Search This Blog

Sunday 22 December 2013

NSA Snares Americans' Porn Viewing Histories in Effort to Target Muslims

Comment: This is an older piece from the beginning of the month but it's a great summary of the NSA / Snowden scandal and what it really means for civil liberties. 

----------------

Daily Tech
Jason Mick
Dec.1, 2013

Meanwhile Google, Microsoft, and Yahoo! are forced to treat U.S. gov't efforts like a cybercrime The latest leak concerning the U.S. National Security Agency (NSA) by ex-contractor-turned-criminally charged whistleblower Edward Snowden reveals a new height to NSA voyeurism.

I. Dirty Deeds and Social Engineering

The freshly leaked document has been published in The Huffington Post by Glenn Greenwald, Edward Snowden's confidante.  Mr. Greenwald -- a British citizen who primarily writes for The Guardian -- has been harassed for reporting on the leaked material.  British intelligence agents have destroyed hard drives from Mr. Greenwald and harassed his loved ones, but these intimidation tactics have failed to shut him up.

The newly leaked agency memo offers new details on an ambitious NSA social engineering program.  The effort is designed to carefully monitor and scrutinize online behavior of certain individuals, logging certain activities in an attempt to discredit them.  The six "exemplars" listed in the document are all described as radical Muslims.  


Taliban Muslims
The claimed target of the social engineering campaign was radical Muslims.
[Image Source: Getty Images]

Mr. Greenwald and his co-columnists describe these individuals stating:

One target's offending argument is that "Non-Muslims are a threat to Islam," and a vulnerability listed against him is "online promiscuity." Another target, a foreign citizen the NSA describes as a "respected academic," holds the offending view that "offensive jihad is justified," and his vulnerabilities are listed as "online promiscuity" and "publishes articles without checking facts." A third targeted radical is described as a "well-known media celebrity" based in the Middle East who argues that "the U.S perpetrated the 9/11 attack." Under vulnerabilities, he is said to lead "a glamorous lifestyle." A fourth target, who argues that "the U.S. brought the 9/11 attacks on itself" is said to be vulnerable to accusations of “deceitful use of funds." The document expresses the hope that revealing damaging information about the individuals could undermine their perceived "devotion to the jihadist cause."

The document comes from The Director of the National Security Agency ("DIRNSA") -- presumably the office of NSA Director General Keith Alexander, who recently announced his decision to retire following the recent leaks.  Some members of Congress, including Sen. Ron Wyden (D-Oreg.) and Sen. John McCain (R-Ariz.), have called on Gen. Alexander to resign or be fired, as they argue he peverted the powers entrusted to the NSA to spy on Americans.

Multiple executive branch agencies, including the U.S. Department of Justice (DOJ), were CCed on the memo, so it appears the Obama administration was aware of this program.  This is important to note as the Obama administration has tried to blame the most offensive parts of the NSA spying programs on Congress, and claimed to be unaware of these programs.  Such claims have been received with much skepticism given that it was the Obama administration which lobbied secret federal courts for restrictions on spying on Americans be lifted.

The NSA porn spying email recipients

The presentation states that "personal vulnerabilities" can be used to undermine the target's authority, credibility, and reputation.  In addition to more traditional tactics -- looking for inconsistent language used by a person in their personal communications (that the NSA has already been shown to be spying on en masse) and unscrupulous financial behavior (e.g. using public donations for personal items), the presentation also states that targets can be compromised by recording them "viewing sexually explicit material online or using sexually explicit persuasive language when communicating with inexperienced young girls."

The idea is to catch the targets doing the dirty, so to speak, and then somehow let that information "leak out" to target sources as part of a sophisticated social engineeering campaign.



Porn spying memo
(click to enlarge) [Image Source: NSA via The Huffington Post]

Such a tactic appeared to be used against infamous terrorists Osama bin Laden, where it "somehow" leaked to the press that dozens of USB sticks "filled" with pornography and jars of vasoline were found at Osama bin Laden's compound, following the U.S. deathstrike on him in May 2011.

The NSA program is believed to involve the digital equivalent of such a reputation damage campaign, curating porn viewing histories for various IPs, and then using that information to discredit targets.

II. Big Brother is Logging Your Digital Sex Life

While doing this to terrorists may sound like a welcome idea, the problem is that as with other forms of NSA spying, the NSA is believed to be mass harvesting data records, then "filtering" the data down to study the history of targets.  The NSA only considers it "spying" if it targets you with a filtered search.

