· NSA Whistleblowers: Spying Operation Has Been In Place For Years, Involves All Major U.S. Phone Companies – NEW YORK — Former employees of the National Security Agency say the publishing of a court order asking Verizon to hand over all its phone calling records for a three-month period opens a new window on an operation that has been in place for years and involves all major U.S. phone companies.
“NSA has been doing all this stuff all along, and it’s been all these companies, not just one” William Binney told news program Democracy Now on Thursday. “They’re just continuing the collection of this data on all U.S. citizens.”
Binney, who worked at the NSA for almost 40 years, left the agency after the attacks of 9/11 because he objected to the expansion of its surveillance of U.S. citizens.
British newspaper The Guardian late Wednesday released an order from the secret Foreign Intelligence Surveillance Court, requesting Verizon to give the NSA the details on every phone call on its landline and wireless networks on a daily basis between April 25 and July 19.
Binney estimates that the NSA collects records on 3 billion calls per day.
“These are routine orders,” said Thomas Drake, another NSA whistleblower. “What’s new is we’re seeing an actual order, and people are surprised by it.”
“We’ve been saying this for years from the wilderness,” Drake told Democracy Now. “But it’s like, hey, everybody went to sleep while the government is collecting all these records.”
Drake started working for the NSA in 2001 and blew the whistle on what he saw as a wasteful and invasive program at the agency. He was later prosecuted for keeping classified information. Most of the charges were dropped before trial, and he was sentenced to one year of probation and community service.
The NSA’s original charter was to eavesdrop on communications between countries, not inside the U.S. That expansion of its mission appears to have happened after 9/11, but the agency has continuously denied that it spies on domestic communications.
In March, for instance, NSA spokeswoman Vanee Vines, emailed an Associated Press reporter about a story that described the NSA as a monitor of worldwide Internet data and phone calls.
“NSA collects, monitors, and analyzes a variety of ***FOREIGN*** signals and communications for indications of threats to the United States and for information of value to the U.S. government,” she wrote. “***FOREIGN*** is the operative word. NSA is not an indiscriminate vacuum, collecting anything and everything.”
Verizon, AT&T and T-Mobile USA, three of the largest phone companies, said they had no comment on the matter. A representative from Sprint did not respond to a message. Verizon’s general counsel emailed employees Thursday saying that the company has an obligation to obey court orders, but did not confirm the existence of an order.
James Bamford, a journalist and author of several books on the NSA, said it’s very surprising to see that the agency tracks domestic calls, including local calls. In 2006, USA Today reported that the NSA was secretly collecting a database of domestic call information. However, some phone companies denied any involvement in such a program.
Bamford’s assumption was that the uproar over a separate, post-9/11 warrantless wiretapping program and the departure of the Bush administration meant that the NSA had been reined in.
“Here we are, under the Obama administration, doing it sort of like the Bush administration on steroids,” he said in an interview with the Associated Press. “This order here is about as broad as it can possibly get, when it comes to focusing on personal communications. There’s no warrant, there’s no suspicion, there’s no probable cause … it sounds like something from East Germany.”
Bamford believes the NSA collects the call records at a huge, newly built data center in Bluffdale, Utah. Story Continued
· NSA snooping has foiled multiple terror plots: Feinstein – A secret National Security Agency program to collect vast amounts of phone records has foiled multiple attempted terrorist attacks inside the United States, the chair of the Senate Intelligence Committee told reporters on Thursday.
Sen. Dianne Feinstein did not specify how many attempted attacks had been prevented, or the nature of the threats, but the California Democrat said there had been more than one.
The remarks were made to reporters following a meeting with senators who were concerned over a report in a British newspaper that the NSA had requested phone records from a division of telecommunications giant Verizon. According to Feinstein, 27 senators attended the meeting and voiced concerns about the policy.
“We are always open to changes. But that doesn’t mean there will be any. It does mean that we will look at any ideas, any thoughts, and we do this on everything,” she said.
Earlier in the day Feinstein defended the surveillance as a legal and long-standing government program.
“It began in 2009 – what appeared in the Guardian today, as I understand it, is simply a court reauthorization of a program. The court is required to look at it every three months,” she said.
And while Republican Senator Rand Paul called the surveillance of Verizon phone records described in the report “an astounding assault on the constitution,” other GOP lawmakers including Senator Lindsey Graham disagreed.
