Van nieuwsblog.burojansen.nl

The NSA has been covertly implanting interception tools in US servers heading overseas – even though the US government has warned against using Chinese technology for the same reasons, says Glenn Greenwald, in an extract from his new book about the Snowden affair, No Place to Hide
For years, the US government loudly warned the world that Chinese routers and other internet devices pose a “threat” because they are built with backdoor surveillance functionality that gives the Chinese government the ability to spy on anyone using them. Yet what the NSA’s documents show is that Americans have been engaged in precisely the activity that the US accused the Chinese of doing.
Tell us what you think: Star-rate and review this book
The drumbeat of American accusations against Chinese internet device manufacturers was unrelenting. In 2012, for example, a report from the House Intelligence Committee, headed by Mike Rogers, claimed that Huawei and ZTE, the top two Chinese telecommunications equipment companies, “may be violating United States laws” and have “not followed United States legal obligations or international standards of business behaviour”. The committee recommended that “the United States should view with suspicion the continued penetration of the US telecommunications market by Chinese telecommunications companies”.
The Rogers committee voiced fears that the two companies were enabling Chinese state surveillance, although it acknowledged that it had obtained no actual evidence that the firms had implanted their routers and other systems with surveillance devices. Nonetheless, it cited the failure of those companies to cooperate and urged US firms to avoid purchasing their products: “Private-sector entities in the United States are strongly encouraged to consider the long-term security risks associated with doing business with either ZTE or Huawei for equipment or services. US network providers and systems developers are strongly encouraged to seek other vendors for their projects. Based on available classified and unclassified information, Huawei and ZTE cannot be trusted to be free of foreign state influence and thus pose a security threat to the United States and to our systems.”
The constant accusations became such a burden that Ren Zhengfei, the 69-year-old founder and CEO of Huawei, announced in November 2013 that the company was abandoning the US market. As Foreign Policy reported, Zhengfei told a French newspaper: “‘If Huawei gets in the middle of US-China relations,’ and causes problems, ‘it’s not worth it’.”
But while American companies were being warned away from supposedly untrustworthy Chinese routers, foreign organisations would have been well advised to beware of American-made ones. A June 2010 report from the head of the NSA’s Access and Target Development department is shockingly explicit. The NSA routinely receives – or intercepts – routers, servers and other computer network devices being exported from the US before they are delivered to the international customers.
The agency then implants backdoor surveillance tools, repackages the devices with a factory seal and sends them on. The NSA thus gains access to entire networks and all their users. The document gleefully observes that some “SIGINT tradecraft … is very hands-on (literally!)”.
Eventually, the implanted device connects back to the NSA. The report continues: “In one recent case, after several months a beacon implanted through supply-chain interdiction called back to the NSA covert infrastructure. This call back provided us access to further exploit the device and survey the network.”
It is quite possible that Chinese firms are implanting surveillance mechanisms in their network devices. But the US is certainly doing the same.
Warning the world about Chinese surveillance could have been one of the motives behind the US government’s claims that Chinese devices cannot be trusted. But an equally important motive seems to have been preventing Chinese devices from supplanting American-made ones, which would have limited the NSA’s own reach. In other words, Chinese routers and servers represent not only economic competition but also surveillance competition.
The Guardian, Monday 12 May 2014 22.39 BST
Find this story at 12 May 2014
© 2014 Guardian News and Media Limited or its affiliated companies. All rights reserved.

National Security Agency head and Internet giant’s executives have coordinated through high-level policy discussions

Email exchanges between National Security Agency Director Gen. Keith Alexander and Google executives Sergey Brin and Eric Schmidt suggest a far cozier working relationship between some tech firms and the U.S. government than was implied by Silicon Valley brass after last year’s revelations about NSA spying.

Disclosures by former NSA contractor Edward Snowden about the agency’s vast capability for spying on Americans’ electronic communications prompted a number of tech executives whose firms cooperated with the government to insist they had done so only when compelled by a court of law.

But Al Jazeera has obtained two sets of email communications dating from a year before Snowden became a household name that suggest not all cooperation was under pressure.

On the morning of June 28, 2012, an email from Alexander invited Schmidt to attend a four-hour-long “classified threat briefing” on Aug. 8 at a “secure facility in proximity to the San Jose, CA airport.”

“The meeting discussion will be topic-specific, and decision-oriented, with a focus on Mobility Threats and Security,” Alexander wrote in the email, obtained under a Freedom of Information Act (FOIA) request, the first of dozens of communications between the NSA chief and Silicon Valley executives that the agency plans to turn over.

Alexander, Schmidt and other industry executives met earlier in the month, according to the email. But Alexander wanted another meeting with Schmidt and “a small group of CEOs” later that summer because the government needed Silicon Valley’s help.

“About six months ago, we began focusing on the security of mobility devices,” Alexander wrote. “A group (primarily Google, Apple and Microsoft) recently came to agreement on a set of core security principles. When we reach this point in our projects we schedule a classified briefing for the CEOs of key companies to provide them a brief on the specific threats we believe can be mitigated and to seek their commitment for their organization to move ahead … Google’s participation in refinement, engineering and deployment of the solutions will be essential.”

Jennifer Granick, director of civil liberties at Stanford Law School’s Center for Internet and Society, said she believes information sharing between industry and the government is “absolutely essential” but “at the same time, there is some risk to user privacy and to user security from the way the vulnerability disclosure is done.”

The challenge facing government and industry was to enhance security without compromising privacy, Granick said. The emails between Alexander and Google executives, she said, show “how informal information sharing has been happening within this vacuum where there hasn’t been a known, transparent, concrete, established methodology for getting security information into the right hands.”

The classified briefing cited by Alexander was part of a secretive government initiative known as the Enduring Security Framework (ESF), and his email provides some rare information about what the ESF entails, the identities of some participant tech firms and the threats they discussed.

The classified briefing cited by Alexander was part of a secretive government initiative known as the Enduring Security Framework (ESF), and his email provides some rare information about what the ESF entails, the identity of some participant tech firms and the threats they discussed.
Alexander explained that the deputy secretaries of the Department of Defense, Homeland Security and “18 US CEOs” launched the ESF in 2009 to “coordinate government/industry actions on important (generally classified) security issues that couldn’t be solved by individual actors alone.”

“For example, over the last 18 months, we (primarily Intel, AMD [Advanced Micro Devices], HP [Hewlett-Packard], Dell and Microsoft on the industry side) completed an effort to secure the BIOS of enterprise platforms to address a threat in that area.”

“BIOS” is an acronym for “basic input/output system,” the system software that initializes the hardware in a personal computer before the operating system starts up. NSA cyberdefense chief Debora Plunkett in December disclosed that the agency had thwarted a “BIOS plot” by a “nation-state,” identified as China, to brick U.S. computers. That plot, she said, could have destroyed the U.S. economy. “60 Minutes,” which broke the story, reported that the NSA worked with unnamed “computer manufacturers” to address the BIOS software vulnerability.

But some cybersecurity experts questioned the scenario outlined by Plunkett.

“There is probably some real event behind this, but it’s hard to tell, because we don’t have any details,” wrote Robert Graham, CEO of the penetration-testing firm Errata Security in Atlanta, on his blog in December. “It”s completely false in the message it is trying to convey. What comes out is gibberish, as any technical person can confirm.”

And by enlisting the NSA to shore up their defenses, those companies may have made themselves more vulnerable to the agency’s efforts to breach them for surveillance purposes.

“I think the public should be concerned about whether the NSA was really making its best efforts, as the emails claim, to help secure enterprise BIOS and mobile devices and not holding the best vulnerabilities close to their chest,” said Nate Cardozo, a staff attorney with the Electronic Frontier Foundation’s digital civil liberties team.

He doesn’t doubt that the NSA was trying to secure enterprise BIOS, but he suggested that the agency, for its own purposes, was “looking for weaknesses in the exact same products they’re trying to secure.”

The NSA “has no business helping Google secure its facilities from the Chinese and at the same time hacking in through the back doors and tapping the fiber connections between Google base centers,” Cardozo said. “The fact that it’s the same agency doing both of those things is in obvious contradiction and ridiculous.” He recommended dividing offensive and defensive functions between two agencies.

Google, NSA
The government has asked for Silicon Valley’s help. Adam Berry / Getty Images
Two weeks after the “60 Minutes” broadcast, the German magazine Der Spiegel, citing documents obtained by Snowden, reported that the NSA inserted back doors into BIOS, doing exactly what Plunkett accused a nation-state of doing during her interview.

Google’s Schmidt was unable to attend to the mobility security meeting in San Jose in August 2012.

“General Keith.. so great to see you.. !” Schmidt wrote. “I’m unlikely to be in California that week so I’m sorry I can’t attend (will be on the east coast). Would love to see you another time. Thank you !” Since the Snowden disclosures, Schmidt has been critical of the NSA and said its surveillance programs may be illegal.

Army Gen. Martin E. Dempsey, chairman of the Joint Chiefs of Staff, did attend that briefing. Foreign Policy reported a month later that Dempsey and other government officials — no mention of Alexander — were in Silicon Valley “picking the brains of leaders throughout the valley and discussing the need to quickly share information on cyber threats.” Foreign Policy noted that the Silicon Valley executives in attendance belonged to the ESF. The story did not say mobility threats and security was the top agenda item along with a classified threat briefing.

