Wednesday, 18 de December de 2024 ISSN 1519-7670 - Ano 24 - nº 1318

Can’t Hide in the Cloud

Most Internet users were disabused of the notion that their online activities could be kept entirely secret long before the recent revelations that the National Security Agency has been tracking the phone calls and online communications of millions of people. And to a great degree, consumers have traded privacy for convenience — like having Web retailers store your credit card number to save you some typing on your next order.

Still, the scope of the government’s surveillance programs left some users and businesses wondering what, if anything, can be done to claw back more control over private information. The answer is complicated: most users could do more to safeguard themselves, but no software or service can protect them fully from determined government agencies, criminals or hackers.

The problem is that we have collectively ceded our privacy bit by bit as we have moved more social and business interactions from the physical realm to the so-called cloud, powered by tens of thousands of computers at server farms owned and managed by companies like Google, Amazon and Facebook. And it might be incredibly hard, if not impossible, to regain what we have given up.

While moving house recently, I came across a box of letters I had received in high school and college, some more than 20 years old. Other people cannot see those letters unless I let them, a court orders that I divulge their contents or they are physically stolen. But I can’t say the same about the nine-year-old messages in my Gmail account. I might think those messages are confidential just as I might hope that my private Facebook posts are, well, private. But in reality they aren’t and never were.

This is not a nostalgic lament. The Internet has no doubt made life more convenient. I can share photos with dozens of friends in minutes on Flickr, something that would have taken me days to do if I were having them printed and mailed. And it’s much easier for, say, accountants or bankers to do their jobs now that they can have a video chat with a co-worker on the other side of the planet.

Some people control the amount of information they put online; some have deactivated their Facebook accounts because of privacy concerns. But privacy settings don’t shield you from government intrusion or hacking. Even without posting personal data online, most of us leave trackable traces of ourselves online every day. Your high school, university or employer might be knowingly or unwittingly putting information about you online. Just as it would be extremely hard to survive off the electrical grid, it’s become nearly impossible to live and work without e-mail or cellphones.

The supervigilant are starting to use software to encrypt their e-mail and Internet chats. Many, if not most, businesses already use virtual private networks to allow employees to connect to their computers while shutting out outsiders. Activists and dissidents in foreign countries have been using Tor, which attempts to obscure users’ digital trails by breaking up and sending their Internet traffic on multiple paths. But such technologies all have limitations, and users have to be technically adept and diligent to gain any benefit.

The fact is, the privacy war is asymmetric. Governments have spent billions to develop tools to conduct surveillance and hack into computer systems. Far fewer resources have been devoted to protecting users from such intrusions, said Seth Schoen, the senior staff technologist at the Electronic Frontier Foundation, an advocacy and research organization. New technical tools might put up a privacy screen for a while, but over time intruders will come up with new ways to get around them, too. There may be no stopping that cat-and-mouse game, but at the very least we can demand that lawmakers protect us from abusive and unwarranted surveillance by the government.

 

 

In Snowden’s privacy fight, the spies are likely to win

Por Gideon Rachman [Financial Times, 11/6/13]

Most people accept there are legitimate reasons for states to monitor cyber space

Edward Snowden makes a good first impression. In his interview on YouTube, he comes across as a thoughtful boy-next-door type. Unlike Julian Assange, the twitchy narcissist behind WikiLeaks, Mr Snowden looks like somebody you would be quite happy to see date your daughter.

First impressions matter because – unless you are a hardline libertarian or a cold-blooded securocrat – Mr Snowden’s exposure of the cyber snooping of the US government will leave you feeling ambivalent. Nobody likes the idea of their emails and internet activity sitting on some giant supercomputer in Maryland or Cheltenham. On the other hand, most people accept that there are legitimate security reasons for governments to monitor what is going on in cyber space.

By temperament, I am on the complacent end of the spectrum when it comes to privacy. I know people who genuinely worry about the number of times they will be caught on closed-circuit television cameras as they wander around London. I cannot say it bothers me. Similarly, while I do not like the idea of all my email being liable to inspection by the American or British governments, it still feels like a fairly abstract concern.

