Nextgov/FCW - Authors - Philip Bump

Rand Paul Sues the NSA in the Most Elaborate Email Collection Scheme in History

Philip Bump, The Wire — Wed, 12 Feb 2014 11:10:10 -0500

Kentucky Sen. Rand Paul will on Wednesday announce a class action suit against the NSA for unconstitutionally (by some estimations) scooping up Americans' telephone call data. Want to join in? Head over to his PAC's website and enter the required fields: email address and ZIP code.

There's no doubt that Paul is sincere in his opposition to the NSA. As a very-new senator at the beginning of 2013, he established his RebpubLibertarian bona fides by challenging the nomination of John Brennan to lead the CIA with a lengthy filibuster demanding that President Obama state that he couldn't kill an American in America with a drone. (Obama responded via Eric Holder; he cannot.)

That was before the Edward Snowden revelations began rolling in. Once the National Security Agency's daily vacuuming up metadata about phone calls became public knowledge, Paul repeatedly criticized the practice. With the lawsuit, he takes that criticism a step further.

"I am filing a lawsuit against President Barack Obama because he has publicly refused to stop a clear and continuing violation of the 4th Amendment," a statementon the filing reads. "I expect this case to go all the way to the Supreme Court and I predict the American people will win."

NSA on Text Messages: 'A Goldmine to Exploit'

Philip Bump, The Wire — Thu, 16 Jan 2014 17:24:48 -0500

If you were curious: Yes, the National Security Agency is collecting and filtering text messages to the tune of 194 million a day. It's a collection of data that one agency slide, obtained by The Guardian from leaker Edward Snowden, called "a goldmine to exploit."

The Guardian details the NSA's text message collection infrastructure in a new report, including its massive scale. The slide above shows how much data it and its British partners at the GCHQ are able to reel in.

The agencies collect 194 million messages a day.
They include 76,000 geocoordinates for users, thanks to people seeking directions or setting up meetings.
The agencies track 1.6 million border crossings and 5,000-plus occurrences in which someone is traveling.
They're able to link hundreds of thousands of financial transactions.
They collect over 5 million missed call alerts, which then get pushed into the "contact-chaining" system, building out the NSA's ad hoc social network .

The NSA isn't allowed to collect this information on Americans, and the documents don't indicate that the agency does. Everyone else in the world, not protected (however effectively) by the Fourth Amendment, is fair game — and as of 2011, the NSA nots in one slide, 77 percent of the world's population was using text communications.

Read the rest at TheWire.com.

( Image via Kenishirotie / Shutterstock.com )

]]>

NSA Hacked Google and Yahoo's Private Networks

Philip Bump, The Wire — Wed, 30 Oct 2013 13:24:39 -0400

More documents from the Edward Snowden leak show that the National Security Agency has tapped Google and Yahoo's cloud networks to access massive amounts of data, including from Americans.

The report released Wednesday by The Washington Post indicates that the NSA has gained access to the fiber optic connections between the servers that power each company's network.

According to a top secret accounting dated Jan. 9, 2013, NSA’s acquisitions directorate sends millions of records every day from Yahoo and Google internal networks to data warehouses at the agency’s Fort Meade headquarters. In the preceding 30 days, the report said, field collectors had processed and sent back 181,280,466 new records — ranging from “metadata,” which would indicate who sent or received e-mails and when, to content such as text, audio and video.

When you send email or store files with an internet company, that data is regularly shared among servers around the world, in order to ensure quick access to your information from wherever you happen to be. Google and Yahoo run customized private networks to shuttle that information around, passing between and within countries, as the Post indicates in a graphic . To move that information, the companies use fiber optic connections, light-speed networks running over thin glass cables. According to the Post , it's those connections that the NSA is able to monitor. None of Yahoo's inter-server traffic is encrypted. Not all of Google's are either, prompting a little smiley face in a slide obtained by the Post .

Read the fulls story at TheAtlanticWire.com.

]]>

How to Keep NSA From Getting Between You and Your Googling

Philip Bump, The Wire — Fri, 13 Sep 2013 17:46:18 -0400

One of the documents leaked by Edward Snowden indicates that the NSA uses "man in the middle" attacks to hijack your interactions with Google servers. Here's how such attacks work, and how to protect your browsing.

