• Tag Archives surveillance

  • Word Games: What the NSA Means by “Targeted” Surveillance Under Section 702

    Posted on by Azrael 1 Comment

    We all know that the NSA uses word games to hide and downplay its activities. Words like “collect,” “conversations,” “communications,” and even “surveillance” have suffered tortured definitions that create confusion rather than clarity.

    There’s another one to watch: “targeted” v. “mass” surveillance.

    Since 2008, the NSA has seized tens of billions of Internet communications. It uses the Upstream and PRISM programs—which the government claims are authorized under Section 702 of the FISA Amendments Act—to collect hundreds of millions of those communications each year. The scope is breathtaking, including the ongoing seizure and searching of communications flowing through key Internet backbone junctures,[1] the searching of communications held by service providers like Google and Facebook, and, according to the government’s own investigators, the retention of significantly more than 250 million Internet communications per year.[2]

    Yet somehow, the NSA and its defenders still try to pass 702 surveillance off as “targeted surveillance,” asserting that it is incorrect when EFF and many others call it “mass surveillance.”

    Our answer: if “mass surveillance” includes the collection of the content of hundreds of millions of communications annually and the real-time search of billions more, then the PRISM and Upstream programs under Section 702 fully satisfy that definition.

    This word game is important because Section 702 is set to expire in December 2017. EFF and our colleagues who banded together to stop the Section 215 telephone records surveillance are gathering our strength for this next step in reining in the NSA. At the same time, the government spin doctors are trying to avoid careful examination by convincing Congress and the American people that this is just “targeted” surveillance and doesn’t impact innocent people.

    Section 702 Surveillance: PRISM and Upstream

    PRISM and Upstream surveillance are two types of surveillance that the government admits that it conducts under Section 702 of the FISA Amendments Act, passed in 2008. Each kind of surveillance gives the U.S. government access to vast quantities of Internet communications.[3]

    Upstream gives the NSA access to communications flowing through the fiber-optic Internet backbone cables within the United States.[4] This happens because the NSA, with the help of telecommunications companies like AT&T, makes wholesale copies of the communications streams passing through certain fiber-optic backbone cables. Upstream is at issue in EFF’s Jewel v. NSA case.

    PRISM gives the government access to communications in the possession of third-party Internet service providers, such as Google, Yahoo, or Facebook. Less is known about how PRISM actually works, something Congress should shine some light on between now and December 2017.[5]

    Note that those two programs existed prior to 2008—they were just done under a shifting set of legal theories and authorities.[6] EFF has had evidence of the Upstream program from whistleblower Mark Klein since 2006, and we have been suing to stop it ever since.

    Why PRISM and Upstream are “Mass,” Not “Targeted,” Surveillance

    Despite government claims to the contrary, here’s why PRISM and Upstream are “mass surveillance”:

              (1) Breadth of acquisition:  First, the scope of collection under both PRISM and Upstream surveillance is exceedingly broad. The NSA acquires hundreds of millions, if not billions, of communications under these programs annually.[7] Although, in the U.S. government’s view, the programs are nominally “targeted,” that targeting sweeps so broadly that the communications of innocent third parties are inevitably and intentionally vacuumed up in the process. For example, a review of a “large cache of intercepted conversations” provided by Edward Snowden and analyzed by the Washington Post revealed that 9 out of 10 account holders “were not the intended surveillance targets but were caught in a net the agency had cast for somebody else.”[8] The material reviewed by the Post consisted of 160,000 intercepted e-mail and instant message conversations, 7,900 documents (including “medical records sent from one family member to another, resumes from job hunters and academic transcripts of schoolchildren”), and more than 5,000 private photos.[9] In all, the cache revealed the “daily lives of more than 10,000 account holders who were not targeted [but were] catalogued and recorded nevertheless.”[10] The Post estimated that, at the U.S. government’s annual rate of “targeting,” collection under Section 702 would encompass more than 900,000 user accounts annually. By any definition, this is “mass surveillance.”