This is not because I am a “law-abiding citizen” with “nothing to fear”, to use the official formulation. Off the top of my head, I cannot think of any recent acts of lawbreaking on my part. But I would like to believe that I have a zone of privacy that extends considerably beyond anything that might be deemed outright criminal.

The reason that I remain relatively relaxed about the thought that somebody could read my emails and scan my Google searches is not because I have “nothing to hide”. It is because, so far, I have never seen or felt any real-world consequences from this theoretical vulnerability. Nor has anyone I know. And nor can I think of any prominent news story in which the snooper state has ensnared or blackmailed some innocent party.

Of course, it could happen. And, if it began to happen, then I – like many other people – would be swiftly jolted out of my complacency. By then, we are sometimes warned, “it will be too late” – whatever that means. But there is a limit to the amount of pre-emptive panicking I am prepared to do.

By contrast, I have recently become much more concerned about my personal cyber security. In the past six weeks, my private email account has been hacked – apparently by somebody in Jordan. My credit card has been hijacked online. And the Financial Times website was also hacked. I have no idea who exactly is behind all these nefarious acts. But I am pretty confident that it is neither the US nor the British government.

I suspect my increasing awareness of cyber security is fairly typical. It used to be the kind of thing that only bothered tiresome people in the IT department. Now all those injunctions to keep changing my password feel more justified.

Why is any of this relevant to the Snowden case? Because internet crime bears out the official argument that cyber space is an increasingly perilous zone. Alongside all the people “liking” cat videos and friending each other on Facebook, distinctly unfriendly criminal networks and terrorists also operate in cyber space. It is the legitimate business of the state to try to keep tabs on thedark side of the internet.

Indeed, while much of the post-Snowden commentary has focused on the security services’ efforts to track terrorists on the internet, the most dangerous threats of the future may not resemble the terrorist spectaculars of the past. Security types, in both the public and private sectors, are increasingly worried about our societies’ utter dependence on a functioning computer network. They worry about the havoc that could be wreaked if a virus were introduced that prevented a major bank from reconciling its books. Or about the chaos that could be caused if the computer systems that run our power systems or traffic lights were disabled. These attacks would come from cyber space – and they might not be the work of a state.

If and when such a cyber assault occurs, the focus of public concern would switch very rapidly. Suddenly, people would not be worrying about security-service intrusion into the private domain. They would be demanding to know why the government had not been able to anticipate and blunt a cyber assault of this nature.

This does not mean I think the questions that the softly spoken Mr Snowden raised are illegitimate. He is right that there should be more public discussion of where to draw the line in cyber snooping. When he says, “these things need to be determined by the public, not by somebody … hired by the government,” I am inclined to agree.

The difference is that I suspect a better-informed public debate could end up in a different place from where Mr Snowden hopes. He says his biggest fear is that – despite all the information he has revealed – the cyber situation will remain unchanged. I suspect that is exactly what will happen. Unless and until somebody can show that security agencies are not only gathering mountains of information but are also actively abusing it, I think this is a debate that western governments can win.

 

 

Global Insight: US spying risks clouding ‘five eyes’ vision

Por Richard McGregor [Financial Times, 11/6/13]

Barack Obama says he welcomes the debate provoked by the leaking of details of the vast reach of America’s electronic eavesdropping agency. For the US’s intelligence allies, it’s hard to see why.

The longstanding, and rarely acknowledged, agreement between five western nations to share intelligence – the US, the UK, Canada, Australia and recently readmitted New Zealand – has long been the hidden core of the western alliance.

Established after the war to monitor the Soviet Union, the “five eyes” global system tracks everyone and everything from suspected terrorists in the Middle East, nuclear scientists in Iran, jihadis in Indonesia and military communications in China, the new rising rival to the west.

Geographically diverse, the five countries have built the kind of deep institutional links and technical capabilities that China can only dream about. US over-reach, of the kind on display in the National Security Agency leaks over the last week, can only undermine their power.

Mr Obama campaigned as a stern critic of George W Bush’s “war on terror” policies. In office, he has proved to be the best friend that US intelligence agencies could have hoped for.

