|
History > 2013 > USA > N.S.A. (I)
Bad Times for Big Brother
December
21, 2013
The New York Times
By THE EDITORIAL BOARD
It has been
a long week for the National Security Agency. Last Monday, a federal judge ruled
for the first time that the agency’s continuing sweep of Americans’ phone data —
a once-secret program legally sanctioned for seven years and illegally conducted
for five years before that — was very likely unconstitutional. Judge Richard
Leon denounced the agency’s activities in collecting data on all Americans’
phone calls as “almost Orwellian.”
Two days later, the Obama administration released a comprehensive report that
found “the current storage by the government of bulk metadata creates potential
risks to public trust, personal privacy and civil liberty.” And last Friday, the
latest release of classified documents from Edward Snowden revealed surveillance
efforts that included the office of the Israeli prime minister and the heads of
international companies and aid organizations.
If the N.S.A. had not already gotten the message, the 300-plus-page advisory
report, by a panel of intelligence and legal experts selected by President
Obama, surely drove it home. All three branches of the federal government are
now on record as recognizing that the agency has repeatedly misused, if not
plainly abused, its powers, and that it must be reined in. The report’s 46
wide-ranging recommendations include stopping the bulk collection and storage of
phone data, reforming the structure and processes of the Foreign Intelligence
Surveillance Court, installing a civil liberties advocate to argue against the
government’s position in that court, and introducing stricter oversight of the
agency’s actions across the board.
Most of these would be welcome reforms, and some of them Mr. Obama can put in
place on his own. In fact, when he was a member of the Senate Mr. Obama
supported many reforms that were similar or identical to the ones now on his
desk. Yet as president, he has allowed the surveillance programs to continue and
even grow.
That isn’t entirely shocking; the executive branch’s responsibility to protect
national security is unique. But no matter who occupies the Oval Office, it has
always tested and often transgressed the limits of its power. Over the long run,
the nation cannot bank on presidential self-restraint or timely and favorable
court rulings to stop the invasion of privacy on a mass scale.
Meanwhile, Congress has the power to change the surveillance laws, and now it
has the support of a presidential commission, whose recommendations line up
nicely with the provisions of the U.S.A. Freedom Act, a bill co-sponsored by
Democratic Senator Patrick Leahy and Republican Representative James
Sensenbrenner.
As that bill recognizes, one of the most urgent tasks for lawmakers will be to
amend the law to stop the government’s collection and analysis of bulk data.
Under the Patriot Act as it stands, the government needs only to show that the
data it seeks are “relevant” to an authorized investigation concerning
international terrorism — a vague standard that the intelligence court has
interpreted so broadly as to make it meaningless. Any amendment should at the
very least raise the standard to require a more direct connection between the
data the government seeks and the wrongdoing it is trying to prevent.
Preventing terrorist attacks is a critical and complex job. But as the advisory
report rightly emphasizes, a free society must have another kind of security as
well: the security of its citizens from the “fear that their conversations and
activities are being watched, monitored, questioned, interrogated, or
scrutinized.” Without this security, “individual liberty, self-government,
economic growth, and basic ideals of citizenship” all are jeopardized.
It has been more than six months since Mr. Snowden’s leaks began to expose
breathtakingly broad surveillance activities that even monitored the
communications of world leaders. The damage done to privacy rights, to the
public’s trust in government and to diplomatic relationships is unlikely to be
repaired for a long time.
In his news conference last Friday, Mr. Obama acknowledged that some reforms
could be done, but he insisted that there was no evidence that the phone
surveillance program was being abused — a truly disturbing assessment given all
the revelations since June. He said there’s a need to restore Americans’ trust
in their government. The way to restore that trust is not through cosmetic
touch-ups, but by Congress and the courts setting firm limits on all
surveillance programs and ensuring that the administration complies.
Bad Times for Big Brother, NYT, 21.12.2013,
http://www.nytimes.com/2013/12/22/opinion/sunday/bad-times-for-big-brother.html
Obama Panel Recommends
New Limits on N.S.A. Spying
December 18, 2013
The New York Times
By DAVID E. SANGER
and CHARLIE SAVAGE
WASHINGTON — A panel of outside advisers urged President Obama
on Wednesday to impose major oversight and some restrictions on the National
Security Agency, arguing that in the past dozen years its powers had been
enhanced at the expense of personal privacy.
The panel recommended changes in the way the agency collects the telephone data
of Americans, spies on foreign leaders and prepares for cyberattacks abroad.
But the most significant recommendation of the panel of five intelligence and
legal experts was that Mr. Obama restructure a program in which the N.S.A.
systematically collects logs of all American phone calls — so-called metadata —
and a small group of agency officials have the power to authorize the search of
an individual’s telephone contacts. Instead, the panel said, the data should
remain in the hands of telecommunications companies or a private consortium, and
a court order should be necessary each time analysts want to access the
information of any individual “for queries and data mining.”
The experts briefed Mr. Obama on Wednesday on their 46 recommendations, and a
senior administration official said Mr. Obama was “open to many” of the changes,
though he has already rejected one that called for separate leaders for the
N.S.A. and its Pentagon cousin, the United States Cyber Command.
If Mr. Obama adopts the majority of the recommendations, it would mark the first
major restrictions on the unilateral powers that the N.S.A. has acquired since
the Sept. 11 terrorist attacks. They would require far more specific approvals
from the courts, far more oversight from the Congress and specific presidential
approval for spying on national leaders, especially allies. The agency would
also have to give up one of its most potent weapons in cyberconflicts: the
ability to insert “back doors” in American hardware or software, a secret way
into them to manipulate computers, or to purchase previously unknown flaws in
software that it can use to conduct cyberattacks.
“We have identified a series of reforms that are designed to safeguard the
privacy and dignity of American citizens, and to promote public trust, while
also allowing the intelligence community to do what must be done to respond to
genuine threats,” says the report, which Mr. Obama commissioned in August in
response to the mounting furor over revelations by Edward J. Snowden, a former
N.S.A. contractor, of the agency’s surveillance practices.
It adds, “Free nations must protect themselves, and nations that protect
themselves must remain free.”
White House officials said they expected significant resistance to some of the
report’s conclusions from the N.S.A. and other intelligence agencies, which have
argued that imposing rules that could slow the search for terror suspects could
pave the way for another attack. But those intelligence leaders were not present
in the Situation Room on Wednesday when Mr. Obama met the authors of the report.
The report’s authors made clear that they were weighing the N.S.A.’s
surveillance requirements against other priorities like constitutional
protections for privacy and economic considerations for American businesses. The
report came just three days after a federal judge in Washington ruled that the
bulk collection of telephone data by the government was “almost Orwellian” and a
day after Silicon Valley executives complained to Mr. Obama that the N.S.A.
programs were undermining American competitiveness in offering cloud services or
selling American-made hardware, which is now viewed as tainted.
The report was praised by privacy advocates in Congress and civil-liberties
groups as a surprisingly aggressive call for reform.
Senator Ron Wyden, an Oregon Democrat who has been an outspoken critic of N.S.A.
surveillance, said it echoed the arguments of the N.S.A.’s skeptics in
significant ways, noting that it flatly declared that the phone-logging program
had not been necessary in stopping terrorist attacks.
“This has been a big week for the cause of intelligence reform,” he said.
Greg Nojeim of the Center for Democracy and Technology called the report
“remarkably strong,” and singled out its call to sharply limit the F.B.I.’s
power to obtain business records about someone through a so-called national
security letter, which does not involve court oversight.
Anthony Romero, the executive director of the American Civil Liberties Union,
while praising the report’s recommendations, questioned “whether the president
will have the courage to implement the changes.”
Members of the advisory group said some of the recommendations were intended to
provide greater public reassurances about privacy protections rather than to
result in any wholesale dismantling of the N.S.A.’s surveillance powers. Richard
A. Clarke, a cyberexpert and former national security official under Presidents
Bill Clinton and George W. Bush, said the report would give “more reason for the
skeptics in the public to believe their civil liberties are being protected.”
Other members included Michael J. Morell, a former deputy director of the
C.I.A.; Cass Sunstein, a Harvard Law School professor who ran the office of
Information and Regulatory Affairs in the Obama White House; Peter Swire, a
privacy law specialist at the Georgia Institute of Technology; and Geoffrey R.
Stone, a constitutional law specialist at the University of Chicago Law School,
where Mr. Obama once taught.
Mr. Obama is expected to take the report to Hawaii on his vacation that starts
this week and announce decisions when he returns in early January. Some of the
report’s proposals could be ordered by Mr. Obama alone, while others would
require legislation from Congress, including changes to how judges are appointed
to the Foreign Intelligence Surveillance Court.
Senator Rand Paul, Republican of Kentucky, said he was skeptical that any
changes passed by Congress would go far enough. “It gives me optimism that it
won’t be completely brushed under the rug,” he said. “However, I’ve been here
long enough to know that in all likelihood when there’s a problem, you get
window dressing.”
The FISA court, which oversees national security surveillance inside the United
States, has been criticized because it hears arguments only from the Justice
Department without adversarial lawyers to raise opposing views, and because
Chief Justice John G. Roberts Jr. has unilateral power to select its members.
Echoing proposals already floated in congressional hearings and elsewhere, the
advisory group backs the view that there should be a “public interest advocate
to represent the interests of privacy and civil liberties” in classified
arguments before the court. It also says the power to select judges for the
surveillance court should be distributed among all the Supreme Court justices.
In backing a restructuring of the N.S.A.’s program that is systematically
collecting and storing logs of all Americans’ phone calls, the advisers went
further than some of the agency’s backers in Congress, who would make only
cosmetic changes to it, but stopped short of calling for the program to be shut
down, as its critics have urged. The N.S.A. uses the telephone data to search
for links between people in an effort to identify hidden associates of terrorism
suspects, but the report says it “was not essential to preventing attacks.”
Currently, the government obtains orders from the surveillance court every 90
days that require all the phone companies to give their customers’ data to the
N.S.A., which commingles the records from every company and stores it for five
years. A small group of analysts may query the database — examining records of
everyone who is linked by up to three degrees of separation from a suspect — if
the analyst has “reasonable, articulable suspicion” that the original person
being examined is linked to terrorism.
Under the new system proposed by the review group, such records would stay in
private hands — either scattered among the phone companies or pooled into some
kind of private consortium. The N.S.A. would need to make the case to the
surveillance court that it has met the standard of suspicion — and get a judge’s
order — every time it wanted to perform such “link analysis.”
“In our view, the current storage by the government of bulk metadata creates
potential risks to public trust, personal privacy, and civil liberty,” the
report said.
The report recommended new privacy protections for the disclosure of personal
information about non-Americans among agencies or to the public. The change
would extend to foreigners essentially the same protections that citizens have
under the Privacy Act of 1974 — a way of assuring foreign countries that their
own citizens, if targeted for surveillance, will enjoy at least some protections
under American law.
It also said the United States should get out of the business of secretly buying
or searching for flaws in common computer programs and using them for mounting
cyberattacks. That technique, using what are called zero-day flaws, so named
because they are used with zero days of warning that the flaw exists, were
crucial to the cyberattacks that the United States and Israel launched on Iran
in an effort to slow its nuclear program. The advisers said that the information
should be turned over to software manufacturers to have the mistakes fixed,
rather than exploited.
Regarding spying on foreign leaders, the report urged that the issue be taken
out the hands of the intelligence agencies and put into the hands of policy
makers.
Jeremy W. Peters contributed reporting.
Obama Panel Recommends New Limits on N.S.A.
Spying, NYT, 18.12.2013,
http://www.nytimes.com/2013/12/19/us/politics/
report-on-nsa-surveillance-tactics.html
Judge
Questions Legality
of
N.S.A. Phone Records
December
16, 2013
The New York Times
By CHARLIE SAVAGE
WASHINGTON
— A federal district judge ruled on Monday that the National Security Agency
program that is systematically keeping records of all Americans’ phone calls
most likely violates the Constitution, describing its technology as “almost
Orwellian” and suggesting that James Madison would be “aghast” to learn that the
government was encroaching on liberty in such a way.
The judge, Richard J. Leon of Federal District Court for the District of
Columbia, ordered the government to stop collecting data on the personal calls
of the two plaintiffs in the case and to destroy the records of their calling
history. But Judge Leon, appointed to the bench in 2002 by President George W.
Bush, stayed his injunction “in light of the significant national security
interests at stake in this case and the novelty of the constitutional issues,”
allowing the government time to appeal it, which he said could take at least six
months.
“I cannot imagine a more ‘indiscriminate’ and ‘arbitrary’ invasion than this
systematic and high-tech collection and retention of personal data on virtually
every single citizen for purposes of querying and analyzing it without prior
judicial approval,” Judge Leon wrote in a 68-page ruling. “Surely, such a
program infringes on ‘that degree of privacy’ that the founders enshrined in the
Fourth Amendment,” which prohibits unreasonable searches and seizures.
Andrew Ames, a Justice Department spokesman, said government lawyers were
studying the decision, but he added: “We believe the program is constitutional
as previous judges have found.”
The case is the first in which a federal judge who is not on the Foreign
Intelligence Surveillance Court, which authorized the once-secret program, has
examined the bulk data collection on behalf of someone who is not a criminal
defendant. The Justice Department has said that 15 separate judges on the
surveillance court have held on 35 occasions that the calling data program is
legal.
It also marks the first successful legal challenge brought against the program
since it was revealed in June after leaks by the former N.S.A. contractor Edward
J. Snowden.
In a statement from Moscow, where he has obtained temporary asylum, Mr. Snowden
praised the ruling.
“I acted on my belief that the N.S.A.’s mass surveillance programs would not
withstand a constitutional challenge, and that the American public deserved a
chance to see these issues determined by open courts,” Mr. Snowden said in his
statement. It was distributed by Glenn Greenwald, a journalist who received
leaked documents from Mr. Snowden and wrote the first article about the bulk
data collection. “Today, a secret program authorized by a secret court was, when
exposed to the light of day, found to violate Americans’ rights,” the statement
said. “It is the first of many.”
The case was brought by several plaintiffs led by Larry Klayman, a conservative
legal activist. Mr. Klayman, who represented himself and the other plaintiffs,
said in an interview on Monday that he was seeking to turn the case into a class
action on behalf of all Americans. “I’m extremely gratified that Judge Leon had
the courage to make this ruling,” he said. “He is an American hero.”
Mr. Klayman argued that he had legal standing to challenge the program in part
because, he contended, the government had sent inexplicable text messages to his
clients on his behalf; at a hearing, he told the judge, “I think they are
messing with me.”
The judge portrayed that claim as “unusual” but looked past it, saying Mr.
Klayman and his co-plaintiff instead had standing because it was highly likely,
based on the government’s own description of the program as a “comprehensive
metadata database,” that the N.S.A. collected data about their phone calls along
with everyone else’s.
Similar legal challenges to the N.S.A. program, including by the American Civil
Liberties Union and the advocacy group Electronic Frontier Foundation, are at
earlier stages in the courts. Last month, the Supreme Court declined to hear an
unusual challenge to the program by the Electronic Privacy Information Center,
which had sought to bypass lower courts.
The ruling on Monday comes as several government panels are developing
recommendations on whether to keep, restructure or scrap the bulk data
collection program, and as Congress debates competing bills over the program’s
future.
Though long and detailed, Judge Leon’s ruling is not a final judgment on the
program, but rather a preliminary injunction to stop the collection of data
about the plaintiffs while they pursued their case.
He also wrote that he had “serious doubts about the efficacy” of the program,
saying that the government had failed to cite “a single instance in which
analysis of the N.S.A.’s bulk metadata collection actually stopped an imminent
attack, or otherwise aided the government in achieving any objective that was
time-sensitive.”
Judge Leon rejected the Obama administration’s argument that a 1979 case, Smith
v. Maryland, had established there are no Fourth Amendment protections for call
metadata — information like the numbers dialed and the date, time and duration
of calls, but not their content. The 1979 case, which involved collecting
information about a criminal defendant’s calls, helped establish the principle
that people do not have a reasonable expectation of privacy for information they
have exposed to a third party, like the phone company, which knows about their
calls.
The surveillance court, which issues secret rulings after hearing arguments from
only the Justice Department and without opposing lawyers, has maintained that
the 1979 decision is a controlling precedent that shields the N.S.A. call data
program from Fourth Amendment review. But Judge Leon, citing the scope of the
program and the evolving role of phones and technology, distinguished the bulk
collection from the 34-year-old case.
Last month, a federal judge declined to grant a new trial to several San Diego
men convicted of sending money to a terrorist group in Somalia. Government
officials have since acknowledged that investigators became interested in them
because of the call records program. Citing Smith v. Maryland, the judge said
the defendants had “no legitimate expectation of privacy” over their call data.
David Rivkin, a White House lawyer in the administration of the elder President
George Bush, criticized Judge Leon’s reasoning.
“Smith v. Maryland is the law of the land,” Mr. Rivkin said. “It is not for a
District Court judge to question the continuing validity of a Supreme Court
precedent that is exactly on point.”
Judge Leon also pointed to a landmark privacy case decided by the Supreme Court
in 2012 that held it was unconstitutional for the police to use a GPS tracking
device to monitor a suspect’s public movements without a warrant.
Although the court decided the case on narrow grounds, five of the nine justices
separately questioned whether the 1979 precedent was still valid in an era of
modern technology, which enables long-term, automated collection of information.
Judge Questions Legality of N.S.A. Phone Records, NYT, 16.12.2013,
http://www.nytimes.com/2013/12/17/us/politics/
federal-judge-rules-against-nsa-phone-data-program.html
End the N.S.A. Dragnet, Now
November
25, 2013
The New York Times
By RON WYDEN, MARK UDALL and MARTIN HEINRICH
WASHINGTON
— THE framers of the Constitution declared that government officials had no
power to seize the records of individual Americans without evidence of
wrongdoing, and they embedded this principle in the Fourth Amendment. The bulk
collection of Americans’ telephone records — so-called metadata — by the
National Security Agency is, in our view, a clear case of a general warrant that
violates the spirit of the framers’ intentions. This intrusive program was
authorized under a secret legal process by the Foreign Intelligence Surveillance
Court, so for years American citizens did not have the knowledge needed to
challenge the infringement of their privacy rights.
Our first priority is to keep Americans safe from the threat of terrorism. If
government agencies identify a suspected terrorist, they should absolutely go to
the relevant phone companies to get that person’s phone records. But this can be
done without collecting the records of millions of law-abiding Americans. We
recall Benjamin Franklin’s famous admonition that those who would give up
essential liberty in the pursuit of temporary safety will lose both and deserve
neither.
