Mediaboss Marketing

One of the most sweeping surveillance statutes ever enacted by Congress is set to expire at the end of this year creating an important opportunity to rein in Americas sprawling surveillance state.

Section 702 of the Foreign Intelligence Surveillance Act permits the U.S. government to engage in mass, warrantless surveillance of Americans international communications, including phone calls, texts, emails, social media messages, and web browsing. The government claims to be pursuing vaguely defined foreign intelligence targets, but its targets need not be spies, terrorists, or criminals. They can be virtually any foreigner abroad: journalists, academic researchers, scientists, or businesspeople. And in the course of this surveillance, the government casts a wide net that ensnares the communications of ordinary Americans on a massive scale in violation of our constitutional rights.

American Civil Liberties Union

Stop Mass Warrantless Surveillance: End Section 702

Section 702 of the Foreign Intelligence Surveillance Act allows for blatant abuses of privacy. Tell your representative it must expire.

As Congress debates the reauthorization of Section 702, its vital that we tell our representatives in Congress that we want an end to warrantless mass surveillance. Heres what you need to know to follow the debate and speak up for your right to privacy.

1. The NSA uses Section 702 to conduct at least two large-scale surveillance programs.

The government conducts at least two kinds of surveillance under Section 702:

PRISM: The NSA obtains communications such as international messages, emails, and internet calls directly from U.S. tech and social media companies like Facebook, Google, Apple, and Microsoft. The government identifies non-U.S. person accounts it wishes to monitor, and then orders the company to disclose all communications and data to and from those accounts, including communications with U.S. persons.

Upstream: Working with companies like AT&T and Verizon, the NSA intercepts and copies Americans international internet communications in bulk as they flow into and out of the United States. The NSA then searches for key terms, such as email addresses or phone numbers, that are associated with its hundreds of thousands of foreign targets. Communications determined to be to and from those targets as well as those that happen to be bundled with them in transit are retained in NSA databases for further use and analysis.

Critically, while Section 702 does not allow the NSA to target Americans at the outset, vast quantities of our communications are still searched and amassed in government databases simply because we are in touch with people abroad. And this is the bait-and-switch: Although the law allows surveillance of foreigners abroad for foreign intelligence purposes, the FBI routinely exploit this rich source of our information by searching those databases to find and examine the communications of individual Americans for use in domestic investigations.

2. Section 702 surveillance is expanding.

The scale of Section 702 has been growing significantly over time, meaning more and more Americans are caught in this net.

When the government first began releasing statistics, after the Snowden revelations in 2013, it reported having 89,138 targets. By 2021, the government was targeting the communications of a staggering 232,432 individuals, groups, and organizations. Although the government often seeks to portray the surveillance as targeted and narrow, the reality is that it takes place on a massive scale.

Indeed, the government reported that in 2011, Section 702 surveillance resulted in the retention of more than 250 million internet communications (a number that does not reflect the far larger quantity of communications whose contents the NSA searched before discarding them). Given the rate at which the number of Section 702 targets is growing, its likely that the government today collects over a billion communications under Section 702 each year. But these statistics tell only part of the story. The government has never provided data on the number of Americans who are surveilled under PRISM and Upstream, a number that is surely also increasing. That is a glaring gap in its transparency reports.

3. Section 702 has morphed into a domestic surveillance tool.

Although Congress intended Section 702 to be used for counterterrorism purposes, its frequently used today to pursue domestic investigations of all kinds. Both the FBI and CIA have access to some of the raw data produced by this surveillance, and they increasingly use that access to examine the private communications of Americans they are investigating all without a warrant.

FBI agents routinely run searches looking for information about Americans as part of criminal investigations, including those that have nothing to do with national security. Based on the most recent reporting, agents conduct millions of these U.S. person queries also known as backdoor searches each year. The only limitation on backdoor searches is that they must be reasonably likely to retrieve foreign intelligence or evidence of a crime.

The standard for conducting backdoor searches is so low that, without any showing of suspicion, an FBI agent can type in an Americans name, email address, or phone number, and pull up whatever communications the FBIs Section 702 collection has vacuumed into its databases over the past five years. These searches are a free pass for accessing constitutionally protected communications that would otherwise be off-limits to the FBI, unless it got a warrant.

Evidence that agents have refused to comply with this low bar for conducting searches has piled up. Agents have violated the FBIs own rules over and over, accessing Americans private communications without any legitimate purpose. They have dipped into Section 702 data for information about relatives, potential witnesses and informants, journalists, political commentators, and government officials, including a member of Congress.

