Biggest Threat to an Open Internet: U.S. Intelligence Community

The biggest threat to the open internet is not Chinese government hackers or greedy anti-net-neutrality ISPs, it’s Michael McConnell, the former director of national intelligence.

McConnell

McConnell’s not dangerous because he knows anything about SQL injection hacks, but because he knows about social engineering. He’s the nice-seeming guy who’s willing and able to use fear-mongering to manipulate the federal bureaucracy for his own ends, while coming off like a straight shooter to those who are not in the know.

When he was head of the country’s national intelligence, he scared President Bush with visions of e-doom, prompting the president to sign a comprehensive secret order that unleashed tens of billions of dollars into the military’s black budget so they could start making firewalls and building malware into military equipment.

And now McConnell is back in civilian life as a vice president at the secretive defense contracting giant Booz Allen Hamilton. He’s out in front of Congress and the media, peddling the same Cybaremaggedon! gloom.

And now he says we need to re-engineer the internet.

We need to develop an early-warning system to monitor cyberspace, identify intrusions and locate the source of attacks with a trail of evidence that can support diplomatic, military and legal options — and we must be able to do this in milliseconds. More specifically, we need to re-engineer the Internet to make attribution, geo-location, intelligence analysis and impact assessment — who did it, from where, why and what was the result — more manageable. The technologies are already available from public and private sources and can be further developed if we have the will to build them into our systems and to work with our allies and trading partners so they will do the same.

Re-read that sentence. He’s talking about changing the internet to make everything anyone does on the net traceable and geo-located so the National Security Agency can pinpoint users and their computers for retaliation if the U.S. government doesn’t like what’s written in an e-mail, what search terms were used, what movies were downloaded. Or the tech could be useful if a computer got hijacked without your knowledge and used as part of a botnet.

The Washington Post gave McConnell free space to declare that we are losing some sort of cyberwar. He argues that the country needs to get a Cold War strategy, one complete with the online equivalent of ICBMs and Eisenhower-era, secret-codenamed projects. Google’s allegation that Chinese hackers infiltrated its Gmail servers and targeted Chinese dissidents proves the United States is “losing” the cyberwar, according to McConnell.

But that’s not warfare. That’s espionage.

McConnell’s op-ed then pointed to breathless stories in The Washington Post and The Wall Street Journal about thousands of malware infections from the well-known Zeus virus. He intimated that the nation’s citizens and corporations were under unstoppable attack by this so-called new breed of hacker malware. … Continue Reading

School Administrators: Webcam Spying

According to the filings in Blake J Robbins v Lower Merion School District (PA) et al, the laptops issued to high-school students in the well-heeled Philly suburb have webcams that can be covertly activated by the schools’ administrators, who have used this facility to spy on students and even their families. The issue came to light when the Robbins’s child was disciplined for “improper behavior in his home” and the Vice Principal used a photo taken by the webcam as evidence. The suit is a class action, brought on behalf of all students issued with these machines.

If true, these allegations are about as creepy as they come. I don’t know about you, but I often have the laptop in the room while I’m getting dressed, having private discussions with my family, and so on. The idea that a school district would not only spy on its students’ clickstreams and emails (bad enough), but also use these machines as AV bugs is purely horrifying.

Schools are in an absolute panic about kids divulging too much online, worried about pedos and marketers and embarrassing photos that will haunt you when you run for office or apply for a job in 10 years. They tell kids to treat their personal details as though they were precious.

But when schools take that personal information, indiscriminately invading privacy (and, of course, punishing students who use proxies and other privacy tools to avoid official surveillance), they send a much more powerful message: your privacy is worthless and you shouldn’t try to protect it.

Robbins v. Lower Merion School District (PDF)

Illegal: FBI Cut Corners to Wiretap

An internal audit found the FBI broke the law thousands of times when requesting Americans’ phone records using fake emergency letters that were never followed up on with true subpoenas — even though top officials knew the practice was illegal, according to The Washington Post.

The inspector general’s follow-up report on the so-called “exigent” letters — an investigation that started in 2007 — is due in a few months. E-mails obtained by the Post showed that responsible agency officials informed superiors in 2005, but the practice continued for two more years.