Tech website Techdirt appears to have been the first to notice the reference to the attack, which appeared on a slide which aired during a Brazilian newscast. A section of that slide is below.

The diagram shows a number of requests for Google webpages coming into a router (the three arrows at lower left). Coming into the router from the very bottom is the NSA's request to route data from the surveillance target to a "static route" — in other words, somewhere besides Google. Once the requests reach the router, most head up to the "legitimate Google server," at top. But the target's traffic takes a detour, heading through the server labeled "MITM" before going on to the Google server.

"MITM," of course, stands for "man in the middle." The NSA inserts itself between the target and where the target is trying to get. It is the man in the middle. It's as though you were sending a package to a friend, but the NSA told the mailman to bring it to their offices first. They look at it, repackage it, and send it on to its final destination. To extend that analogy, it's also like you decided to send your package via certified mail, requesting a signature once the package arrives. What the NSA is doing, in essence, is signing your friend's name.

The Atlantic Wire spoke by phone with the Electronic Frontier Foundation's Micah Lee, who previously helped us put together our guide to hiding from the NSA .

Find out what he had to say at TheAtlanticWire.com.

]]>

When It's at the Border, Your Data Is Fair Game — Even on Your Laptop

Philip Bump, The Wire — Tue, 10 Sep 2013 16:02:52 -0400

Americans are protected from warrantless search in America — but not at the nation's borders. The imaginary line separating the United States from the rest of the world has become a critical demarcation for the privacy of the country's citizens, as new documents from the ACLU and the ongoing Snowden leaks make clear.

David House worked as a fundraiser for the defense of Chelsea Manning in her court-martial for uploading classified information to Wikileaks. That brought him to the attention of the government, perhaps predictably; he was questioned by authorities about his relationship to the Army private. What he didn't know, though, is that he'd been flagged in the Department of Homeland Security's TECS system. (TECS is not an acronym for anything.) That flag, according to documents obtained by the ACLU , looked like this.

From a DHS report

DHS letter to the Army CIC

The Associated Press reports that House, who relied on that Asus PC for his work, had no sign that the seizure was coming. During the questioning several months prior, the government made no suggestion that it sought the contents of his hard drive. Were it to want to search the device at that point, of course, it would need a warrant. Once House arrived in the international zone at O'Hare, however, that need was obviated.

Read the full story at TheAtlanticWire.com.

]]>

When Yahoo Gives User Data to Governments, Mapped

Philip Bump, The Wire — Fri, 06 Sep 2013 17:43:08 -0400

Yahoo, the only technology company to fight the NSA's order to provide sweeping access to customer accounts, released its first report detailing government requests for user information, covering January to June of this year. The United States issued the most requests, which isn't a surprise. But it's not the country that had the most success.

In a post at the company's website (replete with snazzy / terrible new logo), it explains how it approaches a government's requests.

Yahoo has joined no program to volunteer user data to governments. Our legal department demands that government data requests be made through lawful means and for lawful purposes. We regularly push back against improper requests for user data, including fighting requests that are unclear, improper, overbroad or unlawful. In addition, we mounted a two-year legal challenge to the 2008 amendments to the Foreign Intelligence Surveillance Act, and recently won a motion requiring the U.S. Government to consider further declassifying court documents from that case.

(Yahoo will mention that court battle in every one of these reports forever, justifiably.)

The company breaks down the data for each country in which it has a separate presence (excluding those countries where government made fewer than nine such requests). At right is a graph showing the results of the 12,444 requests made in the United States. Blue slices indicate the company gave some data to the United States (either content or "NCD" — metadata); the dark gray, the requests it refused. As you can see, Yahoo was compelled to provide a lot of information. (If you're curious / nervous, these requests didn't yet include data on Tumblr.)

And 12,444 is a lot of requests! It is 69 requests a day, nearly three an hour. Those requests sought information on over three times as many accounts — 40,322 in total. The United States requested data from more accounts than the rest of the world combined. And then nearly doubled.

