Aletho News

ΑΛΗΘΩΣ

Yahoo Scanned All Users’ Emails for Government!

By Alfredo Lopez | This Can’t Be Happening! | October 5, 2016

If you are one of the approximately 280 million people with Yahoo email accounts, your email was scanned for content and possibly turned over to the U.S. government. Yahoo, on Tuesday, admitted that fact.

Reuters revealed on Tuesday that the Internet mega-company (which is now being purchased by Verizon Communications) designed a special program last year to capture and scan all its users’ incoming email after being ordered to do that by the either the NSA or FBI. It deployed the program over the last year, scanning every piece of email Yahoo accounts received and apparently turning over all email that contained any of the tens of thousands of “keywords” the NSA considers suspicious.

The decision, Reuters says, was made by President and Chief Executive Officer Marissa Mayer, in collaboration with people in her legal department. It wasn’t without controversy: several Yahoo top staffers left the company including Chief Information Security Officer Alex Stamos (who left for a top job at Facebook).

The news is startling for several reasons. It’s also deceptive for some others.

* Email providers like Google (whose gmail program is a favorite source of NSA data capture) always claim they don’t do “blanket review” of email content. Yahoo is the first to openly admit that it does. It apparently made that decision because its executives didn’t think they could successfully resist the government orders.

That decision by Mayer, already under considerable pressure at the struggling corporate giant, was apparently taken without consultation with her security team. Instead, she just ordered technologists to write the data scanning software. Many in the company thought it could challenge the government orders in the courts and prevail. Several, including Stamos, fled in reported horror.

* They didn’t just review the emails, they built a special program to do it and never let their users know they were doing that. It might seem logical — after all, you don’t let the person who you’re spying on know you’re spying — but very few Yahoo users are the subject of investigations. Yahoo’s statement — that it complies with legal requests — doesn’t even mention the Consitution that protects your data legally and whose first and fourth amendments appear to have been clearly violated by this action.

*  Finally, what do you do with all that data? While the government would contend that it was investigating illegal activity, it now has reports (at least) if not full captures on everyone. And a government that collects data on everyone isn’t a state doing policing. It is a police state.

As shocking as this revelation is, the reaction of other Internet companies has been gallingly disengenuous.

“We’ve never received such a request,” a spokeman for Google, told Reuters. “But if we did, our response would be simple: ‘No way’.”

Well… yes… “way” because Google has received thousands of NSA National Security Letters and routinely complies with them. They may not be scanning all the information but they will scan and turn over any information the government requests without informing the affected customer.

A Microsoft spokesperson also chimed in, “We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo.”

No, maybe not like reported today but Microsoft also routinely complies with government orders almost never challenging them.

In a sense, the way the data is collecting (and the amount collected) — as shocking and important as that is — is probably not the most important issue. If you collect and turn over data on any user just because someone in the NSA tells you to, your respect for privacy and constitutional rights is deeply questionable. That’s exactly what all these companies do.

Yahoo’s latest scandal only underscores how little respect for our rights this industry has.

There are many cases by companies challenging the government on surveillance. Why Yahoo could choose to comply so quickly and not tell anyone about it will certainly provoked widespread circulation and analysis in the coming weeks.

That is something we should all be monitoring.

(Full disclosure: as an official of MayFirst/PeopleLink, I am involved in an international lawsuit challenging the NSA’s right to conduct mass surveillance in foreign countries. The “bias” revealed, however, should not surprise any reader of this website.)

October 6, 2016 Posted by | Civil Liberties, Deception, Full Spectrum Dominance | , , , , | 1 Comment

The NSA Killed the Radio Star and American High Tech

By Richard Silverstein · Tikun Olam · November 2, 2013

While I don’t pretend to be a technical expert, it seems clear to me that one of the major pieces of collateral damage regarding the NSA spying scandal is the savaging that the American technology industry has taken. Though they initially denied it, it became apparent that companies like Twitter, Facebook, Google, Microsoft, Yahoo and others essentially rolled over and played dead in the face of Justice Department and NSA directives that they essentially unlock their data for inspection. Later it became clear that the government didn’t really need these data dumps, it could invade the company servers and sift through data at will.

