HOUSE PASSES CYBERSECURITY BILL DESPITE PRIVACY PROTESTS – ANDY GREENBERG SECURITY 04.22.15 5:38 PMw


Congress is hellbent on passing a cybersecurity bill that can stop the wave of hacker breaches hitting American corporations. And they’re not letting the protests of a few dozen privacy and civil liberties organizations get in their way.

On Wednesday the House of Representatives voted 307-116 to pass the Protecting Cyber Networks Act, a bill designed to allow more fluid sharing of cybersecurity threat data between corporations and government agencies. That new system for sharing information is designed to act as a real-time immune system against hacker attacks, allowing companies to warn one another via government intermediaries about the tools and techniques of advanced hackers. But privacy critics say it also threatens to open up a new backchannel for surveillance of American citizens, in some cases granting the same companies legal immunity to share their users’ private data with government agencies that include the NSA.

“PCNA would significantly increase the National Security Agency’s (NSA’s) access to personal information, and authorize the federal government to use that information for a myriad of purposes unrelated to cybersecurity,” reads a letter signed earlier this week by 55 civil liberties groups and security expertsthat includes the American Civil Liberties Union, the Electronic Frontier Foundation, the Freedom of the Press Foundation, Human Rights Watch and many others.

“The revelations of the past two years concerning the intelligence community’s abuses of surveillance authorities and the scope of its collection and use of individuals’ information demonstrates the potential for government overreach, particularly when statutory language is broad or ambiguous,” the letter continues. “[PCNA] fails to provide strong privacy protections or adequate clarity about what actions can be taken, what information can be shared, and how that information may be used by the government.”

Specifically, PCNA’s data-sharing privileges let companies give data to government agencies—including the NSA—that might otherwise have violated the Electronic Communications Privacy Act or the Wiretap Act, both of which restrict the sharing of users’ private data with the government. And PCNA doesn’t even restrict the use of that shared information to cybersecurity purposes; its text also allows the information to be used for investigating any potential threat of “bodily harm or death,” opening its application to the surveillance of run-of-the-mill violent crimes like robbery and carjacking.

“This is little more than a backdoor for general purpose surveillance.”

Article continues:

http://www.wired.com/2015/04/house-passes-cybersecurity-bill-despite-privacy-protests/

The Surveillance Engine: How the NSA Built Its Own Secret Google – By Ryan Gallagher25 Aug 2014, 1:09 PM EDT


Featured photo - The Surveillance Engine: How the NSA Built Its Own Secret Google

The National Security Agency is secretly providing data to nearly two dozen U.S. government agencies with a “Google-like” search engine built to share more than 850 billion records about phone calls, emails, cellphone locations, and internet chats, according to classified documents obtained by The Intercept.

The documents provide the first definitive evidence that the NSA has for years made massive amounts of surveillance data directly accessible to domestic law enforcement agencies. Planning documents for ICREACH, as the search engine is called, cite the Federal Bureau of Investigation and the Drug Enforcement Administration as key participants.

ICREACH contains information on the private communications of foreigners and, it appears, millions of records on American citizens who have not been accused of any wrongdoing. Details about its existence are contained in the archive of materials provided to The Intercept by NSA whistleblower Edward Snowden.

Earlier revelations sourced to the Snowden documents have exposed a multitude of NSA programs for collecting large volumes of communications. The NSA has acknowledged that it shares some of its collected data with domestic agencies like the FBI, but details about the method and scope of its sharing have remained shrouded in secrecy.

architecture

ICREACH has been accessible to more than 1,000 analysts at 23 U.S. government agencies that perform intelligence work, according to a 2010 memo. A planning document from 2007 lists the DEA, FBI, Central Intelligence Agency, and the Defense Intelligence Agency as core members. Information shared through ICREACH can be used to track people’s movements, map out their networks of associates, help predict future actions, and potentially reveal religious affiliations or political beliefs.

The creation of ICREACH represented a landmark moment in the history of classified U.S. government surveillance, according to the NSA documents.

“The ICREACH team delivered the first-ever wholesale sharing of communications metadata within the U.S. Intelligence Community,” noted a top-secret memo dated December 2007. “This team began over two years ago with a basic concept compelled by the IC’s increasing need for communications metadata and NSA’s ability to collect, process and store vast amounts of communications metadata related to worldwide intelligence targets.”

The search tool was designed to be the largest system for internally sharing secret surveillance records in the United States, capable of handling two to five billion new records every day, including more than 30 different kinds of metadata on emails, phone calls, faxes, internet chats, and text messages, as well as location information collected from cellphones. Metadata reveals information about a communication—such as the “to” and “from” parts of an email, and the time and date it was sent, or the phone numbers someone called and when they called—but not the content of the message or audio of the call.