Read the full story and see the maps at TheAtlanticWire.com.

]]>

Yes, the NSA Hacked Encryption — But You Have a Defense

Philip Bump, The Wire — Fri, 06 Sep 2013 10:36:04 -0400

In light of the revelation that the NSA has a variety of ways of accessing encrypted information, we reached out to the Electronic Frontier Foundation for their thoughts on what it meant for personal online communication. For example, could hackers take advantage of the NSA's encryption back doors to access your information? Well, no, hackers aren't much more likely to be looking at what you do online than they already are. You should do more to protect your privacy from them anyway.

"It does not come as a surprise," Eva Galperin, Global Policy Analyst for the EFF said about the new revelations. After all, she noted, the NSA (and its partner agency in Britain) is "attacking encryption on all fronts." She ran through the ways: They try to introduce weaker standards and they approach companies that use encryption to get them to grant access to encrypted data, both of which were reported on Thursday. They "use mass," throwing huge clusters of servers at brute force decryption. They read data from routers and switches. And "they go after end-points" — meaning people's computers. In other words, the NSA's ability to decrypt your data on the fly is not the only privacy challenge you could face.

(An aside: The NSA will assert that if the "you" to which we are referring is an American citizen, theycan't read your data, by law. Except that there are big loopholes, like "accidents" or if you are very loosely connected to an overseas suspect.)

Our question to Galperin was whether the NSA introducing back-doors to encryption standards or working with tech companies meant online communication was necessarily unsafe — or if hackers could use the same tools to access our information. Her answer, in short: it doesn't matter much. First, because of the list of ways the NSA can spy on you if it wants. But mostly because you should be using different encryption anyway if you're concerned about privacy.

The NSA has a "store of zero-day vulnerabilities," she said, a collection of known security flaws that have never been used publicly (ergo, have been known about for "zero days"). But it isn't just the NSA that does. "There are entire exploit markets out there," Galperin said, that allow hackers to share known exploits. Companies and the government buy zero-days and exploits from hackers; it's one of the reasons that the government is deliberate about building relationships with the hacking community. In other words, there are so many ways that your privacy is at risk and from so many actors.

Read the full story at TheAtlanticWire.com.

]]>

How the NSA Made Sure It Can Decrypt Your Online Communication

Philip Bump, The Wire — Thu, 05 Sep 2013 16:33:37 -0400

In one of the more remarkable and alarming revelations to come from the documents leaked to the press by Edward Snowden, a joint report from The New York Times, ProPublica, and The Guardian suggests that the NSA works with internet companies to add vulnerabilities to secure network traffic — and may be able to broadly decrypt online communications.

A less technical summary: The government has apparently introduced and/or pried open the systems that ensure privacy online. For privacy advocates, this is the worst-case scenario, which may be in part why The Times reports that the government asked they not publish the report. (The partner organizations "removed some specific facts.")

The topline, via The Times:

The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show.

There appear to be two ways in which the agency (and its British corollary, GCHQ) have been able to do this. The first is by partnering with internet companies. The Guardian indicates that the GCHQ has "been working to develop ways into encrypted traffic on the 'big four' service providers, named as Hotmail, Google, Yahoo and Facebook." The Times picks up on that: "the N.S.A. spends more than $250 million a year on its Sigint Enabling Project, which 'actively engages the U.S. and foreign IT industries to covertly influence and/or overtly leverage their commercial products’ designs' to make them 'exploitable.'"

The second — and more alarming way — is by ensuring that international standards for encryption allow the intelligence agencies some (undescribed) pathway for decryption of traffic.

Read the full story at TheAtlanticWire.com.

]]>

What Can We Learn from the Numbers That Slipped by NSA Censors?

Philip Bump, The Wire — Thu, 22 Aug 2013 11:10:43 -0400

As part of its ongoing push to increase transparency, the Director of National Intelligence on Wednesday evening released the latest compliance report it submitted to Congress. For the most part, the actual data is obscured behind black bars — except on one pie chart, left unredacted, that appears to give more information on the program than the NSA has ever released publicly.

