Snowden, PRISM & Related Revelations (reverse chronological order)
"GCHQ unlawfully spied on British citizens, a secretive UK court has ruled. The decision could mean GCHQ will be forced to delete the information it acquired from people that were spied on.
The Investigatory Powers Tribunal (IPT), the secretive court that was created to keep Britain’s intelligence agencies in check, said that GCHQ’s access to information intercepted by the NSA breached human rights laws. The court found that the collection contravened Article 8 of the European Convention on Human Rights, which protects the right to a private and family life. It also breaches Article 6, which protects the right to a fair trial...|
But the court said today that historical collection was unlawful because the rules governing how the UK could access information received from the NSA were kept secret. It concerned practises disclosed as part of documents disclosed by Edward Snowden, and related to information found through the NSA’s PRISM and UPSTREAM surveillance programmes. PRISM allegedly allowed the NSA access to data from companies including Google, Facebook, Microsoft and Skype. UPSTREAM allowed the NSA to intercept data through the fibre optic cables that power the internet..."For far too long, intelligence agencies like GCHQ and NSA have acted like they are above the law,” said Eric King, deputy director of Privacy International. “Today’s decision confirms to the public what many have said all along — over the past decade, GCHQ and the NSA have been engaged in an illegal mass surveillance sharing program that has affected millions of people around the world."
"Snowden saw what happened to other whistleblowers, and behaved accordingly. His political theory has been quite exact and entirely consistent. He says the existence of these programmes, undisclosed to the American people, is a fundamental violation of American democratic values. Surely there can be no argument with that.
Snowden's position is that efforts so comprehensive, so overwhelmingly powerful, and so conducive to abuse, should not be undertaken save with democratic consent. He has expressed recurrently his belief that the American people are entitled to give or withhold that informed consent. But Snowden has also identified the fastening of those programmes on the global population as a problematic act, which deserves a form of moral and ethical analysis that goes beyond mere raison d'état....Edward Snowden has revealed problems for which we need solutions. The vast surveillance-industrial state that has grown up since 2001 could not have been constructed without government contractors and the data-mining industry. Both are part of a larger ecological crisis brought on by industrial overreaching....we should end the immunity given to the telecommunications operators for assisting illegal listening. Immunity was extended by legislation in 2008. When he was running for president, Barack Obama said that he was going to filibuster that legislation. Then, in August 2008, when it became clear that he was going to become the next president, he changed his mind. Not only did he drop his threat to filibuster the legislation, he interrupted his campaigning in order to vote for immunity.|
The US listeners are having a political crisis beyond their previous imagining. They do not like to appear in the spotlight, or indeed to be visible at all. Now they have lost their credibility with the cybersecurity industry, which has realised that they have broken their implicit promises about what they would not hack. The global financial industry is overwhelmed with fear at what they've done. The other US government agencies they usually count on for support are fleeing them.
much of that software is written by us. The "us" I mean here is those communities sharing free or open source software, with whom I have worked for decades. Protocols that implement secure communications used by businesses between themselves and with consumers (HTTPS, SSL, SSH, TLS, OpenVPN etc) have all been the target of the listeners' interference. Snowden has documented their efforts to break our cryptography. The US listeners are courting global financial disaster. If they ever succeed in compromising the fundamental technical methods by which businesses communicate securely, we would be one catastrophic failure away from global financial chaos. Their conduct will appear to the future to be as economically irresponsible as the debasing of the Roman coinage. It is a basic threat to the economic security of the world. The bad news is that they have made some progress towards irremediable catastrophe. First, they corrupted the science. They covertly affected the making of technical standards, weakening everyone's security everywhere in order to make their own stealing easier. Second, they have stolen keys, as only the best-financed thieves in the world can do. Everywhere encryption keys are baked into hardware, they have been at the bakery. At the beginning of September when Snowden's documents on this subject first became public, the shock waves reverberated around the industry. But the documents released also showed that the listeners are still compelled to steal keys instead of breaking our locks. They have not yet gained enough technical sophistication to break the fundamental cryptography holding the global economy together.
Making public what crypto NSA can't break is the most inflammatory of Snowden's disclosures from the listeners' perspective. As long as nobody knows what the listeners cannot read, they have an aura of omniscience. Once it is known what they cannot read, everyone will use that crypto and soon they cannot read anything any more. Snowden has disclosed that their advances on our fundamental cryptography were good but not excellent. He is also showing us that we have very little time to improve our own cryptography. We must hurry to recover from the harm done to us by technical standards corruption. From now on, the communities that make free software crypto for everyone else must assume that they are up against "national means of intelligence". In this trade, that is bad news for developers, because that's the big leagues. When you play against their opposition, even the tiniest mistake is fatal....Snowden's courage is exemplary. But he ended his effort because we needed to know now. We have to inherit his understanding of that fierce urgency."