A week after the gathering, Dempsey said during a Pentagon press briefing, “I was in Silicon Valley recently, for about a week, to discuss vulnerabilities and opportunities in cyber with industry leaders … They agreed — we all agreed on the need to share threat information at network speed.”

Google co-founder Sergey Brin attended previous meetings of the ESF group but because of a scheduling conflict, according to Alexander’s email, he also could not attend the Aug. 8 briefing in San Jose, and it’s unknown if someone else from Google was sent.

A few months earlier, Alexander had emailed Brin to thank him for Google’s participation in the ESF.

“I see ESF’s work as critical to the nation’s progress against the threat in cyberspace and really appreciate Vint Cerf [Google’s vice president and chief Internet evangelist], Eric Grosse [vice president of security engineering] and Adrian Ludwig’s [lead engineer for Android security] contributions to these efforts during the past year,” Alexander wrote in a Jan. 13, 2012, email.

“You recently received an invitation to the ESF Executive Steering Group meeting, which will be held on January 19, 2012. The meeting is an opportunity to recognize our 2012 accomplishments and set direction for the year to come. We will be discussing ESF’s goals and specific targets for 2012. We will also discuss some of the threats we see and what we are doing to mitigate those threats … Your insights, as a key member of the Defense Industrial Base, are valuable to ensure ESF’s efforts have measurable impact.”

A Google representative declined to answer specific questions about Brin’s and Schmidt’s relationship with Alexander or about Google’s work with the government.

“We work really hard to protect our users from cyberattacks, and we always talk to experts — including in the U.S. government — so we stay ahead of the game,” the representative said in a statement to Al Jazeera. “It’s why Sergey attended this NSA conference.”

Brin responded to Alexander the following day even though the head of the NSA didn’t use the appropriate email address when contacting the co-chairman.

“Hi Keith, looking forward to seeing you next week. FYI, my best email address to use is [redacted],” Brin wrote. “The one your email went to — sergey.brin@google.com — I don’t really check.”

May 6, 2014 5:00AM ET
by Jason Leopold @JasonLeopold

Find this story at 6 May 2014

© 2014 Al Jazeera America, LLC.

NSA general counsel Rajesh De says big tech companies like Yahoo and Google provided ‘full assistance’ in legally mandated collection of data

The senior lawyer for the National Security Agency stated on Wednesday that US technology companies were fully aware of the surveillance agency’s widespread collection of data.

Rajesh De, the NSA general counsel, said all communications content and associated metadata harvested by the NSA under a 2008 surveillance law occurred with the knowledge of the companies – both for the internet collection program known as Prism and for the so-called “upstream” collection of communications moving across the internet.

Asked during a Wednesday hearing of the US government’s institutional privacy watchdog if collection under the law, known as Section 702 or the Fisa Amendments Act, occurred with the “full knowledge and assistance of any company from which information is obtained,” De replied: “Yes.”

When the Guardian and the Washington Post broke the Prism story in June, thanks to documents leaked by whistleblower Edward Snowden, nearly all the companies listed as participating in the program – Yahoo, Apple, Google, Microsoft, Facebook and AOL – claimed they did not know about a surveillance practice described as giving NSA vast access to their customers’ data. Some, like Apple, said they had “never heard” the term Prism.

De explained: “Prism was an internal government term that as the result of leaks became the public term,” De said. “Collection under this program was a compulsory legal process, that any recipient company would receive.”

After the hearing, De added that service providers also know and receive legal compulsions surrounding NSA’s harvesting of communications data not from companies but directly in transit across the internet under 702 authority.

The disclosure of Prism resulted in a cataclysm in technology circles, with tech giants launching extensive PR campaigns to reassure their customers of data security and successfully pressing the Obama administration to allow them greater leeway to disclose the volume and type of data requests served to them by the government.

Last week, Facebook founder Mark Zuckerberg said he had called US president Barack Obama to voice concern about “the damage the government is creating for all our future.” There was no immediate response from the tech companies to De’s comments on Wednesday.

It is unclear what sort of legal process the government serves on a company to compel communications content and metadata access under Prism or through upstream collection. Documents leaked from Snowden indicate that the NSA possesses unmediated access to the company data.

The secret Fisa court overseeing US surveillance for the purposes of producing foreign intelligence issues annual authorisations blessing NSA’s targeting and associated procedures under Section 702.After winning a transparency battle with the administration in the Fisa court earlier this year, the companies are now permitted to disclose the range of Fisa orders they receive, in bands of 1,000, which presumably include orders under 702.

Passed in 2008, Section 702 retroactively gave cover of law to a post-9/11 effort permitting the NSA to collect phone, email, internet and other communications content when one party to the communication is reasonably believed to be a non-American outside the United States. The NSA stores Prism data for five years and communications taken directly from the internet for two years.

While Section 702 forbids the intentional targeting of Americans or people inside the United States – a practice known as “reverse targeting” – significant amounts of Americans’ phone calls and emails are swept up in the process of collection.

In 2011, according to a now-declassified Fisa court ruling, the NSA was found to have collected tens of thousands of emails between Americans, which a judge on the court considered a violation of the US constitution and which the NSA says it is technologically incapable of fixing.

Renewed in December 2012 over the objections of senate intelligence committee members Ron Wyden and Mark Udall, Section 702 also permits NSA analysts to search through the collected communications for identifying information about Americans, an amendment to so-called “minimisation” rules revealed by the Guardian in August and termed the “backdoor search loophole” by Wyden.

De and his administration colleagues, testifying before the Privacy and Civil Liberties Oversight Board, strongly rejected suggestions by the panel that a court authorise searches for Americans’ information inside the 702 databases. “If you have to go back to court every time you look at the information in your custody, you can imagine that would be quite burdensome,” deputy assistant attorney general Brad Wiegmann told the board.

De argued that once the Fisa court permits the collection annually, analysts ought to be free to comb through it, and stated that there were sufficient privacy safeguards for Americans after collection and querying had occurred. “That information is at the government’s disposal to review in the first instance,” De said.

De also stated that the NSA is not permitted to search for Americans’ data from communications taken directly off the internet, citing greater risks to privacy.

Section 702 is not the only legal authority the US government possesses to harvest data transiting the internet.

Neither De nor any other US official discussed data taken from the internet under different legal authorities. Different documents Snowden disclosed, published by the Washington Post, indicated that NSA takes data as it transits between Yahoo and Google data centers, an activity reportedly conducted not under Section 702 but under a seminal executive order known as 12333.

De and his administration colleagues were quick to answer the board that companies were aware of the government’s collection of data under 702, which Robert Litt, general counsel for the director of national intelligence, told the board was “one of the most valuable collection tools that we have.”

“All 702 collection is pursuant to court directives, so they have to know,” De reiterated to the Guardian.

• This article was amended on 20 March 2014 to remove statements in the original that the testimony by Rajesh De contradicted denials by technology companies about their knowledge of NSA data collection. It was also updated to clarify that the companies challenged the secrecy surrounding Section 702 orders. Other minor clarifications were also made.

Spencer Ackerman in Washington
theguardian.com, Wednesday 19 March 2014 18.40 GMT

Find this story at 19 March 2014

© 2014 Guardian News and Media Limited or its affiliated companies. All rights reserved.

Silicon Valley companies concerned at effect on business as revelations over US government spying spread more widely

Barack Obama hosted a summit on government surveillance and digital privacy attended by Apple chief executive Tim Cook, Google vice-president Vint Cerf and the boss of US telecoms network AT&T on Thursday.

The US president attended in person, sources told the Politico blog, as did other technology company executives. Additional attendees included representatives of the Center for Democracy and Technology and Gigi Sohn, leader of internet campaign group Public Knowledge.

The meeting was apparently prompted by growing concerns among US technology companies that revelations from the Guardian and others about the extent and depth of surveillance by the National Security Agency, and the companies’ obligation to allow access to data under secret court rules, could be damaging their reputation and commercial interests abroad.

The gathering followed a closed-doors meeting earlier this week with Obama’s chief of staff Denis McDonough and general counsel Kathy Ruemmler at the White House.

On the agenda at Tuesday’s meeting were the surveillance activities of the NSA, commercial privacy issues and the online tracking of consumers.

“This is one of a number of discussions the administration is having with experts and stakeholders in response to the president’s directive to have a national dialogue about how to best protect privacy in a digital era, including how to respect privacy while defending our national security,” one official told Politico.

McDonough and Ruemmler met members of the Information Technology Industry Council, TechNet and Tech America, which represent a range of companies from defence contractors to digital giants Facebook, Google and Microsoft.

Campaigners including the American Civil Liberties Union and the Electronic Privacy information Center were also present, Politico’s Tony Romm reported.

The Guardian’s revelations about the breadth of the NSA’s access to data, particularly relating to foreign individuals, has created PR problems for US companies. Apple has set its sights on China as a huge potential growth market, but if people there fear eavesdropping by the US government it could harm sales. And Google stands to lose business in cloud computing to European rivals if customers fear similar eavesdropping. Cloud computing companies have estimated they could lose billions of dollars of business as a result.

The White House is also battling to respond to growing unrest over surveillance of citizens by the state and the vast caches of data many digital giants are now storing about individual consumers.

Obama has promised more public debate about the country’s counterterrorism activities and privacy safeguards in general amid signs of widespread support for NSA whistleblower Edward Snowden, but officials have so far declined to provide details about this week’s technology summits.

The meetings came as a wave of Americans posted messages of support to the former security contractor, whose leaks exposed the extent of government sponsored surveillance in the US and Europe.

