3

ICREACH: How the NSA built its own secret Google
August 27, 2014

The National Security Agency is secretly providing data to nearly two dozen U.S. government agencies with a “Google-like” search engine built to share more than 850 billion records about phone calls, emails, cellphone locations, and internet chats, according to classified documents obtained by The Intercept.

The documents provide the first definitive evidence that the NSA has for years made massive amounts of surveillance data directly accessible to domestic law enforcement agencies. Planning documents for ICREACH, as the search engine is called, cite the Federal Bureau of Investigation and the Drug Enforcement Administration as key participants.

ICREACH contains information on the private communications of foreigners and, it appears, millions of records on American citizens who have not been accused of any wrongdoing. Details about its existence are contained in the archive of materials provided to The Intercept by NSA whistleblower Edward Snowden.

Earlier revelations sourced to the Snowden documents have exposed a multitude of NSA programs for collecting large volumes of communications. The NSA has acknowledged that it shares some of its collected data with domestic agencies like the FBI, but details about the method and scope of its sharing have remained shrouded in secrecy.

ICREACH has been accessible to more than 1,000 analysts at 23 U.S. government agencies that perform intelligence work, according to a 2010 memo. A planning document from 2007 lists the DEA, FBI, Central Intelligence Agency, and the Defense Intelligence Agency as core members. Information shared through ICREACH can be used to track people’s movements, map out their networks of associates, help predict future actions, and potentially reveal religious affiliations or political beliefs.

The creation of ICREACH represented a landmark moment in the history of classified U.S. government surveillance, according to the NSA documents.

“The ICREACH team delivered the first-ever wholesale sharing of communications metadata within the U.S. Intelligence Community,” noted a top-secret memo dated December 2007. “This team began over two years ago with a basic concept compelled by the IC’s increasing need for communications metadata and NSA’s ability to collect, process and store vast amounts of communications metadata related to worldwide intelligence targets.”

The search tool was designed to be the largest system for internally sharing secret surveillance records in the United States, capable of handling two to five billion new records every day, including more than 30 different kinds of metadata on emails, phone calls, faxes, internet chats, and text messages, as well as location information collected from cellphones. Metadata reveals information about a communication—such as the “to” and “from” parts of an email, and the time and date it was sent, or the phone numbers someone called and when they called—but not the content of the message or audio of the call.

ICREACH does not appear to have a direct relationship to the large NSA database, previously reported by The Guardian, that stores information on millions of ordinary Americans’ phone calls under Section 215 of the Patriot Act. Unlike the 215 database, which is accessible to a small number of NSA employees and can be searched only in terrorism-related investigations, ICREACH grants access to a vast pool of data that can be mined by analysts from across the intelligence community for “foreign intelligence”—a vague term that is far broader than counterterrorism.

Data available through ICREACH appears to be primarily derived from surveillance of foreigners’ communications, and planning documents show that it draws on a variety of different sources of data maintained by the NSA. Though one 2010 internal paper clearly calls it “the ICREACH database,” a U.S. official familiar with the system disputed that, telling The Intercept that while “it enables the sharing of certain foreign intelligence metadata,” ICREACH is “not a repository [and] does not store events or records.” Instead, it appears to provide analysts with the ability to perform a one-stop search of information from a wide variety of separate databases.

In a statement to The Intercept, the Office of the Director of National Intelligence confirmed that the system shares data that is swept up by programs authorized under Executive Order 12333, a controversial Reagan-era presidential directive that underpins several NSA bulk surveillance operations that monitor communications overseas. The 12333 surveillance takes place with no court oversight and has received minimal Congressional scrutiny because it is targeted at foreign, not domestic, communication networks. But the broad scale of 12333 surveillance means that some Americans’ communications get caught in the dragnet as they transit international cables or satellites—and documents contained in the Snowden archive indicate that ICREACH taps into some of that data.

Legal experts told The Intercept they were shocked to learn about the scale of the ICREACH system and are concerned that law enforcement authorities might use it for domestic investigations that are not related to terrorism.

“To me, this is extremely troublesome,” said Elizabeth Goitein, co-director of the Liberty and National Security Program at the New York University School of Law’s Brennan Center for Justice. “The myth that metadata is just a bunch of numbers and is not as revealing as actual communications content was exploded long ago—this is a trove of incredibly sensitive information.”

