Mediaboss Marketing

The National Security Agency is scaling back the way it spies on some communications over the Internet.

The NSA says it discovered what it called "lapses" in compliance with U.S. law.

They're called "about" communications: The NSA not only watches messages traveling to and from a foreign target, but those that mention one.

That can mean the NSA sometimes sweeps up data from Americans without a warrant. In the past, officials said the spy agency was still mindful of citizens' privacy.

But now NSA says it has discovered "several inadvertent compliance lapses," which it reported to Congress and a secret court that oversees intelligence gathering.

There aren't many more details, but the NSA now says it will, quote, "stop the practice to reduce the chance that it would acquire communications of U.S. persons or others who are not in direct contact with a foreign intelligence target."

Here's the full statement from the NSA:

NSA Stops Certain Foreign Intelligence Collection Activities Under Section 702

The National Security Agency is instituting several changes in the way it collects information under Section 702 of the Foreign Intelligence Surveillance Act.

Section 702, set to expire at the end of this year, allows the Intelligence Community to conduct surveillance on only specific foreign targets located outside the United States to collect foreign intelligence, including intelligence needed in the fight against international terrorism and cyber threats.

NSA will no longer collect certain internet communications that merely mention a foreign intelligence target. This information is referred to in the Intelligence Community as "about" communications in Section 702 "upstream" internet surveillance. Instead, NSA will limit such collection to internet communications that are sent directly to or from a foreign target.

Even though NSA does not have the ability at this time to stop collecting "about" information without losing some other important data, the Agency will stop the practice to reduce the chance that it would acquire communications of U.S. persons or others who are not in direct contact with a foreign intelligence target.

Finally, even though the Agency was legally allowed to retain such "about" information previously collected under Section 702, the NSA will delete the vast majority of its upstream internet data to further protect the privacy of U.S. person communications.

The changes in policy followed an in-house review of Section 702 activities in which NSA discovered several inadvertent compliance lapses.

NSA self-reported the incidents to both Congress and the FISC, as it is required to do. Following these reports, the FISC issued two extensions as NSA worked to fix the problems before the government submitted a new application for continued Section 702 certification. The FISC recently approved the changes after an extensive review.

The Agency's efforts are part of its commitment to continuous improvement as we work to keep the nation safe. NSA has a solemn responsibility and duty to do our work exactly right while carrying out our critical mission.

Go here to see the original:
NSA To Limit Some Collection Of Internet Communication - KUCB

Mashable

Snowden takes a bow for whistleblowing after NSA pulls back surveillance Mashable Before Friday, the NSA had a policy of sucking up texts and emails exchanged between Americans and people outside the U.S., with impunity, if those communications even mentioned non-American targets of NSA surveillance. The agency did not require a ...

Go here to read the rest:
Snowden takes a bow for whistleblowing after NSA pulls back surveillance - Mashable

New York Times

NSA Halts Collection of Americans' Emails About Foreign Targets New York Times Senator Ron Wyden, an Oregon Democrat who has long been a critic of N.S.A. surveillance, said that he would introduce legislation codifying the new limit. The law that authorizes the program, the FISA Amendments Act, is up for renewal at the end of 2017. NSA to stop collecting some internet communicationsCNBC NSA ends controversial collection of Americans' emails that mention foreign targetsTechCrunch The NSA will stop reading American emails that mention intelligence targetsThe Verge CNET -The Atlantic -KUAR all 40 news articles »

View post:
NSA Halts Collection of Americans' Emails About Foreign Targets - New York Times

There's something going on inside the intelligence communities in at least two countries, and we have no idea what it is.

Consider these three data points. One: someone, probably a country's intelligence organization, is dumping massive amounts of cyberattack tools belonging to the NSA onto the Internet. Two: someone else, or maybe the same someone, is doing the same thing to the CIA.

Three: in March, NSA Deputy Director Richard Ledgett describedhow the NSA penetrated the computer networks of a Russian intelligence agency and was able to monitor them as they attacked the U.S. State Department in 2014. Even more explicitly, a U.S.allymy guess is the U.K.was not only hacking the Russian intelligence agency's computers, but also the surveillance cameras inside their building. "They [the U.S. ally] monitored the [Russian] hackers as they maneuvered inside the U.S. systems and as they walked in and out of the workspace, and were able to see faces, the officials said."

Countries don't often reveal intelligence capabilities: "sources and methods." Because it gives their adversaries important information about what to fix, it's a deliberate decision done with good reason. And it's not just the target country who learns from a reveal. When the U.S. announces that it can see through the cameras inside the buildings of Russia's cyber warriors, other countries immediately check the security of their own cameras.