A website launched by the digital rights group Fight for the Future on Wednesday has attracted more than 10,000 posts expressing support for Snowden’s actions. Billed as an exercise to put faces to statistics, the website features a combination of photographs of individuals holding up signs and written words of support.

In June, Reuters/Ipsos found 31% of respondents believed Snowden was a patriot, while 23% thought he was a traitor. Another 46% said they did not know. Gallup found in June that 53% of respondents disapproved of government snooping programmes, while just 37% approved and 10% had no opinion.

In a statement, Fight for the Future cofounder Tiffiniy Cheng said: “We’ve seen an unbelievable response already – the messages keep streaming in. The government reads the same polls that we do. They know that Snowden has the public’s support. But now we’re adding faces to those statistics. As someone who volunteered and worked for Obama’s election, I feel totally burned by the president’s civil liberties and human rights records. If he truly cares about representing the American people, he should turn his attention to shutting down the NSA’s illegal surveillance programs, and leave Mr Snowden alone.”

The website was launched shortly before Obama pulled out of a presidential meeting with Russia’s leader Vladimir Putin in Moscow next month. This followed Russia’s decision to grant Snowden asylum.

Juliette Garside
theguardian.com, Friday 9 August 2013 17.37 BST

Find this story at 9 August 2013

© 2014 Guardian News and Media Limited or its affiliated companies. All rights reserved.

Fears of customer backlash over breach of privacy as firms give GCHQ unlimited access to their undersea cables

Some of the world’s leading telecoms firms, including BT and Vodafone, are secretly collaborating with Britain’s spy agency GCHQ, and are passing on details of their customers’ phone calls, email messages and Facebook entries, documents leaked by the whistleblower Edward Snowden show.

BT, Vodafone Cable, and the American firm Verizon Business – together with four other smaller providers – have given GCHQ secret unlimited access to their network of undersea cables. The cables carry much of the world’s phone calls and internet traffic.

In June the Guardian revealed details of GCHQ’s ambitious data-hoovering programmes, Mastering the Internet and Global Telecoms Exploitation, aimed at scooping up as much online and telephone traffic as possible. It emerged GCHQ was able to tap into fibre-optic cables and store huge volumes of data for up to 30 days. That operation, codenamed Tempora, has been running for 20 months.

On Friday Germany’s Süddeutsche newspaper published the most highly sensitive aspect of this operation – the names of the commercial companies working secretly with GCHQ, and giving the agency access to their customers’ private communications. The paper said it had seen a copy of an internal GCHQ powerpoint presentation from 2009 discussing Tempora.

The document identified for the first time which telecoms companies are working with GCHQ’s “special source” team. It gives top secret codenames for each firm, with BT (“Remedy”), Verizon Business (“Dacron”), and Vodafone Cable (“Gerontic”). The other firms include Global Crossing (“Pinnage”), Level 3 (“Little”), Viatel (“Vitreous”) and Interoute (“Streetcar”). The companies refused to comment on any specifics relating to Tempora, but several noted they were obliged to comply with UK and EU law.

The revelations are likely to dismay GCHQ and Downing Street, who are fearful that BT and the other firms will suffer a backlash from customers furious that their private data and intimate emails have been secretly passed to a government spy agency. In June a source with knowledge of intelligence said the companies had no choice but to co-operate in this operation. They are forbidden from revealing the existence of warrants compelling them to allow GCHQ access to the cables.

Together, these seven companies operate a huge share of the high-capacity undersea fibre-optic cables that make up the backbone of the internet’s architecture. GCHQ’s mass tapping operation has been built up over the past five years by attaching intercept probes to the transatlantic cables where they land on British shores. GCHQ’s station in Bude, north Cornwall, plays a role. The cables carry data to western Europe from telephone exchanges and internet servers in north America. This allows GCHQ and NSA analysts to search vast amounts of data on the activity of millions of internet users. Metadata – the sites users visit, whom they email, and similar information – is stored for up to 30 days, while the content of communications is typically stored for three days.

GCHQ has the ability to tap cables carrying both internet data and phone calls. By last year GCHQ was handling 600m “telephone events” each day, had tapped more than 200 fibre-optic cables and was able to process data from at least 46 of them at a time.

Each of the cables carries data at a rate of 10 gigabits per second, so the tapped cables had the capacity, in theory, to deliver more than 21 petabytes a day – equivalent to sending all the information in all the books in the British Library 192 times every 24 hours.

This operation is carried out under clandestine agreements with the seven companies, described in one document as “intercept partners”. The companies are paid for logistical and technical assistance.

The identity of the companies allowing GCHQ to tap their cables was regarded as extremely sensitive within the agency. Though the Tempora programme itself was classified as top secret, the identities of the cable companies was even more secret, referred to as “exceptionally controlled information”, with the company names replaced with the codewords, such as “GERONTIC”, “REMEDY” and “PINNAGE”.

However, some documents made it clear which codenames referred to which companies. GCHQ also assigned the firms “sensitive relationship teams”. One document warns that if the names emerged it could cause “high-level political fallout”.

Germans have been enraged by the revelations of spying by the National Security Agency and GCHQ after it emerged that both agencies were hoovering up German data as well. On Friday the Süddeutsche said it was now clear that private telecoms firms were far more deeply complicit in US-UK spying activities than had been previously thought.

The source familiar with intelligence maintained in June that GCHQ was “not looking at every piece of straw” but was sifting a “vast haystack of data” for what he called “needles”.

He added: “If you had the impression we are reading millions of emails, we are not. There is no intention in this whole programme to use it for looking at UK domestic traffic – British people talking to each other.” The source said analysts used four criteria for determining what was examined: security, terror, organised crime and Britain’s economic wellbeing.”The vast majority of the data is discarded without being looked at … we simply don’t have the resources.”

Nonetheless, the agency repeatedly referred to plans to expand this collection ability still further in the future.

Once it is collected, analysts are able to search the information for emails, online chats and browsing histories using an interface called XKeyscore, uncovered in the Guardian on Wednesday. By May 2012, 300 analysts from GCHQ and 250 NSA analysts had direct access to search and sift through the data collected under the Tempora program.

Documents seen by the Guardian suggest some telecoms companies allowed GCHQ to access cables which they did not themselves own or operate, but only operated a landing station for. Such practices could raise alarm among other cable providers who do not co-operate with GCHQ programmes that their facilities are being used by the intelligence agency.

Telecoms providers can be compelled to co-operate with requests from the government, relayed through ministers, under the 1984 Telecommunications Act, but privacy advocates have raised concerns that the firms are not doing enough to challenge orders enabling large-scale surveillance, or are co-operating to a degree beyond that required by law.

“We urgently need clarity on how close the relationship is between companies assisting with intelligence gathering and government,” said Eric King, head of research for Privacy International. “Were the companies strong-armed, or are they voluntary intercept partners?”

Vodafone said it complied with the laws of all the countries in which its cables operate. “Media reports on these matters have demonstrated a misunderstanding of the basic facts of European, German and UK legislation and of the legal obligations set out within every telecommunications operator’s licence … Vodafone complies with the law in all of our countries of operation,” said a spokesman.

“Vodafone does not disclose any customer data in any jurisdiction unless legally required to do so. Questions related to national security are a matter for governments not telecommunications operators.”

A spokeswoman for Interoute said: “As with all communication providers in Europe we are required to comply with European and local laws including those on data protection and retention. From time to time we are presented with requests from authorities. When we receive such requests, they are processed by our legal and security teams and if valid, acted upon.”

A spokeswoman for Verizon said: “Verizon continually takes steps to safeguard our customers’ privacy. Verizon also complies with the law in every country in which we operate.”

BT declined to comment.

James Ball, Luke Harding and Juliette Garside
The Guardian, Friday 2 August 2013 18.36 BST

Find this story at 2 August 2013

© 2014 Guardian News and Media Limited or its affiliated companies. All rights reserved.

Obama administration officials faced deepening political skepticism Wednesday about a far-reaching counterterrorism program that collects millions of Americans’ phone records, even as they released newly declassified documents in an attempt to spotlight privacy safeguards.

The previously secret material — a court order and reports to Congress — was released by Director of National Intelligence James R. Clapper as a Senate Judiciary Committee hearing opened Wednesday morning in which lawmakers sharply questioned the efficacy of the collection of bulk phone records. A senior National Security Agency official conceded that the surveillance effort was the primary tool in thwarting only one plot — not the dozens that officials had previously suggested.

Read the documents
NSA
Secret FISA court order to Verizon
The Obama administration declassified government documents related to NSA collection of telephone metadata records on Wednesday.
Graphic
How the secret FISA court works Click Here to View Full Graphic Story
How the secret FISA court works
Click here to subscribe.

In recent weeks, political support for such broad collection has sagged, and the House last week narrowly defeated a bipartisan bid to end the program, at least in its current form. On Wednesday, senior Democratic senators voiced equally strong doubts.

“This bulk-collection program has massive privacy implications,” said Senate Judiciary Committee Chairman Patrick J. Leahy (Vt.). “The phone records of all of us in this room — all of us in this room — reside in an NSA database. I’ve said repeatedly, just because we have the ability to collect huge amounts of data does not mean that we should be doing so. . . . If this program is not effective, it has to end. So far, I’m not convinced by what I’ve seen.”

Administration officials defended the collection effort and a separate program targeting foreigners’ communication as essential and operating under stringent guidelines.