Particularly following a similar report leaked to The Washington Post, the question of how often the government exceeds the rules on data collection have become a subject of enormous debate. In a report released earlier this month, the agency downplayed the frequency of those errors, implying that they occurred only a small fraction of the time. Considering that such violations could mean violations of the constitutional rights of Americans, however, civil liberties groups like the ACLU worry that the thousands of known violations — even if a small percentage of the total uses of the data — are already excessive.

The report released on Wednesday was part of the DNI's effort to assuage concerns about those violations. You can see the entire document at the bottom of this article. The only number that the DNI clearly left visible was this one — which, as you might expect, offers only the percentage of incidents.

See the chart and read more at The Atlantic Wire.

]]>

The Court That May Evaluate NSA Surveillance Hasn't Yet 'Gotten to Email'

Philip Bump, The Wire — Wed, 21 Aug 2013 14:45:23 -0400

The ultimate decision on the legality of NSA surveillance may come down to the Supreme Court. Perhaps by then the justices have learned how to use email.

The Court's technological ignorance doesn't come as much of a surprise. Last year marked the first time that Pew Research found a majority of seniors use the Internet and email. And the Supreme Court — average age: 67 — certainly falls into that demographic category.

It was Justice Elana Kagan (age: 53) who told Politico that email isn't yet at the top of her colleagues' to-do list.

"The justices are not necessarily the most technologically sophisticated people," she said, adding that while clerks email each other, "The court hasn't really 'gotten to' email." …

Kagan said it was hard to predict what cases the court will address down the line, but said she expects there will be new issues related to privacy, emerging technologies and electronic snooping.

It's easy to find this amusing, that members of the highest court in the land may not know the difference between the subject field and the message body. But considering that second part, that the body is also the one that will likely be tasked with evaluating the NSA's use of Internet monitoring systems and the agency's review of Americans' online activity, it's not very funny.

Read more at The Atlantic Wire.

]]>

NSA Searches 10 Times as Much of the Internet as It Said

Philip Bump, The Wire — Tue, 20 Aug 2013 10:17:14 -0400

The National Security Agency assured Americans last week that it only surveils a tiny percentage of the Web data it collects. But it turns out the NSA screwed up the math, and that percentage was off by an order of magnitude.

That error is in a document released by the agency on the heels of the president's speech earlier this month announcing measures to review NSA surveillance. We described the math at stake last week, but the pertinent section is this:

Unfortunately, if you do the math in suggested by that paragraph, you don't get that tiny percentage, 0.00004 percent, or 4 parts per 10 million. It's actually 0.0004 percent , with one fewer zero — or 10 times as much as the NSA suggested. It's ten dimes on the basketball court, not one.

Read the full story at TheAtlanticWire.com.

]]>

Larry Ellison, NSA Database Supplier, Approves of NSA Surveillance

Philip Bump, The Wire — Wed, 14 Aug 2013 12:09:58 -0400

Larry Ellison is exceedingly rich and powerful. He is the third-most-wealthy person in the United States and runs Oracle, the database giant. And yet somehow, as he revealed during an interview on CBS Tuesday morning, he is hopelessly uninformed on the ramifications of NSA surveillance. Or, perhaps willfully uninformed. After all, the NSA is an Oracle client, which CBS didn't mention.

The first four things Ellison says about the NSA are misleading or incorrect. Host Charlie Rose asked Ellison how he "came down" on NSA surveillance.

"Well, the great thing is, we live in a democracy. If we don't like what the NSA is doing, we can get rid of the government and put in a different government."

Yes, that's true. However, that relies on the public being aware of those programs, something which was all-but-impossible prior to the revelations leaked by Edward Snowden. As we've noted previously, the confluence of secrecy and domestic surveillance by its very nature impedes the informed consent of voters. Americans who are concerned about these issues are forced, like the media, to put together what details they can.

Read more at The Atlantic Wire.

]]>

Update: Now We Know Why Googling 'Pressure Cookers' and 'Backpacks' Gets a Visit from the Cops

Philip Bump, The Wire — Thu, 01 Aug 2013 14:05:12 -0400

Michele Catalano was looking for information online about pressure cookers. Her husband, in the same time frame, was Googling backpacks. Wednesday morning, six men from a joint terrorism task force showed up at their house to see if they were terrorists. Which prompts the question: How'd the government know what they were Googling?

