resident of Brooklyn, New York.

Hasbajrami was allowed to request to withdraw his plea, and his lawyers argued to remove the evidence against him from court. Hasbajramis judge denied the request, and the case was moved to the Second Circuit Court of Appeals.

EFF and ACLU together urged the Second Circuit Court of Appeals to make the right decision. There is opportunity for the appellate court to protect the constitutional rights of all Americans, defending their privacy and enshrining their security from warrantless search. We plead to the court to not make the same misguided decision made in Mohamud v. U.S.

The Wikimedia Foundation scored an enormous victory this year when an appeals court allowed the nonprofits challenge to NSA surveillance to move forward, reversing an earlier decision that threw the lawsuit out.

Represented by the ACLU, Wikimedia sued the NSA in 2015 for the use of its upstream program, the same program that EFF is suing the NSA over in Jewel v. NSA. Wikimedia argued that the program infringed both the First Amendment and Fourth Amendment.

Originally filed in the U.S. District Court for the District of Maryland, Wikimedias lawsuit was thrown out because the court ruled that Wikimedia could not prove it had suffered harm due to NSA surveillance. This ability to prove that a plaintiff was actually wronged by what they allege is called standing, and the court ruled Wikimediaand multiple other plaintiffslacked it.

But upon appellate review, the Fourth Circuit Court of Appeals approved standing for Wikimedia in May 2017. However, the appellate court denied standing for other plaintiffs in the lawsuit, which included Human Rights Watch, The Nation Magazine, The Rutherford Institute, Amnesty International USA and more.

This victory on a small issuestandingis an enormous victory in continuing the fight against NSA surveillance.

The judicial system can be slow and, at times, frustrating. And while victories in things like discovery and standing may seem only procedural, they are the first footholds into future successes.

EFF will continue its challenges against NSA surveillance in the courts, and we are proud to stand by our partners who do the same.

This article is part of our Year In Review series.Read other articles about the fight for digital rights in 2017.

Go here to read the rest:
Court Challenges to NSA Surveillance: 2017 in Review ...

Since last night, the debate over how to reauthorize certain NSA surveillance authorities has seen a whirlwind of activity, culminating in the major news that the House Rules Committee postponed a vote today to potentially expand NSA spying powers.

As we wrote yesterday:

"According to reports published Tuesday evening by Politico, a group of surveillance hawks in the House of Representatives is trying to ram through a bill that would extend mass surveillance by the National Security Agency. We expect a vote to happen on the House floor as early as [December 20], which means there are only a few hours to rally opposition.

The backers of this bill are attempting to rush a vote on a bill that weve criticized for failing to secure Americans privacy. If this bill passes, we will miss the opportunity to prevent the FBI from searching through NSA databases for American communications without a warrant. Worse, nothing will be done to rein in the massive, unconstitutional surveillance of the NSA on Americans or innocent technology users worldwide."

With the House Rules Committee's postponed vote, this crisis is currently avoided. But the fight isnt over.

We do not know the exact steps House Permanent Select Committee on Intelligence Chairman Devin Nunes, who authored the bill (H.R. 4478), will take this week. We do not know if other bills to reauthorize Section 702, originally enacted as part of the FISA Amendments Actthe NSAs powerful surveillance authority scheduled to sunset in less than two weekswill be introduced for a House floor vote.

But we do know that our voices are being heard. And we still know that we stand against attempts to expand NSA surveillance by hitching it to separate efforts to fund the government, a strategy that some members of Congress have considered.

As we wrote previously:

"[It] is completely unacceptable for Congressional leadership to shove Section 702 reauthorization into an end-of-year funding bill. This program invades the privacy of an untold number of Americans. Before it can be reauthorized, Congress must undertake a transparent and deliberative process to consider the impactthis NSA surveillance has on Americans privacy."

You can speak up. Call your representatives and let them know that it is unacceptable to attach H.R. 4478or S. 2010to any year-end spending bills. Attempts to sneak expanded NSA surveillance powers into entirely separate legislation are attempts to rob surveillance reform of its own needed debate. This hurts the American people and it removes the opportunity for open, transparent discussion.

Call today. Your efforts are working.

Call Now

Call Your Representatives

Visit link:
Efforts to Expand NSA Spying Trip Up | Electronic Frontier ...

The Wall Street Journal reports there has been a new breach at the National Security Agency via one of the agency's contractors. NSA Handout/Getty Images hide caption

The Wall Street Journal reports there has been a new breach at the National Security Agency via one of the agency's contractors.

Russian hackers stole top secret cybertools from a National Security Agency contractor in yet another embarrassing compromise for U.S. spy agencies, the Wall Street Journal reported Thursday.

The NSA contractor is believed to have taken highly sensitive official software home to a personal computer in 2015. His machine was running a Russian security program made by Kaspersky Labs, which can be exploited by Russia's intelligence agencies, the Journal reported.