“I have no problem. I am a Verizon customer. You can have my phone number, and put it in a database,” Graham said. “If they get a hit between me and some guy from Waziristan,” officials should investigate, he said.
House Speaker John Boehner said President Obama should “explain to the American people why the administration considers this a critical tool in protecting our nation from the threats of a terrorist attack.”
The practice was first revealed by the British newspaper The Guardian on Wednesday, which obtained and published a highly classified court order that requires the production of “telephony metadata” by the telecommunications giant.
Sen. Lindsey Graham addresses Attorney General Eric Holder Thursday over a recent report that the NSA is collecting people’s Verizon phone numbers.
The order marked “Top Secret” and issued by the U.S. Foreign Intelligence Surveillance Court, instructs Verizon Business Network Services, a subsidiary that provides internet and telecommunications services for corporations, to hand over data including all calling records on an “ongoing, daily basis.”
“On its face, the order reprinted in the article does not allow the government to listen in on anyone’s telephone calls,” the official said.
The NSA, Department of Justice, and Federal Bureau of Investigation have issued no formal comment on the report or purported practices described in it.
While declining to say how long the particular order referenced in the Guardian article has been in place, White House spokesman Josh Earnest said that a “robust legal regime” reviews government powers under the Patriot Act “to ensure that they comply with the Constitution.”
“This strict regime reflects the president’s desire to strike the right balance between protecting our national security and protecting constitutional rights and civil liberties,” Earnest said.
Attorney General Eric Holder said he could not discuss the report regarding NSA information gathering today while appearing in a previously scheduled open budget hearing. Members of Congress have been “fully briefed” on the issue, he said.
Senate Majority Leader Harry Reid urged caution, saying the program “isn’t anything that’s brand new.”
“It’s gone on for some 7 years,” Reid said. “We’ve tried often to make it better and make it work.”
Signed by Judge Roger Vinson of the U.S. Foreign Intelligence Surveillance Court in April, the order requires the “production of certain call detail records,” and is set to expire on the evening of July 19, 2013. The order pertains to information including the phone numbers making and receiving the call, as well as the time the call was made and how long it lasts. It does not include the “name, address, or financial information of a subscriber or customer,” according to the order.
The order “does not require Verizon to produce telephony metadata for communications wholly originating and terminating in foreign countries,” according to the document.
Earlier on Wednesday, an Obama administration official defended the policy of gathering phone records from American citizens while neither confirming nor denying a report that the National Security Agency is collecting information regarding communications by Verizon customers.
Such information has been “a critical tool in protecting the nation from terrorist threats,” the senior Obama administration official said.
While not confirming any particulars of the report, the administration official said that data such as that described in the article “allows counterterrorism personnel to discover whether known or suspected terrorists have been in contact with other persons who may be engaged in terrorist activities, particularly people located inside the United States.”
Verizon said it had no comment Wednesday on the accuracy of the story published by the Guardian or the document the report was based on, the company’s chief counsel Randy Milch said in note sent to the company’s employees.
“Verizon continually takes steps to safeguard its customers’ privacy,” Milch said in the note. “Nevertheless, the law authorizes the federal courts to order a company to provide information in certain circumstances, and if Verizon were to receive such an order, we would be required to comply.”
The disclosure of the order, which has not been independently verified by NBC News, comes after the Obama administration has taken fire for a Justice Department subpoena of Associated Press phone records.
Holder told NBC News Wednesday that he has no intention of stepping down from his job despite calls by some congressional Republicans for his resignation, citing the AP seizure.
Senator Jeff Merkley, a Democrat from Oregon, called the collection of call data as described in the Guardian report “an outrageous breach of Americans’ privacy” in a news release Thursday. “This bulk data collection is being done under interpretations of the law that have been kept secret from the public. Significant FISA [Foreign Intelligence Surveillance Act] court opinions that determine the scope of our laws should be declassified.”
Verizon had 98.9 million wireless customers at the end of the first quarter this year, according to an earnings report released in April, as well as about 11.7 million residential and 10 million commercial lines. It is not clear whether other parts of Verizon might have received similar orders. The order explicitly prohibits any person from disclosing that the NSA or FBI Investigation has sought records under the order.
“Now that this unconstitutional surveillance effort has been revealed, the government should end it and disclose its full scope, and Congress should initiate an investigation,” Michelle Richardson, legislative counsel for the American Civil Liberties Union, said in a statement. “This disclosure also highlights the growing gap between the public’s and the government’s understandings of the many sweeping surveillance authorities enacted by Congress.”