Aside from tightening interrogation of terror suspects, to stop torture, he has validated the electronics eavesdropping and data mining programmes and put them on a solid legal footing. He has also brought Congress on board.

But this debate is not just about the US. Much to their discomfort, it is about America’s intelligence allies as well.

The NSA and its partners have joint facilities in the UK countryside; in the northern Australian desert, with the ability to track communications over the horizon into Asia; it even used to have a listening station in Hong Kong, until it was packed up before China regained sovereignty in 1997.

In some Middle Eastern countries, and in Indonesia after the Bali bombings, members of the “five eyes” club co-operate with the local authorities, without letting the outsiders into the group.

US allies clearly value the intelligence tie-up. James Clapper, the director of national intelligence, the post-9/11 body overseeing all US intelligence agencies, was quietly made a companion of the Order of Australia in 2012.

But the fallout from the NSA leaks has the potential to erode public support for an alliance already stretched to breaking point in the past decade by Mr Bush’s war on terror.

The debate is not just about the US. Much to their discomfort, it is about America’s intelligence allies as well

Certainly, there is a new class of data dissidents whose life and liberty can drive any debate. The self-identified leaker to The Guardian, Edward Snowden, has taken refuge in Hong Kong, and Julian Assange is holed up in the Ecuador embassy in London, ostensibly resisting extradition to Sweden over alleged sexual offences, but ultimately fearing a trial in the US.

If they need any evidence of how dimly the US views leakers, they only have to watch the trial of Bradley Manning at Fort Meade, the headquarters of the NSA and the US Cyber Command.

Mr Manning pleaded guilty to leaking material to Mr Assange’s WikiLeaks but that is not enough for the prosecutors. He is now being tried for aiding the enemy and endangering national security, charges which carry a life sentence.

A self-styled, whistleblowing digital journalist, Mr Assange should be different. He is not American and has never signed any agreement to keep America’s secrets, but the US is trying to put him in the dock in any case.

The US line to reassure its domestic audience – that the NSA is not spying on its own citizens but gathering intelligence on foreign threats – has the opposite effect overseas.

In the UK, William Hague has been forced to deny the GCHQ spy agency is using the NSA’s offshore tentacles to get around UK laws, the kind of denial that only leaves more questions in its wake.

In Australia, the Labor government has been squirming in the face of questions about the US investigation into Mr Assange and whether they would work to protect the rights of one of their citizens abroad.

The drawn-out chase, extradition, prosecution and jailing of people such as Messrs Snowden and Assange have the potential to deepen the disillusionment about the US military intelligence complex sown in Afghanistan and Iraq.

For anyone who values the power that comes through the five eyes’ community of nations, that can only be bad news.

 

 

N.S.A. Chief Says Phone Logs Halted Terror Threats

Por David E. Sanger, Charlie Savage e Michael S. Schmidt [The New York Times, 13/6/13]

The director of the National Security Agency told Congress on Wednesday that “dozens” of terrorism threats had been halted by the agency’s huge database of the logs of nearly every domestic phone call made by Americans, while a senator briefed on the program disclosed that the telephone records are destroyed after five years.

The director, Gen. Keith B. Alexander, who heads both the N.S.A. and United States Cyber Command, which runs the military’s offensive and defensive use of cyberweapons, told skeptical members of the Senate Appropriations Committee that his agency was doing exactly what Congress authorized after the attacks of Sept. 11, 2001.

General Alexander said he welcomed debate over the legal justification for the program because “what we’re doing to protect American citizens here is the right thing.” He said the agency “takes great pride in protecting this nation and our civil liberties and privacy” under the oversight of Congress and the courts.

“We aren’t trying to hide it,” he said. “We’re trying to protect America. So we need your help in doing that. This isn’t something that’s just N.S.A. or the administration doing it on its own. This is what our nation expects our government to do for us.”

But in his spirited exchanges with committee members, notably Senator Patrick J. Leahy, Democrat of Vermont, General Alexander said he was seeking to declassify many details about the program now that they have been leaked by Edward J. Snowden, a former N.S.A. contractor who came forward to say he was the source of documents about the phone log program and other classified matters.