“With these programs and other intelligence activities, we are constantly seeking to achieve the right balance between the protection of national security and the protection of privacy and civil liberties,” Deputy Attorney General James Cole said. “We believe these two programs have achieved the right balance.”

Cole nonetheless said the administration is open to amending the program to achieve greater public trust. Legislation is pending in the Senate that would narrow its scope.

The NSA program collecting phone records began after the September 2001 terrorist attacks and was brought under the supervision of the Foreign Intelligence Surveillance Court in 2006. But its existence remained hidden until June, when the Guardian newspaper in Britain published a classified FISC order to a U.S. phone company to turn over to the NSA all call records. Former NSA contractor Edward Snowden leaked the order to the newspaper.

On Wednesday, the Guardian published new documents provided by Snowden that outlined previously unknown features of an NSA data-retrieval system called XKeyscore. The newspaper reported that the search tool allowed analysts to “search with no prior authorization through vast databases containing emails, online chats and the browsing histories of millions of individuals.”

NSA slides describing the system published with the Guardian article indicated that analysts used it to sift through government databases, including Pinwale, the NSA’s primary storage system for e-mail and other text, and Marina, the primary storage and analysis tool for “metadata.” Another slide described analysts using XKeyscore to access a database containing phone numbers, e-mail addresses, log-ins and Internet user activity generated from other NSA programs.

The newspaper said the disclosures shed light on Snowden’s claim that the NSA’s surveillance programs allowed him while sitting at his desk to “wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal ­e-mail.” U.S. officials have denied that he had such capability.

In a statement responding to the Guardian report, the NSA said “the implication that NSA’s collection is arbitrary and unconstrained is false. NSA’s activities are focused and specifically deployed against — and only against — legitimate foreign intelligence targets.” The agency further said: “Access to XKEYSCORE, as well as all of NSA’s analytic tools, is limited to only those personnel who require access for their assigned tasks. . . . Not every analyst can perform every function, and no analyst can operate freely. Every search by an NSA analyst is fully auditable, to ensure that they are proper and within the law.”

On Wednesday, Clapper disclosed the FISA court’s “primary” order that spells out the program’s collection rules and two reports to Congress that discussed the program, which is authorized under Section 215 of the “business records” provision of the Foreign Intelligence Surveillance Act. Administration officials released the documents to reassure critics that the program is strictly supervised and minimally invasive.

For instance, the primary order states that only “appropriately trained and authorized personnel” may have access to the records, which consist of phone numbers of calls made and received, their time and duration, but not names and content. Officials call this metadata. The order also states that to query the data, there must be “reasonable, articulable suspicion,” presumably that the number is linked to a foreign terrorist group.

But the documents fueled more concern about the program’s scope among civil liberties advocates who are pressing the administration to release the legal rationale that might explain what makes such large numbers of records relevant to an authorized investigation. Perhaps most alarming to some critics was the disclosure, in the order, that queries of the metadata return results that are placed into a “corporate store” that may then be searched for foreign intelligence purposes with fewer restrictions.

That disclosure takes on significance in light of Deputy NSA Director John C. Inglis’s testimony last month that analysts could extend their searches by “three hops.” That means that starting from a target’s phone number, analysts can search on the phone numbers of people in contact with the target, then the numbers of people in contact with that group, and then the numbers of people in contact with that larger pool. That is potentially millions of people, said Jameel Jaffer, deputy legal director of the American Civil Liberties Union, who also testified Wednesday.

The Office of the DNI earlier released a statement that fewer than 300 numbers were queried in 2012. That could still mean potentially hundreds of millions of records, Sen. Richard J. Durbin (D-Ill.) said at the hearing.

Also, according to the order, the NSA does not need to audit the results of searches of the corporate store.

The order asserts that phone metadata could be obtained with a grand jury subpoena. That may be true for one person or even a group of people, but not for all Americans’ phone records, critics said.

Privacy advocates criticized redactions in the reports to Congress of information about the NSA’s failure to comply with its own internal rules. That is “among the most important information that the American public needs to critically assess whether these programs are proper,” said Mark Rumold, a staff lawyer at the Electronic Frontier Foundation.

At the hearing, Leahy voiced upset with the administration for suggesting that the program was as effective in thwarting terrorist plots as another NSA program, authorized under Section 702 of FISA and targeting foreigners’ communications. “I don’t think that’s a coincidence when we have people in government make that comparison, but it needs to stop,” he said of attempts to conflate the two programs’ utility.

He noted that senior officials had testified that the phone logging effort was critical to thwarting 54 plots, but after reviewing NSA material, he said that assertion cannot be made — “not by any stretch.” Pressed by Leahy on the point, Inglis admitted that the program “made a contribution” in 12 plots with a domestic nexus, but only one case came close to a “but-for” or critical contribution.

Carol D. Leonnig and William Branigin contributed to this report.

By Ellen Nakashima, Published: July 31, 2013

Find this story at 31 July 2013

© 1996-2014 The Washington Post

Der britische Geheimdienst wurde bei Abhöraktionen umfangreicher von Telekommunikationsfirmen unterstützt als bislang bekannt. Das berichten “Süddeutsche Zeitung” und NDR. Sogar Programmierarbeit soll an die Firmen ausgelagert worden sein.

Berlin – Laut übereinstimmenden Berichten des NDR und der “Süddeutschen Zeitung” (SZ) sind einige private Telekommunikationsunternehmen stärker in die Abhöraktionen ausländischer Geheimdienste verwickelt als bisher angenommen. Der britische Geheimdienst GCHQ etwa, ein enger Partner des US-Diensts NSA, arbeite beim Abhören des Internetverkehrs mit sieben großen Firmen zusammen.

NDR und “Süddeutsche Zeitung” beziehen sich in ihren Berichten auf Dokumente des ehemaligen NSA-Vertragsmitarbeiters Edward Snowden, die sie einsehen konnten. Die interne Präsentation von 2009 nennt neben den internationalen Unternehmen British Telecom, Verizon und Vodafone auch die Netzwerkbetreiber Level 3, Interoute, Viatel und Global Crossing als Schlüsselpartner des GCHQ. Global Crossing wurde inzwischen von Level 3 gekauft.

Gemeinsam spannen die Unternehmen laut NDR und “SZ” ein engmaschiges Datennetz über Europa und weite Teile der Welt. Einige Firmen wie Level 3 betreiben in Deutschland demnach große Datenzentren. Demnach betreibt Level 3 Rechenzentren in mehreren deutschen Städten, ein Transatlantikkabel von Global Crossing ist in Westerland auf Sylt mit deutschen Netzen verbunden. Das Unternehmen Interoute, das den Unterlagen zufolge auch mit dem GCHQ kooperiert, betreibt 15 Netzknoten in Deutschland.

Teilweise sei die Kooperation mit dem Geheimdienst über den einfachen Zugang zu den Datennetzen hinausgegangen, berichten “SZ” und NDR. Einige Firmen sollen laut den Dokumenten sogar Computerprogramme entwickelt haben, um dem britischen Geheimdienst das Abfangen von Daten aus ihren Netzen zu erleichtern. Faktisch habe der GCHQ einen Teil seiner Ausspäharbeit an Privatunternehmen delegiert.

Viatel bestreitet Zusammenarbeit

Die meisten der Unternehmen verwiesen laut NDR und “SZ” auf Gesetze, die Regierungen erlaubten, Firmen unter bestimmten Umständen zur Herausgabe von Informationen zu verpflichten. Viatel widersprach den Angaben und erklärte, nicht mit dem GCHQ zu kooperieren und dem Geheimdienst auch keinen Zugang zur eigenen Infrastruktur oder zu Kundendaten zu gewähren.

02. August 2013, 09:20 Uhr

Find this story at 2 August 2013

© SPIEGEL ONLINE 2013

The U.S. government had a problem: Spying in the digital age required access to the fiber-optic cables traversing the world’s oceans, carrying torrents of data at the speed of light. And one of the biggest operators of those cables was being sold to an Asian firm, potentially complicating American surveillance efforts.

Enter “Team Telecom.”

In months of private talks, the team of lawyers from the FBI and the departments of Defense, Justice and Homeland Security demanded that the company maintain what amounted to an internal corporate cell of American citizens with government clearances. Among their jobs, documents show, was ensuring that surveillance requests got fulfilled quickly and confidentially.

This “Network Security Agreement,” signed in September 2003 by Global Crossing, became a model for other deals over the past decade as foreign investors increasingly acquired pieces of the world’s telecommunications infrastructure.

The publicly available agreements offer a window into efforts by U.S. officials to safeguard their ability to conduct surveillance through the fiber-optic networks that carry a huge majority of the world’s voice and Internet traffic.

The agreements, whose main purpose is to secure the U.S. telecommunications networks against foreign spying and other actions that could harm national security, do not authorize surveillance. But they ensure that when U.S. government agencies seek access to the massive amounts of data flowing through their networks, the companies have systems in place to provide it securely, say people familiar with the deals.

Negotiating leverage has come from a seemingly mundane government power: the authority of the Federal Communications Commission to approve cable licenses. In deals involving a foreign company, say people familiar with the process, the FCC has held up approval for many months while the squadron of lawyers dubbed Team Telecom developed security agreements that went beyond what’s required by the laws governing electronic eavesdropping.

The security agreement for Global Crossing, whose fiber-optic network connected 27 nations and four continents, required the company to have a “Network Operations Center” on U.S. soil that could be visited by government officials with 30 minutes of warning. Surveillance requests, meanwhile, had to be handled by U.S. citizens screened by the government and sworn to secrecy — in many cases prohibiting information from being shared even with the company’s executives and directors.