The law on which the order explicitly relies is the “business records” provision of the USA Patriot Act.
Senators Ron Wyden of Oregon and Mark Udall of Colorado, both Democrats on the Senate Intelligence Committee, said in a March 2012 letter to Attorney General Eric Holder that most Americans would “stunned to learn the details of how these secret court opinions have interpreted section 215 of the Patriot Act.”
“As we see it, there is now a significant gap between what most Americans think the law allows and what the government secretly claims the law allows,” the senators wrote in the letter. “This is a problem, because it is impossible to have an informed public debate about what the law should say when the public doesn’t know what its government thinks the law says.”
Former vice president Al Gore called the practices described in the order “obscenely outrageous” in a message posted on Twitter Wednesday night. “In digital era, privacy must be a priority,” Gore wrote. “Is it just me, or is secret blanket surveillance obscenely outrageous.”
The order is the first concrete evidence that U.S. intelligence officials are continuing a broad campaign of domestic surveillance that began under President George W. Bush and caused great controversy when it was first exposed, according to Reuters. Story Continued
– Sadly this story is the truth and what the current administration is doing is what Bush people did while they were in office. The reason this becomes so problematic is that Obama promised changes that have not even appeared to be considered once he was in office. PdC
· President Obama’s Dragnet – Within hours of the disclosure that federal authorities routinely collect data on phone calls Americans make, regardless of whether they have any bearing on a counterterrorism investigation, the Obama administration issued the same platitude it has offered every time President Obama has been caught overreaching in the use of his powers: Terrorists are a real menace and you should just trust us to deal with them because we have internal mechanisms (that we are not going to tell you about) to make sure we do not violate your rights.
Those reassurances have never been persuasive — whether on secret warrants to scoop up a news agency’s phone records or secret orders to kill an American suspected of terrorism — especially coming from a president who once promised transparency and accountability.
The administration has now lost all credibility on this issue. Mr. Obama is proving the truism that the executive branch will use any power it is given and very likely abuse it. That is one reason we have long argued that the Patriot Act, enacted in the heat of fear after the Sept. 11, 2001, attacks by members of Congress who mostly had not even read it, was reckless in its assignment of unnecessary and overbroad surveillance powers.
Based on an article in The Guardian published Wednesday night, we now know that the Federal Bureau of Investigation and the National Security Agency used the Patriot Act to obtain a secret warrant to compel Verizon’s business services division to turn over data on every single call that went through its system. We know that this particular order was a routine extension of surveillance that has been going on for years, and it seems very likely that it extends beyond Verizon’s business division. There is every reason to believe the federal government has been collecting every bit of information about every American’s phone calls except the words actually exchanged in those calls.
Articles in The Washington Post and The Guardian described a process by which the N.S.A. is also able to capture Internet communications directly from the servers of nine leading American companies. The articles raised questions about whether the N.S.A. separated foreign communications from domestic ones.
A senior administration official quoted in The Times online Thursday afternoon about the Verizon order offered the lame observation that the information does not include the name of any caller, as though there would be the slightest difficulty in matching numbers to names. He said the information “has been a critical tool in protecting the nation from terrorist threats,” because it allows the government “to discover whether known or suspected terrorists have been in contact with other persons who may be engaged in terrorist activities, particularly people located inside the United States.”
That is a vital goal, but how is it served by collecting everyone’s call data? The government can easily collect phone records (including the actual content of those calls) on “known or suspected terrorists” without logging every call made. In fact, the Foreign Intelligence Surveillance Act was expanded in 2008 for that very purpose.
Essentially, the administration is saying that without any individual suspicion of wrongdoing, the government is allowed to know whom Americans are calling every time they make a phone call, for how long they talk and from where.
This sort of tracking can reveal a lot of personal and intimate information about an individual. To casually permit this surveillance — with the American public having no idea that the executive branch is now exercising this power — fundamentally shifts power between the individual and the state, and it repudiates constitutional principles governing search, seizure and privacy.
The defense of this practice offered by Senator Dianne Feinstein of California, who as chairwoman of the Senate Intelligence Committee is supposed to be preventing this sort of overreaching, was absurd. She said on Thursday that the authorities need this information in case someone might become a terrorist in the future. Senator Saxby Chambliss of Georgia, the vice chairman of the committee, said the surveillance has “proved meritorious, because we have gathered significant information on bad guys and only on bad guys over the years.”