Brian Owsley, a federal magistrate judge between 2005 and 2013, said he was alarmed that traditional law enforcement agencies such as the FBI and the DEA were among those with access to the NSA’s surveillance troves.

“This is not something that I think the government should be doing,” said Owsley, an assistant professor of law at Indiana Tech Law School. “Perhaps if information is useful in a specific case, they can get judicial authority to provide it to another agency. But there shouldn’t be this buddy-buddy system back-and-forth.”

Jeffrey Anchukaitis, an ODNI spokesman, declined to comment on a series of questions from The Intercept about the size and scope of ICREACH, but said that sharing information had become “a pillar of the post-9/11 intelligence community” as part of an effort to prevent valuable intelligence from being “stove-piped in any single office or agency.”

Using ICREACH to query the surveillance data, “analysts can develop vital intelligence leads without requiring access to raw intelligence collected by other IC [Intelligence Community] agencies,” Anchukaitis said. “In the case of NSA, access to raw signals intelligence is strictly limited to those with the training and authority to handle it appropriately. The highest priority of the intelligence community is to work within the constraints of law to collect, analyze and understand information related to potential threats to our national security.”

Full article

Watch on futurescope.co

Chris Dancy - The Most Connected Man

Mashable has an excellent feature about Chris Dancy, who is using a lot of wearables and sensors to make his life better and who is considered the most connected man.

Snip from Youtube:

Chris Dancy has been meticulously logging his home and health data for years, using up to 700 tracking and lifelogging systems to lead a more quantified life. But does he represent our enlightened future, or lonely self-awareness? To find out, we went on a tour of his home and discussed privacy, intimacy, and what he learned from Michael Jackson.

[read more]

Department of Transportation proposal would mandate cars broadcasting their location and speed

image

More regulation.  Less privacy.  The Department of Transportation appears to be jealous of the NSA’s domestic spying abilities.  They want to be able to track your car wherever you go. 

from CNS:

The National Highway Traffic Safety Administration, part of the Department of Transportation, published last week an “advanced notice of proposed rulemaking” on “vehicle-to-vehicle communications.”

What NHTSA is proposing could begin a transformation in the American transportation system that makes our lives better and freer — or gives government more power over where we go and when.

In announcing its proposed rulemaking, NHTSA is stressing its intention to protect the “privacy” of American drivers.

"This document initiates rulemaking that would propose to create a new Federal Motor Vehicle Safety Standard, FMVSS No. 150, to require vehicle-to-vehicle communication capability for light vehicles," says NHTSA’s dryly-worded notice.

What do vehicle-to-vehicle communications entail?

NHTSA has crafted a nice phrase to describe the information cars would broadcast. It is the “Basic Safety Message.”

"An integrated V2V system is connected to proprietary data busses and can provide highly accurate information using in-vehicle information to generate the Basic Safety Message," says NHTSA’s technical report on "Readiness of V2V for Application."

"The integrated system both broadcasts and receives BSMs," says the report. "In addition, it can process the content of received messages to provide advisories and/or warnings to the driver of the vehicle in which it is installed."

The “Basic Safety Message” will be broadcast by the vehicle’s dedicated short-range communications system. According to NHTSA, this system will need to transmit certain specific information.

"For example," says the technical report, "when a DSRC unit sends out a BSM, the BSM needs to: Contain the relevant elements and describe them accurately (e.g., vehicle speed; GPS position; vehicle heading; DSRC message ID, etc.)."

read the rest

I sincerely believe that private industry can come up with the necessary standards for high-tech cars without the need for government regulation, mandated standardization, or the further invasion of citizens’ privacy. 

We don’t need Big Brother watching the speed and location of every car.  They can mask it in the name of “public safety” (which they always do), but this would be a full-scale invasion of privacy and a violation of the 4th Amendment. 

I’d always imagined that if an “I have nothing to hide” adherent were to give me access to their private affairs, I’d quickly be able to show them that a malign actor could wreak havoc on their lives with the information they had revealed. Since Dyer granted that he was vulnerable to information asymmetries and nevertheless opted for disclosure, I had to admit that, however foolishly, he could legitimately claim he has nothing to hide. What had never occurred to me, until I sat in front of his open email account, is how objectionable I find that attitude. Every one of us is entrusted with information that our family, friends, colleagues, and acquaintances would rather that we kept private, and while there is no absolute obligation for us to comply with their wishes—there are, indeed, times when we have a moral obligation to speak out in order to defend other goods—assigning the privacy of others a value of zero is callous.

