Aletho News

ΑΛΗΘΩΣ

Report: Yahoo helped government with ‘unprecedented, unconstitutional’ email surveillance program

PrivacySOS – 10/05/2016

Big news dropped yesterday in Reuters : In 2015, the US government asked Yahoo to scan all incoming email looking for certain, unknown characters in emails or attachments; unfortunately, Yahoo agreed to do it—without putting up a fight. The demand came in the form of a classified “edict,” as Reuters describes it, to Yahoo’s legal department.

Reuters reports:

According to two of the former employees, Yahoo Chief Executive Marissa Mayer’s decision to obey the directive roiled some senior executives and led to the June 2015 departure of Chief Information Security Officer Alex Stamos, who now holds the top security job at Facebook Inc.

Mayer and other executives ultimately decided to comply with the directive last year rather than fight it, in part because they thought they would lose, said the people familiar with the matter.

Yahoo in 2007 had fought a FISA demand that it conduct searches on specific email accounts without a court-approved warrant. Details of the case remain sealed, but a partially redacted published opinion showed Yahoo’s challenge was unsuccessful.

Some Yahoo employees were upset about the decision not to contest the more recent edict and thought the company could have prevailed, the sources said.

They were also upset that Mayer and Yahoo General Counsel Ron Bell did not involve the company’s security team in the process, instead asking Yahoo’s email engineers to write a program to siphon off messages containing the character string the spies sought and store them for remote retrieval, according to the sources.

The sources said the program was discovered by Yahoo’s security team in May 2015, within weeks of its installation. The security team initially thought hackers had broken in.

When Stamos found out that Mayer had authorized the program, he resigned as chief information security officer and told his subordinates that he had been left out of a decision that hurt users’ security, the sources said. Due to a programming flaw, he told them hackers could have accessed the stored emails.

In statements to reporters, other major technology companies denied participating in similar surveillance programs at the behest of the US government. Google released a statement categorically denying any such relationship: “We’ve never received such a request, but if we did, our response would be simple: ‘No way.’” Microsoft, which declined to comment on whether it had received a similar request from the government, issued a carefully phrased denial: “We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo” [emphasis mine]. Apple, meanwhile, was explicit: “We have never received a request of this type. If we were to receive one, we would oppose it in court.” Facebook and Twitter both also said they’d never received such demands, and would fight them if they did.

It’s not clear what legal authority the government thinks gives it the right to make such demands. But we have a good lead, from Senator Ron Wyden, a privacy stalwart who has access to classified intelligence information because of his position on the Senate Intelligence Committee. Wyden, who has made a habit of dropping public hints about what’s really going on in the spy world, responded to the story with this statement:

It is a fact that collection under Section 702 of the Foreign Intelligence Surveillance Act has a significant impact on Americans’ privacy. It is public record that this expansive surveillance program is the basis for warrantless searches of Americans’ emails, and that the government has never even counted how many. The NSA has said that it only targets individuals under Section 702 by searching for email addresses and similar identifiers. If that has changed, the executive branch has an obligation to notify the public.

Here’s how I interpret that statement, following the Wyden code: The NSA has been lying to the American public, again, about its domestic surveillance activities. The NSA said it only targets certain people under 702 authorities, but in fact, as the Yahoo story shows, it is searching through everyone’s emails. The NSA ought to be straight with the public about that activity. (Reminder: the Foreign Intelligence Surveillance Act Amendments Act (FAA for short) of 2008, the law that contains Section 702, put congress’ stamp of approval on the controversial, widely criticized Bush administration warrantless wiretapping program, disclosed by New York Times reporter James Risen in 2005. The ACLU tried to challenge the constitutionality of Section 702 but was stymied when the Supreme Court held the organization’s clients—human rights attorneys among them—lacked standing to bring the lawsuit.)

ACLU attorney Patrick Toomey called the reported program “unprecedented and unconstitutional”:

The government appears to have compelled Yahoo to conduct precisely the type of general, suspicionless search that the Fourth Amendment was intended to prohibit. It is deeply disappointing that Yahoo declined to challenge this sweeping surveillance order, because customers are counting on technology companies to stand up to novel spying demands in court. If this surveillance was conducted under Section 702 of the Foreign Intelligence Surveillance Act, this story reinforces the urgent need for Congress to reform the law to prevent dragnet surveillance and require increased transparency.

Back in 2013 when we learned, through Edward Snowden’s leaks, about the NSA and FBI’s vast PRISM surveillance partnership with the major technology companies, Yahoo had this to say: “The notion that Yahoo! gives any federal agency vast or unfettered access to our users’ records is categorically false.” The company’s spokesman later clarified to say that it only hands over to the government the private information of an “infinitesimal percentage” of its users.