But what assurance do we have of that, especially since Ms. Feinstein went on to say that she actually did not know how the data being collected was used? Story Continued
– Now the Republicans will say that Obama has over reached while the Democrats will say that he is doing just what Bush did and it was legalized during the Bush administration by Congress as the Patriot Act. Politics as usual. When will they stop nick picking and do the Government’s business? PdC
Top-secret Prism program claims direct access to servers of firms including Google, Apple and Facebook
Companies deny any knowledge of program in operation since 2007
Obama orders US to draw up overseas target list for cyber-attacks
The National Security Agency has obtained direct access to the systems of Google, Facebook, Apple and other US internet giants, according to a top secret document obtained by the Guardian.
The NSA access is part of a previously undisclosed program called Prism, which allows officials to collect material including search history, the content of emails, file transfers and live chats, the document says.
The Guardian has verified the authenticity of the document, a 41-slide PowerPoint presentation – classified as top secret with no distribution to foreign allies – which was apparently used to train intelligence operatives on the capabilities of the program. The document claims “collection directly from the servers” of major US service providers.
Although the presentation claims the program is run with the assistance of the companies, all those who responded to a Guardian request for comment on Thursday denied knowledge of any such program.
In a statement, Google said: “Google cares deeply about the security of our users’ data. We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government ‘back door’ into our systems, but Google does not have a back door for the government to access private user data.”
Several senior tech executives insisted that they had no knowledge of Prism or of any similar scheme. They said they would never have been involved in such a program. “If they are doing this, they are doing it without our knowledge,” one said.
An Apple spokesman said it had “never heard” of Prism.
The NSA access was enabled by changes to US surveillance law introduced under President Bush and renewed under Obama in December 2012.
The program facilitates extensive, in-depth surveillance on live communications and stored information. The law allows for the targeting of any customers of participating firms who live outside the US, or those Americans whose communications include people outside the US.
It also opens the possibility of communications made entirely within the US being collected without warrants.
Disclosure of the Prism program follows a leak to the Guardian on Wednesday of a top-secret court order compelling telecoms provider Verizon to turn over the telephone records of millions of US customers.
The participation of the internet companies in Prism will add to the debate, ignited by the Verizon revelation, about the scale of surveillance by the intelligence services. Unlike the collection of those call records, this surveillance can include the content of communications and not just the metadata.
Some of the world’s largest internet brands are claimed to be part of the information-sharing program since its introduction in 2007. Microsoft – which is currently running an advertising campaign with the slogan “Your privacy is our priority” – was the first, with collection beginning in December 2007.
It was followed by Yahoo in 2008; Google, Facebook and PalTalk in 2009; YouTube in 2010; Skype and AOL in 2011; and finally Apple, which joined the program in 2012. The program is continuing to expand, with other providers due to come online.
Collectively, the companies cover the vast majority of online email, search, video and communications networks.
The extent and nature of the data collected from each company varies.
Companies are legally obliged to comply with requests for users’ communications under US law, but the Prism program allows the intelligence services direct access to the companies’ servers. The NSA document notes the operations have “assistance of communications providers in the US”.
The revelation also supports concerns raised by several US senators during the renewal of the Fisa Amendments Act in December 2012, who warned about the scale of surveillance the law might enable, and shortcomings in the safeguards it introduces.
When the FAA was first enacted, defenders of the statute argued that a significant check on abuse would be the NSA’s inability to obtain electronic communications without the consent of the telecom and internet companies that control the data. But the Prism program renders that consent unnecessary, as it allows the agency to directly and unilaterally seize the communications off the companies’ servers.
A chart prepared by the NSA, contained within the top-secret document obtained by the Guardian, underscores the breadth of the data it is able to obtain: email, video and voice chat, videos, photos, voice-over-IP (Skype, for example) chats, file transfers, social networking details, and more.
The document is recent, dating to April 2013. Such a leak is extremely rare in the history of the NSA, which prides itself on maintaining a high level of secrecy.
The Prism program allows the NSA, the world’s largest surveillance organization, to obtain targeted communications without having to request them from the service providers and without having to obtain individual court orders.
With this program, the NSA is able to reach directly into the servers of the participating companies and obtain both stored communications as well as perform real-time collection on targeted users.