But the fact is that for some unclear period your private history is floating around in agency databases, accessible by intelligence agency employees and intelligence contractors alike.  We already know that this private history the NSA has been compiling includes portions of our email and chat conversations; a log of our locations over time (as given by cell phone towers); and a list of the websites we visit.

NSA spying
The NSA is watching your adult entertainment viewing history. [Image Source: Nation of Change]
Now this new information suggests that the NSA may pre-filter logs of adult entertainment associated with specific IP addresses inside and outside the U.S.

The first issue with this is that it's expensive.  It appears that a major reason why Congress and the President would back such a controversial program with questionable results is because of special interest money.

Firms like Booz Allen Hamilton Holding Comp. (BAH) (whom Mr. Snowden worked for at the time of his whistleblowing), Oracle Corp. (ORCL), received billions of dollars in handouts for these massive spying programs.  Unsurprisingly before this happened intelligence contractors had paid tens of millions of dollars to federal politicians, whom they urged to adopt these new programs for "national security".

There's no transparency, and little competition to speak of when it comes to these payouts, because contracts typically go to those who pay off politicians, not those who offer the best results.  For example Amazon.com, Inc.'s (AMZN) PAC in 2012 paid a roughly 56-74 split (D/R) of campaign cash to members of the House and 37-12 split (D/R) to members of the Senate, according to OpenSecret's numbers from its PAC.  Lo and behold in each case money went to whatever party was in control of chamber and could pass spending legislation.  According to the site's statistics Amazon claimed $2.5M USD in lobbying expenses in 2012 alone.

Congress bribes
Special interests paid tens of millions to Congress to earn spying contracts worth billions in taxpayer money. [Image Source: Wikimedia Commons]
A 2011 study by researchers Raquel Alexander and Susan Scholz of the University of Kansas School of Business which estimates that per $1 USD spent on lobbying a company gets back $220 USD, on average in contracts, tax breaks, grants, etc. and you get an estimated that Amazon's $2.5M USD contribution should theoretically earn it a $550M USD payoff.

Lo and behold Amazon reportedly received a $600M USD confidential contract recently to provide "data services" to the CIA.  Such payoffs for contracts, are more or less legal in America's current political system, but inevitably they leave American taxpayers footing the bill for their elected leaders's "generosity".

This means that a laundry list of all your fetishes and most private desires of you -- and potentially your significant other -- could potentially be compromised, spilling this embarassing information to employers, colleagues, friends, and family members.

III. "Just Trust Us" Versus a History of Abuse

Of course the NSA would contend that such a scenario would require an agent or contractor breaking the law.  But it already has been shown in audits that NSA agents committed at least minor violations of the law thousands of times a year.

And historically there's evidence of even larger offenses.

J. Edgar Hoover -- former director of the U.S. Federal Bureau of Investigation (FBI) -- famously harassed Martin Luther King, Jr. and other civil rights advocates.  He also spied on public figures he suspected of being communist sympathizers or homosexuals, collecting long surveillance dossiers on them.

Martin Luther King, Jr. 
Martin Luther King, Jr. was among the targets of J. Edgar Hoovers social engineering smear campaigns. [Image Source: Univ. of Nebraska]

He also allegedly compiled records of politicians extramarital affairs, using it to blackmail them.  President Richard Milhous Nixon allegedly oversaw a campaign to break into his rival party's headquarters, an effort that ultimate led him to resign in the face of almost certain impeachment.

J. Edgar Hoover
J. Edgar Hoover targeted homosexuals, leftists, and peaceful civil rights activists.

But for the Nixons and Hoovers of yesteryear, digital spying has opened the door to much cheaper, broader, and easier abuse.  J. Edgar Hoover and others of his ilk would likely salivate at the prospect of having the history of thousands of citizens accessible with a single nearly unnoticeable search query.

Both the Bush and Obama administrations have been shown to have utilized intelligence agencies multiple times to try to spy on and discredit Americans involved in peaceful groups whose political views were at odds with the sitting President's own special-interest purchased perspective.

The NSA would also contend that the information it's harvesting is sanitized -- that information on non-targets is filtered out and deleted after some period of time.  Of course, it won't tell us exactly how long that period of time is, or exactly how it's trying to cleanse its data pile -- in this case porn viewing logs -- of records associated with American citizens.

