NSA: It Would Violate Your Privacy to Say If We Spied on You

Gen. Keith Alexander, center, the head of the National Security Agency, visits Afghanistan, 2010. Photo: ISAF

The surveillance experts at the National Security Agency won’t tell two powerful United States Senators how many Americans have had their communications picked up by the agency as part of its sweeping new counterterrorism powers. The reason: it would violate your privacy to say so.

That claim comes in a short letter sent Monday to civil libertarian Senators Ron Wyden and Mark Udall. The two members of the Senate’s intelligence oversight committee asked the NSA a simple question last month: under the broad powers granted in 2008′s expansion of the Foreign Intelligence Surveillance Act, how many persons inside the United States have been spied upon by the NSA?

The query bounced around the intelligence bureaucracy until it reached I. Charles McCullough, the inspector general of the office of the director of national intelligence, the nominal head of the 16 U.S. spy agencies. In a letter acquired by Danger Room, McCullough told the senators that the NSA inspector general “and NSA leadership agreed that an IG review of the sort suggested would further violate the privacy of U.S. persons,” McCullough wrote.

“All that Senator Udall and I are asking for is a ballpark estimate of how many Americans have been monitored under this law, and it is disappointing that the Inspectors General cannot provide it,” Wyden told Danger Room on Monday. “If no one will even estimate how many Americans have had their communications collected under this law then it is all the more important that Congress act to close the ‘back door searches’ loophole, to keep the government from searching for Americans’ phone calls and emails without a warrant.”

What’s more, McCullough argued, giving such a figure of how many Americans were spied on was “beyond the capacity” of the NSA’s in-house watchdog — and to rectify it would require “imped[ing]” the very spy missions that concern Wyden and Udall. “I defer to [the NSA inspector general's] conclusion that obtaining such an estimate was beyond the capacity of his office and dedicating sufficient additional resources would likely impede the NSA’s mission,” McCullough wrote.

Continue Reading “NSA: It Would Violate Your Privacy to Say If We Spied on You” »

Back to top

US Demands for Google User Data Growing, But Full Picture Remains Murky

Photo: torkildr/Flickr

Government agencies across the United States sought user data from Google 6,321 times for the six months ending December 2011, up from 5,950 the six months prior, according to a new Google report.

Google, which offers email, cloud storage, a blogging platform, web search, and other services, every six months unveils a so-called Transparency Report shedding light on government requests for data and takedowns. The latest results show that the US government targeted 12,243 Google accounts, compared to 11,057 in the six months before.

Google’s transparency data is also limited as it does not include requests under the Patriot Act, which can include National Security Letters with gag orders attached. Nor do the data include anti-terrorism eavesdropping court orders known as FISA orders or any dragnet surveillance programs legalized in 2008, as those are secret, too.

Of the 28 nations listed in the Google survey, the United States filed the largest number of requests. India came in a far second, with 2,207 for the six months ending December 31.

Still, while Google the last two years is becoming increasingly more transparent by providing these numbers, and other figures related to content removal for copyright, defamation and other reasons, the latest report contains a glaring omission.

Nowhere does it say how many times it turned over user data in the United States as a result of a probable-cause warrant.

We have repeatedly asked Google for such information, but to no avail.

Google declined to address the topic when we asked it again Monday. In a canned response attributable to a “Google spokesperson,” the Mountain View, California technology concern replied:

“As with many other Google products, we like to launch and iterate. The Transparency Report is no different. As we’ve worked on this project, over time we’ve figured out the best way to disclose increasing amounts of information.”

The data being coughed up, although not spelled out, includes e-mail communications, documents and, among other things, browsing activity, and even IP addresses used to create an account.

We suspect that an alarming amount of the data is being turned over without a probable-cause warrant. The reason is that, in the United States, the law is so antiquated that a warrant is often not required.

But, again, we don’t know for sure, as Google is not saying. The company says it supports reforming the Electronic Communications Privacy Act, a 1986 measure which allows warrantless access to electronically stored data without warrants.

And it even includes a link to its call for reform from the transparency page.

