Category Archives: Internet Privacy

Holder says WikiLeaks under criminal investigation


(AP) – 54 minutes ago

WASHINGTON (AP) — The Justice Department will prosecute anyone found to have violated U.S. law in the leaks of classified government documents by online whistleblower WikiLeaks, Attorney General Eric Holder said Monday.

“This is not saber-rattling,” said the attorney general, who declared that the Obama administration condemns the leaks.

Holder said the latest disclosure, involving classified State Department documents, puts at risk the security of the nation, its diplomats, intelligence assets and U.S. relationships with foreign governments.

“To the extent that we can find anybody who was involved in the breaking of American law, who put at risk the assets and the people I have described, they will be held responsible; they will be held accountable,” Holder said at a news conference on another topic. He called the WikiLeaks probe “an active, ongoing criminal investigation.”

visit our website for radio show times: TheCollectorsCoach.com

Advertisements

Military wants to scan emails to find internal threats. Pre-Crime 1.0


By Charley Keyes, CNN National Security Producer
October 27, 2010
The Pentagon wants computers to see into the future — and stop crimes before they happen.

As the U.S Army considers whether Maj. Nidal Hasan, the suspect in last year’s Fort Hood massacre, should face a court-martial, it also is looking at whether the military missed signals that might have indicated what was about to happen.

Now a Pentagon research arm is asking scientists to create a way to scan billions of e-mails to identify suspects in advance so that crimes can be stopped before they are committed.

That’s the goal of the latest $35 million project announced by DARPA, the Defense Advanced Research Projects Agency, which is credited with breakthroughs like the internet, GPS and stealth technology.

But this latest idea is already is drawing fire from privacy and security experts.

In a request for proposals, the think tank highlights the Fort Hood shootings.

“Each time we see an incident like a soldier in good mental health becoming homicidal or suicidal or an innocent insider becoming malicious, we wonder why we didn’t see it coming,” DARPA says. “When we look through the evidence after the fact, we often find a trail — sometimes even an “obvious” one. The question is: Can we pick up the trail before the fact, giving us time to intervene and prevent an incident.”

The agency calls the project ADAMS, for “Anomaly Detection at Multiple Scales.”

Simply tracking messages to and from people around a single location like Fort Hood would be a vast task. There are 65,000 people at Fort Hood and in a single year they may create 4.68 billion electronic messages between almost 15 million people.

The challenge is to cope with and get accurate results from all this data.

The agency said it would primarily use ADAMS to look at “trusted person(s) in a secure environment with access to sensitive information and information systems and sources.”

“There are currently no established techniques for detecting anomalies in data sets of this size at acceptable false positive rates,” the agency notes in the request for proposals.

“The focus is on malevolent insiders that started out as ‘good guys.’ The specific goal of ADAMS is to detect anomalous behaviors before or shortly after they turn,” the agency says. “Operators in the counterintelligence community are the target end-users for ADAMS insider threat detection technology.”

Even more than the technological challenges, the project raises both policy and legal implications, according to James Lewis of the Center for Strategic and International Studies. He says DARPA and the U.S. government have been struggling for a while with how to use computer software to screen millions of transactions, something credit card companies already do.

“But credit card companies can screen your transactions because you’ve entered into a contract with them and because it is in your interest to keep your account safe. The same isn’t necessarily true for e-mail,” Lewis said in an e-mail.

“If you are sending e-mail from your work account, your company has the right to screen it. But if you are sending it from your personal account, no one has the right to screen it unless they get a court order, and getting the court order requires some sort of advance knowledge of malicious intent, which defeats the purpose of screening, Lewis said.

Bruce Schneier, author of “Secrets and Lies” and other books on security technology, criticized the DARPA idea as “un-American” and a police state ploy.

“This is what a police state does — everyone watching what everyone does and the police watching your every move,” Schneier told CNN in a telephone interview. “And what we learn from history is that police states never work. It never is safer.”

He added, “We are American. We don’t spy on everybody else. And as a security guy, it works great in the movies but in real life you aren’t going to be any safer. … The false claims are going to kill you.”

DARPA doesn’t like to talk about this or other pending projects. One person affiliated with the agency who insisted on anonymity because this person lacked authorization to speak to journalists, said the agency admits there are unresolved questions, including “How do you do this without invading privacy.”