While it looks as if the nation’s top law enforcement agency routinely violated the nation’s wiretapping laws for years, it seems no one will actually be prosecuted since the violations are being judged as merely “technical.”

Agents in the Federal Bureau of Investigation’s terrorism investigation unit in New York City began using so-called “exigent letters” shortly after 9/11 as a shortcut around a proper terrorism subpoena, known as a National Security Letter. A proper NSL authorized under the Patriot Act allows agents to secretly get an individuals’ phone and financial records with a self-issued subpoena so long as they are “relevant” to an official, ongoing investigation.

That was supposed to prevent FBI agents from getting someone’s phone number just for exercising their First Amendment rights. But the standard was low enough that agents began issuing tens of thousands of NSLs a year, with not one being checked by a judge.

But even those rules were too stringent, and the New York-style “exigent letter” — an understandable shortcut after the 9/11 attacks — graduated from being temporary and was adopted by employees in Washington, D.C.

The news comes as Congress contemplates tightening the safeguards around NSLs following what has become an ever-growing list of abuses of FBI powers.

Even though supervisors and legal counsel became of aware of the fake emergency letters in 2004, the illegal behavior continued. But the phone companies began pushing back against the requests because they were being left with the legal liability. The public became aware of the NSL abuse in 2007, when the Justice Department’s inspector general released a report on the use of the power.

Documents show that senior FBI managers up to the assistant director level approved the procedures for emergency requests of phone records and that headquarters officials often made the requests, which persisted for two years after bureau lawyers raised concerns and an FBI official began pressing for changes.

“We have to make sure we are not taking advantage of this system, and that we are following the letter of the law without jeopardizing national security,” FBI lawyer Patrice Kopistansky wrote in one of a series of early 2005 e-mails asking superiors to address the problem.

The FBI acknowledged in 2007 that one unit in the agency had improperly gathered some phone records, and a Justice Department audit at the time cited 22 inappropriate requests to phone companies for searches and hundreds of questionable requests. But the latest revelations show that the improper requests were much more numerous under the procedures approved by the top level of the FBI.

In fact, the real number is 2,200 illegal requests out of a total of 4,400 so-called exigent requests, the Post reports.

When FBI personnel attempted to provide NSLs to cover the requests after the fact, they often couldn’t because the requests came from higher-up personnel and there was often no open-case to tie the request to. Department guidelines require NSLs to be tied to specific cases. Agents finally created blanket NSLs that covered multiple requests — one NSL was for threats to aviation, another was for threats to individuals.

Then the FBI decided just to issue on NSL to cover all that was left, the Post reports.

“What is new in the Post’s reporting today is that it was FBI supervisors and senior officials who were abusing the system,” said Greg Nojeim, a lawyer at the Center for Democracy and Technology.

“The FBI has been assuring us for years that the abuses of the Patriot Act could be cured by more layers of internal review, but now we learn that the supervisors themselves were abusing the process,” Nojeim said. “When people are under pressure, internal review is not enough, there needs to be external oversight, and the best way to do that is to have a judge look at the situation.”

Privacy Gains Victory Over Detailed Body Scans

WASHINGTON — – The government has promised more and better security at airports after the near-disaster Christmas Day, but privacy advocates are not prepared to accept the use of full-body scanners as the routine screening system at the nation’s airports.

“We don’t need to look at naked 8-year-olds and grandmothers to secure airplanes,” Rep. Jason Chaffetz, R-Utah, said Friday. “Are we really going to subject 2 million people per day to that? I think it’s a false argument to say we have to give up all of our personal privacy in order to have security.”

The balance between privacy and security tilts after each major terrorism incident in favor of greater security. But in the past decade, privacy advocates have been successful in blocking or stalling government plans for more searches.

A conservative freshman in the House, Chaffetz won a large, bipartisan majority last year for an amendment to oppose the government’s use of body-image scanners as the primary screening system for air travelers. He was joined by the American Civil Liberties Union, which said the scanners are the equivalent of a “virtual strip search.”

The pro-privacy stand does not follow the traditional ideological lines; Republicans and Democrats have united on the issue now and in the past.

It has been frustrating, however, for advocates of increased security.

