Tag Archives: NSA

News

U.S. House votes to block NSA backdoor searches

Leave a comment

In a late-night vote Thursday, June 19, the U.S. House of Representatives voted to prohibit US intelligence agencies from searching government databases for information about U.S. citizens. It also voted to eliminate funding for the development of further backdoor data gathering.

Vote results.
Vote results. Image courtesy Rep. Thomas Massie (R-Ky.), the chief sponsor of the amendment

The amendment passed at 10:47 PM with a vote of 293 to 123. There are two types of backdoors that the amendment addresses:

The first, warrantless searches

The FISA Amendments Act gives the NSA broad power to collect data through any number of programs. One of these data collection programs broadly collected and stored emails, web-browsing, and chat histories of random people, many of which were U.S. citizens. Previously, the NSA had the authority to search these massive databases without a warrant. These warrantless searches were known as “backdoor searches”. The amendment prevents the NSA from using money to do a backdoor search on a U.S. citizen, effectively stopping the practice altogether.

The second, private company backdoors

In the tech world, “backdoor” is a term of art that has specific meaning: a method of bypassing normal security and authentication routines, effectively allowing someone who shouldn’t have access to a computer system to get in. The NSA has been asking larger private companies to modify their encryption mechanisms to add backdoors, which would allow the NSA to expand their data collection efforts. The amendment eliminated funding for this type of program.

The amendment had bipartisan support, and the vote took just 10 minutes of debate. If you look at the vote results and see that your representative voted Nay, maybe it’s time to give him or her a call and urge intelligence reform for future votes. While you’re at it, contact your senator, so we can make sure this passes in the Senate as well.

News

Project “Quantum” gives NSA access to 100k+ offline computers

Leave a comment

Project Code-name “Quantum” gives the NSA the ability to remotely access computers disconnected from the internet from up to 8-miles away.

The NSA Project Quantum can access data from offline computers from up to 8-miles away
The NSA Project Quantum can access data from offline computers from up to 8-miles away

If you’re tech-savvy enough to be reading this blog, you should at least have an intuitive understanding that computers connected to the internet are vulnerable to remote access and attack. Less intuitive is that computers completely disconnected from the internet can also be remotely accessed. The New York Times recently released an article detailing Project Quantum, which gives the NSA the ability to remotely access a computer from up to 8-miles away. Initial estimates puts the NSA’s reach with this program at more than 100,000 computers.

How it Works

The NSA needs to first physically embed circuitry onto the computer. It’s been revealed the NSA has in the past intercepted computer shipments and embedded the circuitry inside the computer itself. Another technique is to hide the circuitry inside a USB plug for a device that will eventually be connected to the computer.  These circuits, when powered, can transmit data through a covert radio frequency to a mobile receiving station. The receiving station can fit inside a regular briefcase, and must be within 8-miles of the compromised computer. The receiving station then transmits the data back to the NSA.

No Domestic Use Detected so far

So far, there is no evidence that the NSA has used these intercept programs domestically; the intended targets are all high-value international intelligence figures. There’s little reason to doubt this claim, because the expense and effort required to physically bug an individual computer is immense.

The takeaway

Even if you think yourself important enough to warrant personal surveillance from the NSA, it’s unlikely you would have the technical expertise required to identify and remove these hidden circuits. While we lack specifics about the exact transmission method, we know it to be within the radio spectrum, so it is reasonable to assume that a computer placed in a fully electromagnetically shielded room might be protected from this particular method. Certainly I do not recommend disconnecting your devices from the internet and wrapping your house in aluminum foil; rather, just take this post as a reminder of the NSA’s incredible technological reach.

News

FISC Reauthorizes NSA Bulk Telephony Metadata Program

Leave a comment

On January 3, 2014, the US Foreign Intelligence Surveillance Court (“FISC”) once again renewed the NSA’s authority to continue collecting telephone metadata.

The E. Barrett Prettyman United States Courthouse in Washington D.C. houses the United States Foreign Intelligence Surveillance Court. Image courtesy of Wikimedia.

To quickly summarize how the metadata program works, the NSA makes an application to FISC, FISC reviews the application, and (if approved) issues an order to the telephone companies. The order requires the companies to supply their metadata to the NSA, and expires after 90 days. This is why the NSA needs to seek renewal every 3 months. The most recent authorization expired on January 3rd, the NSA applied for renewal, and the FISC court approved renewal.

Why is this unsurprising?

The metadata program began in May of 2006, and since then has been renewed 36 times by 15 different FISC judges. While most of these renewals happened in secrecy, thanks to new public attention and pressure the Director of National Intelligence James R. Clapper has declassified and disclosed the most recent renewals.

As part of that declassification, we’ve learned that even when the NSA failed to comply with FISC-ordered procedures, the FISC continued to approve renewals. For example, in January of 2009, the NSA improperly searched the metadata in a non-approved way. FISC Judge Walton acknowledged this breach in procedure was significant, and issued a sanction that required the NSA to seek approval for searches on a case-by-case basis. This sanction did little to deter the NSA because it only remained in place from March 2009 to September 2009, and throughout the whole ordeal the FISC barely hesitated in renewing the NSA’s authority. [Klayman v. Obama, p. 21-22]

Even when the government admitted it misused its authority, the FISC continued to renew this program, and so it’s little surprise it has done so once again this past Friday.

So is it important at all?

Even though most courts and judges agree the NSA metadata program is legal, U.S. District Court Judge Richard Leon disagrees. Two people, Larry Klayman and Charles Strange, both sued President Obama to try and stop metadata collection. On December 16, 2013, Judge Leon found the metadata program to be “almost Orwellian”, likely unconstitutional, and ordered the government to cease data collection, but only for Klayman and Strange. Further, he ordered the NSA to delete any data it had already collected on them. [Klayman v. Obama, p. 67] Judge Leon also stayed his own order, which means it was put on pause, in case the Government wanted to appeal his ruling. Unsurprisingly, President Obama, Attorney General Eric Holder, and NSA Director Keith Alexander formally appealed this order.

So we’re left with a situation where President Obama publicly calls for review of the metadata collection program but who still tries to keep the program alive, a mere smattering of judges who believe it to be unconstitutional, and an overwhelming majority of courts and judges who think it is perfectly legal. The latest FISC renewal, made at the height of public scrutiny, is a clear indicator that the Obama Administration, the NSA, and the FISC do not intend on putting the metadata collection program on hold at all, not even for a short period to review its legality.