“It’s too early to comment,” the person said. “… We rarely talk about a DARPA program as an idea until it’s become a full-fledged program of record.”

Government Security News, which first reported on the project, compares it to the Tom Cruise movie “Minority Report.” That science fiction film from Steven Spielberg was based on the premise that computers had kept the city of Washington murder-free for six years by using “astounding technology” to predict crimes and discover about-to-be criminals.

An earlier DARPA plan, called Total Information Awareness, run by a former national security adviser, Adm. John Poindexter, was developed months after the 9/11 attacks to identify terrorists by combing through huge amounts of credit card, financial, travel and other electronic information. After a uproar over privacy and before it was implemented, the project was scrapped by Congress in 2003.

Similar data mining projects are used by U.S. intelligence agencies to monitor international threats…Read entire article


Government Contractor Monitors U.S. Internet Providers, Worked With Wikileaks Informant


A semi-secret government contractor that calls itself Project Vigilant surfaced at the Defcon security conference Sunday with a series of revelations: that it monitors the traffic of 12 regional Internet service providers, hands much of that information to federal agencies, and encouraged one of its “volunteers,” researcher Adrian Lamo, to inform the federal government about the alleged source of a controversial video of civilian deaths in Iraq leaked to whistle-blower site Wikileaks in April. 

Chet Uber, the director of Fort Pierce, Fl.-based Project Vigilant, says that he personally asked Lamo to meet with federal authorities to out the source of a video published by Wikileaks showing a U.S. Apache helicopter killing several civilians and two journalists in a suburb of Baghdad, a clip that Wikileaks labeled “Collateral Murder.” Lamo, who Uber said worked as an “adversary characterization” analyst for Project Vigilant, had struck up an online friendship with Bradley Manning, a former U.S. Army intelligence analyst who currently faces criminal charges for releasing the classified video.

In June, Uber said he learned from Lamo’s father that the young researcher had identified Manning as the video’s source, and pressured him to meet with federal agencies to name Manning as Wikileaks’ whistleblower. He then arranged a meeting with employees of “three letter” agencies and Lamo, who Uber said had mixed feelings about informing on Manning.

“I’m the one who called the U.S. government,” Uber said. “All the people who say that Adrian is a narc, he did a patriotic thing. He sees all kinds of hacks, and he was seriously worried about people dying.”

Uber says that Lamo later called him from the meeting, regretting his decision to inform on Manning. “I’m in a meeting with five guys and I don’t want to do this,” Uber says Lamo told him at the time. Uber says he responded, “You don’t have any choice, you’ve got to do this.”

“I said, ‘They’re not going to throw you in jail,'” Uber said. “‘Give them everything you have.'”

Wikileaks didn’t immediately respond to a request for comment. IDG reporter Robert McMillan confirmed Uber’s relationship with Lamo, who told McMillan that “Mr. Uber was, among a few others, an instrumental voice in helping me come to my ultimate decision…continue to original article.

Andy GreenbergBio | Email
Andy Greenberg is a technology writer for Forbes.

Chet Uber

Google, CIA are backing a company that monitors the web in real time.


By Noah Shachtman

The investment arms of the CIA and Google are both backing a company that monitors the web in real time — and says it uses that information to predict the future.

The company is called Recorded Future, and it scours tens of thousands of websites, blogs and Twitter accounts to find the relationships between people, organizations, actions and incidents — both present and still-to-come. In a white paper, the company says its temporal analytics engine “goes beyond search” by “looking at the ‘invisible links’ between documents that talk about the same, or related, entities and events.”

The idea is to figure out for each incident who was involved, where it happened and when it might go down. Recorded Future then plots that chatter, showing online “momentum” for any given event.

“The cool thing is, you can actually predict the curve, in many cases,” says company CEO Christopher Ahlberg, a former Swedish Army Ranger with a PhD in computer science.

Which naturally makes the 16-person Cambridge, Massachusetts, firm attractive to Google Ventures, the search giant’s investment division, and to In-Q-Tel, which handles similar duties for the CIA and the wider intelligence community.

It’s not the very first time Google has done business with America’s spy agencies. Long before it reportedly enlisted the help of the National Security Agency to secure its networks, Google sold equipment to the secret signals-intelligence group. In-Q-Tel backed the mapping firm Keyhole, which was bought by Google in 2004 — and then became the backbone for Google Earth.


FBI wants access to records of Internet activity without a judge’s approval.