In our view, the biggest way for Google to garner support for ECPA is to demonstrate how the law is being used in practice, to show Americans that the Fourth Amendment in theory isn’t what it should be when it comes to practice in the digital world.

Senate Judiciary Committee chairman Patrick Leahy (D-Vermont) proposed sweeping digital privacy protections a year ago that would require the government, for the first time, to get a probable-cause warrant to obtain e-mail and other content stored in the cloud.

The measure never even saw the light of day in Leahy’s committee, and died a quiet death.

Leahy’s proposal would have nullified a provision of the 1986 Electronic Communications Privacy Act that allows the government to acquire a suspect’s e-mail or other stored content from an internet service provider without showing probable cause that a crime was committed, as long as the content has been stored on a third-party server for 180 days or more. Under ECPA, the government only needs to show that it has “reasonable grounds to believe” the information would be useful in an investigation.

The act was adopted at a time when e-mail wasn’t stored on servers for a long time, but instead was held there briefly on its way to the recipient’s inbox. In the 1980s, e-mail more than 6 months old was assumed abandoned, and therefore ripe for the taking without a probable-cause warrant.

Meanwhile, a separate set of datasets Google released under its report included the number of times it has acquiesced to court orders to remove content — because of a court order — from its search results, YouTube and other products and services. The bulk of the reasons stemmed from orders surrounding issues of copyright, defamation and privacy.

In the six months ending December 31, the United States came in with 117 requests, up from 55 the six months prior. Brazil won the category, with 128, down from 140 the previous six months. Iran and China are not included in the results, as those nations employ government filters to remove content.

Photo: torkildr/Flickr

Tags: , ,
Back to top

Arvind Narayanan Isn’t Anonymous, and Neither Are You

World’s Most Wired

Computer Scientist

Arvind Narayanan

Arvind Narayanan in his tiny office at Stanford University, where he has been working on a post-doc. The chair on the desktop at left serves as a makeshift standing-desk for him.

Arvind Narayanan’s business card is an exercise in brevity. It contains no data except his name and the words “Google me,” a fitting calling card for an academic who specializes in privacy and anonymity research. When you do Google him, his online footprint is robust, but highly selective and pruned. There’s a website for his post-doctoral research at Stanford University, where he’s currently based, an online journal of semi-personal musings (like the time he fell asleep jet-lagged and awoke with complete amnesia about, not just who he was, but what he was – animal, vegetable, mineral?), a Google scholar page indicating his work has been cited 849 times, and news articles about high-profile projects he’s worked on. There are also various social networking accounts (Facebook, Google+) that paint a picture of a precise and scientifically calculating, but whimsical, personality – one whose music tastes run the gamut from Queen to Qawwali (Sufi devotional music), and who prefers mind-bending films like Memento and Inception to mind-numbing superhero flicks.

What you won’t find online about Narayanan are party snapshots of him caught in a drunken stupor or inadvisable tweets later deleted on second thought. There’s little about him on the web that he doesn’t specifically want there, and he’s careful to use browser tools to control the digital trail his online activities leave behind. But as a data scientist, Narayanan knows there’s a lot he can’t control — his own work shows that often the steps he and others take to protect themselves online can be easily undone.

Narayanan isn’t much known outside the insular world of data privacy, but he’s likely to be a name that you’ll be seeing more and more, particularly as he’ll be heading to Princeton University next year to join the well-regarded Center for Information Technology Policy, led by computer scientist Ed Felten. In the age of Big Data, where bulk supplies of information about your browsing and other online activities are bought and sold instantaneously in marketplaces each day, and where Target can know your teenage daughter is pregnant before you do, Narayanan is one of the leading hands-on thinkers in exploring how traditional notions of privacy are radically fractured by the collision of big data and cheap analytics. Take, for example, his now-famous Netflix study.