4. Section 702 violates our constitutional rights, but the courts have failed to intervene.

The Fourth Amendment guarantees the right to be free from unreasonable searches and seizures. Government agents are required to obtain a warrant to access our emails, online messages, and chats. Large-scale, warrantless surveillance of Americans private communications is at odds with this basic constitutional principle.

Section 702 also violates the Constitution by inhibiting freedom of speech and association. The reasonable fear that the U.S. government is spying on communications may deter journalists, lawyers, activists, and others from communicating freely on the Internet. We all have a right to exchange messages with our friends, family, colleagues, and clients abroad without worrying that the government is reading over our shoulder.

Because Section 702 is unconstitutional, the ACLU and others have attempted to challenge it in court. But the courts have failed to protect our constitutional rights. Instead, courts have repeatedly dismissed civil cases challenging Section 702 citing government claims of secrecy and have declined to rule on claims in criminal cases that the governments backdoor searches violate the Fourth Amendment. This year, we brought one of these cases to the Supreme Court, but it refused to consider it.

American Civil Liberties Union

U.S. Supreme Court Declines to Hear Wikimedia Foundations Challenge to NSA Mass Surveillance | American Civil Liberties Union

Wikimedia Foundation, ACLU, and Knight Institute Call on Congress to Limit the NSAs Surveillance of Internet Communications

5. Congress has the power to stop Section 702 surveillance.

Given the courts inaction, it is up to Congress to stand up for our rights. Fifteen years ago, Congress enacted Section 702. Members of Congress should not vote to renew this law without fundamental reforms to protect Americans privacy.

These reforms should include:

Beyond reforming Section 702 itself, Congress should also adopt broader safeguards that protect Americans in the face of bulk surveillance and strengthen court oversight when the government engages in spying for intelligence purposes.

Over the next year, the ACLU will be seizing on this moment to press Congress to reclaim our privacy rights. We invite you to join us by sending a message to your representatives now.

Follow this link:
Five Things to Know About NSA Mass Surveillance and the Coming Fight in Congress - ACLU

The Supreme Court has quashed the proceedings under the National Security Act (NSA) against a Samajwadi Party leader in Uttar Pradesh in a revenue dues matter, and pulled up the state for "non-application of mind" and "improper exercise" of jurisdiction.

A bench of Justices S K Kaul and A Amanullah said the apex court is "quite amazed" with the exercise of power under the NSA in April last year against petitioner Yusuf Malik in respect of a dispute over revenue dues of a property in Moradabad.

"Is this a case for NSA?," the bench asked the state's counsel while observing that this is why allegations of political vendetta crops up.

"This is a case of non-application of mind and improper exercise of jurisdiction. We quash the proceedings under the NSA and direct that the petitioner be set at liberty," the bench said on Monday, adding that he be released forthwith.

Read |Need CEC who can act against a Prime Minister too: Supreme Court

It noted that the petitioner was already granted bail in the two separate FIRs, on the basis of which the police authority made application for initiation of proceedings against him under the NSA.

The top court passed the order while hearing Malik's plea which claimed that he has been implicated in false cases on the basis of concocted allegations and thereafter, detention order was passed against him by invoking the provisions of the NSA with mala fide intention to keep him incarcerated indefinitely.

The petitioner was represented by senior advocate Wasim A Qadri, lawyer Saeed Qadri and others in the matter.

The plea said personal liberty of the petitioner was taken away by the State by "misusing the process of law" and he was falsely implicated in two cases lodged in Moradabad in March last year.

It alleged that thereafter, due to political reasons, the police recommended for initiating proceeding under section 3(2) of the NSA against him without any cogent material and detention order dated April 24, 2022 was passed by the district magistrate.

It said the petitioner has challenged the detention order before the Allahabad High Court but the plea could not be heard due to "delay caused" by the authorities and two extension orders of detention have been passed by the state even during the pendency of the petition before the high court.

The plea said on March 25, 2022, a notice of attachment was issued by the Office of Tax Department, Nagar Nigam, Moradabad and it was pasted on the house of a person, who is the father-in-law of the petitioner's daughter, stating that dues (house tax and water tax) amounting to Rs 23,04,456 was pending till March 31, 2021.

It said no prior notice informing about the dues amounting to Rs 23 lakh had ever been communicated to or received by the owner of the house.

The plea said an FIR was registered on March 26 last year upon the complaint of additional commissioner, Municipal Corporation, Moradabad with respect to the incident alleged to have taken place wherein it was alleged that Malik and others did not allow the revenue officials of the district administration to do their duty of alleged collection of due land revenue.