Senator Dianne Feinstein, the California Democrat who is chairwoman of the Senate Intelligence Committee, was the first to disclose that the records are eventually destroyed. She said that she planned to hold a classified hearing on Thursday on the program. But at the Wednesday hearing, where testimony about the government’s planned $13 billion spending on cybersecurity was largely swept aside for a discussion of the surveillance program, Ms. Feinstein also revealed that investigators had used the database for purposes beyond countering terrorism, suggesting it might have also been employed in slowing Iran’s nuclear program.

Analysts can look at the domestic calling data only if there is a reason to suspect it is “actually related to Al Qaeda or to Iran,” she said, adding: “The vast majority of the records in the database are never accessed and are deleted after a period of five years. To look at or use the content of a call, a court warrant must be obtained.”

In a robust defense of the phone program, General Alexander said that it had been critical in helping to prevent “dozens of terrorist attacks” both in the United States and abroad and that the intelligence community was considering declassifying examples to better explain the program. He did not clarify whether the records used in such investigations would have been available through individual subpoenas without the database. He also later walked back the assertion slightly, saying the phone log database was used in conjunction with other programs.

In his testimony, General Alexander said he had “grave concerns” about how Mr. Snowden had access to such a wide range of top-secret information, from the details of a secret program called Prism to speed the government’s search of Internet materials to a presidential document on cyberstrategy. He said the entire intelligence community was looking at the security of its networks — something other government officials vowed to do after the WikiLeaks disclosures three years ago.

Under the Prism program, the N.S.A. collects information from American Internet companies like Google without individual court orders if the request is targeted at noncitizens abroad. That program derives from a 2008 surveillance law that was openly debated in Congress.

As part of the review from the fallout of leaks about Prism and the phone program, intelligence agencies will seek to determine whether terrorist suspects have increased their use of code words or couriers, have stopped using networks like Facebook or Skype, or have “gone silent” and can no longer be found, current and former senior American officials said separately from the hearing.

The review, which will most likely last for months to determine the long-term impact of the disclosures by Mr. Snowden, will also include a “cost benefit analysis” of the programs.

“Now that it’s out there, it will be looked at in a different way,” one of the current officials said. “Everyone’s raising questions about whether they have been compromised and whether to continue with them at the same pace. They are wondering whether or not they are going to continue to yield good information.”

While senior intelligence officials — including James R. Clapper Jr., the director of national intelligence — have asserted that the disclosures have significantly damaged the government’s intelligence capabilities, the current and former officials were far less sure of the lasting impact.

Philip Mudd, a former F.B.I. deputy director for national security, said that there could be some short-term impact on the programs but that terrorists would find it very hard to function without using electronic communications. “Good luck trying to communicate in this world without leaving a digital exhaust — that’s not going to happen,” he said.

Representative Peter King, Republican of New York, called for the prosecution of journalists who published the classified information in the documents leaked by Mr. Snowden. Mr. King told Fox News he was specifically talking about Glenn Greenwald, the columnist for The Guardian, whom he accused of threatening to release the names of covert C.I.A. agents.

On Twitter, Mr. Greenwald said it was a “lie” that he had made such a threat, and shot back with a reference to Mr. King’s past support for the Irish Republican Army: “Only in America can a renowned and devoted terrorism supporter like Peter King be the arbiter of national security and treason,” he wrote.

Public opinion, judging by two polls with differently worded questions that yielded different results, is divided over the government’s tracking of the communications of Americans. In a Pew Research Center/Washington Post poll conducted June 6-9, 56 percent of Americans said the N.S.A’s program tracking the phone records of “millions of Americans” was an acceptable way to investigate terrorism, while 41 percent said it was unacceptable. But a CBS News poll conducted June 9-10, which instead asked about collecting phone records of “ordinary Americans,” found that just 38 percent supported it and 58 percent opposed it.

 

 

For Snowden, a Life of Ambition, Despite the Drifting

Por John M. Broder e Scott Shane [The New York Times, 15/613]

In 2006, when Edward J. Snowden joined the thousands of computer virtuosos going to work for America’s spy agencies, there were no recent examples of insiders going public as dissidents. But as his doubts about his work for the Central Intelligence Agency and then for the National Security Agency grew, the Obama administration’s campaign against leaks served up one case after another of disillusioned employees refashioning themselves as heroic whistle-blowers.