With all this in mind, let's talk about the recent leaks at NSA and the CIA.

Last year, a previously unknown group called the Shadow Brokers started releasing NSA hacking tools and documents from about three years ago. They continued to do so this yearfive sets of files in alland have implied that more classified documents are to come. We don't know how they got the files. When the Shadow Brokers first emerged, the general consensus was that someone had found and hacked an external NSA staging server. These are third-party computers that the NSA's TAO hackers use to launch attacks from. Those servers are necessarily stocked with TAO attack tools. This matched the leaks, which included a "script" directory and working attack notes. We're not sure if someone inside the NSA made a mistake that left these files exposed, or if the hackers that found the cache got lucky.

That explanation stopped making sense after the latest Shadow Brokers release, which included attack tools against Windows, PowerPoint presentations, and operational notesdocuments that are definitely not going to be on an external NSA staging server. A credible theory, which I first heard from Nicholas Weaver, is that the Shadow Brokers are publishing NSA data from multiple sources. The first leaks were from an external staging server, but the more recent leaks are from inside the NSA itself.

So what happened? Did someone inside the NSA accidentally mount the wrong server on some external network? That's possible, but seems very unlikely. Did someone hack the NSA itself? Could there be a mole inside the NSA, as Kevin Poulsen speculated?

If it is a mole, my guess is that he's already been arrested. There are enough individualities in the files to pinpoint exactly where and when they came from. Surely the NSA knows who could have taken the files. No country would burn a mole working for it by publishing what he delivered. Intelligence agencies know that if they betray a source this severely, they'll never get another one.

That points to two options. The first is that the files came from Hal Martin. He's the NSA contractor who was arrested in August for hoarding agency secrets in his house for two years. He can't be the publisher, because the Shadow Brokers are in business even though he is in prison. But maybe the leaker got the documents from his stash: either because Martin gave the documents to them or because he himself was hacked. The dates line up, so it's theoretically possible, but the contents of the documents speak to someone with a different sort of access. There's also nothing in the public indictment against Martin that speaks to his selling secrets to a foreign power, and I think it's exactly the sort of thing that the NSA would leak. But maybe I'm wrong about all of this; Occam's Razor suggests that it's him.

The other option is a mysterious second NSA leak of cyberattack tools. The only thing I have ever heard about this is from a Washington Post story about Martin: "But there was a second, previously undisclosed breach of cybertools, discovered in the summer of 2015, which was also carried out by a TAO employee, one official said. That individual also has been arrested, but his case has not been made public. The individual is not thought to have shared the material with another country, the official said." But "not thought to have" is not the same as not having done so.

On the other hand, it's possible that someone penetrated the internal NSA network. We've already seen NSA tools that can do that kind of thing to other networks. That would be huge, and explain why there were calls to fire NSA Director Mike Rogerslast year.

The CIA leak is both similar and different. It consists of a series of attack tools from about a year ago. The most educated guess amongst people who know stuff is that the data is from an almost-certainly air-gapped internal development wikia Confluence serverand either someone on the inside was somehow coerced into giving up a copy of it, or someone on the outside hacked into the CIA and got themselves a copy. They turned the documents over to WikiLeaks, which continues to publish it.

This is also a really big deal, and hugely damaging for the CIA. Those tools were new, and they're impressive. I have been told that the CIA is desperately trying to hire coders to replace what was lost.

For both of these leaks, one big question is attribution: who did this? A whistleblower wouldn't sit on attack tools for years before publishing. A whistleblower would act more like Snowden or Manning, publishing immediatelyand publishing documents that discuss what the U.S. is doing to whom, not simply a bunch of attack tools. It just doesn't make sense. Neither does random hackers. Or cybercriminals. I think it's being done by a country or countries.

My guess was, and is still, Russia in both cases. Here's my reasoning. Whoever got this information years before and is leaking it now has to 1) be capable of hacking the NSA and/or the CIA, and 2) willing to publish it all. Countries like Israel and France are certainly capable, but wouldn't ever publish. Country like North Korea or Iran probably aren't capable. The list of countries who fit both criteria is small: Russia, China, and ... and ... and I'm out of ideas. And China is currently trying to make nice with the US.

Last August, Edward Snowden guessed Russia, too.

So Russiaor someone elsesteals these secrets, and presumably uses themto both defend its own networks and hack other countries while deflecting blame for a couple of years. For it to publish now means that the intelligence value of the information is now lower than the embarrassment value to the NSA and CIA. This could be because the US figured out that its tools were hacked, and maybe even by whom; which would make the tools less valuable against U.S. government targets, although still valuable against third parties.