Now these same companies are telling us that they’ll regain our trust by encrypting their data so that it can’t be hacked by NSA snoops. Such encryption is not going to be an effective tool if the NSA retains the same privileges it’s had to subpoena any data at any time for any person it wishes. In such cases, the only thing standing in the way of wholesale exposure of virtually every secret is a toothless FISA court which never questions a subpoena or prevents any spying.

The only benefit to encryption is that it will make it harder for the NSA to collect the reams of data which it sifts through in order to decide which individuals’ records it wants to subpoena. But given the creativity and ingenuity of NSA spooks, you can be sure they’ll discover a way to circumvent even this obstacle.

There is a certain attraction for the average NSA hacker to et everything they can; to open all possible doors; to pry into every possibly nook and cranny. That’s what spooks do. You can’t blame them for that. But you can blame the executive branch and legislators who were supposed to exercise oversight and, with a few exceptions like Marc Udall and Ron Wyden, abdicated their constitutional responsibility. 9/11 made them all go soft in the head.

Now even Rep. James Sensenbrenner, one of the chief architects of that foul piece of legislation called the USA Patriot Act, seems to have second thoughts. He’s gone so far as to call the actions of the NSA “criminal.” But is it too late? Once the NSA let the horse out of the barn, how will the U.S. technology industry get it back in?

These companies, the backbone of the U.S. economy, have shown themselves to be at the beck and call of the government. The trust we customers placed in them to protect our security has been savaged. Does anyone believe anything Mark Zuckerberg, Steve Ballmer, Larry Page or Sergey Brin say on this subject?  Frankly, I think they can’t regain that trust no matter what they do.

The NSA has torn a hole in the high tech industry big enough to drive a super computer or Mack truck through. Countries like Brazil and others are already developing competing systems that will not be subject to the intrusive scrutiny of the NSA. Will any American want to maintain telecommunications accounts with U.S. companies?

If we lose the edge we’ve had in such technological development over the past 60 years, we will lose a huge sector of U.S. commercial innovation. We will hurt our economy, lose jobs, and slow the pace of development in our own country. In a strange and ironic way, NSA spying may ultimately hurt the U.S. and our national security.

An equally damaged victim of NSA spying has been our formerly warm relations with allies like Berlin, France, German, Mexico and Brazil.  One must ask: was the benefit of whatever was learned by hacking the phones of their leaders worth the years of damage and mistrust that will ensue from this mess? Further, one has to marvel at the hubris of U.S. spymasters who believed that their massive House of Spies would never be exposed. As a result of Edward Snowden’s revelations the House of Spies has become a House of Cards.

In addition to all the nations with whom we’ve had tense of even hostile nations over the last decade or so, now we have to add allies who have lost trust in us.

I am delighted to learn that attitudes in the international community toward Snowden are gradually changing. With every new insult to the national pride of these countries with further NSA spying charges, more people find Snowden’s work admirable. German legislators met with him over the past few days to determine whether he can travel to German to testify before the Bundestag about the hacking of Prime Minister Merkel’s cell phone. If they find a way to bring him to Germany, I fear the cat will be out of the bag.  As long as the U.S. could confine him to countries like China or Russia, with whom we have tense or hostile relations, Obama could dismiss Snowden as a crank.  But once he begins spilling his guts before national legislatures of U.S. allies, he becomes a technological Robin Hood.

November 2, 2013 Posted by | Civil Liberties, Corruption, Deception, Economics, Full Spectrum Dominance | , , , , , | Leave a comment

NSA secretly accessed Yahoo, Google data centers to collect information

RT | October 30, 2013

Despite having front-door access to communications transmitted across the biggest Internet companies on Earth, the National Security Agency has been secretly tapping into the two largest online entities in the world, new leaked documents reveal.