The program disclosed yesterday appears to differ from PRISM in at least two core respects: First, the email scanning surveillance is achieved through a special program Yahoo email engineers reportedly wrote on the government’s behalf. Second, the recently disclosed program deals with ‘live’ data, whereas PRISM granted the NSA and FBI access to information stored on company servers, not information in transit.

Over the next couple of days, you will likely hear surveillance state defenders talk about how we need to give the intelligence agencies access to “the whole haystack” if we want them to stop terrorist attacks. But mass surveillance doesn’t stop terrorism; it never once has.

Meanwhile, yet another NSA contractor working for Booz Allen Hamilton has been accused of stealing government secrets.

October 6, 2016 Posted by | Corruption, Deception, Full Spectrum Dominance | , , , , , , | 2 Comments

The day the world fought back

By Danny O’Brien | EFF | February 11, 2014

Mass surveillance of electronic communications is a vast, new, government intrusion on the privacy of innocent people worldwide. It is a violation of International human rights law. Without checks and balances, its use will continue to spread from country to country, corrupting democracies and empowering dictators.

That’s why, today, on February 11th, around the world, from Argentina to Uganda, from Colombia to the Philippines, the people of the Internet have united to fight back.

The Day We Fight Back’s main global action is to sign and promote the 13 Principles, a set of fundamental rules that, in clear language, tells lawmakers and governments how to apply existing human rights law to these new forms of surveillance. With the support of thousands of Net users, we’ll use your voice to demand that all governments comply with their obligation to protect privacy against unchecked surveillance.

But there’s more to today’s global action than the Principles. Hundreds of digital rights and privacy groups, thousands of individual Net users, in dozens of countries, have come together to protest surveillance by governments at home and abroad. Here’s just a sampling of the campaigns and events happening today:

In Argentina, the Asociación por los Derechos Civiles and Vía Libre Foundation is suing the Argentinian Congressional surveillance oversight commission for withholding basic information on surveillance practices in the country.

In Australia, a coalition of groups under the banner Citizens Not Suspects, is joining to demand a government investigation of the practices of the notorious “Five Eyes” countries — the nations, including Australia, which share intelligence with the NSA.

In Brazil, where the upcoming Marco Civil bill promises to encode human rights into the country’s Internet law, citizens are renewing their demands to include strong privacy protections.

In Canada, more than 45 major organizations, and tens of thousands of Canadians are calling their elected representatives to stop illegal spying by Communications Security Establishment Canada (CSEC), Canada’s spying agency.

Colombians have launched “Internet sin Chuzadas”, a campaign calling for the end of unchecked surveillance at home and abroad.

France’s La Quadrature Du Net have started an NSA Observer program to inform people of the NSA’s global surveillance. The Philippines’ Internet Freedom Alliance (PIFA) is organizing a day of mass action against the country’s draconian Cybercrime Prevention Act.

Poland’s Panoptykon Foundation is demanding answers from the Polish government and Barack Obama.

The NetherlandsBits of Freedom will call on Dutch citizens to join their campaign to stop mass surveillance: bespiedonsniet.nl (“Don’t Spy On Us”).

In Serbia, SHARE Foundation, one of the earliest supporters of the 13 Principles, is renewing their campaign against surveillance locally and internationally.

In Uganda, Unwanted Witness will be urging their local telephone companies to stop sharing private data with politicians.

And in the United Kingdom, a huge coalition of Britain’s privacy groups is launching DontSpyOnUs.org.uk, to pressure the UK’s GCHQ to stop its global mass surveillance apparatus.

In the US? Call Congress today.

Dial 202-552-0505 or click here to enter your phone number and have our call tool connect you

Privacy Info: This telephone calling service is operated by Twilio and will connect you to your representatives. Information about your call, including your phone number and the time and length of your call, will be collected by Twilio and subject to Twilio’s privacy policy.

Calling Congress takes just five minutes and is the most effective action you can take right now to let your elected officials know that mass surveillance must end.

Here’s what you should say:

I’d like Senator/Representative __ to support and co-sponsor H.R. 3361/S. 1599, the USA Freedom Act. I would also like you to oppose S. 1631, the so-called FISA Improvements Act. Moreover, I’d like you to work to prevent the NSA from undermining encryption standards and to protect the privacy rights of non-Americans.

Where ever you live, can join them: you can visit Necessary And Proportionate, the home of the 13 Principles, and add your name to our action, and find out what is happening in your own country. Write your own posts of opposition, and spread the word through the hashtag #stopspying .

February 11, 2014 Posted by | Civil Liberties, Full Spectrum Dominance, Solidarity and Activism | , , , , | Leave a comment

UK has a CCTV for every 11 people

Press TV – July 10, 2013

Britain has a CCTV camera for every 11 people, a security industry report disclosed, as privacy campaigners criticized the growth of the “surveillance state”.