The usefulness of the bulk collection program has been greatly exaggerated. We
have yet to see any proof that it provides real, unique value in protecting
national security. In spite of our repeated requests, the N.S.A. has not
provided evidence of any instance when the agency used this program to review
phone records that could not have been obtained using a regular court order or
emergency authorization.
Despite this, the surveillance reform bill recently ratified by the Senate
Intelligence Committee would explicitly permit the government to engage in
dragnet collection as long as there were rules about when officials could look
at these phone records. It would also give intelligence agencies wide latitude
to conduct warrantless searches for Americans’ phone calls and emails.
This is not the true reform that poll after poll has shown the American people
want. It is preserving business as usual. When the Bill of Rights was adopted,
it established that Americans’ papers and effects should be seized only when
there was specific evidence of suspicious activity. It did not permit government
agencies to issue general warrants as long as records seized were reviewed with
the permission of senior officials.
Congress has a crucial opportunity to reassert constitutionally guaranteed
liberties by reforming the N.S.A.’s overbroad collection of Americans’ personal
data. But the Intelligence Committee bill squanders this chance. It would enable
some of the most constitutionally questionable surveillance activities now
exposed to the public eye. The Senate should be reining in these programs, not
giving them a stamp of approval.
As members of the Intelligence Committee, we strongly disagree with this
approach. We had already proposed our own, bipartisan surveillance reform
legislation, the Intelligence Oversight and Surveillance Reform Act, which we
have sponsored with a number of other senators. Our bill would prohibit the
government from conducting warrantless “backdoor searches” of Americans’
communications — including emails, text messages and Internet use — under
Section 702 of the Foreign Intelligence Surveillance Act. It would also create a
“constitutional advocate” to present an opposing view when the F.I.S.C. is
considering major questions of law or constitutional interpretation.
Rather than adopt our legislation, the Intelligence Committee chose to codify
excessively broad domestic surveillance authorities. So we offered amendments:
One would end the bulk collection of Americans’ records, but still allow
intelligence agencies to obtain information they legitimately needed for
national security purposes by getting the approval of a judge, which could even
be done after the fact in emergency situations. Another of our amendments sought
to prevent the N.S.A. from collecting Americans’ cellphone location information
in bulk — a capability that potentially turns the cellphone of every man, woman
and child in America into a tracking device.
Each of these proposals represents real and meaningful reform, which we believe
would have fulfilled the purpose of protecting our security and liberty. Each
was rejected by the committee, in some cases by a single vote.
But we will continue to engage with our colleagues and seek to advance the
reforms that the American people want and deserve. As part of this effort, we
will push to hold a comprehensive reform debate on the Senate floor.
There is no question that our nation’s intelligence professionals are dedicated,
patriotic men and women who make real sacrifices to help keep our country safe
and free. We believe that they should be able to do their jobs secure in the
knowledge that their agencies have the confidence of the American people.
But this trust has been undermined by the N.S.A.’s domestic surveillance
programs, as well as by senior officials’ misleading statements about
surveillance. Only by ending the dragnet collection of ordinary Americans’
private information can this trust be rebuilt.
Congress needs to preserve the agencies’ ability to collect information that is
actually necessary to guard against threats to our security. But it also needs
to preserve the right of citizens to be free from unwarranted interference in
their lives, which the framers understood was vital to American liberties.
Ron Wyden of Oregon, Mark Udall of Colorado and Martin Heinrich of New Mexico,
all Democrats, are United States senators.
End the N.S.A. Dragnet, Now, NYT, 25.11.2013,
http://www.nytimes.com/2013/11/26/opinion/end-the-nsa-dragnet-now.html
Snowden Asks U.S.
to Stop
Treating Him Like a Traitor
November 1,
2013
The New York Times
By ALISON SMALE
BERLIN —
Edward J. Snowden, the fugitive American security contractor granted temporary
asylum by Russia, has appealed to Washington to stop treating him like a traitor
for revealing that the United States has been eavesdropping on its allies, a
German politician who met with Mr. Snowden said on Friday.
Mr. Snowden made his appeal in a letter that was carried to Berlin by
Hans-Christian Ströbele, a veteran member of the Green Party in the German
Parliament. Mr. Ströbele said he and two journalists for German news outlets met
with Mr. Snowden and a person described as his assistant — probably his British
aide, Sarah Harrison — at an undisclosed location in or near Moscow on Thursday
for almost three hours.
Mr. Ströbele had gone to Moscow to explore whether Mr. Snowden could or would
testify before a planned parliamentary inquiry into the eavesdropping. Any
arrangements for Mr. Snowden to testify would require significant legal
maneuvering, as it seemed unlikely that he would travel to Germany for fear of
extradition to the United States.
In his letter, Mr. Snowden, 30, also appealed for clemency. He said his
disclosures about American intelligence activity at home and abroad, which he
called “systematic violations of law by my government that created a moral duty
to act,” have had positive effects.
Yet “my government continues to treat dissent as defection, and seeks to
criminalize political speech with felony charges that provide no defense,” Mr.
Snowden wrote. “However, speaking the truth is not a crime. I am confident that
with the support of the international community, the government of the United
States will abandon this harmful behavior.”
Mr. Ströbele, 74, is a seasoned left-wing defense lawyer and the longest-serving
member of the parliamentary committee that oversees German intelligence. At a
packed news conference after his return to Berlin, he said he was contacted
about going to Moscow late last week after the German government said Chancellor
Angela Merkel’s cellphone might have been tapped by American intelligence
agents. He declined to elaborate, but said he has had no dealings with the
Russian authorities or the German Embassy in Moscow.
He deftly parried requests to reveal more, while appealing to the governments
and citizens of Germany, France and the United States to stop treating Mr.
Snowden as a criminal.
Instead, Mr. Ströbele said, echoing an opinion gaining support here, Germany
should thank Mr. Snowden. After ARD, the premier German television network,
reported on Thursday night about the Moscow visit, it broadcast a commentary
arguing that Germany should show gratitude for his exposure of United States
intelligence practices.
Mr. Ströbele said he had found Mr. Snowden lucid and well informed. He said he
had been told that Mr. Snowden was allowed to go shopping, but Mr. Ströbele
declined to reveal any other details about Mr. Snowden’s routine.
News about the visit to Moscow eclipsed a number of interviews given on Thursday
by the American ambassador, John B. Emerson, who tried to assuage German fears
that the United States Embassy in Berlin was the center for monitoring Ms.
Merkel and other well-placed Germans.
Mr. Emerson, who arrived in Berlin two months ago and is a strong proponent of a
landmark American and European trade deal under negotiation, was summoned to the
German Foreign Ministry last week after Berlin’s suspicions about eavesdropping
on Ms. Merkel were made public. The action was unprecedented in post-World War
II relations between the United States and Germany.
Ms. Merkel, while palpably angry in appearances last week, has made no direct
statements since, quietly sending two senior advisers to Washington this week to
begin re-establishing the trust she said had been breached.
Mr. Ströbele’s news conference yielded moments of humor as well. At one point,
his cellphone rang. He pulled it out, looked at it and asked cheerfully, “Does
anybody know the chancellor’s number?”
Asked to speculate about which intelligence services might have monitored his
trip to Moscow, he said with a smile, “I assume that they are all interested.”
Snowden Asks U.S. to Stop Treating Him Like a Traitor, NYT, 1.11.2013,
http://www.nytimes.com/2013/11/02/world/europe/
snowden-appeals-to-us-for-clemency.html
Angry
Over U.S. Surveillance,
Tech
Giants Bolster Defenses
October 31,
2013
The New York Times
By CLAIRE CAIN MILLER
SAN
FRANCISCO — Google has spent months and millions of dollars encrypting email,
search queries and other information flowing among its data centers worldwide.
Facebook’s chief executive said at a conference this fall that the government
“blew it.” And though it has not been announced publicly, Twitter plans to set
up new types of encryption to protect messages from snoops.
It is all reaction to reports of how far the government has gone in spying on
Internet users, sneaking around tech companies to tap into their systems without
their knowledge or cooperation.
What began as a public relations predicament for America’s technology companies
has evolved into a moral and business crisis that threatens the foundation of
their businesses, which rests on consumers and companies trusting them with
their digital lives.
So they are pushing back in various ways — from cosmetic tactics like publishing
the numbers of government requests they receive to political ones including
tense conversations with officials behind closed doors. And companies are
building technical fortresses intended to make the private information in which
they trade inaccessible to the government and other suspected spies.
Yet even as they take measures against government collection of personal
information, their business models rely on collecting that same data, largely to
sell personalized ads. So no matter the steps they take, as long as they remain
ad companies, they will be gathering a trove of information that will prove
tempting to law enforcement and spies.
When reports of surveillance by the National Security Agency surfaced in June,
the companies were frustrated at the exposure of their cooperation with the
government in complying with lawful requests for the data of foreign users, and
they scrambled to explain to customers that they had no choice but to obey the
requests.
But as details of the scope of spying emerge, frustration has turned to outrage,
and cooperation has turned to war.
The industry has learned that it knew of only a fraction of the spying, and it
is grappling with the risks of being viewed as an enabler of surveillance of
foreigners and American citizens.
Lawmakers in Brazil, for instance, are considering legislation requiring online
services to store the data of local users in the country. European lawmakers
last week proposed a measure to require American Internet companies to receive
permission from European officials before complying with lawful government
requests for data.
“The companies, some more than others, are taking steps to make sure that
surveillance without their consent is difficult,” said Christopher Soghoian, a
senior analyst at the American Civil Liberties Union. “But what they can’t do is
design services that truly keep the government out because of their ad-supported
business model, and they’re not willing to give up that business model.”
Even before June, Google executives worried about infiltration of their
networks. The Washington Post reported on Wednesday that the N.S.A. was tapping
into the links between data centers, the beating heart of tech companies housing
user information, confirming that their suspicions were not just paranoia.
In response, David Drummond, Google’s chief legal officer, issued a statement
that went further than any tech company had publicly gone in condemning
government spying. “We have long been concerned about the possibility of this
kind of snooping,” he said. “We are outraged at the lengths to which the
government seems to have gone.”
A tech industry executive who spoke only on the condition of anonymity because
of the sensitivities around the surveillance, said, “Just based on the
revelations yesterday, it’s outright theft,” adding, “These are discussions the
tech companies are not even aware of, and we find out from a newspaper.”
Though tech companies encrypt much of the data that travels between their
servers and users’ computers, they do not generally encrypt their internal data
because they believe it is safe and because encryption is expensive and
time-consuming and slows down a network.
But Google decided those risks were worth it. And this summer, as it grew more
suspicious, it sped up a project to encrypt internal systems. Google is also
building many of its own fiber-optic lines through which the data flows; if it
controls them, they are harder for outsiders to tap.
Tech companies’ security teams often feel as if they are playing a game of
Whac-a-Mole with intruders like the government, trying to stay one step ahead.
Google, for instance, changes its security keys, which unlock encrypted digital
data so it is readable, every few weeks. Google, Facebook and Yahoo have said
they are increasing the length of these keys to make them more difficult to
crack.
Facebook also said it was adding the encryption method of so-called perfect
forward secrecy, which Google did in 2011. This means that even if someone gets
access to a secret key, that person cannot decrypt past messages and traffic.
“A lot of the things everybody knew they should do but just weren’t getting
around to are now a much higher priority,” said Paul Kocher, president and chief
scientist of Cryptography Research, which makes security technologies.
Facebook said in July that it had turned on secure browsing by default, and
Yahoo said last month that it would do the same for Yahoo Mail early next year.
And Twitter is developing a variety of new security measures, including
encrypting private direct messages, according to a person briefed on the
measures.
Many tech companies have made public information about the number of government
requests for user data they receive, and sued to ask for permission to publish
more of this data. On Thursday, Google, Microsoft, Facebook, Yahoo, Apple and
AOL reiterated these points in a letter to members of Congress.
But publishing the numbers of requests the companies receive has less meaning
now that reports show the government sees company data without submitting a
legal request.
A sense of betrayal runs through the increasingly frequent conversations between
tech company lawyers and lawmakers and law enforcement in Washington, and in
private conversations among engineers at the companies and increasingly
outspoken public statements by executives.
Mr. Drummond and Larry Page, Google’s co-founder and chief executive, have said
privately that they thought the government betrayed them when the N.S.A. leaks
began, by failing to explain the tech companies’ role to the public or the
extent of its spying to the tech companies, according to three people briefed on
these conversations. When President Obama invited tech chief executives to
discuss surveillance in August, Mr. Page did not go and sent a lower-level
employee instead.
Mark Zuckerberg, Facebook’s chief executive, sarcastically discussed
surveillance at the TechCrunch Disrupt conference in September.
“The government blew it,” he said. “The government’s comment was, ‘Oh, don’t
worry, basically we’re not spying on any Americans.’ Right, and it’s like, ‘Oh,
wonderful, yeah, it’s like that’s really helpful to companies that are really
trying to serve people around the world and really going to inspire confidence
in American Internet companies.’ ”
Angry Over U.S. Surveillance, Tech Giants Bolster Defenses, NYT, 31.10.2013,
http://www.nytimes.com/2013/11/01/technology/
angry-over-us-surveillance-tech-giants-bolster-defenses.html
The Spies Who Loved
to
Damage Our Reputation
October 30,
2013
The New York Times
By NICHOLAS D. KRISTOF
Perhaps
there’s more we could do to antagonize American allies.
The National Security Agency could tweet Chancellor Angela Merkel’s juicy phone
conversations, or post video clips on YouTube of Prime Minister Shinzo Abe of
Japan singing in the shower.
The Pentagon could fly drones over Paris, dropping Big Macs on fine restaurants,
just to show that we can.
Government officials fume at Edward Snowden and Chelsea Manning for harm they
did to American security. Fair enough. But the latest uproar over our N.S.A.
spying is a reminder of how senior American officials have themselves
jeopardized our strategic interests — by overreaching and doing things just
because they could.
Our national security policy has gone off the rails since 9/11. For a dozen
years, security has been an obsession, rarely constrained by a weighing of
trade-offs, and to what result? We have sought every tactical advantage, and
this sometimes leads — as in eavesdropping of foreign allies — to strategic
losses.
We have doubled spending on intelligence, after inflation, to more than $70
billion annually. More people have “top secret” clearances than live in the
District of Columbia — and it was inevitable that there would be some rogues
among them. When everything is classified, the system loses credibility,
transparency and accountability.
The war on terror led us to fight wars in Iraq and Afghanistan, achieving few
obvious gains but costing thousands of American lives. For every jihadi we
killed, we appear to have created several new ones.
As a Chinese saying goes, we lifted up a rock and dropped it on our own feet.
When he took office, President Obama seemed likely to reorient security policy.
He did, indeed, bring troops back from Iraq and, after a misconceived “surge” in
Afghanistan, is winding down our presence there.
But, over all, his security policy is surprisingly similar to President Bush’s:
Guantánamo remains an affront to our values and the world’s, N.S.A. spying
programs continue in force, drone strikes have been stepped up, and the White
House has tried to curb serious public conversation about drones, spying and
cyberwarfare. The Obama administration has prosecuted more whistle-blowers under
the Espionage Act than all previous administrations put together.
The latest scandal involving our spying on European leaders is symptomatic of
this larger myopia about our strategic interests.
It’s true that some of the outrage in Europe is affected. As Bernard Kouchner,
the former foreign minister of France, bluntly noted in a radio interview:
“Let’s be honest. We eavesdrop, too. Everyone is listening to everyone else. But
we don’t have the same means as the United States, which makes us jealous.”
Still, our eavesdropping seems to have broken German law, as well as the first
rule of spying: Don’t get caught.
If President Obama really didn’t know that 35 world leaders were being listened
to, something was wrong with intelligence oversight. A former C.I.A. senior
official says that before 9/11, that kind of monitoring of world leaders was
always cleared by the White House.
“Anything with senior government officials or heads of state was checked quite
carefully, at least with the national security adviser, if not the president,”
the official told me.
Yet, since 9/11, our security policy has been on autopilot: If we can spy on
Merkel, let’s do it! If we can use a drone to kill a suspected terrorist, go for
it! If we can keep people indefinitely in Guantánamo, why not?
Our hubris has undercut America’s greatest foreign policy advantage: our soft
power. In Pakistan, for example, our drone strikes have removed some dangerous
militants. But drone strikes deeply antagonized the Pakistani people, tarnishing
our image and reducing our leverage in a pivotal country. Our drones damaged our
own influence in Pakistan more than the Taliban’s.
As David Rohde of Reuters puts it: “The United States obsession with Al Qaeda is
doing more damage to the nation than the terrorist group itself.”
Richard Haass, the president of the Council on Foreign Relations, notes that the
majority of Europeans today have no memory of the Cold War and that, as a
result, we have less leeway today to antagonize our allies. “This is a different
geopolitical era,” he said. “We can’t assume that people are for us.”
Yes, there is still a place for drones, for spying on allies, for the N.S.A. But
they need to be subjected to scrutiny, context and brakes, as they were before
9/11.
Commercial aviation would be safer if we were all required to fly stark naked.
But we accept trade-offs — such as clothing — and thus some small risk. In the
same way, it’s time to pause for a breath in the security realm and start
examining the trade-offs, rather than just doing things because we can.
The Spies Who Loved to Damage Our Reputation, NYT, 30.10.2013,
http://www.nytimes.com/2013/10/31/opinion/
kristof-the-spies-who-loved-to-damage-our-reputation.html
N.S.A.
Said to Tap
Google
and Yahoo Abroad
October 30,
2013
By CHARLIE SAVAGE,
CLAIRE CAIN MILLER
and NICOLE PERLROTH
WASHINGTON
— The National Security Agency and its British counterpart have apparently
tapped the fiber-optic cables connecting Google’s and Yahoo’s overseas servers
and are copying vast amounts of email and other information, according to
accounts of documents leaked by the former agency contractor Edward J. Snowden.
In partnership with the British agency known as Government Communications
Headquarters, or GCHQ, the N.S.A. has apparently taken advantage of the vast
amounts of data stored in and traveling among global data centers, which run all
modern online computing, according to a report Wednesday by The Washington Post.
N.S.A. collection activities abroad face fewer legal restrictions and less
oversight than its actions in the United States.
Google and Yahoo said on Wednesday that they were unaware of government
accessing of their data links. Sarah Meron, a Yahoo spokeswoman, said that the
company had not cooperated with any government agency for such interception, and
David Drummond, Google’s chief legal officer, expressed outrage.
