Mediaboss Marketing

New York Times

Post-Snowden Efforts to Secure NSA Data Fell Short, Report Says New York Times The N.S.A. failed to consistently lock racks of servers storing highly classified data and to secure data center machine rooms, according to the report, an investigation by the Defense Department's inspector general completed in 2016. The report was ...

See original here:
Post-Snowden Efforts to Secure NSA Data Fell Short, Report Says - New York Times

An unknown U.S. technology company secretly refused to comply with the National Security Agencys most cherished surveillance authority, a newly declassified document shows.

Instead, the companynot identified in a highly unusual order from the secret Foreign Intelligence Surveillance Courttold the NSA, in effect: get a warrant or get lost.

Its the first known time that a company did not comply with the NSAs exercise of its powers under a highly controversial legal authority known as Section 702. Section 702, which is the subject of a white-knuckle fight in Congress over its reauthorization before expiration in December, is the legal underpinning of the NSAs infamous PRISM program, which takes vast quantities of user communications from participating companies.

According to the heavily redacted court ruling, the unnamed company appears to have resisted PRISM, on the grounds that cooperation would implicate its own First and Fourth Amendment rights. It told the worlds most powerful surveillance agency to come back with a warrant.

A warrant is necessary, the company contended, for all surveillance conducted on the servers of a U.S.-based provider, regardless of whether the target of surveillance is a U.S. person or a non-U.S. person, and regardless of where that person is located when they use the service, because the communications of U.S. persons will be collected as part of such surveillance.

In other words, the company argued, the NSAs Section 702 powers inevitably violate the Fourth Amendment, since industrial-strength surveillance ostensibly focused on foreigners will inevitably collect communications from Americans. The companys solution: a warrant, please.

The contention so alarmed Barack Obama administrations that it asked the Court to order the companys compliance the first time, surveillance experts said, the government is known to have clashed with a service provider over an assertion of its Section 702 powers.

Noncompliance with secret, warrantless government surveillance has a real price. The only other confirmed time in which a provider has resisted the NSA came in 2007, when Yahoo rebuffed the governments demand for customer data under the precursor to Section 702, known as the Protect America Act. Documents declassified in 2014 showed that the government threatened Yahoo with a $250,000 for every day of noncompliance. Yahoo ultimately began cooperation with PRISM in March 2008 after losing secret-court appeals.

The FISA Court did not view the 2014 case any more favorably.

Judge Rosemary Collyer sided with the NSA on every particular. Collyer found that the NSAs internal procedures about focusing its 702 collection targets on non-Americans reasonably believed to be overseas despite the fact that Americans communications data is nevertheless incidentally collected in the process obviated the companys resistance.

Collyer called the tech firms fears of unreasonable surveillance arguendo, writing, the mere fact that there is some potential for error is not a sufficient reason to invalidate the surveillance. Without a showing of misconduct by the government, she found, a presumption of regularity applies. That would be a hard burden for a tech firm to meet, considering the issue was secret surveillance.

However, her FISA Court colleague John Bates had already found in 2011 that the NSA had surpassed the limits of its mass data collection as it had described the procedures to the court. And in 2016, two years after the now-revealed surveillance fight, the NSA revealed to the court that it had violated the revamped post-2011 rules it agreed to with the court. The judge who signed off on modified rules for 702 collection was, ironically, Collyer, in a ruling savaged by independent journalist Marcy Wheeler.

Get The Beast In Your Inbox!

Start and finish your day with the top stories from The Daily Beast.

A speedy, smart summary of all the news you need to know (and nothing you don't).

Subscribe

Thank You!

You are now subscribed to the Daily Digest and Cheat Sheet. We will not share your email with anyone for any reason.

Ashley Gorski, an attorney with the ACLU which acquired the document in a freedom-of-information lawsuit took issue with Collyers fateful 2014 finding that the NSA was owed the benefit of the doubt.

Given the litany of NSA compliance violations known to the [FISA Court] even back in 2014, the courts insistence that a presumption of regularity should apply to the NSAs spying is deeply problematic, Gorski said.