The presentation claims Prism was introduced to overcome what the NSA regarded as shortcomings of Fisa warrants in tracking suspected foreign terrorists. It noted that the US has a “home-field advantage” due to housing much of the internet’s architecture. But the presentation claimed “Fisa constraints restricted our home-field advantage” because Fisa required individual warrants and confirmations that both the sender and receiver of a communication were outside the US.
“Fisa was broken because it provided privacy protections to people who were not entitled to them,” the presentation claimed. “It took a Fisa court order to collect on foreigners overseas who were communicating with other foreigners overseas simply because the government was collecting off a wire in the United States. There were too many email accounts to be practical to seek Fisas for all.”
The new measures introduced in the FAA redefines “electronic surveillance” to exclude anyone “reasonably believed” to be outside the USA – a technical change which reduces the bar to initiating surveillance.
The act also gives the director of national intelligence and the attorney general power to permit obtaining intelligence information, and indemnifies internet companies against any actions arising as a result of co-operating with authorities’ requests.
In short, where previously the NSA needed individual authorizations, and confirmation that all parties were outside the USA, they now need only reasonable suspicion that one of the parties was outside the country at the time of the records were collected by the NSA.
The document also shows the FBI acts as an intermediary between other agencies and the tech companies, and stresses its reliance on the participation of US internet firms, claiming “access is 100% dependent on ISP provisioning”.
In the document, the NSA hails the Prism program as “one of the most valuable, unique and productive accesses for NSA”.
It boasts of what it calls “strong growth” in its use of the Prism program to obtain communications. The document highlights the number of obtained communications increased in 2012 by 248% for Skype – leading the notes to remark there was “exponential growth in Skype reporting; looks like the word is getting out about our capability against Skype”. There was also a 131% increase in requests for Facebook data, and 63% for Google.
The NSA document indicates that it is planning to add Dropbox as a PRISM provider. The agency also seeks, in its words, to “expand collection services from existing providers”.
The revelations echo fears raised on the Senate floor last year during the expedited debate on the renewal of the FAA powers which underpin the PRISM program, which occurred just days before the act expired.
Senator Christopher Coons of Delaware specifically warned that the secrecy surrounding the various surveillance programs meant there was no way to know if safeguards within the act were working.
“The problem is: we here in the Senate and the citizens we represent don’t know how well any of these safeguards actually work,” he said.
“The law doesn’t forbid purely domestic information from being collected. We know that at least one Fisa court has ruled that the surveillance program violated the law. Why? Those who know can’t say and average Americans can’t know.”
Other senators also raised concerns. Senator Ron Wyden of Oregon attempted, without success, to find out any information on how many phone calls or emails had been intercepted under the program.
When the law was enacted, defenders of the FAA argued that a significant check on abuse would be the NSA’s inability to obtain electronic communications without the consent of the telecom and internet companies that control the data. But the Prism program renders that consent unnecessary, as it allows the agency to directly and unilaterally seize the communications off the companies’ servers.
When the NSA reviews a communication it believes merits further investigation, it issues what it calls a “report”. According to the NSA, “over 2,000 Prism-based reports” are now issued every month. There were 24,005 in 2012, a 27% increase on the previous year.
In total, more than 77,000 intelligence reports have cited the PRISM program.
Jameel Jaffer, director of the ACLU’s Center for Democracy, that it was astonishing the NSA would even ask technology companies to grant direct access to user data.
“It’s shocking enough just that the NSA is asking companies to do this,” he said. “The NSA is part of the military. The military has been granted unprecedented access to civilian communications.
“This is unprecedented militarization of domestic communications infrastructure. That’s profoundly troubling to anyone who is concerned about that separation.”
A senior administration official said in a statement: “The Guardian and Washington Post articles refer to collection of communications pursuant to Section 702 of the Foreign Intelligence Surveillance Act. This law does not allow the targeting of any US citizen or of any person located within the United States.
“The program is subject to oversight by the Foreign Intelligence Surveillance Court, the Executive Branch, and Congress. It involves extensive procedures, specifically approved by the court, to ensure that only non-US persons outside the US are targeted, and that minimize the acquisition, retention and dissemination of incidentally acquired information about US persons.
“This program was recently reauthorized by Congress after extensive hearings and debate.
“Information collected under this program is among the most important and valuable intelligence information we collect, and is used to protect our nation from a wide variety of threats.