"One of the many pressing stories that remains to be told from the Snowden archive is how western intelligence agencies are attempting to manipulate and control online discourse with extreme tactics of deception and reputation-destruction. It’s time to tell a chunk of that story, complete with the relevant documents....Among the core self-identified purposes of JTRIG are two tactics: (1) to inject all sorts of false material onto the internet in order to destroy the reputation of its targets; and (2) to use social sciences and other techniques to manipulate online discourse and activism to generate outcomes it considers desirable. To see how extremist these programs are, just consider the tactics they boast of using to achieve those ends: “false flag operations” (posting material to the internet and falsely attributing it to someone else), fake victim blog posts (pretending to be a victim of the individual whose reputation they want to destroy), and posting “negative information” on various forums. |
... these GCHQ documents are the first to prove that a major western government is using some of the most controversial techniques to disseminate deception online and harm the reputations of targets. Under the tactics they use, the state is deliberately spreading lies on the internet about whichever individuals it targets, including the use of what GCHQ itself calls “false flag operations” and emails to people’s families and friends. Who would possibly trust a government to exercise these powers at all, let alone do so in secret, with virtually no oversight, and outside of any cognizable legal framework? Then there is the use of psychology and other social sciences to not only understand, but shape and control, how online activism and discourse unfolds..."
"Chancellor Angela Merkel of Germany has announced plans to set up a European communications network as part of a broad counter-espionage offensive designed to curb mass surveillance conducted by the US National Security Agency and its British counterpart, GCHQ. The move is her government’s first tangible response to public and political indignation over NSA and GCHQ spying in Europe, which was exposed last October with revelations that the US had bugged Ms Merkel’s mobile phone and that MI6 operated a listening post from the British Embassy in Berlin.|
...Germany’s counter-espionage drive comes after months of repeated and abortive attempts by its officials to reach a friendly “no spy” agreement with the US. Phillip Missfelder, a spokesman for Ms Merkel’s government, admitted recently that revelations about NSA spying had brought relations with Washington to their worst level since the US-led invasion of Iraq in 2003. Der Spiegel claimed that on a single day last year, January 7, the NSA tapped into some 60 million German phone calls. The magazine said that Canada, Australia, Britain and New Zealand were exempt from NSA surveillance but Germany was regarded as a country open to “spy attacks”.
"British companies are fighting back against government surveillance in the U.S. 21 percent of UK firms are moving their hosted information out of the country because of security concerns.That's according to an independent survey of 300 British and Canadian small businesses, commissioned by cloud hosting firm Peer 1 Hosting. The study finds over a fifth of UK firms and one-third of their Canadian counterparts are relocating their information away from US-based data centres because of the NSA intelligence agency scandal, revealed last summer by whistleblower Edward Snowden.|
The survey also suggests the spying scandal has had a significant impact on non-US cloud service providers. Nearly seven out of 10 (69 percent) of decision makers say the mass surveillance has made them more sceptical of data hosting providers everywhere and 57 percent are less likely to use a public cloud as a result.
...Steve Durbin, global vice president of the Information Security Forum (ISF) user group, believes that this confirms that the NSA scandal has encouraged cloud users to “ask the right questions about how their information is being stored, managed and handled”. “As a result, I think businesses are saying that from a risk point of view it might make more sense for us to be storing some of this information in Europe, in the UK or within our own borders, if we can't get satisfactory answers from cloud providers or indeed if the answers from a risk perspective just seem too high for our business.”
Bowden, a former chief privacy adviser to Microsoft, told SCMagazineUK.com: “The rights of foreigners simply haven't been part of the US debate - so far.” “The key international question regarding Obama's NSA reforms is whether he will recognise the human right to privacy of non-Americans, who currently have no protection whatsoever under the FISA law,” he explained. “Both the EU Commission and Parliament have demanded equal treatment with US citizens.
"The phone, internet and email records of UK citizens not suspected of any wrongdoing have been analysed and stored by America's National Security Agency under a secret deal that was approved by British intelligence officials, according to documents from the whistleblower Edward Snowden.
In the first explicit confirmation that UK citizens have been caught up in US mass surveillance programs, an NSA memo describes how in 2007 an agreement was reached that allowed the agency to "unmask" and hold on to personal data about Britons that had previously been off limits.... The NSA has been using the UK data to conduct so-called "pattern of life" or "contact-chaining" analyses, under which the agency can look up to three "hops" away from a target of interest – examining the communications of a friend of a friend of a friend. Guardian analysis suggests three hops for a typical Facebook user could pull the data of more than 5 million people into the dragnet. |
James Ball, 'US and UK struck secret deal to allow NSA to 'unmask' Britons' personal data', The Guardian, 21st November 2013