EXPOSED! NSA - who watches the watchers?

In this week's edition of EXPOSED!, I'm taking a long hard look at the lookers...

One would have thought that after the Snowden revelations, the NSA might have cleaned up its act and stopped abusing the rights of citizens both in the USA and abroad. But this is not so. The Foreign Intelligence Surveillance Act Section 702 should, as the name implies, only be used to collect intelligence on non-Americans who are located outside of the USA.

But the way the law is written allows the NSA to collect the communications of Americans who communicate with targeted individuals located abroad. It also collects other Americans' communications who happen to be caught as part of the NSA's targeting of foreigners.

Section 702: What It Is & How It Works - Center for Democracy and Technology

What Is It? Section 702 of the Foreign Intelligence Surveillance Act (FISA) is a statute that authorizes the collection, use, and dissemination of electronic communications content stored by U.S. internet service providers (such as Google, Facebook, and Microsoft) or traveling across the internet’s …

Center for Democracy and TechnologyGreg Nojeim

The intelligence community refers to this as 'incidental' collection to downplay the fact that it uses this privacy-invasive foreign intelligence surveillance authority to collect Americans' communications that should require a warrant. This can include not just conversations but email exchanges, photos and other sensitive information. Surveillance is permitted far beyond what is required to protect national security.

The broad brush of “foreign intelligence information” can sweep up ordinary information unrelated to national security. Targets could therefore include human rights defenders, journalists, whistle blowers or business owners. It is not just the NSA which has access to this vast database as the FBI and CIA can search through it looking specifically for information about Americans. This kind of 'backdoor search' can lead to American citizens  being prosecuted for crimes based on communications taken without a warrant.

By tapping into the internet, this 'Upstream' program scans international internet traffic in bulk looking for information connected to 'targets'. It can best be described as real-time, suspicion-less surveillance. Despite repeated urging from Congress, the ACLU and others, the US government has refused to release an estimate of the number of Americans whose communications are swept under 702 surveillance.

10 Reasons You Should Still Worry About NSA Surveillance

In 2013, the Snowden revelations—many of them reported by then Washington Post reporter, now Century Foundation fellow Barton Gellman—shook the American go

The Century FoundationSam Adler-Bell

The amount of data collected from phone calls and text messages by the NSA is enormous. In 2017 alone, some 534,396,285 calls and messages were intercepted, three times what was collected in 2015. The 2018 data is yet to be released. On the hacking side of things, the NSA have a great expression for it: Tailored Access Operations and they have plenty of tools in the box. If they find a hole they will exploit it for their own benefit rather than tell everyone and make them aware.

Such was the case with the Eternal Blue vulnerability in Microsoft's Windows back in 2017. A group who called themselves Shadow Brokers made allegations that the NSA was linked to it and reports to the effect also surfaced in the Washington Post. One former NSA employee referred to the intelligence collected through the use of Eternal Blue as “unreal.” Another said “It was like fishing with dynamite.” Richard Ledgett, a former Deputy Director of the NSA, said disclosing all flaws would amount to “unilateral disarmament.” He said that the idea that “everything would be just fine” if the NSA disclosed all the vulnerabilities it finds is “nonsense.”

https://www.dni.gov/files/documents/icotr/2018-ASTR----CY2017----FINAL-for-Release-5.4.18.pdf

Major Leak Suggests NSA Was Deep in Middle East Banking System

The Shadow Brokers hacker group is back with another trove of NSA documents including Windows exploits and evidence of financial spying in the Middle East.

WIREDWIRED Staff

NSA officials worried about the day its potent hacking tool would get loose. Then it did.

One former employee said the hacking tool was so powerful it was like “fishing with dynamite.”

The Washington PostEllen Nakashima

So impressed were Chinese hackers with the NSA's hacking tools that they actually managed to get hold of one of them. The cybersecurity company Symantec claimed that a Chinese hacker group associated with Chinese government intelligence used a tool which at the time was only known to belong to the NSA. While Chinese government hackers are prolific around the world, they apparently only used their NSA tool sparingly.

How Chinese Spies Got the N.S.A.’s Hacking Tools, and Used Them for Attacks

The latest case of cyberweapons escaping American control raises questions about the United States’ expensive and dangerous digital arsenal.

NYTimesNicole Perlroth

US surveillance practices are a chilling reminder that the government in listening in on your private communications. Journalists and lawyers in particular should change the way in which they communicate, taking care in what they say and to whom they are saying it.

The leaks by Snowden have shaken public trust and now the discussion about surveillance and privacy will always be ongoing. We all need to be more vigilant when it comes to maintaining privacy as it is not just malicious hackers but our own governments as well who would want to intercept our data. Governments everywhere are spending billions of dollars to develop spying capabilities that they use aggressively against innocent people around the world. Some of them may do so with even less oversight and even fewer legal restrictions, with agencies everywhere hungry for our data and working to expand their reach.

There has been a step in the right direction with a EU Court ruling just recently that the US government's mass surveillance programs are incompatible with the privacy rights of EU citizens. The decision is yet another significant indicator that the US government's intelligence gathering practices need a massive overhaul. In a previous case in 2015, the EU Court of Justice noted that European citizens had no real recourse in law if their data was swept up in one of these schemes. Such a violation of their basic privacy rights meant that US companies could not provide an adequate level of data protection as required by EU law and promised by the EU/US 'Privacy Safe Harbor' self-regulation regime.

The complaint, which goes back to October 2014, was lodged by Austrian privacy activist Max Schrems. He argued that, following the Snowden revelations, the privacy of EU citizens could not be guaranteed if their data was sent to the US, given the evidence of widespread eavesdropping by the NSA and the fact that the US legal system only protected the rights of US citizens. Schrems said in a statement that:

“At first sight it seems the court has followed us in all aspects. This is a total blow to the Irish DPC (data protection commission) and Facebook. It is clear that the US will have to seriously change their surveillance laws if US companies want to continue to play a role in the EU market.”

EU court ruling puts pressure on US to reform surveillance laws

A ruling against the Privacy Shield data transfer standard argues that EU data shuttled to the United States isn’t adequately protected.

CNETAlfred Ng

“Until Snowden, the idea that Western governments would routinely collect, store and analyse our personal data sounded like a conspiracy theory to many people. Because surely, mass surveillance isn't something good, benevolent Western democracies would ever undertake? Snowden blew that idea wide open.”

Recent quotation from Privacy International