ICREACH does not appear to have a direct relationship to the large NSA database, previously reported by The Guardian, that stores information on millions of ordinary Americans’ phone calls under Section 215 of the Patriot Act. Unlike the 215 database, which is accessible to a small number of NSA employees and can be searched only in terrorism-related investigations, ICREACH grants access to a vast pool of data that can be mined by analysts from across the intelligence community for “foreign intelligence”—a vague term that is far broader than counterterrorism.

Article continues:

https://firstlook.org/theintercept/article/2014/08/25/icreach-nsa-cia-secret-google-crisscross-proton/

 

Lawmakers unveil major changes to FOIA – June 24, 2014 1:10PM ET Updated 1:46PM ET by Jason Leopold 


 Reform legislation emerges from Senate committee that would overhaul Freedom of Information Act, increase transparency

Screen Shot 2014-06-25 at Jun 25, 2014 2.02

U.S.

TOM WILLIAMS/ROLL CALL/GETTY IMAGES

One of the most significant changes to the law, on which lawmakers and transparency advocates have spent months working together, revolves around a FOIA exemption that transparency advocates say has been widely misused, and cited thousands of times to explain why certain records must be concealed from the public.

Exemption 5 applies to government records that are part of a behind-the-scenes decision-making process — called “deliberative” — and covers any “inter-agency or intra-agency memorandums or letters,” drafts and attorney-client records. It’s a discretionary exemption that government agencies could waive in favor of disclosure. But transparency advocates say the government rarely does.

Nate Jones, the FOIA coordinator for George Washington University’s National Security Archive, said “everyday requesters” would greatly benefit if the bill, dubbed the FOIA Improvement Act, is passed and signed into law.

“The most important part of this bill is its fix to the Exemption 5 ‘withhold it because you want to’ exemption,” Jones said. “Agencies will no longer be able to hide misdeeds by withholding requested documents merely by claiming they were inter- or intra-agency communications.”

In 2012, according to Senate Judiciary Committee Chairman Patrick Leahy, D-Vt., one of the sponsors of the FOIA reform bill, government agencies cited the exemption more than 79,000 times, a 41 percent increase compared with the previous year. Last year, according to statistics compiled by The Associated Press, the use of Exemption 5 reached an all-time high: 81,752, accounting for 12 percent of all the open-records requests government agencies processed in 2013 that resulted in denials.

Article continues:

http://america.aljazeera.com/articles/2014/6/24/reform-freedom-informationact.html

Private U.S. report accuses another Chinese military unit of hacking – BY JOSEPH MENN SAN FRANCISCO Tue Jun 10, 2014 4:40am EDT


(Reuters) – A private U.S. cybersecurity company on Monday accused a unit of China’s military of conducting far-reaching hacking operations to advance the country’s satellite and aerospace programs.

Security company CrowdStrike said Shanghai-based unit 61486 of the People’s Liberation Army 12th bureau has attacked networks of Western government agencies and defense contractors since 2007.

CrowdStrike said the hacking targeted the U.S. space, aerospace and communications sectors. The cyberspying targeted “popular productivity applications such as Adobe Reader and Microsoft Office to deploy custom malware through targeted email attacks,” CrowdStrike said.

Less than three weeks ago the U.S. Justice Department took the unprecedented step of unsealing indictments against five members of another People’s Liberation Army unit that allege they stole trade secrets.

CrowdStrike said it was publicizing a report previously sent to clients to show that the issue was broader than many realize.

“After the Chinese response, where they basically said this is all fabricated, we said why don’t we unleash something that’s undeniable,” said CrowdStrike co-founder Dmitri Alperovitch. He said the company had briefed U.S. intelligence agencies before publishing its report.

CrowdStrike said an individual named Chen Ping registered website domain names used in some of the intrusions. Chen’s personal blog appears to put his age as 35, and he identified himself as a soldier, the report said.

http://www.reuters.com/article/2014/06/10/us-cybersecurity-china-idUSKBN0EL0N420140610

U.S. YOUTHS SUE U.S. GOVERNMENT OVER CLIMATE INACTION CHRISTIAN PETERSEN / GETTY IMAGES May 4, 2014 2:16PM ET by Amel Ahmed @amelscript


An unprecedented massive legal campaign led by young Americans is playing out in courtrooms across the nation

Young people across the country are suing several government agencies for failing to develop a climate change recovery plan, conduct that amounts to a violation of their constitutional rights, says their lawyer Julia Olson.