The allegation in the FIR was that Malik had entered the office of a revenue officer and misbehaved and thereafter made a call to the complainant and threatened him with dire consequences for having sealed the residence of the person, the plea said.

It said on March 27 last year another FIR was registered upon the written complaint of a revenue Inspector alleging that he had sealed the residence of the person but one of the seals at the gate were found broken.

The plea said the March 27 FIR does not name the petitioner.

Read |Supreme Court orders sacking of trial court judge in Karnataka

It said later, the station house officer of civil lines police station in Moradabad submitted his report to the SP on April 23, 2022 for initiating proceedings against the petitioner under section 3(2) of the NSA based on these FIRs.

"The allegations against the petitioner in the preventive detention order dated April 24, 2022 passed by the district magistrate, Moradabad, under section 3(2) of the National Security Act, 1980 pertain to the allegations that do not fall within the definitions of acting in any manner prejudicial to the security of the State or from acting in any manner prejudicial to the maintenance of public order or from acting in any manner prejudicial to the maintenance of supplies and services essential to the community," the plea said.

It said the detention order and its extension for further period of three months by the state government are "wholly illegal and not sustained in the eye of law" and is liable to be set aside.

Originally posted here:
SC quashes NSA proceedings against SP leader in UP, says it is 'quite amazed' with exercise of power - Deccan Herald

FORT MEADE, Md. - The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) are partnering with international partners cybersecurity agencies to encourage technology manufacturers to create products that are secure-by-design and secure-by-default.The group of nine agencies has published the Cybersecurity Information Sheet, Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and Default, to raise awareness and facilitate international conversations about key priorities, investments, and decisions necessary to manufacture technology that is safe, secure, and resilient.Insecure technology products can pose risks to individual users and our national security, said NSA Cybersecurity Director Rob Joyce. If manufacturers consistently prioritize security during design and development, we can reduce the number of malicious cyber intrusions we see. The international coalition partnering on this report speaks to the importance of this issue.The international coalition includes Australias Cyber Security Centre (ACSC), Canadas Centre for Cyber Security (CCCS), Germanys Federal Office for Information Security (BSI), the UKs National Cyber Security Centre (NCSC-UK), Netherlands National Cyber Security Centre (NCSC-NL), and New Zealands Computer Emergency Response Team (CERT NZ) and National Cyber Security Centre (NZ NCSC).In the new report, the agencies highlight the importance of prioritizing security throughout a products lifecycle to reduce the likelihood of security incidents. The principles ensure technology products are built and configured in a way that protects against malicious cyber actors gaining access to devices, data, and connected infrastructure.NSA and its partners recommend technology manufacturers and organization executives prioritize the implementation of secure-by-design and default principles outlined in the report.In addition to the recommendations listed in the report, the authoring agencies encourage the use of the Secure Software Development Framework (SSDF), also known as the National Institute of Standards and Technologys (NIST) SP 800-218. The SSDF helps software producers become more effective at finding and removing vulnerabilities in released software, mitigate the potential impact of the exploitation of vulnerabilities, and address the root causes of vulnerabilities to prevent future recurrences.Read the full report here. Visit our full library for more cybersecurity information and technical guidance.

NSA Media RelationsMediaRelations@nsa.gov443-634-0721

Read more from the original source:
NSA, U.S. and International Partners Issue Guidance on Securing ... - National Security Agency

The federal government needs to further enhance information sharing partnerships with the private sector to counter potentially crippling cyberattacksparticularly as hostile nation states like China pose a growing threat to U.S. intereststhe National Security Agencys cybersecurity chief said during an event hosted by the Center for Strategic and International Studies on Tuesday.

NSA Cybersecurity Director Rob Joyce said that intelligence agencies need to continue getting faster at being able to take the things that are sensitive, and get them into the operational space, where they can be leveraged by companies to patch software vulnerabilities and better defend against specific cyber threats.

A large portion of this, Joyce said, entails providing private sector entitiessuch as large technology companies, cloud service providers and defense contractorswith streamlined access to actionable, declassified information in a collaborative environment that ultimately benefits both industry and government.

Joyce cited NSAs Cybersecurity Collaboration Centerwhich serves as the agencys collaborative hub for sharing unclassified intelligence with the private sectoras a key initiative and model for deterring threat actors and cyberattacks across the nations digital ecosystem. He said that the goal of the center is to operationalize the things we know with the people who could do something about it, largely by getting those secrets sanitized to the point they can be actioned by private companies.

We can take and understand a threat, and get it to that ecosystem at an unclassified level, Joyce said. And that's the key, because if I give a company a secret at a classified level, most of the time, even if the person receiving it is able to receive it at that level, the people who action it arent.