“The Government may only use Section 702 to acquire foreign intelligence information, which is specifically, and narrowly, defined in the Foreign Intelligence Surveillance Act. This requirement applies across the board, regardless of the nationality of the target.” Story Continued
· Obama orders US to draw up overseas target list for cyber-attacks – Exclusive: Top-secret directive steps up offensive cyber capabilities to ‘advance US objectives around the world’
Barack Obama has ordered his senior national security and intelligence officials to draw up a list of potential overseas targets for US cyber-attacks, a top secret presidential directive obtained by the Guardian reveals.
The 18-page Presidential Policy Directive 20, issued in October last year but never published, states that what it calls Offensive Cyber Effects Operations (OCEO) “can offer unique and unconventional capabilities to advance US national objectives around the world with little or no warning to the adversary or target and with potential effects ranging from subtle to severely damaging”.
It says the government will “identify potential targets of national importance where OCEO can offer a favorable balance of effectiveness and risk as compared with other instruments of national power”.
The directive also contemplates the possible use of cyber actions inside the US, though it specifies that no such domestic operations can be conducted without the prior order of the president, except in cases of emergency.
The aim of the document was “to put in place tools and a framework to enable government to make decisions” on cyber actions, a senior administration official told the Guardian.
The administration published some declassified talking points from the directive in January 2013, but those did not mention the stepping up of America’s offensive capability and the drawing up of a target list.
Obama’s move to establish a potentially aggressive cyber warfare doctrine will heighten fears over the increasing militarization of the internet.
The directive’s publication comes as the president plans to confront his Chinese counterpart Xi Jinping at a summit in California on Friday over alleged Chinese attacks on western targets.
Even before the publication of the directive, Beijing had hit back against US criticism, with a senior official claiming to have “mountains of data” on American cyber-attacks he claimed were every bit as serious as those China was accused of having carried out against the US.
Presidential Policy Directive 20 defines OCEO as “operations and related programs or activities … conducted by or on behalf of the United States Government, in or through cyberspace, that are intended to enable or produce cyber effects outside United States government networks.”
Asked about the stepping up of US offensive capabilities outlined in the directive, a senior administration official said: “Once humans develop the capacity to build boats, we build navies. Once you build airplanes, we build air forces.”
The official added: “As a citizen, you expect your government to plan for scenarios. We’re very interested in having a discussion with our international partners about what the appropriate boundaries are.”
The document includes caveats and precautions stating that all US cyber operations should conform to US and international law, and that any operations “reasonably likely to result in significant consequences require specific presidential approval”.
The document says that agencies should consider the consequences of any cyber-action. They include the impact on intelligence-gathering; the risk of retaliation; the impact on the stability and security of the internet itself; the balance of political risks versus gains; and the establishment of unwelcome norms of international behavior.
Among the possible “significant consequences” are loss of life; responsive actions against the US; damage to property; serious adverse foreign policy or economic impacts.
The US is understood to have already participated in at least one major cyber-attack, the use of the Stuxnet computer worm targeted on Iranian uranium enrichment centrifuges, the legality of which has been the subject of controversy. US reports citing high-level sources within the intelligence services said the US and Israel were responsible for the worm.
In the presidential directive, the criteria for offensive cyber operations in the directive is not limited to retaliatory action but vaguely framed as advancing “US national objectives around the world”.
The revelation that the US is preparing a specific target list for offensive cyber-action is likely to reignite previously raised concerns of security researchers and academics, several of whom have warned that large-scale cyber operations could easily escalate into full-scale military conflict.
Sean Lawson, assistant professor in the department of communication at the University of Utah, argues: “When militarist cyber rhetoric results in use of offensive cyber attack it is likely that those attacks will escalate into physical, kinetic uses of force.”
An intelligence source with extensive knowledge of the National Security Agency’s systems told the Guardian the US complaints again China were hypocritical, because America had participated in offensive cyber operations and widespread hacking – breaking into foreign computer systems to mine information.
Provided anonymity to speak critically about classified practices, the source said: “We hack everyone everywhere. We like to make a distinction between us and the others. But we are in almost every country in the world.”
The US likes to haul China before the international court of public opinion for “doing what we do every day”, the source added.
One of the unclassified points released by the administration in January stated: “It is our policy that we shall undertake the least action necessary to mitigate threats and that we will prioritize network defense and law enforcement as preferred courses of action.”