The NSA declined to comment.

Members of Congress, however, slammed the spy agency for the latest in a series of breaches blamed not on its own employees but on the vendors it uses in place of or in addition to them.

At least three other contractors Reality Winner, Hal Martin and Edward Snowden also have been accused of hoarding or releasing NSA's secrets. An online entity called the "Shadow Brokers" also has tried to auction what it called software stolen from the NSA.

Nebraska's Republican Sen. Ben Sasse said he was tired of seeing the same headlines about failures of NSA's information security.

"The men and women of the U.S. intelligence community are patriots, but the NSA needs to get its head out of the sand and solve its contractor problem," Sasse said. "Russia is a clear adversary in cyberspace, and we can't afford these self-inflicted injuries."

Intelligence officials often stress that the NSA and its sibling agencies have a "layered" cyberdefense that is larger than any single tool or system. So the failure reported by the Journal might not amount to the loss of what intelligence workers might call "the keys to the kingdom."

Plus spy agency bosses have previously also said they would not run the Russian-made security software from Kaspersky Labs that the Journal said was associated with the loss of the hacking tools. In fact, Acting Homeland Security Secretary Elaine Duke said in September that she was banning the entire federal government from using Kaspersky.

Kaspersky Labs has millions of users around the world and is among NPR's corporate underwriters. It has denied that it is a cat's-paw for Russia's intelligence agencies or any other government.

New Hampshire Democratic Sen. Jeanne Shaheen said Thursday that the widespread use of Kaspersky software was no excuse for what she called the slow action by the U.S. intelligence community and the broader federal government.

"This development should serve as a stark warning, not just to the federal government but to states, local governments and the American public, of the serious dangers of using Kaspersky software," Shaheen said.

"The strong ties between Kaspersky Lab and the Kremlin are extremely alarming and have been well-documented for some time. It's astounding and deeply disturbing that the Russian government continues to have this tool at their disposal to harm the United States."

Link:
Report: Hackers Stole NSA Cybertools In Another Breach ... - NPR

Satoshi Nakamoto

The creator of Bitcoin, Satoshi Nakamoto, is the worlds most elusive billionaire (worth more than $7B as of November 2017). Very few people outside of the Department of Homeland Security know Satoshis real name. In fact, DHS will not publicly confirm that even THEY know the billionaires identity. Satoshi has taken great care to keep his identity secret employing the latest encryption and obfuscation methods in his communications. Despite these efforts (according to my source at the DHS) Satoshi Nakamoto gave investigators the only tool they needed to find himhis own words.

Using stylometry one is able to compare texts to determine authorship of a particular work. Throughout the years Satoshi wrote thousands of posts and emails and most of which are publicly available. According to my source, the NSA was able to the use the writer invariant method of stylometry to compare Satoshis known writings with trillions of writing samples from people across the globe. By taking Satoshis texts and finding the 50 most common words, the NSA was able to break down his text into 5,000 word chunks and analyse each to find the frequency of those 50 words. This would result in a unique 50-number identifier for each chunk. The NSA then placed each of these numbers into a 50-dimensional space and flatten them into a plane using principal components analysis. The result is a fingerprint for anything written by Satoshi that could easily be compared to any other writing.

The NSA then took bulk emails and texts collected from their mass surveillance efforts. First through PRISM (a court-approved front-door access to Google and Yahoo user accounts) and then through MUSCULAR (where the NSA copies the data flows across fiber optic cables that carry information among the data centers of Google, Yahoo, Amazon, and Facebook) the NSA was able to place trillions of writings from more than a billion people in the same plane as Satoshis writings to find his true identity. The effort took less than a month and resulted in positive match.

This wasnt the first time efforts had been made to unearth the identity of Satoshi using stylometry. Various reporters and members of the Bitcoin community have used various open source stylometry tools to attempt to uncover the true identity of Bitcoins creator. Their problem? They didnt have access to trillions of emails from a billion people and they werent able to plug them into a supercomputer. The NSAs proprietary software, bulk email collection ability, and computing power made it possible for them to conclusively identify Satoshi.

But why? Why go to so much trouble to identify Satoshi? My source tells me that the Obama administration was concerned that Satoshi was an agent of Russia or Chinathat Bitcoin might be weaponized against us in the future. Knowing the source would help the administration understand their motives. As far as I can tell Satoshi hasnt violated any laws and I have no idea if the NSA determined he was an agent of Russia or China or just a Japanese crypto hacker.

The moral of the story? You cant hide on the internet anymore. Your sentence structure and word use is MORE unique than your own fingerprint. If an organization, like the NSA, wants to find you they will.