Joyce said that roughly 300 companies have voluntarily partnered with the center since it launched in 2021, adding that we interact with many of them on a daily basis.

This type of public-private collaboration also benefits NSAs work, Joyce noted, since companies can also provide other things associated with that [threat] that we never would have seen because it lives in their ecosystem, which makes the agency more effective. Companies are able to take immediate action to remediate security concerns, while also providing the agency with valuable information about the threats they are seeing.

One thing we've found is we can work with one company one-on-one, they can bring their unique understanding, their intellectual property or their perspective to the problem, and then they publish the blog that then illuminates all of the activity they know about, Joyce said. And then industry dog piles onto that and continues to tear that thread up. And that's really a beautiful cycle to watch, where it starts from an intel threat to a company that just grabs the adversary hard, and then the whole community piles on and pulls it apart.

Joyce also cited a component within the center, known as the enduring security framework, as an example of the real-time collaboration being undertaken between agencies and the private sector to address cyber-related threats. Under the public-private partnership, NSA works with industry CEOs and the Cybersecurity and Infrastructure Security Agency to focus on specific risks to critical infrastructure services and national security systems.

These are long-term, joint government and industry security efforts, Joyce said, such as a recent focus on 5G cloud security over the past year.

What people often don't recognize is, when you want to do 5G security, you're really talking about the concepts of securing the cloud, because that's how the architecture is broken down, he added. And we took telecommunications companies, high tech vendors and brought them together with the government threat expertise and put out a series of how you architect 5G for security.

Beyond working with agenciessuch as NSA and CISAto identify and mitigate cyber threats, Joyce said that tech firms and companies within the defense industrial base should be working to proactively shore up their cyber defenses and supply chains in response to the potentially cataclysmic scenario of a Chinese invasion of Taiwan.

Joyce cited the upheaval that some U.S. companies faced as a result of Russias invasion of Ukraine last February, noting that we had a lot of companies who had to endure hard decisions and take rapid action at the time of the invasion. Some of these firms, he noted, had network segments in both countries and had to think about whether they severed that or firewalled that against attack.

But think about if you scratched out Russia and Ukraine, and wrote China and Taiwan, how that changes and how much more intertwined and difficult that is, he added.

Joyce said companies that could be impacted by a Chinese invasion of Taiwan need to tabletop and see where your pain points are now, rather than waiting for international tensions to reach a boiling point.

You don't want to be starting that planning the week before an invasion, when you're starting to see the White House saying it's coming, Joyce said. You want to be doing that now and buying down your risk and making those decisions in advance.

Read the original:
Enhanced Information Sharing With Industry Key to Deterring Digital ... - Nextgov

A logo for Google is seen in a reflection. (Reuters-Yonhap)

The top South Korean court sided with internet users here on Thursday, ruling that Google should disclose records of how its consumer data had been transmitted to a US spy agency upon the request of consumers.

The ruling by the Supreme Court of Korea, after a decadelong wait, indicates that Google's policy of prohibiting the provision of such records to consumers and mandating that lawsuits be filed in US jurisdiction are both superseded by Korean law. A customer living in Korea may file a lawsuit against a business entity based in a foreign country, the ruling shows.

Seoul's top court judges also stated that records of user data transferred to US investigative authorities should be provided if the user's US case has been closed.

The final court judgment on California-based Google in Korea will be domesticated or put into effect in the US through recognition and enforcement by a US court, according to Korea's Supreme Court.

This decision signals an end to the legal fight of human rights activists here against the US-based Big Tech giant that has persisted for nearly a decade.

Six activists filed a suit against Google and its Korean unit in 2014 upon revelations by high-profile whistleblower Edward Snowden the previous year that the US National Security Agency had spied on internet users via tools to collect user data by operating a secret program called Prism.

The plaintiffs suspected that user data such as emails could have been monitored by the NSA under the revealed scheme.

A district court in 2015 sided with Korean consumers regarding Google's duty to disclose the data collection by the US authorities, but dismissed the request for Google to pay compensation to consumers.

Seoul High Court in 2017 upheld the district court ruling, but on the condition that Google would not breach US privacy rules.

The case at the Supreme Court had four plaintiffs, after two others dropped out of the litigation.

We will review the Supreme Courts full written decision carefully. ... We remain committed to making ongoing updates that give users in Korea control and transparency," a Google spokesperson said in a statement.

By Son Ji-hyoung (consnow@heraldcorp.com)

Visit link:
Google ordered to disclose records of customer data given to US NSA - The Korea Herald