Update, 8/1/2013, 7:05 p.m.: Because the Googling happened at work.

The Suffolk County Police Department released a statement Thursday evening that answers the great mystery of the day.

Suffolk County Criminal Intelligence Detectives received a tip from a Bay Shore based computer company regarding suspicious computer searches conducted by a recently released employee. The former employee’s computer searches took place on this employee’s workplace computer. On that computer, the employee searched the terms “pressure cooker bombs” and “backpacks.”

After interviewing the company representatives, Suffolk County Police Detectives visited the subject’s home to ask about the suspicious internet searches. The incident was investigated by Suffolk County Police Department’s Criminal Intelligence Detectives and was determined to be non-criminal in nature.

Original article: Catalano (who is a professional writer) describes the tension of that visit.Catalano (who is a professional writer) describes the tension of that visit.

[T]hey were peppering my husband with questions. Where is he from? Where are his parents from? They asked about me, where was I, where do I work, where do my parents live. Do you have any bombs, they asked. Do you own a pressure cooker? My husband said no, but we have a rice cooker. Can you make a bomb with that? My husband said no, my wife uses it to make quinoa. What the hell is quinoa, they asked. ...

Have you ever looked up how to make a pressure cooker bomb? My husband, ever the oppositional kind, asked them if they themselves weren’t curious as to how a pressure cooker bomb works, if they ever looked it up. Two of them admitted they did.

The men identified themselves as members of the "joint terrorism task force." The composition of such task forces depend on the region of the country, but, as we outlined after the Boston bombings, include a variety of federal agencies. Among them: the FBI and Homeland Security.

How the NSA Is Using Cell Phone Data to Drone Civilians In Pakistan

Philip Bump, The Wire — Mon, 22 Jul 2013 13:10:49 -0400

In late 2001, a National Security Agency analyst was asked to do something unusual. Instead of locating a target's cell phone to eavesdrop on his conversation, the analyst was asked for the phone's location in real-time. It was apparently the beginning of the NSA's role in the CIA's drone operations that, a new report compiled by Pakistan suggests, had killed nearly 200 civilians by 2009.

The details of that first NSA-supported strike appear in a new story from The Washington Post. A Navy SEAL, standing in a trailer that was once home to the CIA's child care program, asked the analyst where the NSA's target was located.

“We just want you to find the phone!” the SEAL urged. No one cared about the conversation it might be transmitting. …

The NSA collector in Georgia took what was then considered a gigantic leap — from using the nation’s most sophisticated spy technology to record the words of presidents, kings and dictators to using it to kill a single man in a terrorist group.

This, The Post suggests, spurred the NSA's rapid expansion in the last decade, building and expanding its facilities around the world. Meanwhile, the technology used by the agency to track targets also expanded.

Read more at The Atlantic Wire.

]]>

Here's Everything Microsoft Is Letting the Government See

Rebecca Greenfield and Philip Bump, The Wire — Fri, 12 Jul 2013 09:44:23 -0400

For the first time, The Guardian is detailing how a tech company works with the National Security Agency to share user information under the NSA's PRISM program. Unfortunately, that tech company happens to be Microsoft, the one that makes the operating system used on 92 percent of computers in the world.

The tone of the report (and Microsoft's statement about it) contrasts significantly with what the company said when PRISM was revealed. The Guardian, using documents obtained from NSA leaker Edward Snowden, paints Microsoft as a compliant partner in creating windows and doors in their software for the government to access.

Before we get to the mechanics, we'll answer the obvious: Which Microsoft products are covered? Primarily the web-based ones. There are three specific Microsoft services that NSA has privileged access to: Outlook, SkyDrive, and Skype.

Analysis: The State Department Isn't Great at the Internet

Philip Bump, The Wire — Tue, 09 Jul 2013 12:00:32 -0400

Corny, inexplicable YouTube videos featuring low-rent animations. Expensive, unhelpful efforts to get attention on social media. The web marketing efforts of a mid-range Toyota dealership in Fort Worth? No. This is apparently the outreach strategy employed by our very own Department of State.