              (2) Indiscriminate full-content searching.  Second, in the course of accomplishing its so-called “targeted” Upstream surveillance, the U.S. government, in part through its agent AT&T, indiscriminately searches the contents of billions of Internet communications as they flow through the nation’s domestic, fiber-optic Internet backbone. This type of surveillance, known as “about surveillance,” involves the NSA’s retention of communications that are neither to nor from a target of surveillance; rather, it authorizes the NSA to obtain any communications “about” the target.[11] Even if the acquisition of communications containing information “about” a surveillance target could, somehow, still be considered “targeted,” themethod for accomplishing that surveillance cannot be: “about” surveillance entails a content search of all, or substantially all, international Internet communications transiting the United States.[12]  Again, by any definition, Upstream surveillance is “mass surveillance.”  For PRISM, while less is known, it seems the government is able to search through—or require the companies like Google and Facebook to search through—all the customer data stored by the corporations for communications to or from its targets.

    Seizure: Fourth Amendment and the Wiretap Act

    To accomplish Upstream surveillance, the NSA copies (or has its agents like AT&T copy) Internet traffic as it flows through the fiber-optic backbone. This copying, even if the messages are only retained briefly, matters under the law. Under U.S. constitutional law, when the federal government “meaningfully interferes” with an individual’s protected communications, those communications have been “seized” for purposes of the U.S. Constitution’s Fourth Amendment. Thus, when the U.S. government copies (or has copied) communications wholesale and diverts them for searching, it has “seized” those communications under the Fourth Amendment.

    Similarly, U.S. wiretapping law triggers a wiretap at the point of “interception by a device,” which occurs when the Upstream mechanisms gain access to our communications.[13]

    Why does the government insist that it’s targeted?  For Upstream, it may be because the initial collection and searching of the communications—done by service providers like AT&T on the government’s behalf—is really, really fast and much of the information initially collected is then quickly disposed of. In this way the Upstream collection is unlike the telephone records collection where the NSA kept all of the records it seized for years. Yet this difference should not change the conclusion that the surveillance is “mass surveillance.” First, all communications flowing through the collection points upstream are seized and searched, including content and metadata. Second, as noted above, the amount of information retained—over 250 million Internet communications per year—is astonishing.

    Thus, regardless of the time spent, the seizure and search are comprehensive and invasive. Using advanced computers, the NSA and its agents can do a full-text, content search within a blink of an eye through billions, if not trillions of your communications, including emails, social media, and web searches. Second, as demonstrated above, the government retains a huge amount of the communications—far more about innocent people than about its targets—so even based on what is retained the surveillance is better described as “mass” rather than “targeted.”

    Yes, it is Mass Surveillance

    So it is completely correct to characterize Section 702 as mass surveillance. It stems from the confluence of: (1) the method NSA employs to accomplish its surveillance, particularly Upstream, and (2) the breadth of that surveillance.

    Next time you see the government or its supporters claim that PRISM and Upstream are “targeted” surveillance programs, you’ll know better.

    Source: Word Games: What the NSA Means by “Targeted” Surveillance Under Section 702 | Electronic Frontier Foundation


    📂This entry was posted in News and Politics 📎and tagged

  • Pokémon GO Is Not, in Fact, Totalitarian

    Posted on by Azrael 1 Comment

    In a recent interview about his new film on Edward Snowden, director Oliver Stone warned about the potential for data-mining on the part of major companies to lead to “totalitarianism.” Partly speaking about the data collected by the popular app Pokémon GO, he said, “What’s happening is a new level of invasion… They’ve invested a huge amount of money in data mining – what you are buying, what you like, your behavior. It’s what some people call surveillance capitalism.”

    The implication here is nuanced, but important: while speaking about a movie which depicts a whistle-blower for unconstitutional government surveillance, Stone drew a parallel between “surveillance” by tech companies and the horrifying contents of Snowden’s leaked documents.

    This notion is mistaken and dangerous, but symptomatic of a much deeper disease in American thought: the false equivalence between power leveraged by “Big Government” and “Big Business.”

    This microcosm of conceptual chaos is what Ayn Rand called a “package-deal”: a fallacy in which one uses one word or phrase to group conceptually opposed or dissimilar things. Under the umbrella of “power,” for instance, our culture has paired both political and economic power – or, in other words, we consider as identical both massive economic influence and the government’s legal monopoly on the use of force.