In 2006, Narayanan and a colleague dug into “anonymized” Netflix customer information and showed how little data collection it took to unmask an anonymized person’s identity. Netflix, as part of a public contest to devise a better movie-recommendation algorithm, released a data set of 100 million movie ratings made by 480,000 of its customers. The online DVD provider anonymized the data before releasing it to contestants, by replacing names with random unique identifying numbers to protect the privacy of its customers. But Narayanan and Vitaly Shmatikov were able to unmask some Netflix users simply by taking the anonymized movie ratings – along with timestamps showing when customers submitted them – and comparing them against non-anonymized movie ratings posted at the Internet Movie Database web site. “Even before we looked at the data, we knew right away that this issue was going to exist,” Narayanan says. The research led to a privacy lawsuit against Netflix and a 2010 settlement that scuttled the company’s plans for a second contest that would have involved using even more customer data. Since that study and research paper, he and colleagues have produced four other major ones proving similar points in different contexts.

Continue Reading “Arvind Narayanan Isn’t Anonymous, and Neither Are You” »
Back to top

CIA Refuses to Confirm or Deny Drone Attacks Obama Brags About

Armed MQ-9 Reaper drones like this one are used by both the US military and the CIA. Photo: USAF

The Central Intelligence Agency continues to refuse to confirm or deny the covert military use of drones to kill suspected terrorists overseas, despite President Barack Obama’s and even a former CIA director’s admission of the agency’s targeted killing program.

Despite numerous public comments on the CIA’s drone attacks in far-flung locales such as Yemen from various government officials, including former CIA Director Leon Panetta and President Obama, the CIA is taking the position in court that it would have to eliminate you with one of its drones if it acknowledged the program.

So on Wednesday, the American Civil Liberties Union asked a federal appeals court to expedite a hearing (.pdf) on its Freedom of Information Act request seeking details of the drone program. Hours later, the US Court of Appeals for the District of Columbia Circuit set a September 20 oral argument. (.pdf)

The development comes as 26 members of Congress asked Obama, in a letter, to consider the consequences of drone killing and to explain the necessity of the program. The use of drones to shoot missiles from afar at vehicles and buildings that the nation’s intelligence agencies believe are being used by suspected terrorists began under the Bush administration and was widened by Obama to allow the targeting of American citizens. Drone strikes by the Pentagon and the CIA have sparked backlashes from foreign governments and populations, as the strikes often kill civilians, including women and children.
Continue Reading “CIA Refuses to Confirm or Deny Drone Attacks Obama Brags About” »

Tags: , ,
Back to top

Sweden Will Imprison Assange When Extradited

Julian Assange will be imprisoned after he is handed over to Swedish authorities when he is extradited and will have a court hearing four days after extradition from the United Kingdom to decide if he will stay in custody, the Swedish government announced Friday.

Earlier this week, the Supreme Court of the United Kingdom decided not to reopen Assange’s appeal and upheld the decision that the WikiLeaks founder should be extradited to face sex crime proceedings in Sweden.

The UK Supreme Court has ordered that Assange won’t be handed over to the Swedes until June 28. After that date Assange will be brought to Sweden within 10 days, according to European Arrest Warrant rules, Sweden’s Office of Public Prosecutions said.

Within four days of his arrival in Sweden, a court hearing will decide whether or not Assange should be remanded in custody for questioning by prosecution. Any decision by court can be appealed, according to the Swedish prosecutors.

Assange will be brought to Sweden by the country’s Department of Corrections, which will also take him into custody. Since Assange is considered to be a flight risk, he will be kept in prison while waiting for the remand hearing.

However, the Prosecutor’s Office says Assange won’t be kept in isolation and will be able to watch TV, read newspapers and associate with other inmates.

Since December 2010, Julian Assange has been under house arrest in Britain while appealing decisions by UK courts to extradite him to Sweden. He fears Sweden will hand him over to the United States, where he may face a secret indictment on charges of espionage because of WikiLeaks publishing confidential State Department cables.

Swedish authorities have arrested Assange in his absence on suspicion of unlawful coercion, two counts of probable sexual molestation, rape and other lesser crimes against two women. Assange says the encounters were consensual.

Director of Public Prosecutions Marianne Ny will be in charge of Assange’s questioning when he arrives in Sweden. No further information will be given by her office so as not to disturb the investigation or hurt people affected by it, officials said.

Back to top
« OLDER POSTS