The latter tactic came to light last week with the release of an inspector general's report outlining the department's Bureau of International Information Programs' spending on trying to get Facebook likes. Over two years, the group spent $630,000 on advertising campaigns that generated millions of likes on Facebook. The inspector general writes:

IIP's four global thematic English-language Facebook pages had garnered more than 2.5 million fans each by mid-March 2013; the number actually engaging with each page was considerably smaller, with just over 2 percent "liking," sharing, or commenting on any item within the previous week.

Or, as the IG drily notes, "A consensus is emerging that developing numbers of Facebook followers and Twitter fans may not lead automatically to target audience engagement." This is a consensus that emerged in the private sector some time during the Bush administration.

Read more at The Atlantic Wire.

]]>

Customs and Border Protection Wants to Arm Drones

Philip Bump, The Wire — Tue, 02 Jul 2013 17:47:40 -0400

Documents obtained by the Electronic Frontier Foundation from the Homeland Security Department's Customs and Border Protection indicate that the agency is close to finalizing payload standards for its drone aircraft. Among the things the CBP might want to use in its unmanned aircraft: "non-lethal weapons designed to immobilize" targets.

In 2009, the agency announced that it had acquired its sixth Predator drone, stationed at an Army Airfield in Arizona. The agency trumpeted its successes:

Since 2004, CBP unmanned aircraft have flown more than 3,000 hours, directly contributing to 4,766 arrests and the seizure of 22,823 pounds of marijuana in support of the Department of Homeland Security's border security mission.

A fact sheet provided by the agency notes the current capabilities of the aircraft, including electro-optical/infrared sensors and "Surface Search Radar/Ground Moving Target Indicator." The specific drone rolled out in 2009 was loaded with "the Raytheon MTS-B Multi-Spectral Targeting System (with electro-optical, infrared, laser designation, and laser illumination capabilities) and Synthetic Aperture Radar." Raytheon describes the capabilities of the MTS-B: "provides long-range surveillance, high-altitude target acquisition, tracking, rangefinding, and laser designation for the HELLFIRE missile and for all tri-service and NATO laser-guided munitions." You can see the surveillance systems at work in this video, shot at the Mexican border; obviously, the CBP drones aren't HELLFIRE equipped.

The Troubling Data Behind America's Growing Wildfires

Philip Bump, The Wire — Mon, 01 Jul 2013 12:59:36 -0400

It's hard to process yesterday's deaths of 19 firefighters in Arizona. The tragedy is so stark an outlier that most states haven't seen that many deaths of firefighters due to wildfire in their combined histories. But there is one worrisome trend: fires are getting bigger and often deadlier.

The National Interagency Fire Center tracks wildfire incidents, scale, and damage for the United States. Included in that data is a list of firefighter fatalities through 2011, broken down by cause and county. No state has seen more firefighter deaths than California, which had 324 through that year. It is one of 11 states that has had more deaths than Arizona saw yesterday — with one of those states being Arizona. That largely tracks with this interesting map of fires by location. Most fires occur in the Southwest; many in California.

Over time, the number of firefighter deaths has been consistently low. Only two incidents on the NIFC's list were more deadly than yesterday's: a 1910 fire in Idaho and a 1933 blaze in Los Angeles. (This is only wildfires, of course. September 11th was the deadliest day for firefighters overall, and total firefighter deaths are declining.) But, as the graph below shows, there's been a slight uptick in deaths per year over the past few decades:

Read more at The Atlantic Wire.

]]>

Snowden Went to Booz Allen to Steal Files

Philip Bump, The Wire — Mon, 24 Jun 2013 14:08:16 -0400

Edward Snowden took a job at the intelligence contractor Booz Allen Hamilton specifically to steal American intelligence information, according to a report today in the South China Morning Post quoting the NSA leaker's last major interview before his current international manhunt. But instead of settling the question of where Snowden got the files he eventually leaked, the Morning Post's vague revelation raises important questions about his previous employers, and might provide subtle answers on his Chinese exit strategy.