“We have long been concerned about the possibility of this kind of snooping,
which is why we have continued to extend encryption across more and more Google
services and links,” Mr. Drummond said in a statement. “We do not provide any
government, including the U.S. government, with access to our systems. We are
outraged at the lengths to which the government seems to have gone to intercept
data from our private fiber networks, and it underscores the need for urgent
reform.”
In a statement, the N.S.A. did not directly address the claim that it had
penetrated the companies’ overseas data links. But it emphasized that it was
focused on “foreign” intelligence collection — not domestic — and pushed back
against the notion that it was collecting abroad to “get around” legal limits
imposed by domestic surveillance laws. It also said it was “not true” that it
collects “vast quantities” of Americans’ data using that method.
Companies like Google that operate Internet services — including email, online
document and photo storage and search queries — send huge amounts of data
through fiber-optic lines between their data centers around the world. Those
data centers are kept highly secure using heat-sensitive cameras and biometric
authentication, and companies believed the data flowing among centers was
secure. But Google said last month that it began the process of encrypting this
internal traffic before reports of N.S.A. spying leaked during the summer, and
accelerated the effort since then. Google security executives were suspicious
that outside parties, like governments, could tap into the cables, but did not
have hard evidence that the spying was occurring, according to three people
briefed on Google’s security efforts who spoke on condition of anonymity.
The N.S.A. could physically install a device that clips on the cable and listens
to electric signals, or insert a splitter in the cable through which data would
travel, said Nicholas McKeown, an expert in computer networking and a professor
at Stanford. Or, he said, someone with remote login access to the cable’s switch
or router could also redirect data flowing through the cables.
Level 3 is a company that provides these cables for Google, according to a
person briefed on Google’s infrastructure who was not authorized to speak
publicly.
In a statement, Level 3 said: “We comply with the laws in each country where we
operate. In general, governments that seek assistance in law enforcement or
security investigations prohibit disclosure of the assistance provided.”
In July, the company denied a German television report that it had cooperated
with American intelligence agencies to spy on German citizens using its network.
The New York Times reported in September that for at least three years, GCHQ had
been working to gain access to traffic in and out of data centers operated by
Google, Yahoo, Facebook and Microsoft’s Hotmail. The program, described as
having been developed in close collaboration with the N.S.A., was said to have
achieved “new access opportunities” into Google’s systems by 2012, according to
GCHQ documents provided by Mr. Snowden. But it was not clear what that meant.
The Post said that under a system code-named Muscular, GCHQ was storing data
taken in from the interception in a rolling three- to five-day “buffer,” during
which the two agencies decoded it and filtered out information they wanted to
keep.
It also reported that the N.S.A. was using about 100,000 “selectors” as its
search term filters — more than twice as many, it said, as the agency has been
using from its Prism program inside the United States. In that program, the
agency collects emails, search queries and other online activity of foreigners
abroad from Google, Yahoo and other companies through a court-approved process
authorized by the FISA Amendments Act of 2008.
GCHQ documents obtained from Mr. Snowden by The Guardian newspaper and shared
with The Times reveal an intense focus over several years by British spies on
the development of Muscular and a closely related project code-named Incenser.
The documents suggest that both programs are to a large extent driven by N.S.A.
intelligence needs and are highly prized by the Americans.
In November 2010, the British wrote that “Muscular/Incenser has significantly
enhanced the amount of benefit that the N.S.A. derive from our special source
accesses.” Those projects in some cases provide data that are unavailable from
any other source, one document said, “highlighting the unique contribution we
are now making to N.S.A., providing insights into some of their highest priority
targets.”
In its article, The Post described a January document as saying that the
N.S.A.’s headquarters in Fort Meade, Md., was taking in more than 180 million
records a month from the project. It also reported that briefing documents said
collection from Yahoo and Google had produced important intelligence leads
against hostile foreign governments.
The Post published an N.S.A. slide labeled “Current efforts — Google” with a
hand-drawn sketch showing that traffic flowed between Google’s data centers in
“clear text,” because encryption was added only at the front-end server that
interfaced with users’ computers and mobile devices. This notation included a
smiley face.
The Post also published speaker notes from a presentation about Muscular. It
included a reference to a February proposal to stop collecting Yahoo email
account archives flowing through what it describes as a “lucrative” access point
on what is apparently a fiber-optic cable linking Yahoo’s overseas servers and
its servers on United States soil.
As The Post published its story, the director of the N.S.A., Gen. Keith B.
Alexander, was being interviewed at a cybersecurity conference. He flatly denied
a slightly garbled account of The Post story as “factually inaccurate,” but it
was not clear that he understood that The Post was reporting infiltration of
data links between overseas servers.
“There’s no evidence that they are actually breaking into servers,” said Alex
Stamos, a security consultant at Artemis Internet, a security firm based in San
Francisco. “But they are right outside Google and Yahoo’s data centers taking
data that those companies believed was protected.”
Charlie Savage
reported from Washington,
and Claire
Cain Miller and Nicole Perlroth from San Francisco.
James Glanz
contributed reporting from New York,
and John
Markoff from San Francisco.
N.S.A. Said to Tap Google and Yahoo Abroad, NYT, 30.10.2013,
http://www.nytimes.com/2013/10/31/technology/
nsa-is-mining-google-and-yahoo-abroad.html
Spying Known at Top Levels,
Officials Say
October 29, 2013
The New York Times
By MARK LANDLER
and MICHAEL S. SCHMIDT
WASHINGTON — The nation’s top spymaster said on Tuesday that
the White House had long been aware in general terms of the National Security
Agency’s overseas eavesdropping, stoutly defending the agency’s
intelligence-gathering methods and suggesting possible divisions within the
Obama administration.
The official, James R. Clapper Jr., the director of national intelligence,
testified before the House Intelligence Committee that the N.S.A. had kept
senior officials in the National Security Council informed of surveillance it
was conducting in foreign countries. He did not specifically say whether
President Obama was told of these spying efforts, but he appeared to challenge
assertions in recent days that the White House had been in the dark about some
of the agency’s practices.
Mr. Clapper and the agency’s director, Gen. Keith B. Alexander, vigorously
rejected suggestions that the agency was a rogue institution, trawling for
information on ordinary citizens and leaders of America’s closest allies,
without the knowledge of its Washington overseers.
Their testimony came amid mounting questions about how the N.S.A. collects
information overseas, with Republicans and Democrats calling for a congressional
review, lawmakers introducing a bill that would curb its activities and Mr.
Obama poised to impose his own constraints, particularly on monitoring the
leaders of friendly nations. At the same time, current and former American
intelligence officials say there is a growing sense of anger with the White
House for what they see as attempts to pin the blame for the controversy
squarely on them.
General Alexander said news media reports that the N.S.A. had vacuumed up tens
of millions of telephone calls in France, Italy and Spain were “completely
false.” That data, he said, is at least partly collected by the intelligence
services of those countries and provided to the N.S.A.
Still, both he and Mr. Clapper said that spying on foreign leaders — even those
of allies — was a basic tenet of intelligence tradecraft and had gone on for
decades. European countries, Mr. Clapper said, routinely seek to listen in on
the conversations of American leaders.
“Some of this reminds me of the classic movie ‘Casablanca’ — ‘My God, there’s
gambling going on here,’ ” Mr. Clapper said, twisting the line from the movie
uttered by a corrupt French official who feigns outrage at the very activity in
which he avidly partakes.
Asked whether the White House knows about the N.S.A.’s intelligence-gathering,
including on foreign leaders, Mr. Clapper said, “They can and do.” But, he
added, “I have to say that that does not extend down to the level of detail.
We’re talking about a huge enterprise here, with thousands and thousands of
individual requirements.”
The White House has faced criticism for the N.S.A.’s surveillance practices
since the first revelations by a former agency contractor, Edward J. Snowden, in
June. But in recent weeks it has struggled to quell a new diplomatic storm over
reports that the agency monitored the cellphone of Chancellor Angela Merkel of
Germany for more than a decade. White House officials said that the president
did not know of that surveillance, but that he has told Ms. Merkel that the
United States is not monitoring her phone now and would not in the future.
On Wednesday, a delegation of senior German officials is scheduled to meet at
the White House with Mr. Clapper, the president’s national security adviser,
Susan E. Rice; his homeland security and counterterrorism adviser, Lisa Monaco;
and other officials.
Several current and former American officials said that presidents and their
senior national security advisers have long known about which foreign leaders
the United States spied on.
“It would be unusual for the White House senior staff not to know the exact
source and method of collection,” said Michael Allen, a National Security
Council official in the George W. Bush administration and a former staff
director for the House Intelligence Committee. “That information helps a policy
maker assess the reliability of the intelligence.”
Mr. Allen, the author of book about intelligence reform called “Blinking Red,”
said this information often comes to the president during preparation for phone
calls or meetings with the foreign leaders.
The White House declined to discuss intelligence policies, pending the
completion of a review of intelligence-gathering practices that will be
completed in December. But a senior administration official noted that the vast
majority of intelligence that made it into Mr. Obama’s daily intelligence
briefings focused on potential threats, from Al Qaeda plots to Iran’s nuclear
program.
“These are front-burner, first-tier issues,” said the official, who spoke on the
condition of anonymity because of the delicacy of the matter. “He’s not getting
many briefings on intelligence about Germany.”
Another senior administration official said that Mr. Obama did not generally
rely on intelligence reports to prepare for meetings or phone calls with Ms.
Merkel.
“He knows her well, he speaks with her regularly and our governments work
together every day on a wide range of issues,” said this official, who also
spoke on the condition of anonymity because of the diplomatic concerns. “Because
we talk so frequently, we know where they stand and they know where we stand on
most issues.”
Mr. Clapper and General Alexander got a warm reception from the chairman of the
House Intelligence Committee, Representative Mike Rogers, Republican of
Michigan, who defended the N.S.A.’s methods and said he had been adequately
briefed about its activities.
But elsewhere on Capitol Hill, the outrage among America’s allies was clearly
fueling concern.
Senator Dianne Feinstein of California, the chairwoman of the Senate
Intelligence Committee and one of the fiercest defenders of American
surveillance operations, said Monday that she did “not believe the United States
should be collecting phone calls or emails of friendly presidents and prime
ministers.” Ms. Feinstein said her committee would be conducting a “major
review” of the intelligence programs.
Another strong defender of the N.S.A., Speaker John A. Boehner, agreed that
“there needs to be review, there ought to be review and it ought to be
thorough,” he said. “We’ve got obligations to the American people to keep them
safe. We’ve got obligations to our allies around the world.”
“But having said that, we’ve got to find the right balance here,” he added.
“We’re imbalanced as we stand here.”
An aide to Mr. Boehner said, “The speaker still believes our surveillance
programs save lives, but the president needs to do a better job of managing and
explaining them.”
On Tuesday, House Democrats and Republicans introduced a bill that would curb
some of the N.S.A.’s practices, including the bulk collection of telephone data
inside the United States.
“The picture drawn is one of a surveillance system run amok,” said
Representative John Conyers Jr., Democrat of Michigan, a sponsor of the bill.
“Our intelligence community has operated without proper congressional oversight
or regard for Americans’ privacy and civil liberties.”
Even on the House Intelligence Committee, members sparred over what they had
been told by the intelligence agencies about eavesdropping on foreign leaders.
Representative Adam B. Schiff, a California Democrat and a senior member of the
committee, said that he had first learned about the practice after the recent
news media reports.
“Would you consider that a wiretap of a leader of an allied country would be a
significant intelligence activity requiring a report to the intelligence
committees?” Mr. Schiff asked Mr. Clapper.
Mr. Clapper said the agencies had “lived up to the letter and spirit of that
requirement.”
Mr. Schiff disagreed, saying that the agencies had much work to do “to make sure
we’re getting the information we need.” He said that disclosures about such
eavesdropping could create significant “blowback.”
Mr. Rogers disputed Mr. Schiff’s claim, saying that Mr. Schiff needed to take
the time to educate himself about what the committee had been briefed on.
“To make the case that somehow we are in the dark is mystifying to me,” Mr.
Rogers said. “It is disingenuous to imply that this committee did not have a
full and complete understanding of activities of the intelligence community as
was directed under the national intelligence priority framework to include
sources and methods.”
Mark Mazzetti contributed reporting.
Spying Known at Top Levels, Officials Say,
NYT, 29.10.2013,
http://www.nytimes.com/2013/10/30/world/
officials-say-white-house-knew-of-spying.html
Obama May Ban Spying
on Heads of Allied States
October 28, 2013
The New York Times
By MARK LANDLER and DAVID E. SANGER
WASHINGTON — President Obama is poised to order the National
Security Agency to stop eavesdropping on the leaders of American allies,
administration and congressional officials said Monday, responding to a
deepening diplomatic crisis over reports that the agency had for years targeted
the cellphone of Chancellor Angela Merkel of Germany.
The White House informed a leading Democratic lawmaker, Senator Dianne Feinstein
of California, of its plans, which grew out of a broader internal review of
intelligence-gathering methods, prompted by the leak of N.S.A. documents by a
former contractor, Edward J. Snowden.
In a statement on Monday, Ms. Feinstein, chairwoman of the Senate Intelligence
Committee, said, “I do not believe the United States should be collecting phone
calls or emails of friendly presidents and prime ministers.” Ms. Feinstein, who
has been a stalwart defender of the administration’s surveillance policies, said
her committee would begin a “major review of all intelligence collection
programs.”
The White House said Monday evening that no final decision had been made on the
monitoring of friendly foreign leaders. But the disclosure that it is moving to
prohibit it signals a landmark shift for the N.S.A., which has had nearly
unfettered powers to collect data on tens of millions of people around the
world, from ordinary citizens to heads of state, including the leaders of Brazil
and Mexico.
It is also likely to prompt a fierce debate on what constitutes an American
ally. Prohibiting eavesdropping on Ms. Merkel’s phone is an easier judgment
than, for example, collecting intelligence on the military-backed leaders in
Egypt.
“We have already made some decisions through this process and expect to make
more,” said a spokeswoman for the National Security Council, Caitlin M. Hayden,
adding that the review would be completed in December.
Disclosure of the White House’s proposed action came after the release on Monday
afternoon of Ms. Feinstein’s statement, in which she asserted that the White
House had told her it would cease all intelligence collection in friendly
countries. That statement, senior administration officials said, was “not
accurate,” but they acknowledged that they had already made unspecified changes
in surveillance policy and planned further changes, particularly in the
monitoring of government leaders.
The administration will reserve the right to continue collecting intelligence in
friendly countries that pertains to criminal activity, potential terrorist
threats and the proliferation of unconventional weapons, according to several
officials. It also appeared to be leaving itself room in the case of a foreign
leader of an ally who turned hostile or whose actions posed a threat to the
United States.
The crossed wires between the White House and Ms. Feinstein were an indication
of how the furor over the N.S.A.’s methods is testing even the administration
staunchest defenders.
Aides said the senator’s six-paragraph statement reflected exasperation at the
N.S.A. for failing to keep the Intelligence Committee fully apprised of such
politically delicate operations as eavesdropping on the conversations of
friendly foreign leaders.
“She believes the committee was not adequately briefed on the details of these
programs, and she’s frustrated,” said a committee staff member, who spoke on the
condition of anonymity. “In her mind, there were salient omissions.”
The review that Ms. Feinstein announced would be “a major undertaking,” the
staff member said.
The White House has faced growing outrage in Germany and among other European
allies over its surveillance policies. Senior officials from Ms. Merkel’s office
and the heads of Germany’s domestic and foreign intelligence agencies plan to
travel to Washington in the coming days to register their anger.
They are expected to ask for a no-spying agreement similar to what the United
States has with Britain, Canada, Australia and New Zealand, which are known as
the Five Eyes.
The United States has historically resisted such agreements, even with friendly
governments, though it explored a similar arrangement with France early in the
Obama administration. But officials said they would give the Germans, in
particular, a careful hearing.
“We have intel relationships that are already very close,” said a senior
official, who spoke on the condition of anonymity because of the delicacy of the
subject. “There are other types of agreements you could have: cooperation,
limits on intelligence, greater transparency. The countries on the top of the
list for those are close European allies.”
The National Security Agency has said it did not inform Mr. Obama of its
reported monitoring of Ms. Merkel, which appears to have started in 2002 and was
not suspended until sometime last summer after the theft of the N.S.A. data by
Mr. Snowden was discovered.
“At that point it was clear that lists of targeted foreign officials may well
become public,” said one official, “so many of the interceptions were
suspended.”
The N.S.A.’s documentation on Ms. Merkel’s case authorized the agency’s
operatives in Germany not only to collect data about the numbers she was
calling, but also to listen in on her conversations, according to current and
former administration officials.
It was unclear whether excerpts from Ms. Merkel’s conversations appeared in
intelligence reports that were circulated in Washington or shared with the White
House. Officials said they had never seen information attributed to an intercept
of Ms. Merkel’s conversations. But they said it was likely that some
conversations had been recorded simply because the N.S.A. had focused on her for
so long.
In both public comments and private interchanges with German officials, the
Obama administration has refused to confirm that Ms. Merkel’s phone was
targeted, though it has said that it is not the subject of N.S.A. action now,
and will not be in the future.
The refusal to talk about the past has further angered German officials, who
have said the surveillance has broken trust between two close allies. The
Germans were particularly angry that the operation appears to have been run from
inside the American Embassy or somewhere near it, in the heart of Berlin, steps
from the Brandenburg Gate.
None of the officials and former officials who were interviewed would speak
directly about the decision to target Ms. Merkel, saying that information was
classified. But they said the legal distinction between tapping a conversation
and simply collecting telephone “metadata” — essentially the kind of information
about a telephone call that would be found on a telephone bill — existed only
for domestic telephone calls, or calls involving United States citizens.
To record the conversation of a “U.S. Person,” the intelligence agencies would
need a warrant. But no such distinction applies to intercepting the calls of
foreigners, on foreign soil — though those intercepts may be a violation of
local law.
That means that the intercepts of other world leaders could have also involved
both information about the calls and the conversations themselves.
Dennis C. Blair, Mr. Obama’s first director of national intelligence, declined
to speak specifically about the Merkel case. But he noted that “in our
intelligence relationship with countries like France and Germany, 90 to 95
percent of our activity is cooperative and sharing, and a small proportion is
about gaining intelligence we can’t obtain in other ways.”
He said he had little patience for the complaints of foreign leaders. “If any
foreign leader is talking on a cellphone or communicating on unclassified email,
what the U.S. might learn is the least of their problems.”