“Our telecommunications companies have no real independence in standing up to the requests of government or in revealing data,” said Susan Crawford, a Yeshiva University law professor and former Obama White House official. “This is yet another example where that’s the case.”

The full extent of the National Security Agency’s access to fiber-optic cables remains classified. The Office of the Director of National Intelligence issued a statement saying that legally authorized data collection “has been one of our most important tools for the protection of the nation’s — and our allies’ — security. Our use of these authorities has been properly classified to maximize the potential for effective collection against foreign terrorists and other adversaries.”

It added, “As always, the Intelligence and law enforcement communities will continue to work with all members of Congress to ensure the proper balance of privacy and protection for American citizens.”

Collecting information

Documents obtained by The Washington Post and Britain’s Guardian newspaper in recent weeks make clear how the revolution in information technology sparked a revolution in surveillance, allowing the U.S. government and its allies to monitor potential threats with a reach impossible only a few years earlier.

Yet any access to fiber-optic cables allows for possible privacy intrusions into Americans’ personal communications, civil libertarians say.

As people worldwide chat, browse and post images through online services, much of the information flows within the technological reach of U.S. surveillance. Though laws, procedural rules and internal policies limit how that information can be collected and used, the data from billions of devices worldwide flow through Internet choke points that the United States and its allies are capable of monitoring.

This broad-based surveillance of fiber-optic networks runs parallel to the NSA’s PRISM program, which allows analysts to access data from nine major Internet companies, including Google, Facebook, Microsoft, Yahoo, AOL and Apple, according to classified NSA PowerPoint slides. (The companies have said the collection is legal and limited.)

One NSA slide titled, “Two Types of Collection,” shows both PRISM and a separate effort labeled “Upstream” and lists four code names: Fairview, Stormbrew, Blarney and Oakstar. A diagram superimposed on a crude map of undersea cable networks describes the Upstream program as collecting “communications on fiber cables and infrastructure as data flows past.”

The slide has yellow arrows pointing to both Upstream and PRISM and says, “You Should Use Both.” It also has a header saying “FAA 702 Operations,” a reference to a section of the amended Foreign Intelligence Surveillance Act that governs surveillance of foreign targets related to suspected terrorism and other foreign intelligence.

Under that provision, the government may serve a court order on a company compelling it to reach into its networks for data on multiple targets who are foreigners reasonably believed to be overseas. At an Internet gateway, the government may specify a number of e-mail addresses of foreigners to be targeted without the court signing off on each one.

When the NSA is collecting the communications of a foreign, overseas target who is speaking or e-mailing with an American, that American’s e-mail or phone call is considered to be “incidentally” collected. It is considered “inadvertently” collected if the target actually turns out to be an American, according to program rules and people familiar with them. The extent of incidental and inadvertent collection has not been disclosed, leading some lawmakers to demand disclosure of estimates of how many Americans’ communications have been gathered. No senior intelligence officials have answered that question publicly.

Using software that scans traffic and “sniffs out” the targeted e-mail address, the company can pull out e-mail traffic automatically to turn over to the government, according to several former government officials and industry experts.

It is unclear how effective that approach is compared with collecting from a “downstream” tech company such as Google or Facebook, but the existence of separate programs collecting data from both technology companies and telecommunications systems underscores the reach of government intelligence agencies.

“People need to realize that there are many ways for the government to get vast amounts of e-mail,” said Chris Soghoian, a technology expert with the American Civil Liberties Union.

Controlling the data flow

The drive for new intelligence sources after the Sept. 11, 2001, attacks relied on a key insight: American companies controlled most of the Internet’s essential pipes, giving ample opportunities to tap the torrents of data flowing by. Even terrorists bent on destruction of the United States, it turned out, talked to each other on Web-based programs such as Microsoft’s Hotmail.

Yet even data not handled by U.S.-based companies generally flowed across parts of the American telecommunications infrastructure. Most important were the fiber-optic cables that largely have replaced the copper telephone wires and the satellite and microwave transmissions that, in an earlier era, were the most important targets for government surveillance.

Fiber-optic cables, many of which lie along the ocean floor, provide higher-quality transmission and greater capacity than earlier technology, with the latest able to carry thousands of gigabits per second.

The world’s hundreds of undersea cables now carry 99 percent of all intercontinental data, a category that includes most international phone calls, as well, says TeleGeography, a global research firm.

The fiber-optic networks have become a rich source of data for intelligence agencies. The Guardian newspaper reported last month that the Government Communications Headquarters, the British equivalent of the NSA, taps and stores data flowing through the fiber-optic cables touching that nation, a major transit point for data between Europe and the Americas. That program, code-named Tempora, shares data with the NSA, the newspaper said.

Tapping undersea transmission cables had been a key U.S. surveillance tactic for decades, dating back to the era when copper lines carrying sensitive telephone communications could be accessed by listening devices divers could place on the outside of a cable’s housing, said naval historian Norman Polmar, author of “Spy Book: The Encyclopedia of Espionage.”

“The U.S. has had four submarines that have been outfitted for these special missions,” he said.

But the fiber-optic lines — each no thicker than a quarter — were far more difficult to tap successfully than earlier generations of undersea technology, and interception operations ran the risk of alerting cable operators that their network had been breached.

It’s much easier to collect information from any of dozens of cable landing stations around the world — where data transmissions are sorted into separate streams — or in some cases from network operations centers that oversee the entire system, say those familiar with the technology who spoke on the condition of anonymity to discuss sensitive intelligence matters.

Expanding powers

In the aftermath of the Sept. 11 attacks, the NSA said its collection of communications inside the United States was constrained by statute, according to a draft report by the agency’s inspector general in 2009, which was obtained by The Post and the Guardian. The NSA had legal authority to conduct electronic surveillance on foreigners overseas, but the agency was barred from collecting such information on cables as it flowed into and through the United States without individual warrants for each target.

“By 2001, Internet communications were used worldwide, underseas cables carried huge volumes of communications, and a large amount of the world’s communications passed through the United States,” the report said. “Because of language used in the [Foreign Intelligence Surveillance] Act in 1978, NSA was required to obtain court orders to target e-mail accounts used by non-U.S. persons outside the United States if it intended to intercept the communications at a webmail service within the United States. Large numbers of terrorists were using such accounts in 2001.”

As a result, after White House and CIA officials consulted with the NSA director, President George W. Bush, through a presidential order, expanded the NSA’s legal authority to collect communications inside the United States. The President’s Surveillance Program, the report said, “significantly increased [NSA’s] access to transiting foreign communications.”

Gen. Michael Hayden, then the NSA director, described that information as “the real gold of the program” that led to the identification of threats within the United States, according to the inspector general’s report.

Elements of the President’s Surveillance Program became public in 2005, when the New York Times reported the government’s ability to intercept e-mail and phone call content inside the United States without court warrants, sparking controversy. The FISA court began oversight of those program elements in 2007.

As these debates were playing out within the government, Team Telecom was making certain that surveillance capacity was not undermined by rising foreign ownership of the fiber-optic cables that the NSA was using.

The Global Crossing deal created particular concerns. The company had laid an extensive network of undersea cables in the world, but it went bankrupt in 2002 after struggling to handle more than $12 billion in debt.

Two companies, one from Singapore and a second from Hong Kong, struck a deal to buy a majority stake in Global Crossing, but U.S. government lawyers immediately objected as part of routine review of foreign investment into critical U.S. infrastructure.

President Gerald Ford in 1975 had created an interagency group — the Committee on Foreign Investment in the United States, or CFIUS — to review deals that might harm U.S. national security. Team Telecom grew out of that review process. Those executive branch powers were expanded several times over the decades and became even more urgent after the Sept. 11 attacks, when the Defense Department became an important player in discussions with telecommunications companies.

The Hong Kong company soon withdrew from the Global Crossing deal, under pressure from Team Telecom, which was worried that the Chinese government might gain access to U.S. surveillance requests and infrastructure, according to people familiar with the negotiations.

Singapore Technologies Telemedia eventually agreed to a slate of concessions, including allowing half of the board of directors of a new subsidiary managing the undersea cable network to consist of American citizens with security clearances. They would oversee a head of network operations, a head of global security, a general counsel and a human resources officer — all of whom also would be U.S. citizens with security clearances. The FBI and the departments of Defense, Justice and Homeland Security had the power to object to any appointments to those jobs or to the directors who had to be U.S. citizens.

U.S. law already required that telecommunications companies doing business in the United States comply with surveillance requests, both domestic and international. But the security agreement established the systems to ensure that compliance and to make sure foreign governments would not gain visibility into the working of American telecommunications systems — or surveillance systems, said Andrew D. Lipman, a telecommunications lawyer who has represented Global Crossing and other firms in negotiating such deals.

“These Network Security Agreements flesh out the details,” he said.

Lipman, a partner with Bingham McCutchen, based in Washington, said the talks with Team Telecom typically involve little give and take. “It’s like negotiating with the Motor Vehicle Department,” he said.

Singapore Technologies Telemedia sold Global Crossing in 2011 to Level 3 Communications, a company based in Colorado. But the Singaporean company maintained a minority ownership stake, helping trigger a new round of review by Team Telecom and a new Network Security Agreement that added several new conditions.

A spokesman for Level 3 Communications declined to comment for this article.

