Hasta La Gadget!

Just how does the NSA piece together all that metadata it collects? Thanks to “newly disclosed documents and interviews with officials,” The New York Times today shed light on how the agency plots out the social activity and connections of those it’s spying on. Up until 2010, the NSA only traced and analyzed the metadata of emails and phone calls from foreigners, so anything from US citizens in the chains created stopgaps. Snowden-provided documents note the policy shifted later in that year to allow for the inclusion of Americans’ metadata in such analysis. An NSA representative explained to the NYT that, “all data queries must include a foreign intelligence justification, period.”

During “large-scale graph analysis,” collected metadata is cross-referenced with commercial, public and “enrichment data” (some examples included GPS locations, social media accounts and banking info) to create a contact chain tied to any foreigner under review and scope out its activity. The highlighted ingestion tool in this instance goes by the name Mainway. The NYT article also highlights a secret report, dubbed “Better Person Centric Analysis,” which details how data is sorted into 164 searchable “relationship types” and 94 “entity types” (email and IP addresses, along with phone numbers). Other documents highlight that during 2011 the NSA took in over 700 million phone records daily on its own, along with an “unnamed American service provider” that began funneling in an additional 1.1 billion cellphone records that August. In addition to that, Snowden’s leak of the NSA’s classified 2013 budget cites it as hoping to capture “20 billion ‘record events’ daily” that would be available for review by the agency’s analysts in an hour’s time. As you might expect, the number of US citizens that’ve had their info bunched up into all of this currently remains a secret — national security, of course. Extended details are available at the source links.

Filed under: Misc, Internet

Comments

Via: The Verge

Source: New York Times

As reporters at the New York Times, the Guardian and ProPublica dig deeper into the documents leaked by Edward Snowden, new and disturbing revelations continue to be made. Two programs, dubbed Bullrun (NSA) and Edgehill (GCHQ), have just come to light, that focus on circumventing or breaking the security and encryption tools used across the internet. The effort dwarfs the $20 million Prism program that simply gobbled up data. Under the auspices of “Sigint (signals intelligence) enabling” in a recent budget request, the NSA was allocated roughly $255 million dollars this year alone to fund its anti-encryption program.

The agencies’ efforts are multi-tiered, and start with a strong cracking tool. Not much detail about the methods or software are known, but a leaked memo indicates that the NSA successfully unlocked “vast amounts” of data in 2010. By then it was already collecting massive quantities of data from taps on internet pipelines, but much of it was safely protected by industry standard encryption protocols. Once that wall fell, what was once simply a torrent of scrambled ones and zeros, became a font of “exploitable” information. HTTPS, VoIP and SSL are all confirmed to have been compromised through Bullrun, though, it appears that some solutions to the NSA’s “problem” are less elegant than others. In some cases a super computer and simple brute force are necessary to peel back the layers of encryption.

Filed under: Internet

Comments

Source: New York TImes, Guardian, ProPublica

Lavabit shut down its email services a couple weeks ago in response to governmental pressure regarding NSA whistleblower Edward Snowden’s account. At the time, founder Ladar Levison stated he was shutting down Lavabit because he didn’t want to “become complicit in crimes against the American people,” but didn’t expound upon what that statement meant due to a governmental gag order. The Guardian spoke with Levison recently, however, and while he still didn’t deliver details about his legal dealings with Uncle Sam, he did share some thoughts about governmental surveillance in general.

As you might expect, Levison is against ubiquitous governmental surveillance of communications between citizens. To that end, he’s calling for a change to be made in US law so that private and secure communications services can operate without being used as “listening posts for an American surveillance network.” He’s not wholly against the feds tapping phone lines, though, as he recognizes the role such surveillance plays in law enforcement. However, he thinks the methods that are being used to conduct that surveillance should be made public — not an unreasonable request, by any means. You can read Levison’s full take on the matter, along with a recounting of reasons behind Lavabit’s creation at the source below.

Filed under: Misc, Internet

Comments

Source: The Guardian

It looks like Edward Snowden is going to have to find a new email service as the one he supposedly used — Lavabit — has abruptly closed its doors. The company’s owner, Ladar Levison, posted an open letter on the site today, saying, “I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit.” Levison also claimed to be unable to speak to the specifics surrounding the situation, stating that a Congressionally approved gag order prevented him from doing so. While Lavabit’s situation seems pretty dire, it might not be curtains just yet. In his message, Levison stated that he would take his fight to reinstate Lavabit to the Fourth Circuit Court of Appeals. To read the missive in full, head on over to the source link below.

Filed under: Internet

Comments

Via: Boing Boing

Source: Lavabit

Edward Snowden has said that he still has more information about the NSA than what he’s already leaked, and we’re now getting a look at another big piece of that. According to a new set of documents provided to The Guardian, the NSA is using a tool called XKeyscore that is said to be its “widest reaching” system for collecting information from the internet — one that lets it examine “nearly everything a typical user does on the internet,” as one presentation slide explains. That apparently includes both metadata and the contents of emails, as well as social media activity, which can reportedly be accessed by NSA analysts without prior authorization; as The Guardian notes, a FISA warrant is required if the target of the surveillance is a US citizen, but not if a foreign target is communicating with an American.

According to The Guardian, the amount of data collected is so large that content is only able to stored in the system for three to five days, or as little as 24 hours in some cases, while metadata is stored for 30 days. That’s reportedly led the NSA to develop a multi-tiered system that lets it move what’s described as “interesting” content to other databases where it can be stored for as much as five years. In a statement provided to The Guardian, the NSA says that “XKeyscore is used as a part of NSA’s lawful foreign signals intelligence collection system,” and that “allegations of widespread, unchecked analyst access to NSA collection data are simply not true. Access to XKeyscore, as well as all of NSA’s analytic tools, is limited to only those personnel who require access for their assigned tasks.” The agency further adds that “every search by an NSA analyst is fully auditable, to ensure that they are proper and within the law.”

Filed under: Internet

Comments

Source: The Guardian, NSA