In addition to the Germans, European Union officials and members of the European
Parliament are descending on Washington to deliver a tough message: The N.S.A.’s
surveillance is unacceptable and has eroded trust between the United States and
Europe.
“The key message is there is a problem,” said Silvia Kofler, a spokeswoman for
the European Union. “We need to re-establish the trust between partners. You
don’t spy on partners.”
One potential threat, Ms. Kofler said, was to the negotiation of the
Trans-Atlantic Trade and Investment Partnership, one of Mr. Obama’s major trade
initiatives. European Union officials, she said, were anxious to keep those
talks on track but would require unspecified “confidence-building measures” to
restore trust between the two sides.
An administration official said the White House would take these visits
seriously, having senior officials from several government agencies and the
White House meet with the Germans, though no meetings have yet been scheduled.
Eric Schmitt contributed reporting.
Obama May Ban Spying on Heads of Allied
States, NYT, 28.10.2013,
http://www.nytimes.com/2013/10/29/world/europe/
obama-may-ban-spying-on-heads-of-allied-states.html
The White House on Spying
October 28, 2013
The New York Times
By THE EDITORIAL BOARD
The White House response on Monday to the expanding
disclosures of American spying on foreign leaders, their governments and
millions of their citizens was a pathetic mix of unsatisfying assurances about
reviews under way, platitudes about the need for security in an insecure age,
and the odd defense that the president didn’t know that American spies had
tapped the German chancellor’s cellphone for 10 years.
Is it really better for us to think that things have gone so far with the
post-9/11 idea that any spying that can be done should be done and that nobody
thought to inform President Obama about tapping the phone of one of the most
important American allies?
The White House spokesman, Jay Carney, kept repeating that Mr. Obama ordered a
review of surveillance policy a few months ago, but he would not confirm whether
that includes the tapping of the cellphone of Chancellor Angela Merkel of
Germany, or the collection of data on tens of millions of calls in France, Spain
and elsewhere. It’s unlikely that Mr. Obama would have ordered any review if
Edward Snowden’s leaks had not revealed the vacuum-cleaner approach to
electronic spying. Mr. Carney left no expectation that the internal reviews will
produce any significant public accounting — only that the White House might have
“a little more detail” when they are completed.
Fortunately, members of Congress have been more aggressive in responding to two
broad disclosures. One, that both the Obama and George W. Bush administrations
misinterpreted the Patriot Act to permit the collection of metadata on phone
calls, emails and text messages of all Americans, whether they were
international or domestic. And, second, that the 2008 amendments to the Foreign
Intelligence Surveillance Act were being stretched to excuse the routine
collection of data from 60 million telephone calls in Spain and 70 million in
France over two 30-day periods.
Legislation scheduled to be introduced on Tuesday by Patrick Leahy, Democrat of
Vermont, the chairman of the Senate Judiciary Committee, and Representative Jim
Sensenbrenner, Republican of Wisconsin, would end the bulk collection of
Americans’ communications data.
The administration has said that such data collection is permitted by Section
215 of the Patriot Act, although Mr. Sensenbrenner, who wrote that section, has
said it is not. The bill, the U.S.A. Freedom Act, would require that the
“tangible things” sought through data collection are “relevant and material to
an authorized investigation into international terrorism or clandestine
intelligence activities.” They would also have to pertain to a foreign power or
its agent, activities of a foreign agent already under investigation or someone
in touch with an agent.
Currently, the government conducts metadata collection by periodically vaguely
informing a federal court in secret that it is working on security-related
issues.
The bill would require a court order in order to search for Americans’
communications in data collected overseas, which falls under the Foreign
Intelligence Surveillance Act, and it would restrict “reverse targeting” —
targeting a foreigner with the goal of getting information about an American.
The bill would not address spying on foreigners, including such abuses as in the
Merkel affair. Those activities are governed by a presidential order that is
secret and certain to remain so.
We are not reassured by the often-heard explanation that everyone spies on
everyone else all the time. We are not advocating a return to 1929 when
Secretary of State Henry Stimson banned the decryption of diplomatic cables
because “gentlemen do not read each other’s mail.” But there has long been an
understanding that international spying was done in pursuit of a concrete threat
to national security.
That Chancellor Merkel’s cellphone conversations could fall under that umbrella
is an outgrowth of the post-9/11 decision by President Bush and Vice President
Dick Cheney that everyone is the enemy, and that anyone’s rights may be degraded
in the name of national security. That led to Abu Ghraib, torture at the secret
C.I.A. prisons, warrantless wiretapping of American citizens, grave harm to
international relations, and the dragnet approach to surveillance revealed by
the Snowden leaks.
The White House on Spying, NYT, 28.10.2013,
http://www.nytimes.com/2013/10/29/opinion/the-white-house-on-spying.html
N.S.A.
Snooping and the Damage Done
October 25,
2013
The New York Times
By THE EDITORIAL BOARD
President
Obama spent this week trying to persuade America’s close allies, France and
Germany, that the National Security Agency’s extensive eavesdropping in those
countries is under adequate control. He was not entirely successful. His efforts
to reassure President François Hollande of France and Chancellor Angela Merkel
of Germany seem to have been as incomplete as the explanations the
administration has given to the American public about the agency’s excessive
domestic surveillance.
The German government learned this week that the newsmagazine Der Spiegel had
new evidence (presumably via information leaked by Edward Snowden) that the
N.S.A. had monitored Ms. Merkel’s cellphone. On Monday, Le Monde reported that
the agency had gathered data on more than 70 million phone calls and messages
inside France within one 30-day period, suggesting a surveillance program that
went well beyond any legitimate tracking of international terrorists.
Mr. Obama sought to assure Ms. Merkel that her phone was not being monitored now
and would not be in the future, but he seemed to indicate nothing about past
monitoring. David Sanger and Mark Mazzetti reported in The Times on Friday that
Germany has evidence of monitoring going back to the George W. Bush
administration.
The Guardian also reported this week that the phone conversations of at least 35
world leaders were monitored by the N.S.A. in 2006, according to an agency memo
leaked by Mr. Snowden. The N.S.A. apparently encouraged American diplomats and
officials to provide phone numbers to be added to the surveillance program.
Would it be surprising if foreign leaders now became much more restrictive about
sharing their numbers with United States officials?
Such surveillance undermines the trust of allies and their willingness to share
the kind of confidential information needed to thwart terrorism and other
threats. When the N.S.A. violates French or German law, law enforcement agencies
in those nations cooperate with the agency at their own risk. There is also the
more subtle damage done by the feeling that the United States plays by its own
rules and respects neither the sovereignty nor the political sensibilities of
some of its closest democratic allies.
Broad data collection programs by the United States government also harm the
efforts of American Internet companies to market their services internationally
by casting doubt on their ability to protect privacy. Such companies face heavy
legal pressures from the N.S.A. and other intelligence agencies to make private
data available for government scrutiny.
And there is new pressure on European governments to seek stricter data
protection in negotiations for a Transatlantic Trade and Investment Partnership,
with the eavesdropping reports souring the political climate for these talks.
European leaders are not naïve about the realities of international snooping.
American security is built on the strength and reliability of its international
alliances. These should not be put at risk merely because the N.S.A. now has the
capacity to monitor more communications in more places than ever.
A good way out of this mess would be for Washington to take up the proposal made
Friday by Germany and France to negotiate a formal pact that would set mutually
acceptable surveillance guidelines. The next steps must come from Mr. Obama. He
should move beyond unpersuasive and vague pledges to balance security against
privacy, to substantive guidelines that limit the overreaching of N.S.A.
surveillance programs abroad and at home.
N.S.A. Snooping and the Damage Done, NYT, 25.10.2013,
http://www.nytimes.com/2013/10/26/opinion/more-damage-from-nsa-snooping.html
New
Leaks, New Repercussions
October 22,
2013
The New York Times
By THE EDITORIAL BOARD
Stunning
new details continue to emerge from Edward Snowden’s leaks about the vast
electronic data mining carried out by the National Security Agency, setting off
one diplomatic aftershock after another.
The latest was spurred by reports in Le Monde this week that the agency had
gained access to the records of more than 70 million calls inside France in one
30-day period. The American ambassador was summoned to the French Foreign
Ministry for an explanation; President François Hollande told President Obama by
telephone that the data sweep was “unacceptable,” and the matter has already
become an issue in a visit to Paris by Secretary of State John Kerry intended to
focus on Syria.
Previous reports based on Mr. Snowden’s information have alleged American
eavesdropping on Germany, Britain, Brazil, Mexico, European Union offices and
European diplomatic missions. More revelations are likely.
The Obama administration’s response has been that the United States seeks to
gather foreign intelligence as other nations do. That is not in dispute, and no
doubt much of the public indignation by France and other governments is largely
rhetorical. Le Monde reported in July that the French intelligence agency has
its own extensive electronic surveillance operation. Nor is there much dispute
that intelligence is necessary to protect citizens against terrorists and other
enemies.
But the very scale of America’s clandestine electronic operations appears to be
undercutting America’s “soft power” — its ability to influence global affairs
through example and moral leadership. Brazil has complained about the reach of
American surveillance, while the European Parliament has revived an effort to
enact privacy legislation that could impose restrictions on American Internet
providers and further complicate talks on a trans-Atlantic trade and investment
agreement.
Mr. Kerry said the United States was working to find a balance between
protecting privacy and providing security in a dangerous world. Mr. Obama has
pledged to review electronic intelligence gathering, as well as the institutions
charged with judicial and political oversight, a vow he must honor given the
scope of the N.S.A.’s operations.
The fact is that most nations practice electronic surveillance and that citizens
everywhere surrender personal data voluntarily to digital services and social
networks. That is why free countries must place stern limits on the security
institutions allowed to function in the shadows.
New Leaks, New Repercussions, NYT, 22.10.2013,
http://www.nytimes.com/2013/10/23/opinion/new-leaks-new-repercussions.html
N.S.A. Gathers Data
on
Social Connections of U.S. Citizens
September
28, 2013
The New York Times
By JAMES RISEN and LAURA POITRAS
WASHINGTON
— Since 2010, the National Security Agency has been exploiting its huge
collections of data to create sophisticated graphs of some Americans’ social
connections that can identify their associates, their locations at certain
times, their traveling companions and other personal information, according to
newly disclosed documents and interviews with officials.
The spy agency began allowing the analysis of phone call and e-mail logs in
November 2010 to examine Americans’ networks of associations for foreign
intelligence purposes after N.S.A. officials lifted restrictions on the
practice, according to documents provided by Edward J. Snowden, the former
N.S.A. contractor.
The policy shift was intended to help the agency “discover and track”
connections between intelligence targets overseas and people in the United
States, according to an N.S.A. memorandum from January 2011. The agency was
authorized to conduct “large-scale graph analysis on very large sets of
communications metadata without having to check foreignness” of every e-mail
address, phone number or other identifier, the document said. Because of
concerns about infringing on the privacy of American citizens, the computer
analysis of such data had previously been permitted only for foreigners.
The agency can augment the communications data with material from public,
commercial and other sources, including bank codes, insurance information,
Facebook profiles, passenger manifests, voter registration rolls and GPS
location information, as well as property records and unspecified tax data,
according to the documents. They do not indicate any restrictions on the use of
such “enrichment” data, and several former senior Obama administration officials
said the agency drew on it for both Americans and foreigners.
N.S.A. officials declined to say how many Americans have been caught up in the
effort, including people involved in no wrongdoing. The documents do not
describe what has resulted from the scrutiny, which links phone numbers and
e-mails in a “contact chain” tied directly or indirectly to a person or
organization overseas that is of foreign intelligence interest.
The new disclosures add to the growing body of knowledge in recent months about
the N.S.A.’s access to and use of private information concerning Americans,
prompting lawmakers in Washington to call for reining in the agency and
President Obama to order an examination of its surveillance policies. Almost
everything about the agency’s operations is hidden, and the decision to revise
the limits concerning Americans was made in secret, without review by the
nation’s intelligence court or any public debate. As far back as 2006, a Justice
Department memo warned of the potential for the “misuse” of such information
without adequate safeguards.
An agency spokeswoman, asked about the analyses of Americans’ data, said, “All
data queries must include a foreign intelligence justification, period.”
“All of N.S.A.’s work has a foreign intelligence purpose,” the spokeswoman
added. “Our activities are centered on counterterrorism, counterproliferation
and cybersecurity.”
The legal underpinning of the policy change, she said, was a 1979 Supreme Court
ruling that Americans could have no expectation of privacy about what numbers
they had called. Based on that ruling, the Justice Department and the Pentagon
decided that it was permissible to create contact chains using Americans’
“metadata,” which includes the timing, location and other details of calls and
e-mails, but not their content. The agency is not required to seek warrants for
the analyses from the Foreign Intelligence Surveillance Court.
N.S.A. officials declined to identify which phone and e-mail databases are used
to create the social network diagrams, and the documents provided by Mr. Snowden
do not specify them. The agency did say that the large database of Americans’
domestic phone call records, which was revealed by Mr. Snowden in June and
caused bipartisan alarm in Washington, was excluded. (N.S.A. officials have
previously acknowledged that the agency has done limited analysis in that
database, collected under provisions of the Patriot Act, exclusively for people
who might be linked to terrorism suspects.)
But the agency has multiple collection programs and databases, the former
officials said, adding that the social networking analyses relied on both
domestic and international metadata. They spoke only on the condition of
anonymity because the information was classified.
The concerns in the United States since Mr. Snowden’s revelations have largely
focused on the scope of the agency’s collection of the private data of Americans
and the potential for abuse. But the new documents provide a rare window into
what the N.S.A. actually does with the information it gathers.
A series of agency PowerPoint presentations and memos describe how the N.S.A.
has been able to develop software and other tools — one document cited a new
generation of programs that “revolutionize” data collection and analysis — to
unlock as many secrets about individuals as possible.
The spy agency, led by Gen. Keith B. Alexander, an unabashed advocate for more
weapons in the hunt for information about the nation’s adversaries, clearly
views its collections of metadata as one of its most powerful resources. N.S.A.
analysts can exploit that information to develop a portrait of an individual,
one that is perhaps more complete and predictive of behavior than could be
obtained by listening to phone conversations or reading e-mails, experts say.
Phone and e-mail logs, for example, allow analysts to identify people’s friends
and associates, detect where they were at a certain time, acquire clues to
religious or political affiliations, and pick up sensitive information like
regular calls to a psychiatrist’s office, late-night messages to an extramarital
partner or exchanges with a fellow plotter.
“Metadata can be very revealing,” said Orin S. Kerr, a law professor at George
Washington University. “Knowing things like the number someone just dialed or
the location of the person’s cellphone is going to allow them to assemble a
picture of what someone is up to. It’s the digital equivalent of tailing a
suspect.”
The N.S.A. had been pushing for more than a decade to obtain the rule change
allowing the analysis of Americans’ phone and e-mail data. Intelligence
officials had been frustrated that they had to stop when a contact chain hit a
telephone number or e-mail address believed to be used by an American, even
though it might yield valuable intelligence primarily concerning a foreigner who
was overseas, according to documents previously disclosed by Mr. Snowden. N.S.A.
officials also wanted to employ the agency’s advanced computer analysis tools to
sift through its huge databases with much greater efficiency.
The agency had asked for the new power as early as 1999, the documents show, but
had been initially rebuffed because it was not permitted under rules of the
Foreign Intelligence Surveillance Court that were intended to protect the
privacy of Americans.
A 2009 draft of an N.S.A. inspector general’s report suggests that contact
chaining and analysis may have been done on Americans’ communications data under
the Bush administration’s program of wiretapping without warrants, which began
after the Sept. 11 attacks to detect terrorist activities and skirted the
existing laws governing electronic surveillance.
In 2006, months after the wiretapping program was disclosed by The New York
Times, the N.S.A.’s acting general counsel wrote a letter to a senior Justice
Department official, which was also leaked by Mr. Snowden, formally asking for
permission to perform the analysis on American phone and e-mail data. A Justice
Department memo to the attorney general noted that the “misuse” of such
information “could raise serious concerns,” and said the N.S.A. promised to
impose safeguards, including regular audits, on the metadata program. In 2008,
the Bush administration gave its approval.
A new policy that year, detailed in “Defense Supplemental Procedures Governing
Communications Metadata Analysis,” authorized by Defense Secretary Robert M.
Gates and Attorney General Michael B. Mukasey, said that since the Supreme Court
had ruled that metadata was not constitutionally protected, N.S.A. analysts
could use such information “without regard to the nationality or location of the
communicants,” according to an internal N.S.A. description of the policy.
After that decision, which was previously reported by The Guardian, the N.S.A.
performed the social network graphing in a pilot project for 1 ½ years “to great
benefit,” according to the 2011 memo. It was put in place in November 2010 in
“Sigint Management Directive 424” (sigint refers to signals intelligence).
In the 2011 memo explaining the shift, N.S.A. analysts were told that they could
trace the contacts of Americans as long as they cited a foreign intelligence
justification. That could include anything from ties to terrorism, weapons
proliferation or international drug smuggling to spying on conversations of
foreign politicians, business figures or activists.
Analysts were warned to follow existing “minimization rules,” which prohibit the
N.S.A. from sharing with other agencies names and other details of Americans
whose communications are collected, unless they are necessary to understand
foreign intelligence reports or there is evidence of a crime. The agency is
required to obtain a warrant from the intelligence court to target a “U.S.
person” — a citizen or legal resident — for actual eavesdropping.
The N.S.A. documents show that one of the main tools used for chaining phone
numbers and e-mail addresses has the code name Mainway. It is a repository into
which vast amounts of data flow daily from the agency’s fiber-optic cables,
corporate partners and foreign computer networks that have been hacked.
The documents show that significant amounts of information from the United
States go into Mainway. An internal N.S.A. bulletin, for example, noted that in
2011 Mainway was taking in 700 million phone records per day. In August 2011, it
began receiving an additional 1.1 billion cellphone records daily from an
unnamed American service provider under Section 702 of the 2008 FISA Amendments
Act, which allows for the collection of the data of Americans if at least one
end of the communication is believed to be foreign.
The overall volume of metadata collected by the N.S.A. is reflected in the
agency’s secret 2013 budget request to Congress. The budget document, disclosed
by Mr. Snowden, shows that the agency is pouring money and manpower into
creating a metadata repository capable of taking in 20 billion “record events”
daily and making them available to N.S.A. analysts within 60 minutes.