The California State Senate passed legislation on Tuesday imposing strict regulations on how law enforcement and other government agencies can use drones, a move supporters said will protect privacy and prevent warrantless surveillance.

The bill attracted bipartisan support in the Senate, passing 25-8 during the evening vote in Sacramento.

The legislation would require law enforcement agencies to obtain a warrant before using an unmanned aircraft, or drone, except in emergencies such as a fire or a hostage-taking.

Other public agencies would be able to use drones, or contract for their use, to achieve their “core mission,” so long as that mission is not to gather criminal intelligence.

"The potential for abuse of drones is high and we need to be vigilant to ensure our Constitutional rights are protected," said the bill’s co-author, Democratic Senator Ted Lieu.

Oh wait, you don’t have a choice…

In a breathtakingly creepy invasion of privacy, Facebook is forcing all smartphone users to download a new messaging app. The Android version of the app — and to a lesser extent the iPhone version as well — allows Facebook to access your phone camera and record audio, call and send messages without your permission, identify details about you and all your contacts, and send that info on to third parties.

If you want to carry on sending and receiving messages through Facebook on your mobile phone you now have no choice but to install Facebook Messenger — and give the company access to a wealth of personal data stored on your phone.

Facebook founder Mark Zuckerberg has also admitted that his long-term plan could be to ‘monetize’ the app, so we need to act now before the app becomes impossible to stop.

Tell Facebook to stop invading its users’ privacy and allow people to keep using the old messenger feature.

The company claims that it is simply improving the user experience, and that it doesn’t have control over the permissions required for the app, specifically on Android phones. But there’s a simple solution to the problem: don’t make users download the new messenger.

Most people installing the app have absolutely no idea what they just agreed to. We need to spread the word about Facebook’s shocking privacy invasion — and if we can make this petition huge, Facebook will have to listen and get rid of this invasive new app.

Sign the petition and share it on Facebook.

I just uninstalled it from my phone.

The Electronic Frontier Foundation (EFF), sci-fi blog io9, and a coalition of fan communities are launching “Project Secret Identity,” a cosplay photo campaign to raise awareness of the importance of anonymity and privacy during the annual pop culture convention Dragon Con in Atlanta, Georgia, Aug. 29 - Sept. 1.

The campaign, online at ProjectSecretIdentity.org, is supported by a cross-fandom coalition of organizations, including: Southeastern Browncoats, a Firefly-inspired non-profit; the Harry Potter Alliance, an activism organization; the Baker Street Babes, a Sherlock Holmes fan group and podcast; Wattpad, a community of readers and writers; and the Organization for Transformative Works, a fan-culture advocacy organization.

"Whether it’s the ‘Eye of Sauron’ in The Lord of the Rings or ‘The Machine’ in Person of Interest, genre culture has long explored and criticized mass surveillance,” said EFF Investigative Researcher Dave Maass. “The last year’s worth of stories about the NSA have read too much like dystopian fiction. In response, we need to focus the imaginations of fans to advocate for a future where free expression is protected through privacy and anonymity. “

During the campaign, cosplayers around the world can use ProjectSecretIdentity.org to post photos of themselves in costume bearing pro-anonymity slogans, such as “I Have the Right to a Secret Identity” and “Privacy is Not a Fantasy.” Dragon Con attendees can also stop by the Project Secret Identity photo stations at EFF’s table (second floor at the Hilton Atlanta) and the Southeastern Browncoats’ booth (#1000 at AmericasMart).

"In J.K. Rowling’s novels, Voldemort came to power not only through coercion, but by monitoring, controlling, and censoring the Wizarding World’s lines of communication," Harry Potter Alliance Executive Director Paul DeGeorge said. "In the real world, there is no charm-protected room where we can meet and organize in secret. What we have is the Internet and we need to fight to keep it free and secure."

"Freedom from oppressive governments is central to the ethos of the Firefly fandom,” said Serenity Richards, captain of the Southeastern Browncoats. “By standing up for anonymity today, we can prevent ‘The Alliance’ from becoming a reality in the future.”

The activism campaign coincides with Dragon Con’s Electronic Frontiers Forum, a track of panels on the intersection of technology with free speech and privacy. EFF Deputy General Counsel Kurt Opsahl will present an update to his acclaimed presentation, “Through a PRISM, Darkly: Everything we know about NSA spying,” which debuted at the Chaos Communication Congress in Hamburg, Germany in December 2013. Opsahl and Maass will also speak on a number of discussion panels, covering issues ranging from police searches of cell phones to the Freedom of Information Act.