Instead of merely opting out of surveillance work, Mr. Snowden embraced their example, delivering hundreds of highly classified N.S.A. documents to The Guardian and The Washington Post. His act may have been a spectacular unintended consequence of the leak crackdown itself.

It may also have reflected his own considerable ambition, disguised by his early drifting. From Mr. Snowden’s friends and his own voluminous Web postings emerges a portrait of a talented young man who did not finish high school but bragged online that employers “fight over me.”

“Great minds do not need a university to make them any more credible: they get what they need and quietly blaze their trails into history,” he wrote online at age 20. Mr. Snowden, who has taken refuge in Hong Kong, has studied Mandarin, was deeply interested in martial arts, claimed Buddhism as his religion and once mused that “China is definitely a good option career wise.”

After handing over the documents, he told The Guardian of his admiration for both Pfc. Bradley Manning, who is now on trial for providing 700,000 confidential documents to WikiLeaks, and Daniel Ellsberg, who disclosed the Pentagon Papers in 1971.

“Manning was a classic whistle-blower,” Mr. Snowden, 29, said of Private Manning, 25. “He was inspired by the public good.”

For role models, Mr. Snowden, an introspective man who spent his formative years in the rebellious technogeek counterculture, could look not only to the young Army private, lionized by a global following, but also to dissenters at his own agencies.

From the N.S.A., Mr. Snowden’s most recent employer, there was Thomas A. Drake, who since his 2010 leak prosecution has denounced the agency as Big Brother on the lecture circuit. From the C.I.A., Mr. Snowden’s previous employer, there was John Kiriakou, who rallied supporters with his assertion that his prison term for leaking was payback for speaking out about waterboarding.

If Mr. Snowden wished to draw similar attention, he has succeeded. Along with denunciations in Congress as a traitor and a manhunt by the F.B.I., he has already won public acclaim from a diverse group of sympathizers, from the left-wing filmmaker Michael Moore to the right-wing television host Glenn Beck.

His disclosures have renewed a longstanding concern: that young Internet aficionados whose skills the agencies need for counterterrorism and cyberdefense sometimes bring an anti-authority spirit that does not fit the security bureaucracy.

“There were lots of discussions at N.S.A. and in the intelligence community in general about the acculturation process,” said Joel F. Brenner, a former inspector general of the agency. “They were aware that they were bringing in young people who had to adjust to the culture — and who would change the culture.”

Mr. Brenner said that with such a buildup after the Sept. 11 attacks, “you’re going to have some sloppiness and some mistakes.” It is remarkable, he said, that “disloyalty” of Mr. Snowden’s variety is so rare.

Mr. Snowden’s fascination with computer technology began in high school in Anne Arundel County, Md., near Baltimore, and became a focus of his life after he dropped out in his sophomore year. He socialized with a tight circle of people who were enthralled by the Internet and Japanese anime culture.

“He was a geek like the rest of us,” said one member of the group, who spoke on the condition of anonymity to avoid a flood of media inquiries. “We played video games, watched anime. It was before geek was cool.”

Mr. Snowden lived with his mother, Elizabeth, a court administrator, who was divorced in 2001 from his father, Lonnie Snowden, a Coast Guard officer.

Mr. Snowden and his friends built personal computers from parts ordered over the Internet. They created a Web site called Ryuhana Press, which the former friend was amused to see reported in recent days as a real business. “It was the name of our club,” he said.

His friends persuaded “Edowaado,” as Mr. Snowden called himself, using the Japanese version of “Edward,” to get his high school equivalency diploma. “I don’t think he even studied. He just showed up and passed the G.E.D.,” the friend said.

In 2001, at 17, Mr. Snowden adopted an online persona he called “The One True Hooha” or just “Hooha” at the Web site Ars Technica, a forum for gamers, hackers and hardware tinkerers. His online chatter over the next two years revolved around role-playing video games like Tekken, Final Fantasy, Max Payne and Team Fortress Classic. He discussed his interest in martial arts and his disdain for formal education. He fitfully took classes at Anne Arundel Community College but never earned a degree.