This challenge to the governments warrantless spying under Section 702 underscores just how controversial this mass surveillance program really is, and why it must be significantly reformed. The anonymous tech company that brought this challenge should be commended for defending its users privacy, and other companies must do the same by fighting for critical reforms in the courts and in Congress.

See the article here:
Mystery Company Told NSA Spies: Get a Warrant or Get Lost - Daily Beast

Do we have a voting system we can trust, that is accurate, secure and just? This question, raised by the 2016 multi-state recount effort, is roaring back at us louder than ever after the Intercepts publication last week of a leaked National Security Agency report documenting with unprecedented detail a hacking scheme targeting components of the U.S. voting system.

The NSA report shows how the hack first used a spear phishing attack in August on the employees of a company producing voter registration software. Information from that hack was then used in a second phishing email about a week before the election targeting over 100 government employees, presumably local election officials, as the Intercept put it, to trick [them] into opening Microsoft Word documents invisibly tainted with potent malware that could give hackers full control over the infected computers.

Some cybersecurity experts presume the hack was exploratory rather than an actual attack, given the short time until the election. Still, this remains unproven, and the leaked NSA report raises disturbing questions. In particular, how far did this particular hack penetrate into the election system? Were there other successful hacks into the 2016 election? And can we trust our election results going forward?

Todays voting system is a sprawling network of hardware, software and local election officials that integrate voter registration, electronic voting, tabulating vote totals, and reporting these results to precinct, county, state and national centers that compile final vote results.

As voting-security expert Alex Halderman stated in the Intercept article, I would worry about whether an attacker who could compromise the poll book vendor might be able to use software updates ... to also infect the election management system that programs the voting machines themselves. Once you do that, you can cause the voting machine to create fraudulent counts.

The bottom line is this: The voting machines and software must be examined in order to conclude that the vote has not been hacked, and to protect our elections going forward. This was the demand made by the 2016 recount effort. The imperative to do so now is stronger than ever. In fact, the universe of investigation should be expanded, based on this report, to include hardware and software involved in vote tabulation and reporting, as well as voting machines themselves.

The integrity of our elections is paramount. The issue transcends partisan politics. We are all harmed by corruption of our elections and the cynicism it breeds, contributing to the loss of confidence in our political system expressed by 90 percent of Americans according to an AP/NORC poll last year. Hacking is just one part of the problem. Elections are likewise degraded by racially-biased voter suppression, the control of big money and big media over our elections, the suppression of independent and third party voices in debates and media and more. A vote we can believe in is the bedrock foundation of a functioning democracy, as Judge Mark Goldsmith noted in the initial ruling to proceed with the Michigan recount. That bedrock has gone missing.

The urgent need to respond to the NSA revelations of election hacking must not be lost beneath the outrage and political controversy over alleged Russian responsibility for the attack. Fortunately, we don't need to settle the debate over who hacked into our election system in order to proceed urgently to safeguard our elections. In fact, we must protect our elections from all potential interference, whether from foreign state actors, domestic political partisans, gangster networks, lone wolves or private corporations, including companies who control the voting software.

In any event, identifying and punishing the perpetrator/s will not make our future votes secure. Truly solving the problem of hacking may well require the resumption of a long-stalled effort to create an international treaty on cyberwarfare. Perhaps, as Microsoft President Brad Smith suggests, its time for a Geneva Convention on Cybersecurity.

In the meantime, future, and no doubt current, hacking into our election system can and must be stopped by adopting common sense safeguards long advocated by the election integrity movement and advanced by the recount effort. We must end the use of hack-friendly, error-prone electronic voting machines, and revert to hand-marked paper ballots, ideally counted by hand or by optical scanners carefully monitored by cross-checking against paper ballots (a process known as statistical audits). Hand recounts of the paper ballots should be readily available whenever elections are very close, or when legitimate concerns are raised about hacking, corruption or error at any level of the system. These safeguards must be in place in time to secure the 2018 elections.

A vote we can trust must not only be accurate and secure. It must also be just and true to the promise of democracy. That means we must guarantee the unimpeded right to vote and end racist voter suppression schemes that cost millions of Americans the right to vote, including voter ID laws, felon disenfranchisement, and Interstate Crosscheck. It means ending discrimination against alternative parties and independents in getting on the ballot, in the debates and in the media. It means getting big money out of our elections, and enacting improved voting systems like ranked choice voting and proportional representation that give voters the freedom to vote their values instead of their fears. Fixing our broken, unjust election system is no less urgent than fixing hackable electronic voting.