The report from Hong Kong's English-langugage paper isn't specific in its details. It reads, in part:

For the first time, Snowden has admitted he sought a position at Booz Allen Hamilton so he could collect proof about the US National Security Agency’s secret surveillance programmes ahead of planned leaks to the media.

“My position with Booz Allen Hamilton granted me access to lists of machines all over the world the NSA hacked,” he told the Post on June 12. “That is why I accepted that position about three months ago.”

This has been reported as though to suggest that Snowden applied for and got his job at Booz in order to pilfer the cache of files he ended up leaking. But it's unclear if Snowden accepted the position to collectall of the information he subsequently leaked or merely some of it. It's quite possible that he had some documents prior to that employment, given that his relationship with reporters from the Guardian predates his Booz employment.

Read the full story at Atlantic Wire.

]]>

The NSA Guidelines for Spying on You Are Looser Than You've Been Told

Philip Bump, The Wire — Fri, 21 Jun 2013 13:00:00 -0400

On July 28, 2009, 189 days after Barack Obama became president, Attorney General Eric Holder (himself only six months into office) presented the secret Foreign Intelligence Surveillance Court (FISC) with a list of ways in which the NSA and FBI would try and assure that the data it collected under the Foreign Intelligence Surveillance Act came only from non-Americans. The delineation, released today by The Guardian, includes several ways in which collection of data from Americans is both likely — and allowed.

The paper's two new documents, one showing how non-Americans are targeted and the other how collection from Americans is "minimized," are almost certainly the latest files to come from the Edward Snowden leak. These documents are particularly significant given the repeated recent insistences that the government does all it can to minimize collection of Americans' data, something which is not legally allowed under FISA. (These documents only apply to collection under FISA, including the provisions of Section 702 that allowed PRISM. Section 215 of the Patriot Act, which allows the sweeping collection of data from phone companies, knowingly and legally collects data about Americans.)

Members of both the House and the Senate have called for the release of documents that do precisely what these do: outline how and when the NSA might collect domestic data, and how it tries not to. One of the points these documents raise is that, given the breadth of the agency's collection efforts, collecting data from Americans almost necessarily occurs. According to a separate, one-paragraph document The Guardian has seen, however, the FISC found the procedures described by Holder to be "consistent with US law and the fourth amendment."

Obama's Cyberwar Target List Just Made His Meeting with China Very Difficult

Philip Bump, The Wire — Fri, 07 Jun 2013 17:37:47 -0400

Cyberwar is all-but-officially the new Cold War. In its third major scoop in three days, and just hours before President Obama was set to sit down at the Sunnylands estate in California with Chinese President Xi Jinping to talk about cyberwarfare, The Guardian reported that Obama ordered national security agents to compile a list of targets for preemptive Internet-based disruption, similar to the military's long-standing list of nuclear weapon targets. What's more, the directive includes targets within the United States.

Glenn Greenwald reports:

The 18-page Presidential Policy Directive 20, issued in October last year but never published, states that what it calls Offensive Cyber Effects Operations (OCEO) "can offer unique and unconventional capabilities to advance US national objectives around the world with little or no warning to the adversary or target and with potential effects ranging from subtle to severely damaging".

It says the government will "identify potential targets of national importance where OCEO can offer a favorable balance of effectiveness and risk as compared with other instruments of national power".

Read more at The Atlantic Wire.

]]>

Analysis: How Defense Distributed Already Upended the World

Philip Bump — Mon, 13 May 2013 10:48:04 -0400

Defense Distributed's goal is to evaporate the container described by the Second Amendment, making obtaining a firearm trivial enough that even trying to place restrictions on gun manufacturing becomes useless. It may get there. But first — and not necessarily intentionally — it's leadership is in tossing 3D-printed objects into the great pool of online sharing.

If you click on the "Manifesto" menu item at the group's website, you're taken, somewhat melodramatically, to an essay from the poet John Milton entitled, "Areopagitica: Plea for the Liberty of Unlicensed Printing." Preceding any semblance of a free press in England, it, in short, rejects censorship and demands the freedom of the written word. The analogy for Defense Distributed is obvious: Attempting to constrain ideas will always be futile in the long run.