The message that comes with publishing seems clear to me: "We are so deep into your business that we don't care if we burn these few-years-old capabilities, as well as the fact that we have them. There's just nothing you can do about it." It's bragging.

Which is exactly the same thing Ledgett is doing to the Russians. Maybe the capabilities he talked about are long gone, so there's nothing lost in exposing sources and methods. Or maybe he too is bragging: saying to the Russians that he doesn't care if they know. He's certainly bragging to every other country that is paying attention to his remarks. (He may be bluffing, of course, hoping to convince others that the U.S. has intelligence capabilities it doesn't.)

What happens when intelligence agencies go to war with each other and don't tell the rest of us? I think there's something going on between the US and Russia that the public is just seeing pieces of. We have no idea why, or where it will go next, and can only speculate.

Original post:
Who Is Publishing NSA and CIA Secrets, and Why? - Lawfare - Lawfare (blog)

While the Moscow Board of Adjustment approved New Saint Andrews College's conditional use permit application to allow the college to expand into the former Cadillac Jack's building on North Main Street, an appeal to the board's decision could be imminent.

Moscow's assistant community development director, Mike Ray, said his office has already fielded a number of calls and emails asking about the appeal process, and he anticipates an appeal will be made. The appeal period, which starts Tuesday, will last 10 days, meaning any objections must be filed by May 11.

Ray said the Board of Adjustment will meet at 5:30 p.m. Monday in the council chambers at City Hall to approve a relevant criteria and standards document, which will reflect the board's Tuesday decision, and finalize the conditional use permit's approval. Afterward, appeals can be filed by anyone.

To appeal, the appellant is required to submit a letter to the city stating his or her reasons for the appeal and to pay a $220 appeal fee, Ray said.

The City Council would then address the appeal. No new public testimony would be allowed at that time except for comments from the appellant, Ray said. The councilors would also refer to Tuesday night's Board of Adjustment meeting for information. Ray said the City Council would be allowed to sustain the Board of Adjustment's decision, reverse the board's decision or remand the decision back to the Board of Adjustment.

The CUP would allow NSA to convert the former CJ's building at 112 N. Main St. into a music conservatory. It would be allowed a maximum enrollment of 300 full-time equivalent students and 44 full-time equivalent faculty and staff. The facility would include five classrooms/studios, nine offices, a multi-purpose room, a student lounge and a music conservatory with seating for 680 occupants, according to the Board of Adjustment packet for Tuesday night's meeting.

NSA President Benjamin Merkle said 165 students are enrolled at the college's existing campus on Main Street.

The board approved the conditional use permit with two conditions related to parking that city staff recommended. NSA must provide 47 off-street parking spaces within approximately half of a mile of the property, subject to the approval of the zoning administrator.

NSA will be allowed to phase in the off-street parking requirement by providing 50 percent of the required parking mitigation upon occupancy of the building and the remainder when NSA's enrollment reaches 150 students, or five years from the date of the issuance of the Certificate of Occupancy of the building, whichever comes first.

Moscow Mayor Bill Lambert said he is fine with the private Christian college expanding downtown and he is happy someone plans to use the former CJ's building again. He said the proposed expansion is an emotional issue on both sides.

"It's a good use of the building as far as I'm concerned," Lambert said.

He said parking seemed to be the biggest concern and the Board of Adjustment appeared to address that with its conditions.

"I think they've been good for downtown businesses ... for restaurants and places like that," Lambert said of NSA students.

Some residents said Tuesday night that they believed colleges belong outside the Central Business Zoning District, but Lambert said he does not have a problem with allowing educational institutions downtown. He said NSA is a small school, unlike the University of Idaho.

City Councilman John Weber said his only conflict with the proposed expansion is that the former CJ's building might not be subject to property taxes. He said he would prefer to see a business that would be required to pay property taxes to occupy the building.

"Every year we're fighting the budget as all towns do and I would like to see more commercial development that pays property taxes and things like that," Weber said. "So it can be beneficial to the town as far as infrastructure and things like that."

Alyssa Hartford, Latah County senior residential appraiser, said NSA owns two buildings downtown. One of them, which fronts Friendship Square at 109 W. Fourth St., is partially exempt from property taxes since a portion of the building includes a restaurant. The other building at 409 S. Main St. is fully exempt from property taxes because it is used for educational purposes, Hartford said.

She said if NSA expanded to North Main Street, it would possibly qualify for a property tax exemption. The school could file as a property used for school or educational purposes and submit its application to the Board of County Commissioners, which would make a decision.

See the original post here:
Appeals to NSA college expansion could be coming - Moscow-Pullman Daily News