The full classified directive repeatedly emphasizes that all cyber-operations must be conducted in accordance with US law and only as a complement to diplomatic and military options. But it also makes clear how both offensive and defensive cyber operations are central to US strategy.
Under the heading “Policy Reviews and Preparation”, a section marked “TS/NF” – top secret/no foreign – states: “The secretary of defense, the DNI [Director of National Intelligence], and the director of the CIA … shall prepare for approval by the president through the National Security Advisor a plan that identifies potential systems, processes and infrastructure against which the United States should establish and maintain OCEO capabilities…” The deadline for the plan is six months after the approval of the directive.
The directive provides that any cyber-operations “intended or likely to produce cyber effects within the United States” require the approval of the president, except in the case of an “emergency cyber action”. When such an emergency arises, several departments, including the department of defense, are authorized to conduct such domestic operations without presidential approval.
Obama further authorized the use of offensive cyber-attacks in foreign nations without their government’s consent whenever “US national interests and equities” require such nonconsensual attacks. It expressly reserves the right to use cyber tactics as part of what it calls “anticipatory action taken against imminent threats”.
The directive makes multiple references to the use of offensive cyber-attacks by the US military. It states several times that cyber operations are to be used only in conjunction with other national tools and within the confines of law.
When the directive was first reported, lawyers with the Electronic Privacy Information Center filed a Freedom of Information Act request for it to be made public. The NSA, in a statement, refused to disclose the directive on the ground that it was classified.
In January, the Pentagon announced a major expansion of its Cyber Command Unit, under the command of General Keith Alexander, who is also the director of the NSA. That unit is responsible for executing both offensive and defensive cyber operations.
Earlier this year, the Pentagon publicly accused China for the first time of being behind attacks on the US. The Washington Post reported last month that Chinese hackers had gained access to the Pentagon’s most advanced military programs.
The director of national intelligence, James Clapper, identified cyber threats in general as the top national security threat.
Obama officials have repeatedly cited the threat of cyber-attacks to advocate new legislation that would vest the US government with greater powers to monitor and control the internet as a means of guarding against such threats.
One such bill currently pending in Congress, the Cyber Intelligence Sharing and Protection Act (Cispa), has prompted serious concerns from privacy groups, who say that it would further erode online privacy while doing little to enhance cyber security.
In a statement, Caitlin Hayden, national Security Council spokeswoman, said: “We have not seen the document the Guardian has obtained, as they did not share it with us. However, as we have already publicly acknowledged, last year the president signed a classified presidential directive relating to cyber operations, updating a similar directive dating back to 2004. This step is part of the administration’s focus on cybersecurity as a top priority. The cyber threat has evolved, and we have new experiences to take into account.
“This directive establishes principles and processes for the use of cyber operations so that cyber tools are integrated with the full array of national security tools we have at our disposal. It provides a whole-of-government approach consistent with the values that we promote domestically and internationally as we have previously articulated in the International Strategy for Cyberspace.
“This directive will establish principles and processes that can enable more effective planning, development, and use of our capabilities. It enables us to be flexible, while also exercising restraint in dealing with the threats we face. It continues to be our policy that we shall undertake the least action necessary to mitigate threats and that we will prioritize network defense and law enforcement as the preferred courses of action. The procedures outlined in this directive are consistent with the US Constitution, including the president’s role as commander in chief, and other applicable law and policies.” Story Continued
· Google, Facebook, Others Deny Giving Gov’t Broad Access To Data – SILICON VALLEY (CBS/AP) — Google CEO Larry Page and Facebook chief executive Mark Zuckerberg are denying reports that depict two of the Internet’s most influential companies as willing participants in a secret government program that gives the National Security Agency unfettered access to email and other personal information transmitted on various online services.
The rebuttals issued Friday in blog posts expand upon earlier statements that the companies issued in an attempt to distance themselves from a government surveillance program that is raising questions. At issue is whether the NSA has constructed a direct pipeline into the computers that run some of the world’s most widely used online services.
Each of the statements issued by Google Inc., Facebook Inc. and the five other companies linked to the program has been carefully worded in ways that doesn’t rule out the possibility that the NSA has been gathering online communications as part of its efforts to uncover terrorist plots and other threats to U.S. national security.