Their futures are at stake, say the young plaintiffs.

“Climate change is the biggest issue of our time,” said 13-year-old Xiuhtezcatl Roske-Martinez, a member of nonprofit Kids vs. Global Warming, a plaintiff in the suit.

“It’s not every day you see young people getting involved politically but the climate crisis is changing all that. Every generation from here on out is going to be affected by climate change,” added Roske-Martinez, who also founded environmental nonprofit Earth Matters and organized successful actions in his hometown of Boulder, Colo.

The federal suit, which has made its way to the U.S. Court of Appeals for the D.C. Circuit, is part of a groundbreaking nationwide legal campaign spearheaded by youth and backed by some of the world’s leading climate scientists and legal scholars.

The case, filed by five teenagers and two nonprofits — WildEarth Guardians and Kids vs. Global Warming — representing thousands more youth, relies on the Public Trust Doctrine, which requires government to protect resources essential to the survival of all generations.

“With the United States as the largest historic emitter of carbon dioxide, the atmospheric resource cannot be restored without government action,” Olson told Al Jazeera.

Supported by more than 30 environmental and constitutional professors, the young plaintiffs name six federal agencies in their suit — the Environmental Protection Agency, Departments of Interior, Agriculture, Commerce, Energy and Defense.

Article continues:

http://america.aljazeera.com/articles/2014/5/4/youth-sue-governmentforclimateinaction.html

Deaths reported in Ukraine as thousands clash with police – February 18, 2014 8:14AM ET Updated 6:15PM ET


Screen Shot 2014-02-19 at Feb 19, 2014 12.33

Defiant protesters shouted “glory to Ukraine” as burning tents lit up the night sky after thousands of riot police moved against the sprawling protest camp in the center of Kiev on Tuesday.

The police, armed with stun grenades and water cannons, attacked the camp after hundreds were injured in street clashes and the Health Ministry told Reuters 25 people had died. The violence was the deadliest in nearly three months of anti-government protests that have paralyzed Ukraine’s capital in a struggle over the nation’s identity.

Opposition leader Vitali Klitschko urged the 20,000 protesters to defend the camp on Independence Square.

Early Wednesday morning, government agencies said seven police officers and 11 protesters have died in the violence.

Sviatoslav Yurash, spokesman of the opposition’s Euromaidan Movement, told Al Jazeera that the opposition headquarters has been set on fire: “This is not an armed insurrection of the opposition. This is just people trying to defend themselves against the indiscriminate actions of the government.”

Vice President Joe Biden reached out to the president of Ukraine to express the United States’ concern over the growing violence.

In a statement released to the media, Biden “made clear that the United States condemns violence by any side, but that the government bears special responsibility to de-escalate the situation.”

“The vice president further underscored the urgency of immediate dialogue with opposition leaders to address protesters’ legitimate grievances and to put forward serious proposals for political reform,” the statement continued.

Article continues:

http://america.aljazeera.com/articles/2014/2/18/thousands-clash-withpoliceincentralkiev.html

Hacker Receives 10-Year Sentence for ‘Causing Mayhem’ By MARK MAZZETTI


Jeremy Hammond

Cook County Sheriff’s Department, via Associated PressJeremy Hammond

A federal judge in New York on Friday delivered a 10-year prison sentence to Jeremy Hammond , a prominent member of the hacking group Anonymous who pleaded guilty earlier this year to breaking into the computer servers of a string of corporations, government agencies and law enforcement advocacy groups.

Before being sentenced inside a packed courthouse in Lower Manhattan, Mr. Hammond, 28, described his hacking activities as “acts of civil disobedience” against both an expanding surveillance state and the companies that do the government’s bidding. His lawyers said their client was part of a proud tradition of protest in the United States, dating back to the American Revolution.

But Federal District Judge Loretta A. Preska was unmoved, telling Mr. Hammond “there’s nothing high-minded or public-spirited about causing mayhem.”

“These are not the actions of Martin Luther KingNelson Mandela, John Adams or even Daniel Ellsberg,” she said, referring to the former analyst who leaked the Pentagon Papers to several news organizations. Mr. Ellsberg had written a letter to the court praising Mr. Hammond’s hacking campaign.

Judge Preska’s sentence was the exact length of time requested by federal prosecutors in the case, and she said her decision was influenced in part by his “unrepentant recidivism.” He was convicted and jailed for similar activities in 2006.

Read more: http://bits.blogs.nytimes.com/2013/11/15/hacker-for-anonymous-sentenced-to-10-years-in-prison/?ref=technology