“Privacy and attacks on profiling have been the big hurdles” to developing better security systems for air travelers, said Stewart Baker, a top official of the Department of Homeland Security under President George W. Bush.

Since 2001, privacy advocates have twice blocked moves to collect more personal data on passengers and compile the information in a computerized government system. Critics said mass databases would give the government too much information about ordinary Americans.

Privacy concerns also slowed the move to put more body imaging scanners in the airports. Currently, 19 airports have one or more scanners in use.

Now, after a man accused of having ties to al-Qaida boarded a trans-Atlantic flight, allegedly with explosives in his underwear, the drive to put the full-body scanners in all major airports is renewed. The Transportation Security Administration had already announced plans to buy 300 more. The Senate did not adopt the Chaffetz amendment, so the TSA is free to press ahead with installing the body scanners.

“They significantly enhance security because they can detect metallic and nonmetallic items hidden under clothing,” said Greg Soule, a TSA spokesman.

He also suggested that the privacy concerns are exaggerated. “It is 100 percent optional for all passengers,” he said. “They can choose to be screened with a full-body pat-down.”

Moreover, the screener who observes the passenger’s body image is “in a remote location” and cannot see the individual’s face, he said. And the body image itself “looks like a chalk etching of a passenger.”

Chaffetz disputes that point. “It is a whole body image, and they can spin it 360 degrees. And they can zoom in and see something as small as a nickel or dime,” he said. “But they can’t spot something hidden in a body cavity. A good, old-fashioned sniffing dog is more effective.”

ACLU lawyers said air travelers should not have to face the prospect of exposing a colostomy bag or a mastectomy scar.

“We continue to think the American people are being sold a bill of goods with these body scanners,” said Jay Stanley, a privacy expert in the ACLU’s Washington office. “Giving the government the authority to scrutinize your body is tremendous invasion of privacy, and the benefits are questionable.”

If the scanners become standard, “the terrorists will adapt to it,” he added.

Despite their disagreements, defenders of privacy and advocates of increased security agree that better use of information should permit the government to focus its screening on the individuals who pose a threat.

“We clearly need to move faster to a point where we’re looking for terrorists, not just weapons,” said Baker.

ISP and Telecom State’s Secret Surveillance Machine

Why not follow the money trail…. As the interface between state and private criminality, following the money trail is oxygen and combustible fuel for rooting out corruption in high places: indelible signs left behind like toxic tracks by our sociopathic masters.

After all, there’s nothing quite like exposing an exchange of cold, hard cash from one greedy fist to another to focus one’s attention on the business at hand.

And when that dirty business is the subversion of the American people’s right to privacy, there’s also nothing quite like economic self-interest for ensuring that a cone of silence descends over matters best left to the experts; a veritable army of specialists squeezing singular advantage out of any circumstance, regardless of how dire the implications for our democracy.

In light of this recommendation researcher Christopher Soghoian, deploying the tools of statistical analysis and a keen sense of outrage, reaffirmed that “Internet service providers and telecommunications companies play a significant, yet little known role in law enforcement and intelligence gathering.”

That the American people have been kept in the dark when it comes to this and other affairs of state, remain among the most closely-guarded open secrets of what has euphemistically been called the “NSA spying scandal.”

And when the Electronic Frontier Foundation (EFF) posted thousands of pages of documents “detailing behind-the-scenes negotiations between government agencies and Congress about providing immunity for telecoms involved in illegal government surveillance” last month, they lifted the lid on what should be a major scandal, not that corporate media paid the least attention.

A lid that Obama’s “change” regime hopes to slam back down as expeditiously as possible.

Hoping to forestall public suspicions of how things actually work in Washington, the administration has declared that “it will continue to block the release of additional documents, including communications within the Executive Branch and records reflecting the identities of telecoms involved in lobbying for immunity,” according to EFF’s Senior Staff Attorney Kurt Opsahl.

No small matter, considering that should a court ever find avaricious telecoms and ISPs liable for violating the rights of their customers, fines could mount into the billions. Even in today’s climate of corporate bailouts and “too big to fail” cash gifts to executive suite fraudsters, damages, both in monetary terms and adverse publicity, would hardly be chump change. … Continue Reading