By Ellen Nakashima
Washington Post Staff Writer
Thursday, July 29, 2010; A01

The Obama administration is seeking to make it easier for the FBI to compel companies to turn over records of an individual’s Internet activity without a court order if agents deem the information relevant to a terrorism or intelligence investigation.

The administration wants to add just four words — “electronic communication transactional records” — to a list of items that the law says the FBI may demand without a judge’s approval. Government lawyers say this category of information includes the addresses to which an Internet user sends e-mail; the times and dates e-mail was sent and received; and possibly a user’s browser history. It does not include, the lawyers hasten to point out, the “content” of e-mail or other Internet communication.

 

But what officials portray as a technical clarification designed to remedy a legal ambiguity strikes industry lawyers and privacy advocates as an expansion of the power the government wields through so-called national security letters. These missives, which can be issued by an FBI field office on its own authority, require the recipient to provide the requested information and to keep the request secret. They are the mechanism the government would use to obtain the electronic records.

Stewart A. Baker, a former senior Bush administration Homeland Security official, said the proposed change would broaden the bureau’s authority. “It’ll be faster and easier to get the data,” said Baker, who practices national security and surveillance law. “And for some Internet providers, it’ll mean giving a lot more information to the FBI in response to an NSL.”

Many Internet service providers have resisted the government’s demands to turn over electronic records, arguing that surveillance law as written does not allow them to do so, industry lawyers say. One senior administration government official, who would discuss the proposed change only on condition of anonymity, countered that “most” Internet or e-mail providers do turn over such data.

To critics, the move is another example of an administration retreating from campaign pledges to enhance civil liberties in relation to national security. The proposal is “incredibly bold, given the amount of electronic data the government is already getting,” said Michelle Richardson, American Civil Liberties Union legislative counsel.

The critics say its effect would be to greatly expand the amount and type of personal data the government can obtain without a court order. “You’re bringing a big category of data — records reflecting who someone is communicating with in the digital world, Web browsing history and potentially location information — outside of judicial review,” said Michael Sussmann, a Justice Department lawyer under President Bill Clinton who now represents Internet and other firms.

Privacy concerns

The use of the national security letters to obtain personal data on Americans has prompted concern. The Justice Department issued 192,500 national security letters from 2003 to 2006, according to a 2008 inspector general report, which did not indicate how many were demands for Internet records. A 2007 IG report found numerous possible violations of FBI regulations, including the issuance of NSLs without having an approved investigation to justify the request. In two cases, the report found, agents used NSLs to request content information “not permitted by the [surveillance] statute.”

One issue with both the proposal and the current law is that the phrase “electronic communication transactional records” is not defined anywhere in statute. “Our biggest concern is that an expanded NSL power might be used to obtain Internet search queries and Web histories detailing every Web site visited and every file downloaded,” said Kevin Bankston, a senior staff attorney with the Electronic Frontier Foundation, which has sued AT&T for assisting the Bush administration’s warrantless surveillance program.

He said he does not object to the government obtaining access to electronic records, provided it has a judge’s approval.

Senior administration officials said the proposal was prompted by a desire to overcome concerns and resistance from Internet and other companies that the existing statute did not allow them to provide such data without a court-approved order. “The statute as written causes confusion and the potential for unnecessary litigation,” Justice Department spokesman Dean Boyd said. “This clarification will not allow the government to obtain or collect new categories of information, but it seeks to clarify what Congress intended when the statute was amended in 1993.”

The administration has asked Congress to amend the statute, the Electronic Communications Privacy Act, in the fiscal year that begins in October.

Administration officials noted that the act specifies in one clause that Internet and other companies have a duty to provide electronic communication transactional records to the FBI in response to a national security letter.

But the next clause specifies only four categories of basic subscriber data that the FBI may seek: name, address, length of service and toll billing records. There is no reference to electronic communication transactional records.

Same as phone records?

The officials said the transactional information at issue, which does not include Internet search queries, is the functional equivalent of telephone toll billing records, which the FBI can obtain without court authorization. Learning the e-mail addresses to which an Internet user sends messages, they said, is no different than obtaining a list of numbers called by a telephone user.

Obtaining such records with an NSL, as opposed to a court order, “allows us to intercede in plots earlier than we would if our hands were tied and we were unable to get this data in a way that was quick and efficient,” the senior administration official said.