Pope Francis
President Obama's NSA reportedly spied on Pope Francis. [Image Source: Think Progress]

Under President George Walker Bush (R) intelligence agencies spied on Quakers and other pro-peace groups.  President Barack Hussein Obama's (D) deputies ordered spying on the Occupy Wall Street activists who the administration believed might upset JP Morgan Chase & Comp. (JPM) and other top campaign donors.  Under his watch the NSA also reportedly spied upon Pope Francis (Benedict XVI), the leader of the Catholic Christian church.  President Obama has claimed that he was unaware of this surveillance, but he and his deputies have not commented on the program under oath.

In short, even if the porn-viewing journals that the NSA is harvesting on Americans and foreigners have yet to fall into the "wrong hands" (as far as we know), there's little evidence to support that such a leak couldn't happen in the future.

IV. Microsoft Plans Encryption to Protect Users Against NSA

Meanwhile, Microsoft Corp. (MSFT), one of the largest internet software firms in America reported that it was considering new encryption efforts to protect its users following reports that the NSA tapped fiber optic cables in a program called MUSCULAR.

Google Inc. (GOOG) and Yahoo! Inc. (YHOO) have already addressed the spying, acknowledging that their internal investigations indicated revealed user privacy may have been compromised without their awareness.  Yahoo CEO Marissa Meyer said she feared being charged with treason if she objected to the spying.

Yahoo CEO Marissa Mayer feared being charged with treason if she pushed back against the NSA.
[Image Source: NPR].

Former Google CEO and current chairman of Google's board of directors, Eric Schmidt said that the spying was "not OK" at all with his company.  He said that Google would look to deploy to encryption protections to fight government snooping on cables.

Meanwhile Microsoft's executives met last week, according to a report in The Washington Post, the newspaper that first outed the MUSCULAR program.

Increasingly companies like Google, Yahoo!, and Microsoft are being forced to expand their efforts from defending against scammers and cybercriminals to defending users against scammers, cybercriminals, and the government.  Perhaps tellingly, the NSA and FBI have increasingly turned to cybercriminal tactics to seize user data, such as phishing and malware.  But where as cybercriminals and scammers are determined and clever, they typically operate on slim resources so they pose much less of a threat.

The government is posing a much more challenging threat to tech firms.  While it may not be the most clever at times, it has a seemingly endless pile of taxpayer money to throw at breaking protections and spying on citizens.

CyberCriminal
The tech community is treating the U.S. government like a superpowered cybercriminal.
[Image Source: Xpats]

And worse yet, players like Google and Microsoft have to fight against their own -- traditional tech powers like Amazon.com, Inc. (AMZN) and Oracle who have lobbied behind closed doors in support of increased spying, which feeds them billions in contracts.  In a sense, the tech world is in a state of digital civil war -- both against each and against the government.

The Washington Post quotes Matthew Green, a Johns Hopkins University cryptography expert, as stating, "[It's] a pretty big change in the way these companies have operated.  And it’s a big engineering effort.”"

V. Trio of Senators Call For End to NSA Data Collection in Editorial

Also last week a trio of U.S. Senators -- Sen. Ron Wyden, Sen. Mark Udall (D-Colo.), and Sen. Martin Heinrich (D-New Mexico) -- ratcheted up the pressure and criticism on the NSA, writing a piece titled "End the N.S.A. Dragnet, Now".

In the piece they acknowledge that given the USA PATRIOT Act and other recent measures, that the NSA's actions may fall into a newly created gray area of the law.  But they argue that the collection is inherently unconstitutional and against the spirit of the Founding Fathers.  

We The People
[Image Source: Jason Mick/DailyTech LLC]

They write:

THE framers of the Constitution declared that government officials had no power to seize the records of individual Americans without evidence of wrongdoing, and they embedded this principle in the Fourth Amendment. The bulk collection of Americans’ telephone records — so-called metadata — by the National Security Agency is, in our view, a clear case of a general warrant that violates the spirit of the framers’ intentions. This intrusive program was authorized under a secret legal process by the Foreign Intelligence Surveillance Court, so for years American citizens did not have the knowledge needed to challenge the infringement of their privacy rights.