By Craig Timberg and Ellen Nakashima, Published: July 7, 2013

Find this story at 7 July 2013

© 1996-2014 The Washington Post

• Secret files show scale of Silicon Valley co-operation on Prism
• Outlook.com encryption unlocked even before official launch
• Skype worked to enable Prism collection of video calls
• Company says it is legally compelled to comply

Microsoft has collaborated closely with US intelligence services to allow users’ communications to be intercepted, including helping the National Security Agency to circumvent the company’s own encryption, according to top-secret documents obtained by the Guardian.

The files provided by Edward Snowden illustrate the scale of co-operation between Silicon Valley and the intelligence agencies over the last three years. They also shed new light on the workings of the top-secret Prism program, which was disclosed by the Guardian and the Washington Post last month.

The documents show that:

• Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal;

• The agency already had pre-encryption stage access to email on Outlook.com, including Hotmail;

• The company worked with the FBI this year to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide;

• Microsoft also worked with the FBI’s Data Intercept Unit to “understand” potential issues with a feature in Outlook.com that allows users to create email aliases;

• In July last year, nine months after Microsoft bought Skype, the NSA boasted that a new capability had tripled the amount of Skype video calls being collected through Prism;

• Material collected through Prism is routinely shared with the FBI and CIA, with one NSA document describing the program as a “team sport”.

The latest NSA revelations further expose the tensions between Silicon Valley and the Obama administration. All the major tech firms are lobbying the government to allow them to disclose more fully the extent and nature of their co-operation with the NSA to meet their customers’ privacy concerns. Privately, tech executives are at pains to distance themselves from claims of collaboration and teamwork given by the NSA documents, and insist the process is driven by legal compulsion.

In a statement, Microsoft said: “When we upgrade or update products we aren’t absolved from the need to comply with existing or future lawful demands.” The company reiterated its argument that it provides customer data “only in response to government demands and we only ever comply with orders for requests about specific accounts or identifiers”.

In June, the Guardian revealed that the NSA claimed to have “direct access” through the Prism program to the systems of many major internet companies, including Microsoft, Skype, Apple, Google, Facebook and Yahoo.

Blanket orders from the secret surveillance court allow these communications to be collected without an individual warrant if the NSA operative has a 51% belief that the target is not a US citizen and is not on US soil at the time. Targeting US citizens does require an individual warrant, but the NSA is able to collect Americans’ communications without a warrant if the target is a foreign national located overseas.

Since Prism’s existence became public, Microsoft and the other companies listed on the NSA documents as providers have denied all knowledge of the program and insisted that the intelligence agencies do not have back doors into their systems.

Microsoft’s latest marketing campaign, launched in April, emphasizes its commitment to privacy with the slogan: “Your privacy is our priority.”

Similarly, Skype’s privacy policy states: “Skype is committed to respecting your privacy and the confidentiality of your personal data, traffic data and communications content.”

But internal NSA newsletters, marked top secret, suggest the co-operation between the intelligence community and the companies is deep and ongoing.

The latest documents come from the NSA’s Special Source Operations (SSO) division, described by Snowden as the “crown jewel” of the agency. It is responsible for all programs aimed at US communications systems through corporate partnerships such as Prism.

The files show that the NSA became concerned about the interception of encrypted chats on Microsoft’s Outlook.com portal from the moment the company began testing the service in July last year.

Within five months, the documents explain, Microsoft and the FBI had come up with a solution that allowed the NSA to circumvent encryption on Outlook.com chats

A newsletter entry dated 26 December 2012 states: “MS [Microsoft], working with the FBI, developed a surveillance capability to deal” with the issue. “These solutions were successfully tested and went live 12 Dec 2012.”

Two months later, in February this year, Microsoft officially launched the Outlook.com portal.

Another newsletter entry stated that NSA already had pre-encryption access to Outlook email. “For Prism collection against Hotmail, Live, and Outlook.com emails will be unaffected because Prism collects this data prior to encryption.”

Microsoft’s co-operation was not limited to Outlook.com. An entry dated 8 April 2013 describes how the company worked “for many months” with the FBI – which acts as the liaison between the intelligence agencies and Silicon Valley on Prism – to allow Prism access without separate authorization to its cloud storage service SkyDrive.

The document describes how this access “means that analysts will no longer have to make a special request to SSO for this – a process step that many analysts may not have known about”.

The NSA explained that “this new capability will result in a much more complete and timely collection response”. It continued: “This success is the result of the FBI working for many months with Microsoft to get this tasking and collection solution established.”

A separate entry identified another area for collaboration. “The FBI Data Intercept Technology Unit (DITU) team is working with Microsoft to understand an additional feature in Outlook.com which allows users to create email aliases, which may affect our tasking processes.”

The NSA has devoted substantial efforts in the last two years to work with Microsoft to ensure increased access to Skype, which has an estimated 663 million global users.

One document boasts that Prism monitoring of Skype video production has roughly tripled since a new capability was added on 14 July 2012. “The audio portions of these sessions have been processed correctly all along, but without the accompanying video. Now, analysts will have the complete ‘picture’,” it says.

Eight months before being bought by Microsoft, Skype joined the Prism program in February 2011.

According to the NSA documents, work had begun on smoothly integrating Skype into Prism in November 2010, but it was not until 4 February 2011 that the company was served with a directive to comply signed by the attorney general.

The NSA was able to start tasking Skype communications the following day, and collection began on 6 February. “Feedback indicated that a collected Skype call was very clear and the metadata looked complete,” the document stated, praising the co-operation between NSA teams and the FBI. “Collaborative teamwork was the key to the successful addition of another provider to the Prism system.”

ACLU technology expert Chris Soghoian said the revelations would surprise many Skype users. “In the past, Skype made affirmative promises to users about their inability to perform wiretaps,” he said. “It’s hard to square Microsoft’s secret collaboration with the NSA with its high-profile efforts to compete on privacy with Google.”

The information the NSA collects from Prism is routinely shared with both the FBI and CIA. A 3 August 2012 newsletter describes how the NSA has recently expanded sharing with the other two agencies.

The NSA, the entry reveals, has even automated the sharing of aspects of Prism, using software that “enables our partners to see which selectors [search terms] the National Security Agency has tasked to Prism”.

The document continues: “The FBI and CIA then can request a copy of Prism collection of any selector…” As a result, the author notes: “these two activities underscore the point that Prism is a team sport!”

In its statement to the Guardian, Microsoft said:

We have clear principles which guide the response across our entire company to government demands for customer information for both law enforcement and national security issues. First, we take our commitments to our customers and to compliance with applicable law very seriously, so we provide customer data only in response to legal processes.

Second, our compliance team examines all demands very closely, and we reject them if we believe they aren’t valid. Third, we only ever comply with orders about specific accounts or identifiers, and we would not respond to the kind of blanket orders discussed in the press over the past few weeks, as the volumes documented in our most recent disclosure clearly illustrate.

Finally when we upgrade or update products legal obligations may in some circumstances require that we maintain the ability to provide information in response to a law enforcement or national security request. There are aspects of this debate that we wish we were able to discuss more freely. That’s why we’ve argued for additional transparency that would help everyone understand and debate these important issues.

In a joint statement, Shawn Turner, spokesman for the director of National Intelligence, and Judith Emmel, spokeswoman for the NSA, said:

The articles describe court-ordered surveillance – and a US company’s efforts to comply with these legally mandated requirements. The US operates its programs under a strict oversight regime, with careful monitoring by the courts, Congress and the Director of National Intelligence. Not all countries have equivalent oversight requirements to protect civil liberties and privacy.

They added: “In practice, US companies put energy, focus and commitment into consistently protecting the privacy of their customers around the world, while meeting their obligations under the laws of the US and other countries in which they operate.”

• This article was amended on 11 July 2013 to reflect information from Microsoft that it did not make any changes to Skype to allow Prism collection on or around July 2012.

Glenn Greenwald, Ewen MacAskill, Laura Poitras, Spencer Ackerman and Dominic Rushe
The Guardian, Friday 12 July 2013

Find this story at 12 July 2013

© 2014 Guardian News and Media Limited or its affiliated companies. All rights reserved.

Microsoft arbeitet angeblich intensiv mit US-Geheimdiensten zusammen. Nach Informationen, die Edward Snowden dem “Guardian” zugespielt hat, soll der Konzern den Ermittlern Zugang zu E-Mails und Skype-Gesprächen gewährt und sogar die firmeneigene Verschlüsselung ausgehebelt haben.

Hamburg/London – Edward Snowden hat mit seinen Enthüllungen über die globale Datenschnüffelei der US-Geheimdienste nicht nur die amerikanische Politik in helle Aufregung versetzt, sondern auch die dortige IT-Branche. Giganten wie Facebook, Apple, Google und Microsoft haben bisher versucht, den Eindruck zu erwecken, ihre Zusammenarbeit mit den US-Behörden beschränke sich auf das Nötigste.

Jetzt aber berichtet der britische “Guardian”, wie Microsoft mit den Ermittlern kooperiert. Demnach zeigen Informationen von Snowden, dass das Unternehmen seit drei Jahren intensiv mit US-Geheimdiensten zusammenarbeitet.

Die National Security Agency (NSA) habe etwa die Sorge geäußert, Web-Chats auf dem neuen Outlook.com-Portal nicht mitlesen zu können. Microsoft habe daraufhin der NSA geholfen, die konzerneigene Verschlüsselungstechnik zu umgehen. Dieses Vorgehen soll sich dem Bericht zufolge nicht auf die Web-Chats beschränkt haben: Die NSA soll auch Zugang zu E-Mails auf Outlook.com und Hotmail trotz der Verschlüsselung gehabt haben.