Toward the end of 2003, Mr. Snowden wrote that he was joining the Army, listing Buddhism as his religion (“agnostic is strangely absent,” he noted parenthetically about the military recruitment form). He tried to define a still-evolving belief system. “I feel that religion, adopted purely, is ultimately representative of blindly making someone else’s beliefs your own.”

Mr. Snowden told The Guardian that he signed up for an Army Reserve Special Forces training program to “fight to help free people from oppression” in Iraq. But he said he broke his legs in a training accident and was discharged four months later.

He returned to Maryland and found a job as a security guard at the Center for Advanced Study of Language at the University of Maryland, which has a close relationship with the N.S.A., a 15-mile drive up the Baltimore-Washington Parkway.

In mid-2006, Mr. Snowden landed an information technology job at the C.I.A. Despite his lack of formal credentials, he secured a top-secret clearance and a coveted posting under State Department cover in Geneva. “I don’t have a degree of ANY type. I don’t even have a high school diploma,” he wrote on Ars Technica in May 2006. But he had no trouble getting work because he was a computer wizard, he said.

In August that year he wrote about a possible path in government service, perhaps involving China.”I’ve already got a basic understanding of Mandarin and the culture, but it just doesn’t seem like as much ‘fun’ as some of the other places,” he wrote.

Mavanee Anderson befriended Mr. Snowden in Geneva, where both had high security clearances and spoke often about their jobs.In an article published Wednesday in The Chattanooga Times Free Press of Tennessee, Ms. Anderson said he spoke of the “stresses and burdens” of his work as a network security specialist and described him as thoughtful and at times brooding.

She said that during the period they worked close to each other, from 2007 through the beginning of 2009, Mr. Snowden “was already experiencing a crisis of conscience of sorts.”

“I think anyone smart enough to be involved in the type of work he does, who is privy to the type of information to which he was privy, will have at least moments like these,” she wrote. “And at some point during that time he left the C.I.A.”

She said that while she understood Mr. Snowden’s motivations for exposing government secrets, she wished he had dealt with his concerns in a different way. “I would have told Ed that he didn’t have to take this burden on himself,” she wrote.

In 2009, Mr. Snowden joined the National Security Agency as a contract employee at a military facility in Japan. He told The Guardian he was disappointed that President Obama “advanced the very policies that I thought would be reined in.”

“I got hardened,” he said.

In 2010, he returned to Ars Technica after a long absence. His new preoccupation was political, not technical. “Society really seems to have developed an unquestioning obedience towards spooky types,” he wrote. “Did we get to where we are today via a slippery slope that was entirely within our control to stop, or was it an relatively instantaneous sea change that sneaked in undetected because of pervasive government secrecy?”

In March last year, Mr. Snowden donated $250 to the presidential campaign of Ron Paul, a libertarian, giving an address in Columbia, Md., and naming Dell as his employer. (A Dell spokesman would not confirm his employment.)

The next month he moved to Hawaii, according to a Twitter post from his girlfriend, Lindsay Mills, who refers to him as “E” and her “man of mystery.” She joined him in Hawaii last June, taking up pole-dancing and acrobatics. Neighbors described the couple as aloof but not unfriendly.

“There was nothing strange, nothing like that,” said Dr. Angel Cunanan, their next-door neighbor in Waipahu. “He said he was a contractor in the military.”

This March, the consulting firm Booz Allen Hamilton hired Mr. Snowden as a systems administrator at the N.S.A.’s Threat Operations Center.

He asked for a medical leave in May to get treatment for epilepsy. On May 20, he left for Hong Kong, carrying four computers, according to The Guardian, and digital copies of the secret documents. On Monday, Booz Allen fired Mr. Snowden, calling his claims to have leaked classified information “shocking.”

The Justice Department is considering an array of charges against Mr. Snowden. For his part, Mr. Snowden told The South China Morning Post last week, “My intention is to ask the courts and people of Hong Kong to decide my fate.”