“I think a lot of people are spending a lot of time right now trying to parse those denials,” said Lee Tien, a senior staff attorney at the Electronic Frontier Foundation, a San Francisco-based digital rights group. “The top level point is simply: it’s pretty hard to know what those denials mean.”
Google and Facebook were tied to a clandestine snooping program code-named PRISM in reports published late Thursday by The Washington Post and The Guardian, a British newspaper. James Clapper, the director of national intelligence for the Obama administration, subsequently confirmed PRISM had been approved by a judge and is being conducted in accordance with U.S. law.
But Clapper didn’t identify what companies fall under PRISM’s broad authority, leaving the reports by the Post and Guardian as the only windows into the spying program. The newspapers based their reports on confidential slides and other documents about PRISM.
Besides Google and Facebook, those documents cited Microsoft Corp., Apple Inc., Yahoo Inc., AOL Inc. and Paltalk as the other companies immersed in PRISM. The NSA program also is getting data from Google’s YouTube video service and Microsoft’s Skype chat service, according to the PRISM documents posted on the Post’s website.
All of the companies have issued statements making it clear that they aren’t voluntarily handing over user data. They also are emphatically rejecting newspaper reports indicating that PRISM has opened a door for the NSA to tap directly on the companies’ data centers whenever the government pleases.
“Press reports that suggest that Google is providing open-ended access to our users’ data are false, period,” Page asserts in a blog post co-written with Google’s top lawyer, David Drummond.
In his post, Zuckerberg lambasts the media accounts as “outrageous.”
All the companies but Microsoft and Yahoo said they had never heard of PRISM before the name was revealed Thursday.
All of the statements could be technically true. At the same time, they could mean the companies have been turning over user data when served a legally binding order issued under a program that they didn’t know had a code name until they read about it like the rest of the world.
It’s all part of a linguistic tango that’s often performed when the cover is blown on a top-secret operation, Tien says. “The person could say `That story is not true’ and then say `We have never done X,’ pointing to the 5 percent that was in fact, inaccurate,” he says. “A company could say “‘We’ve never heard of the PRISM program.’ Well, maybe the government didn’t call it that. Or the company could say “‘We don’t allow backdoor access!’ Well, maybe they allow front door access.”
The companies tied to PRISM also are limited by law in how much they can say. They are prohibited from disclosing their compliance with orders issued under the Foreign Intelligence Surveillance Act of 1978. That law hatched the Foreign Intelligence Surveillance Court, whose activity is considered to be classified.
Microsoft began turning over data in 2007 on the sixth anniversary of the 9/11 terrorist attacks, according to the PRISM slides obtained by the Post. The documents list the following start dates for data collection at the other companies and services: Yahoo, March 2008; Google, January 2009; Facebook, June 2009; Paltalk, December 2009; YouTube, September 2010; Skype, February 2011; AOL, March 2011; Apple, October 2012.
In their posts, both Page and Zuckerberg seem to be telegraphing to the world that Google and Facebook are doing their best to limit the amount of user data that’s being handed over to the U.S. government.
To do so, they both cite disclosures earlier this week that Verizon Communications has been providing the NSA with portions of the calling records for all its U.S. customers since late April. The disclosures being made under court order cover an estimated 3 billion calls per day.
“We were very surprised to learn that such broad orders exist,” Page writes in his post. “Any suggestion that Google is disclosing information about our users’ Internet activity on such a scale is completely false.”
Zuckerberg also points out that Facebook has never received a government order covering as much user data as the one that Verizon received. “If we did, we would fight it aggressively,” he says in the post.
Both Page and Zuckerberg conclude their posts by imploring the government to be more forthcoming about the steps that it is taking to protect the public’s safety.
“The level of secrecy around the current legal procedures undermines the freedoms we all cherish,” Page writes.
Google is no stranger to defying the federal government’s requests. The company recently received a setback in its challenge of the FBI’s warrantless demands for customer data. In a ruling written May 20, U.S. District Court Judge Susan Illston rejected the company’s argument that the government’s practice of issuing so-called national security letters to telecommunication companies, Internet service providers and banks was unconstitutional and unnecessary.
Illston ordered Google to comply with the FBI’s demands. But she put her ruling on hold until the 9th U.S. Circuit Court of Appeals can decide the matter. Until then, Google must comply with the letters unless it shows the FBI didn’t follow proper procedures in making its demands for customer data in the 19 letters Google is challenging, she said. Story Continued