Auch der Internettelefoniedienst Skype, den Microsoft im Oktober 2011 gekauft hat, geriet ins Visier der NSA: Laut “Guardian” hat die Firma Geheimdiensten ermöglicht, im Rahmen des “Prism”-Überwachungsprogramms sowohl Video- als auch Audio-Unterhaltungen mitzuschneiden.

Microsoft begründete sein Vorgehen mit rechtlichen Zwängen: “Wenn wir Produkte verbessern, müssen wir uns weiterhin Anfragen beugen, die mit dem Gesetz in Einklang sind.” Das Unternehmen betonte, dass es Kundendaten nur auf Anfrage der Regierung herausgebe – und auch das nur, wenn es um spezifische Konten oder Nutzer gehe.

Spannungen zwischen Silicon Valley und Obama-Regierung

Aus den Unterlagen geht laut “Guardian” hervor, dass das durch “Prism” gesammelte Material routinemäßig an das FBI und den US-Auslandsgeheimdienst CIA geht. In einem NSA-Dokument sei von einem “Mannschaftssport” die Rede.

Die neuen Informationen zeigen nach Angaben des “Guardian” auch, dass es Spannungen zwischen dem Silicon Valley, Standort zahlreicher Computerunternehmen, und der Regierung von US-Präsident Barack Obama gibt. Alle großen Technologiefirmen drängten die US-Regierung, ihnen zu erlauben, das Ausmaß der Zusammenarbeit mit den Behörden öffentlich zu machen, um den Datenschutzbedenken ihrer Kunden gerecht zu werden.

11. Juli 2013, 23:34 Uhr

Find this story at 11 July 2013

© SPIEGEL ONLINE 2013

Spies such as Mata Hari, heroic nurse Edith Cavell, suffragette Sylvia Pankhurst and the Boy Scouts feature in documents

Exotic spies, heroes, and known and suspected communists feature in top-secret MI5 files available online for the first time on Thursday to mark the 100th anniversary of the first world war.

Mata Hari, Edith Cavell, Sir Roger Casement, Arthur Ransome, Sidney Reilly, a leading suffragette and the Boy Scouts were among those MI5 kept under surveillance in its early years as Britain’s Security Service.

Mata Hari, one of history’s most celebrated honey-trap spies, first came to MI5’s attention in December 1915 when she arrived at Folkestone on the Dieppe boat train. She admitted her destination was The Hague to be near her lover Baron Van der Capellen, a colonel in the Dutch Hussars.

The following year, MI5’s informant in The Hague, codenamed “T”, reported: “Mata Hari is a demi-mondaine who is in relation with highly placed people and during her sojourn in France she made the acquaintance of many French and Belgian officers. She is suspected of having been to France on an important mission for the Germans.”

In November 1916, questioned by MI5, Mata Hari claimed that a French consul in Spain had subsequently asked her to go to Austria to spy on that country’s forces.

A renowned dancer, Mata Hari was a Dutch divorcee born Marguerite Gertrude Zelle in the Dutch East Indies. A French intelligence report dated 22 May 1917, shown to a MI5 officer in Paris, noted: “Mata Hari today confessed that she has been engaged by Consul Cremer of Amsterdam for the German Secret Service. She was paid 20,000 francs in advance.”

She was shot by a French firing squad in 1917.

Edith Cavell, a British nurse at a Red Cross hospital in Belgium, was executed by a German firing squad in October 1915 for helping 200 allied soldiers to escape. The files in the National Archives show that British diplomats clung to the hope that Germany would not execute a woman who was regarded as a heroine.

An MI5 agent in Liège said he had been told by a reliable source that “the two spies who denounced Nurse Cavell have both been killed, one by a bullet in the head, the other by a dagger thrust in the chest”.

Sir Roger Casement, a British consul in Africa and South America knighted for his work in exposing the exploitation and slaughter of Africans and South American Indians, and Sidney Reilly, a naturalised Russian Jew dubbed the Ace of Spies, are other victims of espionage who feature among the 150 MI5 files.

Casement was arrested on a beach in Co Kerry, three days before the 1916 Easter rising, after landing in a boat that had picked him up from a German submarine. A trawler accompanying the submarine and carrying 20,000 guns was scuttled after being intercepted.

The MI5 documents show Casement knew the Easter rising was doomed to failure after Germany reneged on its promises to send troops to help the rebels. The UK government used his “black diaries” to smear him and sabotage a campaign to save his life.

“I have done nothing dishonourable, as you will one day learn,” he told Frank Hall, a senior MI5 officer. Casement was hanged in Pentonville prison on 3 August 1916.

Reilly was recruited to work for the British secret intelligence service, MI6. When he died in 1925 the Russians claimed a guard had shot him as he crossed the border with Finland. MI5 documents suggest he was executed by Bolsheviks in 1925.

Reilly had many wives, according to MI5. A Special Branch informer reported that his second wife, actress Pepita Bobadilla, went to the Russian embassy in Paris following his death. As she applied for a visa, she told the Russians her husband had been “spying for the British government”.

Arthur Ransome, author of Swallows and Amazons, caught MI5’s attention as correspondent for the Manchester Guardian in Moscow who married Trotsky’s secretary, Evgenia Petrovna Shelepina.

British officials told MI5 that Ransome was “exceedingly clever and interesting fellow – but an out and out Bolshevist”. The British consul and MI6 officer in Moscow, Robert Bruce Lockhart, soon corrected them. Ransome, who was given the codename S76, was a valuable intelligence asset during the chaos of the Russian revolution, he said.

The files include one on the suffragette Sylvia Pankhurst, one of MI5’s later targets. MI5 noted that in 1940 she wrote to Viscount Swinton, chairman of a committee investigating Fifth Columnists, sending him a list of active Fascists still at large and of anti-Fascists who had been interned. A copy of the letter includes a note by Swinton, saying: “I should think a most doubtful source of information.”

The files also show how MI5 was concerned that the Boy Scouts were being infiltrated by Communists after the first world war.

The files can be accessed at the National Archives link – First World War 100.

Richard Norton-Taylor
The Guardian, Wednesday 9 April 2014 22.43 BST

Find this story at 9 April 2014

© 2014 Guardian News and Media Limited or its affiliated companies. All rights reserved.

World War I spy Mata Hari refused to fully confess to espionage before facing French firing squad in 1917.

Mata Hari was a wildly-popular Dutch exotic dancer, who was executed as a German spy in 1917.

The spy known as “Mata Hari” was glib in her final prison interrogation before her life ended in front of a French firing squad in the First World War, according to formerly top secret files from the British intelligence agency MI5.
Mata Hari, once a wildly popular Dutch exotic dancer, didn’t appear fazed when an interrogator confronted her with a long list of her lovers, an MI5 report released earlier this month states.
“When faced with her acquaintances with officers of all ranks and all nations, she replied that she loved all officers, and would rather have as her lover a poor officer than a rich banker,” the MI5 files note.
Walking the Western Front:
• Where John McCrae wrote ‘In Flanders Fields’
• The ‘Trench of Death’
Her lovers included a wide range of ages and nationalities, including Germans, French, Russians, Swiss and Spaniards, the files state.
At the time of her execution on Oct. 15, 1917, in a muddy field outside Paris, she was accused of feeding Germany information that cost some 50,000 Allied troops their lives.
But two academics who have studied her case say they don’t believe she provided Germany with any useful information for its war effort.
“She really did not pass on anything that you couldn’t find in the local newspapers in Spain,” said Julie Wheelwright of City University in London, the author of The Fatal Lover: Mata Hari and the Myth of Women in Espionage.
Mata Hari was the stage name for Gertruda Margaretha Zelle, who was born July 8, 1876, in the Dutch East Indies to a Dutch father and a Javanese mother. Wheelwright said she became an exotic dancer after fleeing an abusive marriage.
Wheelwright described her as “an independent woman, a divorcee, a citizen of a neutral country, a courtesan and a dancer, which made her a perfect scapegoat for the French, who were then losing the war.”
“She was kind of held up as an example of what might happen if your morals were too loose,” Wheelwright said.
Wesley Wark, a security, intelligence and terrorism expert at the University of Ottawa, said Mata Hari provided France with a scapegoat when the country wrestled with emerging power for women and fears of losing the war.
“They needed a scapegoat and she was a notable target for scapegoating,” Wark said.
In the MI5 files, an intelligence officer sounds impressed with her attitude during her final days.
“She never made a full confession nor can I find … that she ever gave away anyone as her (accomplice),” the report states.
“She was a ‘femme forte’ and she worked alone,” the report concludes.
The newly released files show Mata Hari was trailed by Allied surveillance officers across France, Spain and England.
The officers noted that on Aug. 4, 1916, she wrote to a Don Diego de Leon and then met a Capt. Vladimir de Masloff, of the Russian army, stationed in France.
“He was very intimate with her from this date and constant letters pass between, he was her favourite lover,” the MI5 files state.
“Same day she met PROFESSOR MARIANI Captain Italian Army.”
While in custody in the ancient Prison de Saint-Lazare outside Paris, she admitted to having spied for the Germans, the MI5 files state.
A file dated May 22, 1917 states: “Matahari today confessed that she has been engaged in Consul CREMER of Amsterdam for the German Secret Service. She was paid 20,000 (francs) in advance and her number was H.21.”
That file also notes her German spymasters gave her vials of invisible ink.
Much of her prison interrogation statement concerns mundane thoughts, not troop movements.
Her MI5 file includes the note: “She had discussed the life led by people in Paris, as regards supply of food etc., had said that the English officers in Paris treated their French Allies badly, although the French went out of their way to treat them ‘like Kings’; that the French nation might live to regret that they had ever allowed the English into the country … .”
Even if she wanted to divulge information, there wasn’t much she could say, Wark said. “Politics wasn’t really part of her world.”
Accounts of her execution say she waved off the offer of a blindfold or the last sacrament. She was reportedly blowing a kiss — at her lawyer, a nun or the firing squad, depending on who’s telling the story — the instant her life ended.
Wheelwright thinks this was likely bravado on the dancer’s part.
“This was going to be her last performance and she was going to go out in style,” she said. “She was playing to the crowd, which is what she always did.”