    Mr. Stone and the Package Deal

    How does this apply to Mr. Stone’s words, then? In his case, he has grouped into package-deals the notions of “surveillance” and “totalitarianism,” a decision which obfuscates crucial distinctions. Google has economic power, gathered by the voluntary decision on the part of its customers to use its services. This was a deal made by mutual agreement in pursuit of mutual advantage – Google receives a certain set of profits from advertisements and the like, and I receive an effective search engine, an email service, and so on. That this deal is more complex than presented does nothing to soften this point: the long and detailed “terms of services” pages are crafted precisely for this reason.

    Because any powers of “surveillance” are mutually agreed to (even if, as a consumer, I am negligent in learning just what it is I have signed), Google and Nintendo could notin any meaningful way be “totalitarian.” This is not so for the government. Because the government holds a legal monopoly on the use of force (e.g., in its use of a police force, military, binding legal code, etc.), its covert surveillance is not enforced by mutual agreement but at the proverbial point of a gun. Whether it is done for the alleged “security” or “safety” of the nation is irrelevant – intentions do not make coercion less coercive.

    This danger is compounded by the fact that many of the activities unveiled by Snowden were unconstitutional – accordingly, the government was not only acting in a coercive manner, but in a way contrary to the design of its founders.

    Here’s the most egregious package-deal Stone presents: Britannica defines “totalitarianism” as a “form of government that theoretically permits no individual freedom and that seeks to subordinate all aspects of the individual’s life to the authority of the government.” In other words, there is no room for the mutual exchange and voluntary association allowed by capitalism – the state becomes all-consuming, with no room for the individual to “opt out” of the provided “services.”

    To define companies in such a way as to group them within this category of government coercion is to form a reckless package-deal. If one wishes for his data to be shielded from companies like Google, he can use another service. He can choose not to buy a cellphone. He can research whether there is a way to use these services while opting out of its more invasive features. Moreover, if he discovers this mid-use, he can stop using the service. He can decline his side of the agreement, leveraging his agency as a free individual. And Google won’t be using his information to detain him without rights, anyway.

    When a totalitarian state is formed or a free state like the United States acts in a totalitarian manner, citizens have no ability to exercise their rights against it. This is why Snowden would be immediately arrested upon his return to the United States. This is not so with Google. Perhaps Mr. Stone should watch his own movie.

    Source: Pokémon GO Is Not, in Fact, Totalitarian | Foundation for Economic Education


    📂This entry was posted in News and Politics 📎and tagged

  • In Hearing on Internet Surveillance, Nobody Knows How Many Americans Impacted in Data Collection

    Posted on by Azrael Comment

    The Senate Judiciary Committee held an open hearing today on the FISA Amendments Act, the law that ostensibly authorizes the digital surveillance of hundreds of millions of people both in the United States and around the world. Section 702 of the law, scheduled to expire next year, is designed to allow U.S. intelligence services to collect signals intelligence on foreign targets related to our national security interests. However—thanks to the leaks of many whistleblowers including Edward Snowden, the work of investigative journalists, and statements by public officials—we now know that the FISA Amendments Act has been used to sweep up data on hundreds of millions of people who have no connection to a terrorist investigation, including countless Americans.

    What do we mean by “countless”? As became increasingly clear in the hearing today, the exact number of Americans impacted by this surveillance is unknown. Senator Franken asked the panel of witnesses, “Is it possible for the government to provide an exact count of how many United States persons have been swept up in Section 702 surveillance? And if not the exact count, then what about an estimate?”

    Elizabeth Goitein, the Brennan Center director whose articulate and thought-provoking testimony was the highlight of the hearing, noted that at this time an exact number would be difficult to provide. However, she asserted that an estimate should be possible for most if not all of the government’s surveillance programs.

    None of the other panel participants—which included David Medine and Rachel Brand of the Privacy and Civil Liberties Oversight Board as well as Matthew Olsen of IronNet Cybersecurity and attorney Kenneth Wainstein—offered an estimate.

    Today’s hearing reaffirmed that it is not only the American people who are left in the dark about how many people or accounts are impacted by the NSA’s dragnet surveillance of the Internet. Even vital oversight committees in Congress like the Senate Judiciary Committee are left to speculate about just how far-reaching this surveillance is. It’s part of the reason why we urged the House Judiciary Committee to demand that the Intelligence Community provide the public with a number.