Those documents, supplied by former NSA contractor Edward Snowden and obtained by the Washington Post, suggest that the US intelligence agency and its British counterpart have compromised data passed through the computers of Google and Yahoo, the two biggest companies in the world with regards to overall Internet traffic, and in turn allowed those country’s governments and likely their allies access to hundreds of millions of user accounts from individuals around the world.

“From undisclosed interception points, the NSA and GCHQ are copying entire data flows across fiber-optic cables that carry information between the data centers of the Silicon Valley giants,” the Post’s Barton Gellman and Ashkan Soltani reported on Wednesday.

The document providing evidence of such was among the trove of files supplied by Mr. Snowden and is dated January 9, 2013, making it among the most recent top-secret files attributed to the 30-year-old whistleblower.

Both Google and Yahoo responded to the report, with the former’s response being the most forceful.

Google’s chief legal officer, David Drummond, said the company was “outraged” by the allegations.

“We have long been concerned about the possibility of this kind of snooping, which is why we have continued to extend encryption across more and more Google services and links, especially the links in the slide,” said Drummond, implying the web giant had been caught by surprise by the revelations..

“We do not provide any government, including the US government, with access to our systems. We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform.”

Yahoo likewise implied it was not actively cooperating with the NSA in granting the agency access to its data infrastructure.

“We have strict controls in place to protect the security of our data centers, and we have not given access to our data centers to the NSA or to any other government agency,” the company said via statement.

Gen. Keith Alexander, the head of the NSA, told reporters Wednesday afternoon, “I don’t know what the report is,” according to Politico, and said his agency is “not authorized” to tap into Silicon Valley companies. When asked if the NSA tapped into the data centers, Alexander said, “Not to my knowledge.”

Earlier this year, separate documentation supplied by Mr. Snowden disclosed evidence of PRISM, an NSA-operated program that the intelligence company conducted to target the users of Microsoft, Google, Yahoo, Facebook, PalTalk, YouTube, Skype, AOL and Apple services. When that program was disclosed by the Guardian newspaper in June, reporters there said it allowed the NSA to “collect material including search history, the content of emails, file transfers and live chats” while having direct access to the companies’ servers, at times with the “assistance of communication providers in the US.”

According to the latest leak, the NSA and Britain’s Government Communications Headquarters are conducting similar operations targeting the users of at least two of these companies, although this time under utmost secrecy.

“The infiltration is especially striking because the NSA, under a separate program known as PRISM, has front-door access to Google and Yahoo user accounts through a court-approved process,” the Post noted.

And while top-brass in the US intelligence community defended PRISM and said it did not target American Internet users, the newest program — codenamed MUSCULAR — sweeps up data pertaining to the accounts of many Americans, the Post acknowledged.

The MUSCULAR program, according to Wednesday’s leak, involves a process in which the NSA and GCHQ intercept communications overseas, where lax restrictions and oversight allow the agencies access to intelligence with ease.

“NSA documents about the effort refer directly to ‘full take,’ ‘bulk access’ and ‘high volume’ operations on Yahoo and Google networks,” the Post reported. “Such large-scale collection of Internet content would be illegal in the United States, but the operations take place overseas, where the NSA is allowed to presume that anyone using a foreign data link is a foreigner.”

To do as much, the NSA and GCHQ rely on capturing information being sent between company data centers around the globe, intercepting those bits and bytes in transit by tapping in as information is moved from the “Public Internet” to the private “clouds” operated by the likes of Google and Yahoo. Those cloud systems involve the linking of international data centers, each processing and containing huge troves of user information for potentially millions of customers. Intelligence officers who can sneak through the cracks when information is decrypted — or never encrypted in the first place — can then see the information sent in real time as take “a retrospective look at target activity,” according to documents seen by the Post.

“Because digital communications and cloud storage do not usually adhere to national boundaries, MUSCULAR and a previously disclosed NSA operation to collect Internet address books have amassed content and metadata on a previously unknown scale from US citizens and residents” Barton and Soltani reported.