The spending includes support for the “Enterprise Knowledge System,” which has a
$394 million multiyear budget and is designed to “rapidly discover and correlate
complex relationships and patterns across diverse data sources on a massive
scale,” according to a 2008 document. The data is automatically computed to
speed queries and discover new targets for surveillance.
A top-secret document titled “Better Person Centric Analysis” describes how the
agency looks for 94 “entity types,” including phone numbers, e-mail addresses
and IP addresses. In addition, the N.S.A. correlates 164 “relationship types” to
build social networks and what the agency calls “community of interest”
profiles, using queries like “travelsWith, hasFather, sentForumMessage,
employs.”
A 2009 PowerPoint presentation provided more examples of data sources available
in the “enrichment” process, including location-based services like GPS and
TomTom, online social networks, billing records and bank codes for transactions
in the United States and overseas.
At a Senate Intelligence Committee hearing on Thursday, General Alexander was
asked if the agency ever collected or planned to collect bulk records about
Americans’ locations based on cellphone tower data. He replied that it was not
doing so as part of the call log program authorized by the Patriot Act, but said
a fuller response would be classified.
If the N.S.A. does not immediately use the phone and e-mail logging data of an
American, it can be stored for later use, at least under certain circumstances,
according to several documents.
One 2011 memo, for example, said that after a court ruling narrowed the scope of
the agency’s collection, the data in question was “being buffered for possible
ingest” later. A year earlier, an internal briefing paper from the N.S.A. Office
of Legal Counsel showed that the agency was allowed to collect and retain raw
traffic, which includes both metadata and content, about “U.S. persons” for up
to five years online and for an additional 10 years offline for “historical
searches.”
James Risen
reported from Washington and New York.
Laura Poitras,
a freelance journalist, reported from Berlin.
N.S.A. Gathers Data on Social Connections of U.S. Citizens, NYT, 28.9.2013,
http://www.nytimes.com/2013/09/29/
us/nsa-examines-social-networks-of-us-citizens.html
N.S.A. Foils Much Internet Encryption
September
5, 2013
The New York Times
By NICOLE PERLROTH, JEFF LARSON
and SCOTT SHANE
The
National Security Agency is winning its long-running secret war on encryption,
using supercomputers, technical trickery, court orders and behind-the-scenes
persuasion to undermine the major tools protecting the privacy of everyday
communications in the Internet age, according to newly disclosed documents.
The agency has circumvented or cracked much of the encryption, or digital
scrambling, that guards global commerce and banking systems, protects sensitive
data like trade secrets and medical records, and automatically secures the
e-mails, Web searches, Internet chats and phone calls of Americans and others
around the world, the documents show.
Many users assume — or have been assured by Internet companies — that their data
is safe from prying eyes, including those of the government, and the N.S.A.
wants to keep it that way. The agency treats its recent successes in deciphering
protected information as among its most closely guarded secrets, restricted to
those cleared for a highly classified program code-named Bullrun, according to
the documents, provided by Edward J. Snowden, the former N.S.A. contractor.
Beginning in 2000, as encryption tools were gradually blanketing the Web, the
N.S.A. invested billions of dollars in a clandestine campaign to preserve its
ability to eavesdrop. Having lost a public battle in the 1990s to insert its own
“back door” in all encryption, it set out to accomplish the same goal by
stealth.
The agency, according to the documents and interviews with industry officials,
deployed custom-built, superfast computers to break codes, and began
collaborating with technology companies in the United States and abroad to build
entry points into their products. The documents do not identify which companies
have participated.
The N.S.A. hacked into target computers to snare messages before they were
encrypted. In some cases, companies say they were coerced by the government into
handing over their master encryption keys or building in a back door. And the
agency used its influence as the world’s most experienced code maker to covertly
introduce weaknesses into the encryption standards followed by hardware and
software developers around the world.
“For the past decade, N.S.A. has led an aggressive, multipronged effort to break
widely used Internet encryption technologies,” said a 2010 memo describing a
briefing about N.S.A. accomplishments for employees of its British counterpart,
Government Communications Headquarters, or GCHQ. “Cryptanalytic capabilities are
now coming online. Vast amounts of encrypted Internet data which have up till
now been discarded are now exploitable.”
When the British analysts, who often work side by side with N.S.A. officers,
were first told about the program, another memo said, “those not already briefed
were gobsmacked!”
An intelligence budget document makes clear that the effort is still going
strong. “We are investing in groundbreaking cryptanalytic capabilities to defeat
adversarial cryptography and exploit Internet traffic,” the director of national
intelligence, James R. Clapper Jr., wrote in his budget request for the current
year.
In recent months, the documents disclosed by Mr. Snowden have described the
N.S.A.’s reach in scooping up vast amounts of communications around the world.
The encryption documents now show, in striking detail, how the agency works to
ensure that it is actually able to read the information it collects.
The agency’s success in defeating many of the privacy protections offered by
encryption does not change the rules that prohibit the deliberate targeting of
Americans’ e-mails or phone calls without a warrant. But it shows that the
agency, which was sharply rebuked by a federal judge in 2011 for violating the
rules and misleading the Foreign Intelligence Surveillance Court, cannot
necessarily be restrained by privacy technology. N.S.A. rules permit the agency
to store any encrypted communication, domestic or foreign, for as long as the
agency is trying to decrypt it or analyze its technical features.
The N.S.A., which has specialized in code-breaking since its creation in 1952,
sees that task as essential to its mission. If it cannot decipher the messages
of terrorists, foreign spies and other adversaries, the United States will be at
serious risk, agency officials say.
Just in recent weeks, the Obama administration has called on the intelligence
agencies for details of communications by leaders of Al Qaeda about a terrorist
plot and of Syrian officials’ messages about the chemical weapons attack outside
Damascus. If such communications can be hidden by unbreakable encryption, N.S.A.
officials say, the agency cannot do its work.
But some experts say the N.S.A.’s campaign to bypass and weaken communications
security may have serious unintended consequences. They say the agency is
working at cross-purposes with its other major mission, apart from
eavesdropping: ensuring the security of American communications.
Some of the agency’s most intensive efforts have focused on the encryption in
universal use in the United States, including Secure Sockets Layer, or SSL;
virtual private networks, or VPNs; and the protection used on fourth-generation,
or 4G, smartphones. Many Americans, often without realizing it, rely on such
protection every time they send an e-mail, buy something online, consult with
colleagues via their company’s computer network, or use a phone or a tablet on a
4G network.
For at least three years, one document says, GCHQ, almost certainly in
collaboration with the N.S.A., has been looking for ways into protected traffic
of popular Internet companies: Google, Yahoo, Facebook and Microsoft’s Hotmail.
By 2012, GCHQ had developed “new access opportunities” into Google’s systems,
according to the document. (Google denied giving any government access and said
it had no evidence its systems had been breached).
“The risk is that when you build a back door into systems, you’re not the only
one to exploit it,” said Matthew D. Green, a cryptography researcher at Johns
Hopkins University. “Those back doors could work against U.S. communications,
too.”
Paul Kocher, a leading cryptographer who helped design the SSL protocol,
recalled how the N.S.A. lost the heated national debate in the 1990s about
inserting into all encryption a government back door called the Clipper Chip.
“And they went and did it anyway, without telling anyone,” Mr. Kocher said. He
said he understood the agency’s mission but was concerned about the danger of
allowing it unbridled access to private information.
“The intelligence community has worried about ‘going dark’ forever, but today
they are conducting instant, total invasion of privacy with limited effort,” he
said. “This is the golden age of spying.”
A Vital
Capability
The documents are among more than 50,000 shared by The Guardian with The New
York Times and ProPublica, the nonprofit news organization. They focus on GCHQ
but include thousands from or about the N.S.A.
Intelligence officials asked The Times and ProPublica not to publish this
article, saying it might prompt foreign targets to switch to new forms of
encryption or communications that would be harder to collect or read. The news
organizations removed some specific facts but decided to publish the article
because of the value of a public debate about government actions that weaken the
most powerful privacy tools.
The files show that the agency is still stymied by some encryption, as Mr.
Snowden suggested in a question-and-answer session on The Guardian’s Web site in
June.
“Properly implemented strong crypto systems are one of the few things that you
can rely on,” he said, though cautioning that the N.S.A. often bypasses the
encryption altogether by targeting the computers at one end or the other and
grabbing text before it is encrypted or after it is decrypted.
The documents make clear that the N.S.A. considers its ability to decrypt
information a vital capability, one in which it competes with China, Russia and
other intelligence powers.
“In the future, superpowers will be made or broken based on the strength of
their cryptanalytic programs,” a 2007 document said. “It is the price of
admission for the U.S. to maintain unrestricted access to and use of
cyberspace.”
The full extent of the N.S.A.’s decoding capabilities is known only to a limited
group of top analysts from the so-called Five Eyes: the N.S.A. and its
counterparts in Britain, Canada, Australia and New Zealand. Only they are
cleared for the Bullrun program, the successor to one called Manassas — both
names of an American Civil War battle. A parallel GCHQ counterencryption program
is called Edgehill, named for the first battle of the English Civil War of the
17th century.
Unlike some classified information that can be parceled out on a strict “need to
know” basis, one document makes clear that with Bullrun, “there will be NO ‘need
to know.’ ”
Only a small cadre of trusted contractors were allowed to join Bullrun. It does
not appear that Mr. Snowden was among them, but he nonetheless managed to obtain
dozens of classified documents referring to the program’s capabilities, methods
and sources.
Ties to
Internet Companies
When the N.S.A. was founded, encryption was an obscure technology used mainly by
diplomats and military officers. Over the last 20 years, it has become
ubiquitous. Even novices can tell that their exchanges are being automatically
encrypted when a tiny padlock appears next to a Web address.
Because strong encryption can be so effective, classified N.S.A. documents make
clear, the agency’s success depends on working with Internet companies — by
getting their voluntary collaboration, forcing their cooperation with court
orders or surreptitiously stealing their encryption keys or altering their
software or hardware.
According to an intelligence budget document leaked by Mr. Snowden, the N.S.A.
spends more than $250 million a year on its Sigint Enabling Project, which
“actively engages the U.S. and foreign IT industries to covertly influence
and/or overtly leverage their commercial products’ designs” to make them
“exploitable.” Sigint is the acronym for signals intelligence, the technical
term for electronic eavesdropping.
By this year, the Sigint Enabling Project had found ways inside some of the
encryption chips that scramble information for businesses and governments,
either by working with chipmakers to insert back doors or by exploiting security
flaws, according to the documents. The agency also expected to gain full
unencrypted access to an unnamed major Internet phone call and text service; to
a Middle Eastern Internet service; and to the communications of three foreign
governments.
In one case, after the government learned that a foreign intelligence target had
ordered new computer hardware, the American manufacturer agreed to insert a back
door into the product before it was shipped, someone familiar with the request
told The Times.
The 2013 N.S.A. budget request highlights “partnerships with major
telecommunications carriers to shape the global network to benefit other
collection accesses” — that is, to allow more eavesdropping.
At Microsoft, as The Guardian has reported, the N.S.A. worked with company
officials to get pre-encryption access to Microsoft’s most popular services,
including Outlook e-mail, Skype Internet phone calls and chats, and SkyDrive,
the company’s cloud storage service.
Microsoft asserted that it had merely complied with “lawful demands” of the
government, and in some cases, the collaboration was clearly coerced. Some
companies have been asked to hand the government the encryption keys to all
customer communications, according to people familiar with the government’s
requests.
N.S.A. documents show that the agency maintains an internal database of
encryption keys for specific commercial products, called a Key Provisioning
Service, which can automatically decode many messages. If the necessary key is
not in the collection, a request goes to the separate Key Recovery Service,
which tries to obtain it.
How keys are acquired is shrouded in secrecy, but independent cryptographers say
many are probably collected by hacking into companies’ computer servers, where
they are stored. To keep such methods secret, the N.S.A. shares decrypted
messages with other agencies only if the keys could have been acquired through
legal means. “Approval to release to non-Sigint agencies,” a GCHQ document says,
“will depend on there being a proven non-Sigint method of acquiring keys.”
Simultaneously, the N.S.A. has been deliberately weakening the international
encryption standards adopted by developers. One goal in the agency’s 2013 budget
request was to “influence policies, standards and specifications for commercial
public key technologies,” the most common encryption method.
Cryptographers have long suspected that the agency planted vulnerabilities in a
standard adopted in 2006 by the National Institute of Standards and Technology
and later by the International Organization for Standardization, which has 163
countries as members.
Classified N.S.A. memos appear to confirm that the fatal weakness, discovered by
two Microsoft cryptographers in 2007, was engineered by the agency. The N.S.A.
wrote the standard and aggressively pushed it on the international group,
privately calling the effort “a challenge in finesse.”
“Eventually, N.S.A. became the sole editor,” the memo says.
Even agency programs ostensibly intended to guard American communications are
sometimes used to weaken protections. The N.S.A.’s Commercial Solutions Center,
for instance, invites the makers of encryption technologies to present their
products to the agency with the goal of improving American cybersecurity. But a
top-secret N.S.A. document suggests that the agency’s hacking division uses that
same program to develop and “leverage sensitive, cooperative relationships with
specific industry partners” to insert vulnerabilities into Internet security
products.
By introducing such back doors, the N.S.A. has surreptitiously accomplished what
it had failed to do in the open. Two decades ago, officials grew concerned about
the spread of strong encryption software like Pretty Good Privacy, designed by a
programmer named Phil Zimmermann. The Clinton administration fought back by
proposing the Clipper Chip, which would have effectively neutered digital
encryption by ensuring that the N.S.A. always had the key.
That proposal met a backlash from an unlikely coalition that included political
opposites like Senator John Ashcroft, the Missouri Republican, and Senator John
Kerry, the Massachusetts Democrat, as well as the televangelist Pat Robertson,
Silicon Valley executives and the American Civil Liberties Union. All argued
that the Clipper would kill not only the Fourth Amendment, but also America’s
global technology edge.
By 1996, the White House backed down. But soon the N.S.A. began trying to
anticipate and thwart encryption tools before they became mainstream.
Each novel encryption effort generated anxiety. When Mr. Zimmermann introduced
the Zfone, an encrypted phone technology, N.S.A. analysts circulated the
announcement in an e-mail titled “This can’t be good.”
But by 2006, an N.S.A. document notes, the agency had broken into communications
for three foreign airlines, one travel reservation system, one foreign
government’s nuclear department and another’s Internet service by cracking the
virtual private networks that protected them.
By 2010, the Edgehill program, the British counterencryption effort, was
unscrambling VPN traffic for 30 targets and had set a goal of an additional 300.
But the agencies’ goal was to move away from decrypting targets’ tools one by
one and instead decode, in real time, all of the information flying over the
world’s fiber optic cables and through its Internet hubs, only afterward
searching the decrypted material for valuable intelligence.
A 2010 document calls for “a new approach for opportunistic decryption, rather
than targeted.” By that year, a Bullrun briefing document claims that the agency
had developed “groundbreaking capabilities” against encrypted Web chats and
phone calls. Its successes against Secure Sockets Layer and virtual private
networks were gaining momentum.
But the agency was concerned that it could lose the advantage it had worked so
long to gain, if the mere “fact of” decryption became widely known. “These
capabilities are among the Sigint community’s most fragile, and the inadvertent
disclosure of the simple ‘fact of’ could alert the adversary and result in
immediate loss of the capability,” a GCHQ document warned.
Since Mr. Snowden’s disclosures ignited criticism of overreach and privacy
infringements by the N.S.A., American technology companies have faced scrutiny
from customers and the public over what some see as too cozy a relationship with
the government. In response, some companies have begun to push back against what
they describe as government bullying.
Google, Yahoo, Microsoft and Facebook have pressed for permission to reveal more
about the government’s requests for cooperation. One e-mail encryption company,
Lavabit, closed rather than comply with the agency’s demands for customer
information; another, Silent Circle, ended its e-mail service rather than face
such demands.
In effect, facing the N.S.A.’s relentless advance, the companies surrendered.
Ladar Levison, the founder of Lavabit, wrote a public letter to his disappointed
customers, offering an ominous warning. “Without Congressional action or a
strong judicial precedent,” he wrote, “I would strongly recommend against anyone
trusting their private data to a company with physical ties to the United
States.”
John Markoff
contributed reporting.
N.S.A. Foils Much Internet Encryption, NYT, 5.9.2013,
http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html
A Weak
Agenda on Spying Reform
August 9,
2013
The New York Times
By THE EDITORIAL BOARD
President
Obama, who seems to think the American people simply need some reassurance that
their privacy rights are intact, proposed a series of measures on Friday that
only tinker around the edges of the nation’s abusive surveillance programs.
He said he wants “greater oversight, greater transparency, and constraints” on
the mass collection of every American’s phone records by the National Security
Agency. He didn’t specify what those constraints and oversight measures would
be, only that he would work with Congress to develop them. But, in the meantime,
the collection of records will continue as it has for years, gathering far more
information than is necessary to fight terrorism.
He said he wants an adversary to challenge the government’s positions at the
secret Foreign Intelligence Surveillance Court, a long-needed reform that would
allow the court’s federal judges to hear more than one point of view in
approving targets and security policy. But if those arguments remain closed to
the public — and the president did not suggest otherwise — then it will be
impossible to evaluate whether the change has had any effect. At a minimum, he
could have urged the court to release unclassified summaries of its opinions
when possible.
Finally, he announced that the N.S.A. would hire a civil liberties and privacy
officer and create a Web site about its mission, and that a task force would
review the nation’s surveillance technologies. These measures, however, are
unlikely to have a real effect on intelligence gathering.
Fundamentally, Mr. Obama does not seem to understand that the nation needs to
hear more than soothing words about the government’s spying enterprise. He
suggested that if ordinary people trusted the government not to abuse their
privacy, they wouldn’t mind the vast collection of phone and e-mail data.
Bizarrely, he compared the need for transparency to showing his wife that he had
done the dishes, rather than just telling her he had done so. Out-of-control
surveillance is a bit more serious than kitchen chores. It is the existence of
these programs that is the problem, not whether they are modestly transparent.
As long as the N.S.A. believes it has the right to collect records of every
phone call — and the administration released a white paper Friday that
explained, unconvincingly, why it is perfectly legal — then none of the promises
to stay within the law will mean a thing.
If all Mr. Obama is inclined to do is tweak these programs, then Congress will
have to step in to curb these abuses, a path many lawmakers of both parties are
already pursuing. There are bills pending that would stop the bulk collection of
communications data, restricting it to those under suspicion of terrorism. Other
measures would require the surveillance court to make public far more of its
work. If the president is truly concerned about public anxiety, he can vocally
support legislation to make meaningful changes, rather than urging people to
trust him that the dishes are clean.