In this age of unprecedented converging crises of our economy, ecology, peace and democracy, we cannot wait to build the America we deserve. To do so, we need a voting system we can trust.

Dr. Stein was the 2016 Green Party Presidential candidate who initiated a multi-state recount effort backed by leading election integrity experts, largely due to concerns about the security of our voting system that are extremely topical in light of recent revelations.

Read the original post:
OPINION: Leaked NSA report rings alarm sounded by 2016 election recount - The Hill (blog)

The Hill

Foreign investigators join NSA in blaming North Korea for Wannacry: report The Hill The BBC is reporting that British-lead international investigation into the origins of Wanna Cry has come to the same conclusions as the NSA and a number of private firms: North Korea was behind the attacks. The Wanna Cry ransomware held hundreds of ... NSA ties North Korea to WannaCry attacks: 5 things to knowBecker's Hospital Review NSA points to North Korea as culprit in WannaCry ransomware ...The Hankyoreh NHS cyber-attack was 'launched from North Korea'BBC News all 46 news articles »

Continue reading here:
Foreign investigators join NSA in blaming North Korea for Wannacry: report - The Hill

A recent National Security Agency memo documents a phone call in whichU.S. President Donald Trump pressures agency chief Admiral Mike Rogers to state publicly that there is no evidence of collusion between his campaign and Russia, say reports.

The memo was written by Rick Ledgett, the former deputy director of the NSA, sources familiar with the memo told The Wall Street Journal. Ledgett stepped down from his job this spring.

The memo said Trump questioned the American intelligence community findings that Russia interfered in the 2016 election. American intelligence agencies issued a report early this year that found Russian intelligence agencies hacked the countrys political parties and worked to sway the election to Trump.

Daily Emails and Alerts- Get the best of Newsweek delivered to your inbox

The Russia investigations special counsel Robert Mueller plans to interview Ledgett as part of his investigation into Russias efforts to manipulate the 2016 vote, a source toldWSJ. Mueller is also probing whether Trump himself obstructed justice when he fired former FBI Director James Comey on May 9, according to TheWashington Post.

A memo drawn up by a National Security Agency deputy reportedly records Trump pressuring NSA Director Mike Rogers to influence Russia investigation. Joshua Roberts/Reuters

They made up a phony collusion with the Russians story, found zero proof, so now they go for obstruction of justice on the phony story. Nice, Trump tweeted Thursday. You are witnessing the single greatest WITCH HUNT in American political historyled by some very bad and conflicted people! he wrote.

Read more: Trump asked intelligence chiefs to intervene in Comeys Russia investigation: report

Comey testified a week ago that Trump had pressured him to let go an investigation into fired National Security Adviser Michael Flynn after Flynn misled Vice President Mike Pence about contacthe had had with Russian officials.

Comey also testified that Trump asked him to deny publicly that the president was being investigated by the FBI. Comey said that at the time Trump was not being investigated, but he demurred from Trumps request because he would have to correct his statement publiclyif the facts changed.

On March 20, Comey testified that his investigation into Russian interference was looking at whether Trumps campaign colluded with the foreign power. British intelligence agencies first picked up contactbetween Trumps campaign members and associates in 2015.

Two current and two former officials told The Washington Post that in March Trump asked Rogers and Director of National Intelligence Daniel Coats to publicly deny the existence of any evidence of collusion between his campaign and Russia during the 2016 election.

During testimony to the Senate intelligence committee on June 7, neither Coats nor Rogers would answer many specific questions, but both said they did not feel pressure. Coats testified that he never felt pressure to intervene in the Russia investigation.

In the three-plus years that I have been the director of the National Security Agency, to the best of my recollection, I have never been directed to do anything I believed to be illegal, immoral, unethical or inappropriate, Rogers said. And to the best of my recollection...I do not recall ever feeling pressured to do so.

Visit link:
Trump Tried to Convince NSA Chief to Absolve Him of Any Russian Collusion: Report - Newsweek