Our first priority is to keep Americans safe from the threat of terrorism. If government agencies identify a suspected terrorist, they should absolutely go to the relevant phone companies to get that person’s phone records. But this can be done without collecting the records of millions of law-abiding Americans. We recall Benjamin Franklin’s famous admonition that those who would give up essential liberty in the pursuit of temporary safety will lose both and deserve neither.

The usefulness of the bulk collection program has been greatly exaggerated. We have yet to see any proof that it provides real, unique value in protecting national security. In spite of our repeated requests, the N.S.A. has not provided evidence of any instance when the agency used this program to review phone records that could not have been obtained using a regular court order or emergency authorization.

They add:

There is no question that our nation’s intelligence professionals are dedicated, patriotic men and women who make real sacrifices to help keep our country safe and free. We believe that they should be able to do their jobs secure in the knowledge that their agencies have the confidence of the American people.

But this trust has been undermined by the N.S.A.’s domestic surveillance programs, as well as by senior officials’ misleading statements about surveillance. Only by ending the dragnet collection of ordinary Americans’ private information can this trust be rebuilt.

The Democratic trio is backing the "USA Freedom Act of 2013", cosponsored by Sens. Michael S. Lee (R-Utah) and Patrick Leahy (D-Verm.); a bill which would reign in the NSA's Orwellian spying campaign.

At the same time they are condemning their colleague Senator Dianne Feinstein's (D-Calif.)  "FISA Improvements Act" -- a bill which would further codify bulk data seizures by adding new language to the 50 USC § 1861.  This section of The PATRIOT Act already allows ] agents of the FBI to without warrant demand "any tangible things (including books, records, papers, documents, and other items)" from a U.S. citizen in order  "protect against international terrorism or clandestine intelligence activities."

If Sen. Feinstein has her way, the section would be amended to included allowances for the NSA, FBI, and other agencies to seize Americans' data in bulk, without individual warrants.  Under her vision, the NSA and other agencies could apply for FISA court warrants to collect anywhere from thousands of millions of Americans' data -- essentially a blank check to spy on U.S. citizens' digital lives.


Senator Ron Wyden

Sen. Wyden is pictured at an ironically named PRISM awards ceremony in 2007 -- a ceremony relating to Hollywood films that portray substance abuse.  The Democratic Senator was among 10 members of the Senate to vote against the PATRIOT Act renewal in 2006. [Image Source: Ron Wyden]

Civil liberty advocates are in the same camp as Sens. Wyden, Udall, and Heinrich.  They praise Sens. Lee and Leahy's bill as a step in the right direction, if perhaps not going far enough to roll back the PATRIOT Act and restore Constitutional protections.  At the same time they blast Sen. Feinstein's alternative as a grave assault on American freedoms.

Jennifer Granick of the Stanford Center for Internet and Society (CIS) summarizes to The Huffington Post, "The Feinstein bill is terrible and would make things worse. I think the Leahy-Sensenbrenner bill begins to address some of the problems."

Both bills will soon be debated by the U.S. Senate, having made it out of the committee phase intact.

Meanwhile the NSA is speaking out, attacking its critics, in a recently posted memo [PDF] (a memo that isn't a leak).  The piece is perhaps punchline-worthy in that it fails to provide any details to explicitly contradict the bulk of media commentary and characterizations.  However, lack of transparency isn't stopping the NSA from blaming (or crediting?) the press for the mire it's in, writing:


Recent press articles on NSA's collection operations conducted under Executive Order 12333 have misstated facts, mischaracterized NSA's activities, and drawn erroneous inferences about those operations.  NSA conducts all of its activities in accordance with applicable laws, regulations, and policies -- and assertions to the contrary do a grave disservice to the nation, its allies and partners, and the men and women who make up the National Security Agency.

NSA Protesters
The NSA argues it's not evil, it's misunderstood. [Image Source: Flickr/swudc]

The agency acknowledges that it is prone to "incidentally acquire communications of U.S. persons", but says it does its best to delete such records "as soon as possible", if they aren't pertinent to a terrorist investigation.  The document, however, is predictably devoid of any facts and details of its efforts to mitigate its "accidental" spying on Americans.  Of course, if Sens. Wyden, Udall, and Heinrich say the NSA isn't being transparent even in confidential, closed-door Senate sessions, did you expect anything less?

 
Sources: The Huffington Post, The New York Times, NSA Statement [PDF], The Washington Post




No comments:

Related Posts Plugin for WordPress, Blogger...