Let me be very clear about something: Surgery is absolutely not a requirement for or condition of trans*ness. For some people gender-confirmation surgery is a personal necessity, a life-or-death need. For others it’s not. For some the medical risks aren’t worth it. For some it’s a financial impossibility. And, believe it or not, some trans* people simply don’t want any kind of surgery. Each person is different.

When people ask whether she’s going to do “the full transition,” I most often reply now by saying that she already has. The important thing to remember is that there isn’t some kind of finish line. There’s not a day in the future when my partner will finally and completely be a woman. She is a woman now. Today. She is not a halfling. She is not transitioning: She has transitioned. Focusing further on the specifics of her genitals is just kind of creepy. Genitals do not make a person. While surgeries can help some people feel more comfortable in their skin, those people were already wholly the gender by which they identified before surgical intervention. Some women have penises. Some men have vaginas. That’s that.

—  Trans* Surgeries Don’t Make the Man (or Woman) | Justin Ropella for the Huffington Post Gay Voices 

First, this is VERY important to read and understand. I’m doing my best to look out for all the Facebook Users who aren’t as tech savvy as their kids or friends. I’m trying to help explain what’s happening because if I don’t…nobody else will!

If you’re anything like your neighbor…you probably use Facebook on your phone WAY more than you use it on a computer. You’ve been sending messages from the Facebook app and it probably always asks you if you want to install the Facebook Messenger App.

It’s always been OPTIONAL but coming soon to your Facebook experience….it won’t be an option…it will be mandatory if you care to send messages from your phone.

No big deal one might think…but the part that the average Facebook User doesn’t realize is the permissions you must give to Facebook in order to use the Facebook Messenger App. Here is a short list of the most disturbing permissions it requires and a quick explanation of what it means to you and your privacy.

  • Change the state of network connectivity – This means that Facebook can change or alter your connection to the Internet or cell service. You’re basically giving Facebook the ability to turn features on your phone on and off for it’s own reasons without telling you.
  • Call phone numbers and send SMS messages – This means that if Facebook wants to…it can send text messages to your contacts on your behalf. Do you see the trouble in this? Who is Facebook to be able to access and send messages on your phone? You’re basically giving a stranger your phone and telling them to do what they want when they want!
  • Record audio, and take pictures and videos, at any time – Read that line again….RECORD audio…TAKE pictures….AT ANY TIME!! That means that the folks at Facebook can see through your lens on your phone whenever they want..they can listen to what you’re saying via your microphone if they choose to!!
  • Read your phone’s call log, including info about incoming and outgoing calls – Who have you been calling? How long did you talk to them? Now Facebook will know all of this because you’ve downloaded the new Facebook messenger app.
  • Read your contact data, including who you call and email and how often – Another clear violation of your privacy. Now Facebook will be able to read e-mails you’ve sent  and take information from them to use for their own gain. Whether it’s for “personalized advertisements” or if it’s for “research purposes” ….whatever the reason..they’re accessing your private encounters.
  • Read personal profile information stored on your device – This means that if you have addresses, personal info, pictures or anything else that’s near and dear to your personal life…they can read it.
  • Get a list of accounts known by the phone, or other apps you use – Facebook will now have a tally of all the apps you use, how often you use them and what information you keep or exchange on those apps.

 Hopefully, you take this as serious as I do…after reading more about it and studying the permissions I have now deleted the app from my phone and don’t intend to use it ever again. I still have my Facebook app but I just won’t use the messaging feature unless I’m at a computer. Even then, I might not use messaging anymore.

With these kinds of privacy invasions I think Facebook is pushing the limits to what people will let them get away with. I remember when the Internet first began it’s march toward socializing dominance when AOL would send us CD’s for free trials every week. On AOL, we made screen names that somewhat hid our identities and protected us against the unseen dangers online. Now, it seems that we’ve forgotten about that desire to protect our identity and we just lay down and let them invade our privacy.

There may be no turning back at this point because many people won’t read this or investigate the permissions of Facebook’s new mandatory app but at least I can say I tried to help us put up a fight. Pass this along to your friends and at least try to let them know what they’re getting into.

Text
Photo
Quote
Link
Chat
Audio
Video