A Weak Agenda on Spying Reform, NYT, 9.8.2013,
http://www.nytimes.com/2013/08/10/opinion/a-weak-agenda-on-spying-reform.html
Threats
Test Obama’s
Balancing Act on Surveillance
August 9, 2013
The New York Times
By MARK MAZZETTI and SCOTT SHANE
WASHINGTON — President Obama has said he wants eventually to
scale back drone strikes and steer the country away from a single-minded focus
on counterterrorism. But in response to a vague yet ominous terror warning in
recent days, his administration shut down nearly two dozen American embassies
and consulates and waged an intense drone campaign in Yemen.
American officials speak of the need for vigorous debate about controversial
National Security Agency programs revealed by Edward J. Snowden, and Mr. Obama
on Friday promised greater accountability to keep the surveillance state in
check. Yet his underlying message was clear: the expansive monitoring of
telephone and electronic communications would continue because the safety of the
country depended on it.
America’s war on terrorism may one day end, as Mr. Obama said in a speech in
May, but until that happens the president has given every indication that it
will be fought in much the same way it has for nearly 12 years. Even Mr. Obama’s
promise of more transparency appeared to fail an instant test during his Friday
news conference. Asked about the flurry of American drone strikes in Yemen,
which have been reported by every news outlet, Mr. Obama demurred.
“I will not have a discussion about operational issues,” he said.
Mr. Obama, who ran for office in 2008 against what he described as the excesses
of counterterrorism under President George W. Bush, has occasionally expressed
ambivalence about drone strikes and aggressive surveillance. But with
Republicans ever ready to pounce with accusations that he has made the country
less safe, he has declined to abandon any of the tools used by his predecessor,
with the sole exception of the brutal interrogation methods once used by the
C.I.A.
The government’s striking response to the reported terror threat in recent days
has coincided with a wave of unprecedented skepticism about the N.S.A.’s
sweeping surveillance programs since Mr. Snowden’s disclosures.
When Mr. Snowden began releasing secret documents two months ago, Mr. Obama said
he welcomed a debate on the trade-offs of N.S.A. surveillance and privacy. But
the debate has grown far larger than administration officials anticipated, with
lawmakers of both parties in Congress and half of Americans in polls calling for
curbs on the agency.
On Thursday, two small companies providing secure e-mail to customers added
their voices. Lavabit and Silent Circle announced that they would shut down
their e-mail services rather than give in to what they suggested was government
pressure to make customers’ messages available to the N.S.A.
In a message on his Web site, Ladar Levison, the founder of Lavabit, said he was
forced “to become complicit in crimes against the American people or walk away
from nearly 10 years of hard work by shutting down Lavabit.”
He said he was prohibited by law from explaining what had happened over the last
six weeks, but the suggestion was that he was fighting a government demand for
access to the e-mail of one or more customers.
Mr. Snowden’s disclosures have had a continuing, even escalating impact as
journalists have continued to pore over them. On Thursday, for instance, The New
York Times wrote that the N.S.A. was examining all e-mail messages in and out of
the country and searching them for clues associated with terrorism or foreign
intelligence.
On Friday, The Guardian, the British newspaper that has published many of Mr.
Snowden’s revelations, wrote about a clause in N.S.A. rules that permits the
agency to search for Americans’ names and identifying information in data about
foreign targets gathered from large Internet companies.
In his remarks on Friday, Mr. Obama said he was satisfied that the N.S.A.
programs were both necessary and respectful of Americans’ privacy. He
acknowledged the “instinctive bias of the intelligence community to keep
everything very close.” But he said he had urged America’s spies to err on the
side of making more details public.
“Let’s just put the whole elephant out there, and examine what’s working,” he
said.
On Friday evening, the State Department announced that nearly all of the
embassies and consulates that had been closed this week would reopen on Sunday —
with only the American Embassy in Sana, Yemen, remaining closed. The consulate
in Lahore, Pakistan, will also stay closed, the result of what American
officials said is a different threat from the one that had forced the closing of
the other diplomatic posts.
With intelligence agencies try trying to piece together information about a
terror plot allegedly discussed in recent weeks between senior Qaeda operatives,
American drones delivered a flurry of missile strikes throughout Yemen.
Eight strikes have been carried out in Yemen in the past two weeks, a ferocious
rate of drone attacks rivaled only by the two-week period after a suicide bomber
killed seven C.I.A. employees at a base in Afghanistan in December 2009.
During his speech at National Defense University in May, President Obama said
that targeted killing operations needed to be tightly constrained. The United
States only carries out strikes against terrorists who pose a “continuing and
imminent threat” to Americans, the president said, and only when it is
determined it would be impossible to detain them, rather than kill them.
And, Mr. Obama said, “before any strike is taken, there must be near-certainty
that no civilians will be killed or injure — the highest standard we can set.”
It is yet unknown who exactly was killed in Yemen during the past two weeks.
Therefore, it is hard to judge the recent strikes against those standards the
president laid out in May. Specifically, did the dozens of people reportedly
killed all pose a “direct and imminent threat”? And, with American officials
fearing that an attack could happen at any moment, just how much care was taken
before each strike to determine that no civilians were in the missiles’ path?
At the very least, this extraordinary period of killing operations in Yemen has
revealed just how much the president’s stated inclination to be more judicious
about drone strikes is tested in a period of perceived crisis.
Striking a balance between liberty and security is a leitmotif in many of
President Obama’s speeches, and on Friday he spoke of “rebalancing” the ledger
after the demands of more than a decade of war.
But the changes he announced on Friday were incremental rather than radical —
more of what he referred to as “tightening the bolts” rather than dismantling
the machine itself.
Mark Mazzetti reported from Washington,
and Scott Shane from New York.
Threats Test Obama’s Balancing Act on
Surveillance, NYT, 9.8.2013,
http://www.nytimes.com/2013/08/10/us/
threats-test-obamas-balancing-act-on-surveillance.html
President Moves
to Ease Worries on Surveillance
August 9, 2013
The New York Times
By CHARLIE SAVAGE and MICHAEL D. SHEAR
WASHINGTON — President Obama on Friday sought to take control
of the roiling debate over the National Security Agency’s surveillance
practices, releasing a more detailed legal justification for domestic spying and
calling for more openness and scrutiny of the N.S.A.’s programs to reassure a
skeptical public that its privacy is not being violated.
“It’s right to ask questions about surveillance, particularly as technology is
reshaping every aspect of our lives,” Mr. Obama said, adding: “It’s not enough
for me, as president, to have confidence in these programs. The American people
need to have confidence in them as well.”
But at a time when leaks by the former N.S.A. contractor Edward J. Snowden have
exposed the agency’s expansive spying both inside the United States and abroad
to an unprecedented degree of scrutiny, Mr. Obama showed no inclination to
curtail secret surveillance efforts. Rather, he conceded only a need for greater
openness and safeguards to make the public “comfortable” with them.
In meeting threats to the country, Mr. Obama said, “we have to strike the right
balance between protecting our security and preserving our freedoms.” And while
he said that the programs were valuable and that he was confident they had not
been abused, he acknowledged that people “may want to jigger slightly” that
balance.
Mr. Obama made his remarks at a wide-ranging news conference on the eve of his
departure for a week’s vacation. He responded to questions on issues like the
coming appointment of a new Federal Reserve chairman, the carrying out of his
health care law, his relationship with President Vladimir V. Putin of Russia,
and the current status of Al Qaeda. But he began with a lengthy statement about
surveillance, and that was the focus of the nearly hourlong news conference.
Critics of the electronic spying brought to light by Mr. Snowden’s leaks said
the president’s approach was insufficient. Anthony D. Romero, the executive
director of the American Civil Liberties Union, said that a program that
collects records of every domestic phone call — which Mr. Obama made clear he
intends to keep — must be shut down.
“What’s clear is that these surveillance programs have gone much further than
the president or Congress have ever admitted,” Mr. Romero said. “These initial
recommendations from Obama today, albeit welcome, are too little too late. They
are not sufficient to address serious concerns about possible violations of the
law and about dragnet surveillance.”
A spokesman for Speaker John A. Boehner, Republican of Ohio, urged Mr. Obama not
to let such criticism undermine the N.S.A.’s fundamental capabilities.
“Transparency is important, but we expect the White House to insist that no
reform will compromise the operational integrity of the program,” said the
spokesman, Brendan Buck. “That must be the president’s red line, and he must
enforce it. Our priority should continue to be saving American lives, not saving
face.”
A clear theme of Mr. Obama’s remarks was that he believed that the public’s
understanding of the surveillance programs had been distorted. He portrayed some
of Mr. Snowden’s leaks as having been reported in “the most sensationalized
manner possible” and parceled out to “maximize attention” in “dribs and in
drabs, sometimes coming out sideways.” The result has been misimpressions not
merely among the American public, he said, but around the world — a reference to
the widespread international criticism of the United States over reports of its
surveillance policies.
“If you are the ordinary person and you start seeing a bunch of headlines saying
‘U.S. Big Brother looking down on you, collecting telephone records, etc.,’
well, understandably people would be concerned,” he said, while also addressing
some of his reassurances to those abroad.
“To others around the world, I want to make clear once again that America is not
interested in spying on ordinary people,” he said. “Our intelligence is focused
above all on finding the information that’s necessary to protect our people and,
in many cases, protect our allies. It’s true we have significant capabilities.
What’s also true is we show a restraint that many governments around the world
don’t even think to do.”
In an effort to rebuild public trust, Mr. Obama said he wanted to work with
Congress to modify the phone log program, but in what he said would be an
“appropriate” way. He listed as examples of those steps establishing more
oversight and auditing how the database is used.
The president also threw his support behind a proposal to change the procedures
of the secret court that approves electronic spying under the Foreign
Intelligence Surveillance Act, saying an adversarial lawyer should make
arguments opposing the Justice Department when the court is considering whether
to approve broad surveillance programs.
The administration also released a 22-page unclassified “white paper” explaining
in greater detail why the government believes that its bulk collection of
domestic phone logs is lawful. At the same time, the N.S.A. released a
seven-page paper outlining its role and authorities. The agency is creating a
full-time civil liberties and privacy officer, Mr. Obama said, and next week it
will open a Web site designed to explain itself better to the public.
“We can and must be more transparent,” Mr. Obama said.
In addition, Mr. Obama announced the creation of a task force that will include
outside intelligence specialists and civil liberties advocates to advise the
government about how to balance security and privacy as improving computer
technology makes it possible to gather ever more information about people’s
private lives.
In response to a reporter’s question, Mr. Obama obliquely acknowledged the
terrorism alert in the Middle East that in recent days has prompted the
withdrawals of embassy staff members in Yemen and other countries. He was asked
how to square the apparent threat from Al Qaeda with his previous portrayals of
the core of the group as severely weakened.
Mr. Obama said that the original Al Qaeda — the tightly organized, hierarchical
group that was capable of “spectacular homeland attacks” like the ones on Sept.
11, 2001 — was indeed “decimated.” But its regional affiliates still pose a
“destabilizing and disruptive” threat on the scale of potentially driving “a
truck bomb into an embassy wall,” he said.
“We’ve got to continue to be vigilant and go after known terrorists who are
potentially carrying out plots,” he said, adding: “This is an ongoing process.
We are not going to completely eliminate terrorism. What we can do is to weaken
it and to strengthen our partnerships in such a way that it does not pose the
kind of horrible threat that we saw on 9/11.”
The news conference also dwelled on Mr. Snowden’s obtaining temporary refugee
status in Russia, and the cooling relationship with the Putin government over
that and several other issues, including the conflict in Syria and Russia’s
crackdown on gay rights. Earlier in the week, Mr. Obama canceled a planned
summit meeting with Mr. Putin in Moscow.
While Mr. Obama said he opposed calls to boycott the 2014 Winter Olympics in
Russia, he acknowledged “emerging differences” with his Russian counterpart.
Asked whether the steps on surveillance he was taking amounted to a vindication
of Mr. Snowden’s leaks, Mr. Obama rejected that notion. He said that Mr. Snowden
should have gone to the Congressional intelligence committees with any concerns
he had about surveillance, rather than “putting at risk our national security
and some very vital ways that we are able to get intelligence that we need to
secure the country.”
“I don’t think Mr. Snowden was a patriot,” Mr. Obama said.
President Moves to Ease Worries on
Surveillance, NYT, 9.8.2013,
http://www.nytimes.com/2013/08/10/us/politics/obama-news-conference.html
Breaking
Through Limits on Spying
August 8,
2013
The New York Times
By THE EDITORIAL BOARD
Apparently
no espionage tool that Congress gives the National Security Agency is big enough
or intrusive enough to satisfy the agency’s inexhaustible appetite for delving
into the communications of Americans. Time and again, the N.S.A. has pushed past
the limits that lawmakers thought they had imposed to prevent it from invading
basic privacy, as guaranteed by the Constitution.
It was bad enough in 2008 when Congress allowed the agency to spy without a
warrant on e-mails and text messages between Americans and foreign targets of an
investigation. That already strained the Fourth Amendment’s protections against
illegal searches, but lawmakers decided it was justified as part of a terror
investigation.
It turns out, as Charlie Savage revealed in The Times on Thursday, that the
N.S.A. went far beyond those boundaries. Instead, it copies virtually all
overseas messages that Americans send or receive, then scans them to see if they
contain any references to people or subjects the agency thinks might have a link
to terrorists.
That could very well include innocent communications between family members
expressing fears of a terror attack. Or messages between an editor and a
reporter who is covering international security issues. Or the privileged
conversation between a lawyer and a client who is being investigated.
Data collection on this scale goes far beyond what Congress authorized, and it
clearly shreds a common-sense understanding of the Fourth Amendment. It’s as if
the government were telling its citizens not to even talk about security issues
in private messages or else they will come to the attention of the nation’s
spies. “By injecting the N.S.A. into virtually every crossborder interaction,
the U.S. government will forever alter what has always been an open exchange of
ideas,” said Jameel Jaffer, the deputy legal director of the American Civil
Liberties Union.
Obama administration officials justified this unwarranted expansion of
surveillance powers with the usual hairsplitting arguments over semantics. It’s
not “bulk collection” of messages if the messages aren’t stored, they said (even
if every message is analyzed by supercomputers as it is sent). It’s legitimate
to search through conversations “about” a target, even if the target isn’t part
of the conversation. Naturally, the Foreign Intelligence Surveillance Court
approved these half-baked assertions with a secret opinion.
The disclosure of this practice makes it more urgent than ever that Congress
clamp down on what is unquestionably the bulk collection of American
communications and restrict it to clear targets of an investigation. Despite
President Obama’s claim this week that “there is no spying on Americans,” the
evidence shows that such spying is greater than the public ever knew.
Breaking Through Limits on Spying, NYT, 8.8.2013,
http://www.nytimes.com/2013/08/09/opinion/breaking-through-limits-on-spying.html
N.S.A. Said to Search
Content
of Messages to and From U.S.
August 8,
2013
The New York Times
By CHARLIE SAVAGE
WASHINGTON
— The National Security Agency is searching the contents of vast amounts of
Americans’ e-mail and text communications into and out of the country, hunting
for people who mention information about foreigners under surveillance,
according to intelligence officials.
The N.S.A. is not just intercepting the communications of Americans who are in
direct contact with foreigners targeted overseas, a practice that government
officials have openly acknowledged. It is also casting a far wider net for
people who cite information linked to those foreigners, like a little used
e-mail address, according to a senior intelligence official.
While it has long been known that the agency conducts extensive computer
searches of data it vacuums up overseas, that it is systematically searching —
without warrants — through the contents of Americans’ communications that cross
the border reveals more about the scale of its secret operations.
It also adds another element to the unfolding debate, provoked by the
disclosures of Edward J. Snowden, the former N.S.A. contractor, about whether
the agency has infringed on Americans’ privacy as it scoops up e-mails and phone
data in its quest to ferret out foreign intelligence.
Government officials say the cross-border surveillance was authorized by a 2008
law, the FISA Amendments Act, in which Congress approved eavesdropping on
domestic soil without warrants as long as the “target” was a noncitizen abroad.
Voice communications are not included in that surveillance, the senior official
said.
Asked to comment, Judith A. Emmel, an N.S.A. spokeswoman, did not directly
address surveillance of cross-border communications. But she said the agency’s
activities were lawful and intended to gather intelligence not about Americans
but about “foreign powers and their agents, foreign organizations, foreign
persons or international terrorists.”
“In carrying out its signals intelligence mission, N.S.A. collects only what it
is explicitly authorized to collect,” she said. “Moreover, the agency’s
activities are deployed only in response to requirements for information to
protect the country and its interests.”
Hints of the surveillance appeared in a set of rules, leaked by Mr. Snowden, for
how the N.S.A. may carry out the 2008 FISA law. One paragraph mentions that the
agency “seeks to acquire communications about the target that are not to or from
the target.” The pages were posted online by the newspaper The Guardian on June
20, but the telltale paragraph, the only rule marked “Top Secret” amid 18 pages
of restrictions, went largely overlooked amid other disclosures.
To conduct the surveillance, the N.S.A. is temporarily copying and then sifting
through the contents of what is apparently most e-mails and other text-based
communications that cross the border. The senior intelligence official, who,
like other former and current government officials, spoke on condition of
anonymity because of the sensitivity of the topic, said the N.S.A. makes a
“clone of selected communication links” to gather the communications, but
declined to specify details, like the volume of the data that passes through
them.
Computer scientists said that it would be difficult to systematically search the
contents of the communications without first gathering nearly all cross-border
text-based data; fiber-optic networks work by breaking messages into tiny
packets that flow at the speed of light over different pathways to their shared
destination, so they would need to be captured and reassembled.
The official said that a computer searches the data for the identifying keywords
or other “selectors” and stores those that match so that human analysts could
later examine them. The remaining communications, the official said, are
deleted; the entire process takes “a small number of seconds,” and the system
has no ability to perform “retrospective searching.”
The official said the keyword and other terms were “very precise” to minimize
the number of innocent American communications that were flagged by the program.
At the same time, the official acknowledged that there had been times when
changes by telecommunications providers or in the technology had led to
inadvertent overcollection. The N.S.A. monitors for these problems, fixes them
and reports such incidents to its overseers in the government, the official
said.
The disclosure sheds additional light on statements intelligence officials have
made recently, reassuring the public that they do not “target” Americans for
surveillance without warrants.