Britain has a CCTV camera for every 11 people including 750,000 in “sensitive locations” such as schools and hospitals, British Security Industry Authority (BSIA) says.

The BSIA said there are up to 5.9 million closed-circuit cameras across Britain dramatically raising the previous estimates that put the number of cameras somewhere between 1.5 million and four million.

“Because there is no single reliable source of data no number can ever be held as truly accurate however the middle of our range suggests that there are around five million cameras,” Simon Adcock, of the BSIA, said.

The revelations drew angry criticism from privacy campaigners Big Brother Watch who described the CCTV culture as a sign of an ailing democracy in Britain.

“This report is another stark reminder of how out of control our surveillance culture has become,” Big Brother Watch director Nick Pickles said.

“With potentially more than five million CCTV cameras across country, including more than 300,000 cameras in schools, we are being monitored in a way that few people would recognize as a part of a healthy democratic society,” he added.

Pickles also compared the situation to the dystopia represented in George Orwell’s 1984 novel.

“This report should be a wakeup call that in modern Britain there are people in positions of responsibility who seem to think ‘1984’ was an instruction manual,” he said.

The novel pictures a society where every single private move of the citizens in the then future Britain of 1984 is monitored by the eye of the state.

Related article

July 11, 2013 Posted by | Civil Liberties, Full Spectrum Dominance | , , , , , | Comments Off on UK has a CCTV for every 11 people

International Privacy Day: Fighting Data Retention Mandates Around the World

By Katitza Rodriguez | EFF | January 24, 2012

This January 28 marks International Privacy Day, the day that the first legally binding international privacy treaty was opened for signature to Member States in January 28, 1981. Different countries around the world are celebrating this day with their own events. This year, we are honoring the day by calling attention to recent privacy threats around the world and describing a few of the available tools that allow individuals to protect their privacy and anonymity.

Today, we are calling on governments to repeal mandatory data retention schemes. Mandatory data retention harms individuals’ anonymity, which is crucial for whistle-blowers, investigators, journalists, and for political speech. It creates huge potential for abuse and should be rejected as a serious infringement on the rights and freedoms of all individuals.

It has been six years since the highly controversial Data Retention Directive (DRD) was adopted in the European Union. Conceived in the EU and steamrolled by powerful U.S. and U.K. government lobbies, this mass-surveillance law compels EU-based Internet service providers to collect and retain traffic data revealing who communicates with whom by email, phone, and SMS, including the duration of the communication and the locations of the users. This data is often made available to law enforcement. Europeans have widely criticized the DRD, and year after year, it has inspired some of the largest-ever street protests against excessive surveillance.

The European Commission has begun mounting a defense for this highly controversial mass-surveillance scheme, though they have thus far been unable to show that the DRD is necessary or proportionate. For the DRD to be legal in the EU, any limitation to the right to privacy mustbe “necessary” to achieve an objective of general interest and “proportionate” to the desired aim. This requirement is important to ensure that the government does not adopt severe measures to address a problem that could be otherwise solved in a way that is less harmful to civil liberties.  But the Commission has been arguing that all uses of retained data illustrate that the Directive is “valuable.” This doesn’t meet the legal standard. Instead, the Commission should provide evidence that in the absence of a mandatory data retention law, traffic data crucial to the investigation of “serious crime” would not have been available to law enforcement.

Despite the European Commission’s efforts to preserve the Directive as-is, a leaked letter confirms that the Commission has been scrambling to conjure evidence for the “need” of a DRD scheme in the European Union. It also underscores the fact that there is no system of oversight that would allow citizens to monitor the impact of the proposed program on their privacy rights. Perhaps the most disquieting detail that has been confirmed by the letter is that service providers have already been storing instant messages, chats, uploads, and downloads. This type of data collection falls outside the scope of the DRD. Moreover, the letter indicates that “unnamed” players seek to broaden the uses of the DRD to include prosecution of copyright infringement including “illegally downloading.” Since this is not a serious crime, this legally falls outside the scope of the DRD.

In response to this leak, EDRI stated, “The leaked document however shows that the Commission can neither prove necessity nor proportionality of the Data Retention Directive – but still wants to keep the Directive.” The leaked letter also disclosed that the EU Commission is evaluating the possibility of amending the Directive. The Commission has commissioned a study into data preservation in the EU and around the world. According to the letter, this exercise is to be completed by May 2012.