Sources: Many readers have asked that I provide third party citations to prove the NSA identified Satoshi using stylometry. Unfortunately, I cannot as I havent read this anywhere elsehence the reason I wrote this post. Im not trying to convince the reader of anything, instead my goal is to share the information I received and make the reader aware of the possibility that the NSA can easily determine the authorship of any email through the use of their various sources, methods, and resources.

Identity: Many readers have asked who Satoshi is and Ive made it clear that information wasnt shared with me. Based on my conversation I got the impression (never confirmed) that he might have been more than one person. This made me think that perhaps the Obama administration was right that Bitcoin was created by a state actor. One person commented on this post that Satoshi was actually four people. Again, I have no idea.

How to Protect Yourself: There is a project on Github you can join to help create a way to write without fingerprints: https://github.com/psal/anonymouth

Read this article:
How the NSA identified Satoshi Nakamoto - Medium

A series of leaks has rocked the National Security Agency over the past few years, resulting in digital spy tools strewn across the web that have caused real damage both inside and outside the agency. Many of the breaches have been relatively simple to carry out, often by contractors like the whistleblower Edward Snowden, who employed just a USB drive and some chutzpah. But the most recently revealed breach, which resulted in state secrets reportedly being stolen by Russian spies, was caused by an NSA employee who pleaded guilty Friday to bringing classified information to his home, exposing it in the process. And all, reportedly, to update his resume.

The Justice Department Friday announced that Nghia Hoang Pho, a 67-year-old from Ellicott City, Maryland, has admitted to willful retention of national defense information. He'll face up to 10 years in prison, but is free until his sentencing in early April. Pho is a naturalized United States citizen originally from Vietnam. Pho illegally mishandled classified information in spite of being an agent in the NSA's elite Tailored Access Operations foreign hacking group (now called Computer Network Operations) from 2006 to 2016. Though it's somewhat astonishing that someone with his position and training would cause such a basic breach, Pho brought classified data and paper documents to his home between 2010 and 2015. The New York Times, which originally reported on Pho's case before his identity was known, notes that he seems to have been charged in March 2015.

"In connection with his employment, Pho held various security clearances and had access to national defense and classified information. Pho also worked on highly classified, specialized projects," the DoJ said in a statement on Friday. "Pho removed and retained US government documents and writings that contained national defense information, including information classified as Top Secret and Sensitive Compartmented Information."

'Classified data is highly sensitive and shouldn't be able to be removed. It shows that TAO didn't have good controls over that data.'

David Kennedy, TrustedSec

That information didn't stay on Pho's computer. Instead, Pho appears to be the NSA employee from whom Russia stole valuable data, by compromising the Kaspersky antivirus software on a then-unidentified NSA employee's personal computer. Because antivirus software has deep and far-reaching permissions, Russian intelligence used its hooks into Kaspersky to lift files, and any number of secrets. Kaspersky has repeatedly denied any association with the Russian government.

Pho stands out among recent NSA leak culprits in that he specifically worked as a developer for TAO, which would have brought him into contact with a diverse array of sensitive NSA data, systems, and materials. One would also have thought an elite programmer focused on developing advanced hacking tools would know better than to put classified data at risk by transporting it to his house.

"It's not a mistake that's supposed to be common," says David Kennedy, the CEO of TrustedSec, who formerly worked at the NSA and with the Marine Corps' signal intelligence unit. "Lax practices, for sure. Classified data is highly sensitive and shouldn't be able to be removed. It shows that TAO didn't have good controls over that data."

The fact that Pho was a developer is significant, though, says Jake Williams, founder of the security firm Rendition Infosec, who formerly worked for TAO at the NSA (a fact that wasn't public until the NSA leakers known as the Shadow Brokers revealed it in April).

"CNO developers are usually experts in a very narrow field and often don't really understand how their tools are used in operations, so his lack of operations security is not as surprising as it should be." Williams says. "There's also an intense pressure to get the mission done, so the idea that a developer would take work home is not at all surprising."

Apparently, though, Pho wasn't focused entirely on work. The New York Times reports that the TAO developer brought home the materials so he could update his resume. The case documents don't give much indication of what types of data and materials Pho took and left on his personal computer. The frantic investigation into valuable NSA tools stolen by Russian spies, though, indicates that Pho may have exposed more than just resume materials.

Other NSA leaks have come from contractor Reality Winner, who sent classified information to The Intercept in September, and Harold Martin, another contractor, who was charged in October 2016 for bringing terabytes of NSA data to his house, like Pho.

Pho stands out, though, both for the apparent audaciousness of his actions, and his affiliation with TAO, a highly regarded unit within the world's most powerful intelligence apparatus. If someone like that can accidentally cause a critical NSA breach, there's no telling who else might have as well.

Go here to read the rest:
Here's the NSA Agent Who Inexplicably Exposed Critical ...