“Data are an essentially global commodity, and the backup processes of companies often mean that data is replicated many places across the world,” The Post’s Andrea Peterson added in a separate report. “So just because you sent an e-mail in the US, doesn’t mean it will always stay within the nation’s borders for its entire life in the cloud.”

As data goes into those facilities outside of the US, the NSA and GCHQ have more tactics to deploy in order to obtain private communications. Additionally, Yahoo has not nor do they now have any plans to deploy encryption technology to secure communications, suggesting the data of their millions of users was passed in-the-clear through international data centers, ripe to be intercepted by the intelligence community.

“Google and Yahoo generally connect their data centers over privately owned or leased fiber-optic cables, which do not share traffic with other Internet users and companies, to enable the tasted connections and keep information secure,” Gellman added in a separate article authored alongside the Post’s Todd Linderman. “Until recently, these internal data networks were not encrypted. Google announced in September, however, that it is moving quickly to encrypt those connections. Yahoo’s data center links are not encrypted.”

“It’s an arms race,” Eric Grosse, Google’s vice president for security engineering, told the Post last month. “We see these government agencies as among the most skilled players in this game.”

After hearing ot the MUSCULAR program by the Post, Google said in a statement that they were “troubled by allegations of the government intercepting traffic between our data centers, and we are not aware of this activity.”

“We have long been concerned about the possibility of this kind of snooping, which is why we continue to extend encryption across more and more Google services and links,” the company said.

“We have strict controls in place to protect the security of our data centers, and we have not given access to our data centers to the NSA or to any other government agency,” insisted Yahoo.

Only hours before the latest Snowden leak was made public, NSA Director Keith Alexander told a Congressional panel that the illegal, unconstitutional revelations helped terrorist intent on killing Americans. Answering a question from Rep. Michele Bachmann (R-Minnesota) about the effect of the leaks on national security, Alexander and Director of National Intelligence James Clapper both said the disclosure have and will continue to cause major damage to the US.

At that same hearing, Alexander admitted that the NSA “compels” telecommunication companies to provide the government with user intelligence.

“Nothing that has been released has shown that we’re trying to do something illegal or unprofessional,” Alexander added.

October 30, 2013 Posted by | Civil Liberties, Corruption, Deception, Full Spectrum Dominance | , , , , , , , , , , , | Leave a comment

Oh, And One More Thing: NSA Directly Accessing Information From Google, Facebook, Skype, Apple And More

By Mike Masnick | TechDirt | June 6th 2013

Obviously, the Verizon/NSA situation was merely a small view into just how much spying the NSA is doing on everyone. And it seems to be spurring further leaks and disclosures. The latest, from the Washington Post, is that the NSA has direct data mining capabilities into the data held by nine of the biggest internet/tech companies:

The technology companies, which participate knowingly in PRISM operations, include most of the dominant global players of Silicon Valley. They are listed on a roster that bears their logos in order of entry into the program: “Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple.” PalTalk, although much smaller, has hosted significant traffic during the Arab Spring and in the ongoing Syrian civil war.

Dropbox , the cloud storage and synchronization service, is described as “coming soon.”

This program, like the constant surveillance of phone records, began in 2007, though other programs predated it. They claim that they’re not collecting all data, but it’s not clear that makes a real difference:

The PRISM program is not a dragnet, exactly. From inside a company’s data stream the NSA is capable of pulling out anything it likes, but under current rules the agency does not try to collect it all.

Analysts who use the system from a Web portal at Fort Meade key in “selectors,” or search terms, that are designed to produce at least 51 percent confidence in a target’s “foreignness.” That is not a very stringent test. Training materials obtained by the Post instruct new analysts to submit accidentally collected U.S. content for a quarterly report, “but it’s nothing to worry about.”

Even when the system works just as advertised, with no American singled out for targeting, the NSA routinely collects a great deal of American content.

I expect we’ll be seeing more such revelations before long.

Related article

June 7, 2013 Posted by | Civil Liberties, Full Spectrum Dominance | , , , , , , , , , | 2 Comments