State Department Asks Defense Distributed to Take Down Its 3D-Printed Gun Plans

Philip Bump, The Wire — Fri, 10 May 2013 09:37:23 -0400

As reported by Betabeat.com, the State Department has asked Defense Distributed to remove its plans for the 'Liberator," the group's first fully 3D-printable gun.

BetaBeat's Jessica Roy spoke with Defense Distributed's Cody Wilson.

“We got an official letter from the Secretary of State, telling me who they were, what their authority was under U.S. law and telling me they want to review these files to see if they’re class one munitions,” Mr. Wilson told Betabeat by phone. “That includes blueprints.”

The State Department regulates the export of technology that can be used to create weapons. The letter, which can be read below, asked Defense Distributed to "submit Commodity Jurisdiction (CJ) determination requests" for a variety of the group's offerings: the Liberator, a silencer tool, a muzzle brake, a front sight, and other items. CJ determination requests allow the State Department to gauge whether or not an item is covered by the U.S. Munitions List, the catalog of items for which the government won't allow export under the Arms Export Control Act and the International Traffic in Arms Regulations (ITAR). Until those CJ determinations are made, the State Department's letter to the group reads, Defense Distributed "should treat the above technical data as ITAR-controlled."

Read the rest at TheAtlanticWire.com.

]]>

It's Not So Easy to 3D Print a Gun

Philip Bump, The Wire — Tue, 07 May 2013 11:55:24 -0400

I spent the day yesterday desperately trying to get my hands on a gun. Specifically, the "Liberator," the 3D-printable firearm offered by Defense Distributed . I was unsuccessful, which vis probably for the best.

The idea of download-and-print firearm plays an out-sized role in the current debate over guns — something to which I have contributed . Defense Distributed is explicit about its political aims, which tech site The Verge described as "crypto-anarchy." Two members of Congress, Rep. Steve Israel and Sen. Chuck Schumer have called for restrictions on the ability to print 3D weapons. With news that the plans for the weapon were downloaded 50,000 times yesterday , New York City police commissioner Ray Kelly indicated that it "obviously is a concern." So, as a resident of that city, it seemed like a natural experiment: How long would it take me from downloading a set of files to having a weapon in-hand?

t's been about 24 hours since Defense Distributed's long-standing goal of offering a firearm design that anyone could 3D print became a reality when it posted plans for the Liberator on its website . To celebrate the occasion, it also released this video, which you've likely already seen and don't need to watch after the first ten seconds.

You're Not Really Following @BarackObama on Twitter

Philip Bump, The Wire — Mon, 08 Apr 2013 10:26:28 -0400

The 29,503,030 people who follow Barack Obama's Twitter account might see his picture, see his name, see that little blue verified account badge and think they're following the President — but it's not him. All of the president's named social media accounts, in fact, have been handed over to a non-partisan, not-for-profit group that isn't overly concerned if you didn't notice the transition. As the first sitting President with a Twitter account, the murky handover raises questions that didn't exist ten years ago — Can a politician legally hand over his valuable online identity to an outside group? Is it ethical? — but makes clear federal regulators are unprepared to answer them.

Obama was one of the first politicians to recognize the potential of social media in communicating with voters. His Twitter account was created by a staffer on March 5, 2007, two months before he formally announced his candidacy. Throughout that contest, his first term, and second campaign for the presidency, Obama's campaign staff used it to share news about the president's policy priorities and to try and engage Americans in his efforts. Then, in January, it handed the reins to Organizing for Action, a new entity that took over much of Obama's campaign apparatus: website, social media accounts, email list — even the abbreviated shorthand of "OFA." The organization updated the bios associated with the social media accounts ("This account is run by Organizing for Action staff") and then kept tweeting and Facebooking, with a new emphasis on joining — and, ideally, contributing to — the new OFA. Without skipping a beat, a brand-new organization gained millions of followers on social media. It's like the president, mid-conversation, handed his phone to a telemarketer who does a great Obama impression. Or, to be more accurate, one telemarketer — the campaign — handed the phone to another one.

Read the entire story at The Atlantic Wire.

]]>