Ending Data Retention: Constitutional Challenges

Constitutional courts have begun weighing in on the legality of this mass-surveillance scheme. In a decision celebrated by privacy advocates, the Czech Constitutional Court declared in March 2011 that the Czech data retention law was unconstitutional. Earlier this month, the same Court dealt another blow to data retention by annulling part of the Criminal Procedure Code, which would have enabled law enforcement access to data stored voluntarily by operators. Most importantly, the Czech Court used compelling language in articulating the importance of the protection of traffic data. The Court stated that the collection of traffic data and communication data warranted identical legal safeguards since both have the same “intensity of interference”.

We couldn’t agree more. Sensitive data of this nature demands stronger protection, not an all-access pass. Individuals should not have to worry whether one sort of private information has less protection than another.

Jan Vobořil of Iuridicum Remedium, which led the legal complaint against the Czech data retention law, told EFF:

I believe that both decisions will help ensure that new legislation enforces the same restrictions as exist for use of wiretap. These include strong privacy safeguards for government access to citizen’s data, the obligation to inform individuals about the use of their data, and so on.

Several other courts in EU member states have also ruled on the illegality of data retention laws. Earlier in 2009, the Romanian constitutional Court rejected the imposition of an ongoing, sweeping traffic data retention program. The Court rightly emphasized that mandatory data retention overturns the presumption of innocence in a way that treats all Romanians like potential suspects. Despite this court decision, a new draft data retention bill was introduced in the Parliament, but the Senate finally rejected it at the end of 2011.

In March 2010, the German Court declared unconstitutional the German mandatory data retention law. The Court ordered the deletion of the collected data and affirmed that data retention could “cause a diffusely threatening feeling of being under observation that can diminish an unprejudiced perception of one’s basic rights in many areas.” The lawsuit was brought on by 34,000 citizens through the initiative of AK  Vorrat, the German working group against data retention.

Over in Ireland, the Court is referring to the European Court of Justice the case challenging the legality of the DRD, thanks to the complaint brought by Digital Rights Ireland. The Irish Court acknowledged the importance of defining “the legitimate legal limits of surveillance techniques used by governments”, and rightly emphasized that “without sufficient legal safeguards the potential for abuse and unwarranted invasion of privacy is obvious”. The Courtsin Cyprus and Bulgaria have also declared their mandatory data retention laws unconstitutional.

The DRD compels EU member countries to implement the Directive into national law. Fortunately, many member states have not yet done so. The Czech Republic, Germany, Greece, Romania, and Sweden have not adopted this piece of legislation, despite pressure from the European Commission to do so. In Austria, the data protection law will take effect in April 2012.  AK Vorrat Austria plans to use all legal means to challenge the legality of the DRD. They have also handed over a petition to the Austrian Parliament asking the government to fight against the DRD at the EU level and to review all existing anti-terror legislation. (If you are Austrian, sign the petition today at zeichnemit.at.) In Slovakia, the NGO European Information Society Institute is opposing the Slovakian data retention implementation law.

Meanwhile, civil society groups are resisting and campaigning against this oppressive data retention law. EDRI, along with EFF and AK Vorrat, has fought to repeal the DRD in favor of targeted collection of traffic data. EDRI has previously reported that Deutsche Telekom, a German telco, illegally used telecommunications traffic and location data to spy on roughly 60 individuals including journalists, managers, and union leaders. They also reported that two major intelligence agencies in Poland used retained traffic and subscriber data to illegally disclose journalistic sources without any judicial oversight. These are only a few examples in which data retention policies have directly threatened individuals’ expression and privacy rights.

The DRD is a threat to Internet privacy and anonymity, and has been proven to violate the privacy rights of 500 million Europeans. EFF, together with EDRI, will keep fighting to repeal the DRD in favor of targeted collection of traffic data.

Mandatory Data Retention in the United States

Two bills introduced in the U.S. Congress in 2009 would have required all Internet providers and operators of WiFi access points to keep records on Internet users for at least two years to assist police investigations. Neither bill became law. Some legislators and law enforcement officials continue to argue, however, that mandatory data retention is necessary to investigate online child pornography and other Internet crimes. In January 2011, the U.S. House of Representatives Judiciary Subcommittee on Crime, Terrorism, and Homeland Security held a hearing that discussed whether Congress should pass legislation that would force ISPs and telecom providers to log Internet user traffic data. In May 2011, H.R. 1981, which would require retention of such traffic data, was introduced in the House of Representatives. This bill is still alive and continues to be a threat to the privacy and anonymity of all Americans. EFF has joined civil liberties and consumer organizations in publicly opposing H.R. 1981. Please join EFF, and help us defeat this bill before it is made law. Contact your Representative now.

January 25, 2012 Posted by | Civil Liberties, Full Spectrum Dominance | , , , , , | Comments Off on International Privacy Day: Fighting Data Retention Mandates Around the World