    The lack of information makes rigorous oversight of the programs all but impossible. As Senator Franken put it in the hearing today, “When the public lacks even a rough sense of the scope of the government’s surveillance program, they have no way of knowing if the government is striking the right balance, whether we are safeguarding our national security without trampling on our citizens’ fundamental privacy rights. But the public can’t know if we succeed in striking that balance if they don’t even have the most basic information about our major surveillance programs.”

    Senator Patrick Leahy also questioned the panel about the “minimization procedures” associated with this type of surveillance, the privacy safeguard that is intended to ensure that irrelevant data and data on American citizens is swiftly deleted.

    Senator Leahy asked the panel: “Do you believe the current minimization procedures ensure that data about innocent Americans is deleted? Is that enough?”

    David Medine, who recently announced his pending retirement from the Privacy and Civil Liberties Oversight Board, answered unequivocally:

    Senator Leahy, they don’t. The minimization procedures call for the deletion of innocent Americans’ information upon discovery to determine whether it has any foreign intelligence value. But what the board’s report found is that in fact information is never deleted. It sits in the databases for 5 years, or sometimes longer. And so the minimization doesn’t really address the privacy concerns of incidentally collected communications—again, where there’s been no warrant at all in the process… In the United States, we simply can’t read people’s emails and listen to their phone calls without court approval, and the same should be true when the government shifts its attention to Americans under this program.

    One of the most startling exchanges from the hearing today came toward the end of the session, when Senator Dianne Feinstein—who also sits on the Intelligence Committee—seemed taken aback by Ms. Goitein’s mention of “backdoor searches.”

    Feinstein: Wow, wow. What do you call it? What’s a backdoor search?

    Goitein: Backdoor search is when the FBI or any other agency targets a U.S. person for a search of data that was collected under Section 702, which is supposed to be targeted against foreigners overseas.

    Feinstein: Regardless of the minimization that was properly carried out.

    Goitein: Well the data is searched in its unminimized form. So the FBI gets raw data, the NSA, the CIA get raw data. And they search that raw data using U.S. person identifiers. That’s what I’m referring to as backdoor searches.

    It’s deeply concerning that any member of Congress, much less a member of the Senate Judiciary Committee and the Senate Intelligence Committee, might not be aware of the problem surrounding backdoor searches. In April 2014, the Director of National Intelligence acknowledged the searches of this data, which Senators Ron Wyden and Mark Udall termed “the ‘back-door search’ loophole in section 702.” The public was so incensed that the House of Representatives passed an amendment to that year’s defense appropriations bill effectively banning the warrantless backdoor searches. Nonetheless, in the hearing today it seemed like Senator Feinstein might not recognize or appreciate the serious implications of allowing U.S. law enforcement agencies to query the raw data collected through these Internet surveillance programs. Hopefully today’s testimony helped convince the Senator that there is more to this topic than what she’s hearing in jargon-filled classified security briefings.

    Today’s hearing saw powerful testimony from Hon. Medine and Ms. Goitein on the need for additional oversight and reform of surveillance under Section 702, and many of the Senators present indicated deep concern about the privacy implications of these surveillance programs. Nonetheless, the hearing fell short of what we might have hoped.

    It’s vitally important to improve the transparency surrounding these surveillance programs, close loopholes being exploited by the government, and ensure appropriate oversight. But unaddressed was the question of whether, as a society, we believed mass surveillance of the overwhelming majority of Internet communications is in the best interests of our society, much less Constitutional.

    Section 702 of the FISA Amendments Act is set to sunset next year, which means Congress should be debating whether we benefit from renewing it at all. Are the privacy harms suffered by our society, which have a chilling effect on free speech and ramifications for a free democracy, a trade we want to make? Do we believe that the benefits of the data currently collected under Section 702 are worth such sacrifices? Or could a more conservative, carefully cabined form of signals intelligence provide necessary data for our national security interests without sacrificing our values in the process?  Must we treat every person outside of the United States as if they had no right to privacy, regardless of whether they had done anything to merit surveillance? Those are the questions we’d like to see Congress addressing in the coming weeks and months.

    For now, it’s clear that absent powerful reforms and safeguards for individual privacy, Congress should let Section 702 sunset altogether.

    Source: In Hearing on Internet Surveillance, Nobody Knows How Many Americans Impacted in Data Collection | Electronic Frontier Foundation


    📂This entry was posted in News and Politics 📎and tagged