At a House Intelligence Committee oversight hearing in June, for example, a
lawmaker pressed the deputy director of the N.S.A., John Inglis, to say whether
the agency listened to the phone calls or read the e-mails and text messages of
American citizens. Mr. Inglis replied, “We do not target the content of U.S.
person communications without a specific warrant anywhere on the earth.”
Timothy Edgar, a former intelligence official in the Bush and Obama
administrations, said that the rule concerning collection “about” a person
targeted for surveillance rather than directed at that person had provoked
significant internal discussion.
“There is an ambiguity in the law about what it means to ‘target’ someone,” Mr.
Edgar, now a visiting professor at Brown, said. “You can never intentionally
target someone inside the United States. Those are the words we were looking at.
We were most concerned about making sure the procedures only target
communications that have one party outside the United States.”
The rule they ended up writing, which was secretly approved by the Foreign
Intelligence Surveillance Court, says that the N.S.A. must ensure that one of
the participants in any conversation that is acquired when it is searching for
conversations about a targeted foreigner must be outside the United States, so
that the surveillance is technically directed at the foreign end.
Americans’ communications singled out for further analysis are handled in
accordance with “minimization” rules to protect privacy approved by the
surveillance court. If private information is not relevant to understanding
foreign intelligence, it is deleted; if it is relevant, the agency can retain it
and disseminate it to other agencies, the rules show.
While the paragraph hinting at the surveillance has attracted little attention,
the American Civil Liberties Union did take note of the “about the target”
language in a June 21 post analyzing the larger set of rules, arguing that the
language could be interpreted as allowing “bulk” collection of international
communications, including of those of Americans.
Jameel Jaffer, a senior lawyer at the A.C.L.U., said Wednesday that such
“dragnet surveillance will be poisonous to the freedoms of inquiry and
association” because people who know that their communications will be searched
will change their behavior.
“They’ll hesitate before visiting controversial Web sites, discussing
controversial topics or investigating politically sensitive questions,” Mr.
Jaffer said. “Individually, these hesitations might appear to be
inconsequential, but the accumulation of them over time will change citizens’
relationship to one another and to the government.”
The senior intelligence official argued, however, that it would be inaccurate to
portray the N.S.A. as engaging in “bulk collection” of the contents of
communications. “ ‘Bulk collection’ is when we collect and retain for some
period of time that lets us do retrospective analysis,” the official said. “In
this case, we do not do that, so we do not consider this ‘bulk collection.’ ”
Stewart Baker, a former general counsel for the N.S.A., said that such
surveillance could be valuable in identifying previously unknown terrorists or
spies inside the United States who unwittingly reveal themselves to the agency
by discussing a foreign-intelligence “indicator.” He cited a situation in which
officials learn that Al Qaeda was planning to use a particular phone number on
the day of an attack.
“If someone is sending that number out, chances are they are on the inside of
the plot, and I want to find the people who are on the inside of the plot,” he
said.
The senior intelligence official said that the “about the target” surveillance
had been valuable, but said it was difficult to point to any particular
terrorist plot that would have been carried out if the surveillance had not
taken place. He said it was one tool among many used to assemble a “mosaic” of
information in such investigations. The surveillance was used for other types of
foreign-intelligence collection, not just terrorism investigations, the official
said.
There has been no public disclosure of any ruling by the Foreign Intelligence
Surveillance Court explaining its legal analysis of the 2008 FISA law and the
Fourth Amendment as allowing “about the target” searches of Americans’
cross-border communications. But in 2009, the Justice Department’s Office of
Legal Counsel signed off on a similar process for searching federal employees’
communications without a warrant to make sure none contain malicious computer
code.
That opinion, by Steven G. Bradbury, who led the office in the Bush
administration, may echo the still-secret legal analysis. He wrote that because
that system, called EINSTEIN 2.0, scanned communications traffic “only for
particular malicious computer code” and there was no authorization to acquire
the content for unrelated purposes, it “imposes, at worst, a minimal burden upon
legitimate privacy rights.”
N.S.A. Said to Search Content of Messages to and From U.S., NYT, 8.8.2013,
http://www.nytimes.com/2013/08/08/us/
broader-sifting-of-data-abroad-is-seen-by-nsa.html
Senate
Panel Presses N.S.A.
on Phone
Logs
July 31,
2013
The New York Times
By CHARLIE SAVAGE and DAVID E. SANGER
WASHINGTON
— Senators of both parties on Wednesday sharply challenged the National Security
Agency’s collection of records of all domestic phone calls, even as the latest
leaked N.S.A. document provided new details on the way the agency monitors Web
browsing around the world.
At a Senate Judiciary Committee hearing, the chairman, Patrick J. Leahy,
Democrat of Vermont, accused Obama administration officials of overstating the
success of the domestic call log program. He said he had been shown a classified
list of “terrorist events” detected through surveillance, and it did not show
that “dozens or even several terrorist plots” had been thwarted by the domestic
program.
“If this program is not effective it has to end. So far, I’m not convinced by
what I’ve seen,” Mr. Leahy said, citing the “massive privacy implications” of
keeping records of every American’s domestic calls.
At the start of the hearing, the Obama administration released previously
classified documents outlining the rules for how the domestic phone records may
be accessed and used by intelligence analysts. And as senators debated the
program, The Guardian published on its Web site a still-classified 32-page
presentation, apparently downloaded by Edward J. Snowden, the former N.S.A.
contractor, that describes a separate surveillance activity by the agency.
Called the XKeyscore program, it apparently gives N.S.A. analysts access to
virtually any Internet browsing activity around the world, data that is being
vacuumed up from 150 foreign sites.
Together, the new disclosures provided additional details on the scope of the
United States government’s secret surveillance programs, which have been dragged
into public view and public debate by leaks from Mr. Snowden, who remains
stranded in a Moscow airport.
The hearing came a week after the House voted narrowly to defeat an amendment to
shut down the N.S.A.’s domestic phone record tracking program. The 217-to-205
vote was far closer than expected, and it — along with shifting poll numbers —
suggested that momentum against the domestic program was building. In recent
days even some of the most outspoken supporters of the program have said they
are open to adjusting it.
The Obama administration has been trying to build public support for its
surveillance programs, which trace back to the Bush administration, by arguing
that they are subject to strict safeguards and court oversight and that they
have helped thwart as many as 54 terrorist events. That figure, Mr. Leahy
emphasized, relies upon conflating another program that allows surveillance
targeted at noncitizens abroad, which has apparently been quite valuable, with
the domestic one.
Still, Senator Dianne Feinstein, the California Democrat who is chairwoman of
the Senate Intelligence Committee, said she supported overhauling the program
but keeping it in place because it generates information that might prevent
attacks.
John C. Inglis, the deputy director of the N.S.A., said there had been 13
investigations in which the domestic call tracking program made a
“contribution.” He cited two discoveries: that several men in San Diego were
sending money to a terrorist group in Somalia, and that a suspect who was
already under scrutiny in a subway bomb plot was using a different phone.
Robert S. Litt, the top lawyer in the Office of the Director of National
Intelligence, testified that the Obama administration was also “open to
re-evaluating this program” to create greater public confidence that it protects
privacy while “preserving the essence of the program.” Administration officials
have emphasized that the program collects only so-called metadata, and not the
contents of phone calls.
Still, the top Republican on the committee, Senator Charles E. Grassley of Iowa,
asked skeptical questions about the legal basis for the program while
criticizing the director of national intelligence, James Clapper, for making
inaccurate statements to Congress about it in March. Mr. Clapper has since
apologized.
“Nothing can excuse this kind of behavior from a senior administration official
of any administration, especially on matters of such grave importance,” Mr.
Grassley said.
A series of slides describing XKeyscore, dated 2008, make it clear that the
security agency system is collecting a huge amount of data on Internet activity
around the globe, from chats on social networks to browsing of Web sites and
searches on Google Maps. The volume of data is so vast that most of it is stored
for only three days, although metadata — information showing logins and server
activity, but not content — is stored for a month. Several of the pages were
redacted by The Guardian.
Some of the servers the agency uses are run by foreign intelligence services of
friendly nations, including Britain, Australia, Canada and New Zealand, but
other servers may be on the soil of countries unaware the agency is mining
Internet “pipes” on their soil. Some of the harvesting of data takes place on
the coasts of the United States, and along the Mexican border. Most sites are in
Europe, the Middle East, and along the borders of India, Pakistan, and China.
The intelligence analysts search for terrorist cells by looking at “anomalous
events” — someone searching in German from Pakistani sites, or an Iranian
sending an encrypted Microsoft Word file. But one slide says the system can be
used to identify anyone “searching the Web for suspicious stuff.”
The presentation says the system enables analysts to identify and pursue leads
even if they do not yet know the name, or the e-mail address, of a suspect. “A
large amount of time spent on the Web is performing actions that are anonymous,”
it explains.
One example of how analysts might use the system is to search for whenever
someone has started up a “virtual private network” in a particular country of
interest; the networks are pipelines that add greater security to online
communications. N.S.A. analysts are able to use the system to extract the
activity retrospectively from “raw unselected bulk traffic,” the documents say,
and then decrypt it to “discover the users.”
The agency said its surveillance of the Internet was part of its “lawful foreign
signals intelligence collection” and not “arbitrary and unconstrained.” The
chairman of the House Intelligence Committee, Representative Mike Rogers, and
the ranking Democrat, C. A. Dutch Ruppersberger, said, “The program does not
target American citizens.”
The XKeyscore presentation claimed the program had generated intelligence that
resulted in the capture of more than 300 terrorists. By contrast, the documents
released by the government about the domestic phone log program were more
abstract.
They included briefing papers to Congress from 2009 and 2011 about the “very
large scale” logging of Americans’ calling records — along with a related
program that logged Americans’ e-mails, and that was shut down later in 2011 —
portraying the programs as providing a vital and important capability.
But Senator Ron Wyden, an Oregon Democrat on the Senate Intelligence Committee
who has been a leading critic of the bulk collection programs, said the program
had been shut down because officials were unable “to provide evidence to support
the claims” of operational value. Mr. Wyden has also questioned the utility of
the phone log program.
The new documents also included an April “primary order” by the Foreign
Intelligence Surveillance Court that supported orders requiring phone companies
to turn over all customer records. It said the government may access the records
only when there are “facts giving rise to a reasonable, articulable suspicion”
that the number to be searched is associated with terrorism.
However, it said that the results of each inquiry are then placed in a
“corporate store” that analysts may search without any such limits. Intelligence
officials have separately said that search results include not just a target’s
phone records, but also exponentially larger sets of the records of people in as
many as three concentric circles around the target.
Senate Panel Presses N.S.A. on Phone Logs, NYT, 31.7.2013,
http://www.nytimes.com/2013/08/01/us/nsa-surveillance.html
The Criminal N.S.A.
June 27,
2013
The New York Times
By JENNIFER STISA GRANICK
and CHRISTOPHER JON SPRIGMAN
THE twin
revelations that telecom carriers have been secretly giving the National
Security Agency information about Americans’ phone calls, and that the N.S.A.
has been capturing e-mail and other private communications from Internet
companies as part of a secret program called Prism, have not enraged most
Americans. Lulled, perhaps, by the Obama administration’s claims that these
“modest encroachments on privacy” were approved by Congress and by federal
judges, public opinion quickly migrated from shock to “meh.”
It didn’t help that Congressional watchdogs — with a few exceptions, like
Senator Rand Paul, Republican of Kentucky — have accepted the White House’s
claims of legality. The leaders of the Senate Intelligence Committee, Dianne
Feinstein, Democrat of California, and Saxby Chambliss, Republican of Georgia,
have called the surveillance legal. So have liberal-leaning commentators like
Hendrik Hertzberg and David Ignatius.
This view is wrong — and not only, or even mainly, because of the privacy issues
raised by the American Civil Liberties Union and other critics. The two programs
violate both the letter and the spirit of federal law. No statute explicitly
authorizes mass surveillance. Through a series of legal contortions, the Obama
administration has argued that Congress, since 9/11, intended to implicitly
authorize mass surveillance. But this strategy mostly consists of wordplay,
fear-mongering and a highly selective reading of the law. Americans deserve
better from the White House — and from President Obama, who has seemingly
forgotten the constitutional law he once taught.
The administration has defended each of the two secret programs. Let’s examine
them in turn.
Edward J. Snowden, the former N.S.A. contract employee and whistle-blower, has
provided evidence that the government has phone record metadata on all Verizon
customers, and probably on every American, going back seven years. This metadata
is extremely revealing; investigators mining it might be able to infer whether
we have an illness or an addiction, what our religious affiliations and
political activities are, and so on.
The law under which the government collected this data, Section 215 of the
Patriot Act, allows the F.B.I. to obtain court orders demanding that a person or
company produce “tangible things,” upon showing reasonable grounds that the
things sought are “relevant” to an authorized foreign intelligence
investigation. The F.B.I. does not need to demonstrate probable cause that a
crime has been committed, or any connection to terrorism.
Even in the fearful time when the Patriot Act was enacted, in October 2001,
lawmakers never contemplated that Section 215 would be used for phone metadata,
or for mass surveillance of any sort. Representative F. James Sensenbrenner Jr.,
a Wisconsin Republican and one of the architects of the Patriot Act, and a man
not known as a civil libertarian, has said that “Congress intended to allow the
intelligence communities to access targeted information for specific
investigations.” The N.S.A.’s demand for information about every American’s
phone calls isn’t “targeted” at all — it’s a dragnet. “How can every call that
every American makes or receives be relevant to a specific investigation?” Mr.
Sensenbrenner has asked. The answer is simple: It’s not.
The government claims that under Section 215 it may seize all of our phone call
information now because it might conceivably be relevant to an investigation at
some later date, even if there is no particular reason to believe that any but a
tiny fraction of the data collected might possibly be suspicious. That is a
shockingly flimsy argument — any data might be “relevant” to an investigation
eventually, if by “eventually” you mean “sometime before the end of time.” If
all data is “relevant,” it makes a mockery of the already shaky concept of
relevance.
Let’s turn to Prism: the streamlined, electronic seizure of communications from
Internet companies. In combination with what we have already learned about the
N.S.A.’s access to telecommunications and Internet infrastructure, Prism is
further proof that the agency is collecting vast amounts of e-mails and other
messages — including communications to, from and between Americans.
The government justifies Prism under the FISA Amendments Act of 2008. Section
1881a of the act gave the president broad authority to conduct warrantless
electronic surveillance. If the attorney general and the director of national
intelligence certify that the purpose of the monitoring is to collect foreign
intelligence information about any nonAmerican individual or entity not known
to be in the United States, the Foreign Intelligence Surveillance Court can
require companies to provide access to Americans’ international communications.
The court does not approve the target or the facilities to be monitored, nor
does it assess whether the government is doing enough to minimize the intrusion,
correct for collection mistakes and protect privacy. Once the court issues a
surveillance order, the government can issue top-secret directives to Internet
companies like Google and Facebook to turn over calls, e-mails, video and voice
chats, photos, voiceover IP calls (like Skype) and social networking
information.
Like the Patriot Act, the FISA Amendments Act gives the government very broad
surveillance authority. And yet the Prism program appears to outstrip that
authority. In particular, the government “may not intentionally acquire any
communication as to which the sender and all intended recipients are known at
the time of the acquisition to be located in the United States.”
The government knows that it regularly obtains Americans’ protected
communications. The Washington Post reported that Prism is designed to produce
at least 51 percent confidence in a target’s “foreignness” — as John Oliver of
“The Daily Show” put it, “a coin flip plus 1 percent.” By turning a blind eye to
the fact that 49-plus percent of the communications might be purely among
Americans, the N.S.A. has intentionally acquired information it is not allowed
to have, even under the terrifyingly broad auspices of the FISA Amendments Act.
How could vacuuming up Americans’ communications conform with this legal
limitation? Well, as James R. Clapper Jr., the director of national
intelligence, told Andrea Mitchell of NBC, the N.S.A. uses the word “acquire”
only when it pulls information out of its gigantic database of communications
and not when it first intercepts and stores the information.
If there’s a law against torturing the English language, James Clapper is in
real trouble.
The administration hides the extent of its “incidental” surveillance of
Americans behind fuzzy language. When Congress reauthorized the law at the end
of 2012, legislators said Americans had nothing to worry about because the
surveillance could not “target” American citizens or permanent residents. Mr.
Clapper offered the same assurances. Based on these statements, an ordinary
citizen might think the N.S.A. cannot read Americans’ e-mails or online chats
under the F.A.A. But that is a government fed misunderstanding.
A “target” under the act is a person or entity the government wants information
on — not the people the government is trying to listen to. It’s actually O.K.
under the act to grab Americans’ messages so long as they are communicating with
the target, or anyone who is not in the United States.
Leave aside the Patriot Act and FISA Amendments Act for a moment, and turn to
the Constitution.
The Fourth Amendment obliges the government to demonstrate probable cause before
conducting invasive surveillance. There is simply no precedent under the
Constitution for the government’s seizing such vast amounts of revealing data on
innocent Americans’ communications.
The government has made a mockery of that protection by relying on select
Supreme Court cases, decided before the era of the public Internet and
cellphones, to argue that citizens have no expectation of privacy in either
phone metadata or in e-mails or other private electronic messages that it stores
with third parties.
This hairsplitting is inimical to privacy and contrary to what at least five
justices ruled just last year in a case called United States v. Jones. One of
the most conservative justices on the Court, Samuel A. Alito Jr., wrote that
where even public information about individuals is monitored over the long term,
at some point, government crosses a line and must comply with the protections of
the Fourth Amendment. That principle is, if anything, even more true for
Americans’ sensitive nonpublic information like phone metadata and social
networking activity.
We may never know all the details of the mass surveillance programs, but we know
this: The administration has justified them through abuse of language,
intentional evasion of statutory protections, secret, unreviewable investigative
procedures and constitutional arguments that make a mockery of the government’s
professed concern with protecting Americans’ privacy. It’s time to call the
N.S.A.’s mass surveillance programs what they are: criminal.
Jennifer Stisa
Granick is the director of civil liberties
at the
Stanford Center for Internet and Society.
Christopher
Jon Sprigman is a professor
at the
University of Virginia School of Law.
The Criminal N.S.A., NYT, 27.6.2013,
http://www.nytimes.com/2013/06/28/opinion/the-criminal-nsa.html
Obama
Calls Surveillance Programs
Legal
and Limited
June 7,
2013
The New York Times
By PETER BAKER and DAVID E. SANGER
WASHINGTON
— President Obama offered a robust defense of newly revealed surveillance
programs on Friday as more classified secrets spilled into public, complicating
a summit meeting with China’s new president focused partly on human rights and
cybersecurity.
Mr. Obama departed from his script at a health care event in California to try
to reassure Americans that he had not abused government authority by collecting
telephone call logs and foreigners’ e-mail messages. But the disclosure hours
later of secret contingency planning to target other countries for possible
cyberattacks made his get-together with President Xi Jinping later in the day
all the more awkward because cyberattacks by the Chinese are high on the
American agenda.
The latest of three documents published over three days by the British newspaper
The Guardian added to the understanding of the Obama administration’s approach
to national security in an age of multifaceted threats and became another factor
in the renewed debate over the balance between privacy and security.
The identity of the person who gave those documents to The Guardian and The
Washington Post is not known, but The Post has described its source as a career
intelligence officer angry at “what he believes to be a gross intrusion on
privacy” by the Obama administration.
Once a critic of President George W. Bush’s hawkish policies, Mr. Obama was
ready with an explanation for why he has preserved and extended some of them
when a reporter asked him at the health care event if he could assure Americans
that the government was not building a database of their personal information.
“Nobody is listening to your telephone calls,” Mr. Obama said. “That’s not what
this program’s about.”
But he argued that “modest encroachments on privacy” were “worth us doing” to
protect the country, and he said that Congress and the courts had authorized
those programs.
A National Security Agency telephone surveillance program collects phone numbers
and the duration of calls, not the content, he said. An Internet surveillance
program targets foreigners living abroad, not Americans, he added.
“There are some trade-offs involved,” Mr. Obama said. “I came with a healthy
skepticism about these programs. My team evaluated them. We scrubbed them
thoroughly.” In the end, he concluded that “they help us prevent terrorist
attacks.”
But the disclosures united liberal Democrats and libertarian Republicans in
accusing him of abandoning values he once espoused. “We believe the large-scale
collection of this information by the government has a very significant impact
on Americans’ privacy, whether senior government officials recognize that fact
or not,” Senators Ron Wyden of Oregon and Mark Udall of Colorado, both
Democrats, wrote in a joint response to the president’s remarks.
Senator Richard J. Durbin, the Senate’s No. 2 Democrat and an Obama ally from
Illinois, rebuffed the president’s contention that Congress had been kept
abreast of the programs, saying only a handful of top leaders are regularly
briefed.
“To say that there’s Congressional approval suggests a level of information and
oversight that’s just not there,” he said in an interview. He added that the
sort of data mining revealed in recent days “really pushes the role of
government to the limit.”
Advocates of Congressional intervention said public pressure could revive
legislation to at least force more transparency about the programs. “The timing
has never been better to revisit our past decisions,” said Senator Mike Lee, a
Utah Republican.
But it was not clear whether there would be a popular backlash to the programs
beyond some outrage on Twitter and Facebook, and even critics like Mr. Durbin
were skeptical. Many Americans interviewed around the country on Friday shared
concerns about their civil liberties but expressed a certain grudging
resignation as well.
In Congress, the main vehicle for any changes, a reauthorization of the 1978 law
that created the Foreign Intelligence Surveillance Court, passed only last
December and is not due for renewal for five years. During the debate last
winter, the Senate voted on a bipartisan basis to reject amendments to force
transparency or curtail surveillance.
Moreover, beyond Mr. Durbin, Congressional leaders and senior lawmakers on the
intelligence committees expressed few qualms. The House speaker, John A.
Boehner, Republican of Ohio, said Mr. Obama must be more forceful in explaining
the programs but declined to discuss his own position. Senator Harry Reid of
Nevada, the Democratic majority leader, dismissed concerns. “Everyone should
just calm down and understand this isn’t anything that is brand new,” he said.
Just hours after the president spoke, The Guardian posted online a copy of a
classified directive Mr. Obama signed last year laying out conditions under
which the president could order cyberattacks against another country, akin to
the attacks on Iran’s uranium enrichment plant.
The directive ordered the government to “identify potential targets of national
importance” against which offensive cyberoperations “can offer a favorable
balance of effectiveness and risk as compared with other instruments of national
power.” That means, in essence, that the Pentagon’s Cyber Command and the
intelligence agencies would maintain lists of targets around the world that
could be damaged more effectively, and more covertly, by a computer attack than
by a missile or bomber attack.
As previously reported, the document says only the president can authorize
offensive cyberoperations, just as only he can authorize the use of nuclear
weapons. The directive also reserves the right to take “anticipatory action
against imminent threats” to protect critical infrastructure in the United
States, including power utilities, cellphone networks and financial markets.
That raised the possibility that the United States could strike first if it
feared a large attack from China or another country. Officials have blamed China
for a variety of computer spying and cyberattacks, a subject featured on Mr.
Obama’s agenda with Mr. Xi in Southern California.
Josh
Earnest, a White House spokesman, said the revelations would not hinder the
president’s discussions with Mr. Xi.
David E.
Sanger contributed reporting from Washington,
and Jackie
Calmes from San Jose, Calif.
Obama Calls Surveillance Programs Legal and Limited, NYT, 7.6.2013,
http://www.nytimes.com/2013/06/08/us/national-security-agency-surveillance.html
U.S. Says It Gathers Online Data Abroad
June 6,
2013
The New York Times
By CHARLIE SAVAGE, EDWARD WYATT
and PETER BAKER
WASHINGTON
— The federal government has been secretly collecting information on foreigners
overseas for nearly six years from the nation’s largest Internet companies like
Google, Facebook and, most recently, Apple, in search of national security
threats, the director of national intelligence confirmed Thursday night.
The confirmation of the classified program came just hours after government
officials acknowledged a separate seven-year effort to sweep up records of
telephone calls inside the United States. Together, the unfolding revelations
opened a window into the growth of government surveillance that began under the
Bush administration after the terrorist attacks of Sept. 11, 2001, and has
clearly been embraced and even expanded under the Obama administration.
Government officials defended the two surveillance initiatives as authorized
under law, known to Congress and necessary to guard the country against
terrorist threats. But an array of civil liberties advocates and libertarian
conservatives said the disclosures provided the most detailed confirmation yet
of what has been long suspected about what the critics call an alarming and
ever-widening surveillance state.
The Internet surveillance program collects data from online providers including
e-mail, chat services, videos, photos, stored data, file transfers, video
conferencing and log-ins, according to classified documents obtained and posted
by The Washington Post and then The Guardian on Thursday afternoon.
In confirming its existence, officials said that the program, called Prism, is
authorized under a foreign intelligence law that was recently renewed by
Congress, and maintained that it minimizes the collection and retention of
information “incidentally acquired” about Americans and permanent residents.
Several of the Internet companies said they did not allow the government
open-ended access to their servers but complied with specific lawful requests
for information.
“It cannot be used to intentionally target any U.S. citizen, any other U.S.
person, or anyone located within the United States,” James Clapper, the director
of national intelligence, said in a statement, describing the law underlying the
program. “Information collected under this program is among the most important
and valuable intelligence information we collect, and is used to protect our
nation from a wide variety of threats.”
The Prism program grew out of the National Security Agency’s desire several
years ago to begin addressing the agency’s need to keep up with the explosive
growth of social media, according to people familiar with the matter.
The dual revelations, in rapid succession, also suggested that someone with
access to high-level intelligence secrets had decided to unveil them in the
midst of furor over leak investigations. Both were reported by The Guardian,
while The Post, relying upon the same presentation, almost simultaneously
reported the Internet company tapping. The Post said a disenchanted intelligence
official provided it with the documents to expose government overreach.
Before the disclosure of the Internet company surveillance program on Thursday,
the White House and Congressional leaders defended the phone program, saying it
was legal and necessary to protect national security.
Josh Earnest, a White House spokesman, told reporters aboard Air Force One that
the kind of surveillance at issue “has been a critical tool in protecting the
nation from terror threats as it allows counterterrorism personnel to discover
whether known or suspected terrorists have been in contact with other persons
who may be engaged in terrorist activities, particularly people located inside
the United States.” He added: “The president welcomes a discussion of the
trade-offs between security and civil liberties.”
The Guardian and The Post posted several slides from the 41-page presentation
about the Internet program, listing the companies involved — which included
Yahoo, Microsoft, Paltalk, AOL, Skype and YouTube — and the dates they joined
the program, as well as listing the types of information collected under the
program.
The reports came as President Obama was traveling to meet President Xi Jinping
of China at an estate in Southern California, a meeting intended to address
among other things complaints about Chinese cyberattacks and spying. Now that
conversation will take place amid discussion of America’s own vast surveillance
operations.
But while the administration and lawmakers who supported the telephone records
program emphasized that all three branches of government had signed off on it,
Anthony Romero of the American Civil Liberties Union denounced the surveillance
as an infringement of fundamental individual liberties, no matter how many parts
of the government approved of it.
“A pox on all the three houses of government,” Mr. Romero said. “On Congress,
for legislating such powers, on the FISA court for being such a paper tiger and
rubber stamp, and on the Obama administration for not being true to its values.”
Others raised concerns about whether the telephone program was effective.
Word of the program emerged when The Guardian posted an April order from the
secret foreign intelligence court directing a subsidiary of Verizon
Communications to give the N.S.A. “on an ongoing daily basis” until July logs of
communications “between the United States and abroad” or “wholly within the
United States, including local telephone calls.”
On Thursday, Senators Dianne Feinstein of California and Saxby Chambliss of
Georgia, the top Democrat and top Republican on the Intelligence Committee, said
the court order appeared to be a routine reauthorization as part of a broader
program that lawmakers have long known about and supported.
“As far as I know, this is an exact three-month renewal of what has been the
case for the past seven years,” Ms. Feinstein said, adding that it was carried
out by the Foreign Intelligence Surveillance Court “under the business records
section of the Patriot Act.”
“Therefore, it is lawful,” she said. “It has been briefed to Congress.”
While refusing to confirm or to directly comment on the reported court order,
Verizon, in an internal e-mail to employees, defended its release of calling
information to the N.S.A. Randy Milch, an executive vice president and general
counsel, wrote that “the law authorizes the federal courts to order a company to
provide information in certain circumstances, and if Verizon were to receive
such an order, we would be required to comply.”
Sprint and AT&T have also received demands for data from national security
officials, according to people familiar with the requests. Those companies as
well as T-Mobile and CenturyLink declined to say Thursday whether they were or
had been under a similar court order.
Lawmakers and administration officials who support the phone program defended it
in part by noting that it was only for “metadata” — like logs of calls sent and
received — and did not involve listening in on people’s conversations.
The Internet company program appeared to involve eavesdropping on the contents
of communications of foreigners. The senior administration official said its
legal basis was the so-called FISA Amendments Act, a 2008 law that allows the
government to obtain an order from a national security court to conduct blanket
surveillance of foreigners abroad without individualized warrants even if the
interception takes place on American soil.
The law, which Congress reauthorized in late 2012, is controversial in part
because Americans’ e-mails and phone calls can be swept into the database
without an individualized court order when they communicate with people
overseas. While the newspapers portrayed the classified documents as indicating
that the N.S.A. obtained direct access to the companies’ servers, several of the
companies — including Google, Facebook, Microsoft and Apple — denied that the
government could do so. Instead, the companies have negotiated with the
government technical means to provide specific data in response to court orders,
according to people briefed on the arrangements.
“Google cares deeply about the security of our users’ data,” the company said in
a statement. “We disclose user data to government in accordance with the law and
we review all such requests carefully. From time to time, people allege that we
have created a government ‘backdoor’ into our systems, but Google does not have
a ‘backdoor’ for the government to access private user data.”
While murky questions remained about the Internet company program, the
confirmation of the calling log program solved a mystery that has puzzled
national security legal policy observers in Washington for years: why a handful
of Democrats on the Senate Intelligence Committee were raising cryptic alarms
about Section 215 of the Patriot Act, the law Congress enacted after the 9/11
attacks.
Section 215 made it easier for the government to obtain a secret order for
business records, so long as they were deemed relevant to a national security
investigation.
Section 215 is among the sections of the Patriot Act that have periodically come
up for renewal. Since around 2009, a handful of Democratic senators briefed on
the program — including Ron Wyden of Oregon — have sought to tighten that
standard to require a specific nexus to terrorism before someone’s records could
be obtained, while warning that the statute was being interpreted in an alarming
way that they could not detail because it was classified.
On Thursday, Mr. Wyden confirmed that the program is what he and others have
been expressing concern about. He said he hoped the disclosure would “force a
real debate” about whether such “sweeping, dragnet surveillance” should be
permitted — or is even effective.
But just as efforts by Mr. Wyden and fellow skeptics, including Senators Richard
J. Durbin of Illinois and Mark Udall of Colorado, to tighten standards on whose
communications logs could be obtained under the Patriot Act have repeatedly
failed, their criticism was engulfed in a clamor of broad, bipartisan support
for the program.
“If we don’t do it,” said Senator Lindsey Graham, Republican of South Carolina,
“we’re crazy.”
And Representative Mike Rogers, Republican of Michigan and the chairman of the
House Intelligence Committee, claimed in a news conference that the program
helped stop a significant domestic terrorist attack in the United States in the
last few years. He gave no details.
It has long been known that one aspect of the Bush administration’s program of
surveillance without court oversight involved vacuuming up communications
metadata and mining the database to identify associates — called a “community of
interest” — of a suspected terrorist.
In December 2005, The New York Times revealed the existence of elements of that
program, setting off a debate about civil liberties and the rule of law. But in
early 2007, Alberto R. Gonzales, then the attorney general, announced that after
months of extensive negotiation, the Foreign Intelligence Surveillance Court had
approved “innovative” and “complex” orders bringing the surveillance programs
under its authority.
Reporting was
contributed by Eric Schmitt, Jonathan Weisman
and James
Risen from Washington;
Brian X. Chen
from New York; Vindu Goel, Claire Cain Miller,
Nicole
Perlroth, Somini Sengupta
and Michael S.
Schmidt from San Francisco;
and Nick
Wingfield from Seattle.
U.S. Says It Gathers Online Data Abroad, NYT, 6.5.2013,
www.nytimes.com/2013/06/07/us/nsa-verizon-calls.html
U.S. Is Secretly
Collecting Records of Verizon Calls
June 5,
2013
The New York Times
By CHARLIE SAVAGE and EDWARD WYATT
WASHINGTON
— The Obama administration is secretly carrying out a domestic surveillance
program under which it is collecting business communications records involving
Americans under a hotly debated section of the Patriot Act, according to a
highly classified court order disclosed on Wednesday night.
The order, signed by Judge Roger Vinson of the Foreign Intelligence Surveillance
Court in April, directs a Verizon Communications subsidiary, Verizon Business
Network Services, to turn over “on an ongoing daily basis” to the National
Security Agency all call logs “between the United States and abroad” or “wholly
within the United States, including local telephone calls.”
The order does not apply to the content of the communications.
Verizon Business Network Services is one of the nation’s largest
telecommunications and Internet providers for corporations. It is not clear
whether similar orders have gone to other parts of Verizon, like its residential
or cellphone services, or to other telecommunications carriers. The order
prohibits its recipient from discussing its existence, and representatives of
both Verizon and AT&T declined to comment Wednesday evening.
The four-page order was disclosed Wednesday evening by the newspaper The
Guardian. Obama administration officials at the F.B.I. and the White House also
declined to comment on it Wednesday evening, but did not deny the report, and a
person familiar with the order confirmed its authenticity. “We will respond as
soon as we can,” said Marci Green Miller, a National Security Agency
spokeswoman, in an e-mail.
The order was sought by the Federal Bureau of Investigation under a section of
the Foreign Intelligence Surveillance Act, the 1978 law that regulates domestic
surveillance for national security purposes, including “tangible things” which
the law defines as business records. The provision was expanded by Section 215
of the Patriot Act, which Congress enacted after the 9/11 terrorist attacks.
The order was marked “TOP SECRET//SI//NOFORN,” referring to
communications-related intelligence information that may not be released to
noncitizens. That would make it among the most closely held secrets in the
federal government, and its disclosure comes amid a furor over the Obama
administration’s aggressive tactics in its investigations of leaks.
The collection of call logs is set to expire in July unless the court extends
it.
The mass collection of communications logs, or calling “metadata,” was believed
to be a major component of the Bush administration’s surveillance program that
took place without court order under the Foreign Intelligence Surveillance Act.
The order would suggest that the government later continued a form of that
aspect of the program by bringing it under the Patriot Act.
The disclosure late Wednesday seemed likely to set off a new furor over the
scope of government surveillance. Kate Martin of the Center for National
Security Studies, a civil liberties advocacy group, said that “absent some
explanation I haven’t thought of, this looks like the largest assault on privacy
since the N.S.A. wiretapped Americans in clear violation of the law” under the
Bush administration. “On what possible basis has the government refused to tell
us that it believes that the law authorizes this kind of request?” she said.
For several years, two Democrats on the Senate Intelligence Committee, Senator
Ron Wyden of Oregon and Senator Mark Udall of Colorado, have been cryptically
warning that the government was interpreting its surveillance powers under that
section of the Patriot Act in a way that would be alarming to the public if it
knew about it.
“We believe most Americans would be stunned to learn the details of how these
secret court opinions have interpreted section 215 of the Patriot Act,” they
wrote last year in a letter to Attorney General Eric H. Holder Jr.
They added: “As we see it, there is now a significant gap between what most
Americans think the law allows and what the government secretly claims the law
allows. This is a problem, because it is impossible to have an informed public
debate about what the law should say when the public doesn’t know what its
government thinks the law says.”
A spokesman for Senator Wyden did not respond Wednesday to a request for comment
on the Verizon order.
The senators were angry because the Obama administration described Section 215
orders as being similar to a grand jury subpoena for obtaining business records,
like a suspect’s hotel or credit card records, in the course of an ordinary
criminal investigation. The senators said the secret interpretation of the law
was nothing like that.
Section 215 of the Patriot Act made it easier to get an order from the Foreign
Intelligence Surveillance Court to obtain business records so long as they were
merely deemed “relevant” to a national-security investigation.
The Justice Department has denied being misleading about the Patriot Act.
Department officials have acknowledged since 2009 that a secret, sensitive
intelligence program is based on the law and that its statements about the
matter have been accurate.
The New York Times filed a Freedom of Information Act lawsuit in 2011 seeking
access to a report describing the program. But the Obama administration withheld
the report as entirely classified, and a federal judge, after declined to order
it released.
U.S. Is Secretly Collecting Records of Verizon Calls, NYT, 5.6.2013,
http://www.nytimes.com/2013/06/06/us/
us-secretly-collecting-logs-of-business-calls.html
|