By: Peter Edwards Star Reporter, Published on Thu Apr 24 2014

Find this story at 24 April 2014

© Copyright Toronto Star Newspapers Ltd. 1996-2014

Mata Hari: beautiful exotic dancer turned espionage agent
Mata Hari, the glamorous World War I spy shot by the French in 1917, was watched by MI5 for two years, according to the newly released secret government papers.
The former wife of a Dutch army colonel, she was recruited by German intelligence while performing as a stripper in Berlin.

Special Report: Wartime Spies The sultry spy, who was notorious in prewar Paris for her exotic dancing and libidinous lifestyle, was interrogated twice by the British secret service but they could not force her to reveal her activities.

She later confessed all to French authorities and was executed. Her MI5 files note however that there was never any evidence that she passed on anything of military importance.

‘Unfavourable impression’

Mata Hari was born Margaretha Geertruida Zelle in Leeuwarden, The Netherlands.

She first attracted the suspicion of British officials in December 1915 and was arrested at the southern English port of Folkestone attempting to board a boat for France.

Under interrogation, she admitted she was heading for The Hague to live near her lover, a Dutch colonel. But MI5 could not pin anything further on her.

Her interrogator, Captain S S Dillon, noted at the time: “Although she had good answers to every question, she impressed me very unfavourably, but after having her very carefully searched and finding nothing, I considered I hadn’t enough grounds to refuse her embarkation.”

The report also noted that she was “handsome, bold … well and fashionably dressed” in a costume with “raccoon fur trimming and hat to match”.

Suspect

Mata Hari
MI5 decided to keep tabs
MI5 continued to monitored her after she settled in The Hague, and soon an informant revealed she was being paid by the German Embassy.

A February 1916 intelligence report noted that she was “in relation with highly placed people and during her sojourn in France she made the acquaintance of many French and Belgian officers”.

“She is suspected of having been to France on important mission for the Germans,” the report said. The report concluded that the matter was being followed up.

Wrongly suspected

In November 1916, British authorities removed Mata Hari from a steamer at the port of Falmouth en route from Spain to Holland, believing she was another German spy, Clara Benedix.

She was taken, along with her 10 travelling trunks, to be interviewed by MI5 and the police. She told them she had been recruited by a Belgian officer, to work for his country’s intelligence service.

She also alleged that the French consul in Vigo, Spain, had asked her to spy on Russian forces in Austria.

Death by firing squad

Once again there was insufficient evidence to detain her and she was sent back to Spain.

The following year she was arrested by the French authorities, court martialled and sentenced to death by firing squad.

A French intelligence report shown to MI5 noted: “Mata Hari today confessed that she has been engaged by Consul Cremer of Amsterdam for the German Secret Service.”

She admitted sending “general information of every kind procurable,” but mentioned no military secrets, it said.

Tuesday, 26 January, 1999, 23:22 GMT

Find this story at 26 January 1999

© BBC

from the holds-several-‘most-rights-violated’-trophies,-however dept

Certain demographics are desirable. 18-34? Taste-makers and early adopters. 35-49? Money. Muslim and New York City resident? Being a member of this group meant (until recently) having First Amendment-protected activities being closely scrutinized by the NYPD’s now-defunct “Demographics Unit.”

This special unit was recently disbanded, roughly a decade after it should have been, thanks to a new mayor and a new police commissioner. The unit was put together by a former CIA officer who used the post-9/11 attack climate to push for expansive surveillance of the city’s Muslim population, including designating entire mosques as terrorist-related entities. Despite all the extra attention being paid to Muslims, not a single useful investigation resulted from this unit’s work.

The surveillance being done by this unit so pervasively subverted civil liberties protections that not even the CIA could access the NYPD’s files without breaking its internal rules. The same goes for the FBI, which has long partnered with the NYPD in its counter-terrorism efforts. Don Borelli, a former FBI agent, has written a piece for the New York Daily News, detailing why police commissioner Bill Bratton was right to disband the Demographics Unit.
Together, we were able to stop many threats — and save many lives — including a serious plot against the subways from Najibullah Zazi, an ethnic Afghan who grew up in Queens and went on to become an Al Qaeda operative.

Interestingly enough, the NYPD demographics unit had detailed files on Zazi’s neighborhood in Flushing during the period in which he was becoming radicalized. It kept files on businesses and visited coffee shops believed to be hangouts for potential terrorists. The unit even visited the travel agency where Zazi bought his ticket to travel to Afghanistan for terrorism training.

So why wasn’t Zazi identified until he was driving to New York from Denver to blow up the subway? Because the program was ineffective. The mission of the demographics unit was to spot the terrorists in the haystack, but again and again it failed to do so.
All haystack, no needle, like so many other surveillance programs. The unit overwhelmed itself in useless data, keeping it from finding what it needed when it mattered most. These data swamps built by investigative agencies have proven to be more dangerous than old-fashioned police work.
During my time with the Joint Terrorism Task Force, I read many reports derived from investigations conducted by the NYPD Intelligence Division, which may well have relied on the demographics unit’s work. I was presented with many interesting facts about where people were attending Friday prayers and who belonged to various Muslim student associations.

But rarely did I learn anything I didn’t already know through traditional investigations, much less anything that would have led me to open a terrorism investigation.
Adding to the mess here is the NYPD’s twisted relationship with the FBI. While it clearly enjoys access to G-men and their tools, former police chief Ray Kelly often made it clear that his officers did superior work and that the FBI’s production of information was too slow to be useful. Of course, FBI agents have said the same thing about the NYPD, particularly in the information department, where the sharing was usually a one-way street that flowed out of the FBI and into the NYPD’s hands.

Beyond the antagonistic relationship is the Demographic Unit itself — its own worst enemy. The former CIA officer who had a local judge rewrite guidelines to give the NYPD unprecedented permission for pervasive surveillance also managed to ensure that most info flowing back upstream to the FBI ended up being routed directly into the trash can.
Moreover, I wound up shredding some of these reports because they had no investigative value and, in my opinion, did not belong in any FBI file because they solely reported on what was First Amendment-protected activity.
Much like other failures to stop terrorist activity, the problems here were communication (too little) and information (too much). As Borelli notes, in his experience, it’s been more useful to build trust than to endlessly spy, something the NYPD really hasn’t made much effort to foster over the years. But its failure to do so means it has buried itself in data and alienated those who could bring an inside perspective. A decade’s worth of spying resulted in nothing but violated rights.

by Tim Cushing
Mon, Apr 28th 2014 4:05pm

Find this story at 28 April 2014

• Photographer arrested after 2008 protest wins ruling
• FBI sought to protect ‘confidential sources’

The FBI has lost a legal battle to prevent the disclosure of documents that could reveal the identity of two of its covert informants.

In highly unusual case Laura Sennett, a freelance photojournalist, has won a ruling from a district court that compels the FBI to provide her with documents that shed light on informants use by agents used in their investigation into a protest which resulted in damage to a hotel lobby in Washington.

The FBI launched its joint terrorism task force investigation days after anarchists protested a World Bank and International Monetary Fund meeting in the capital in April 2008.

Protesters stormed into the lobby of the Four Seasons Hotel around 2.30am, chanting slogans and throwing paint-filled balloons. Most of the criminal damage, including a broken window, was minor, although the hotel said a statue worth more than $200,000 was damaged.

Sennett had been tipped off about the protest and attended to take photographs. She believed the protesters planned to wake up the IMF delegates by making a commotion, and maintains she had no prior knowledge of their criminal intent. She did not enter the hotel lobby – choosing to photograph events from outside.

Both of the “confidential sources” cited in the court case were asked by the FBI to review surveillance footage of the protest, in order to help identify who was there. They identified a handful of activists as well as Sennett, who specialises in reporting grass-roots activism.

The FBI placed the photojournalist under surveillance before raiding her home with two-dozen armed law enforcement officials, who seized memory cards, hard drives and computer and camera equipment.

In an effort to find out more about why she was targeted, Sennett, 51, has been running a legal campaign to obtain information the bureau holds about her, using Freedom of Information Act (FOIA) requests.

She had so far been given more than 1,000 pages of FBI documents, which the Guardian has seen, but the bureau withheld key portions, claiming they fell under an exemption intended to protect the identity of “confidential sources”. That decision has been challenged in court by Sennett’s lawyers.

On Wednesday, district judge James E Boasberg sided with Sennett, ordering the FBI to release the contested documents, which all parties accept “could reasonably be expected to disclose the identity of a confidential source”.

The judge said that despite three attempts, the FBI had failed to convince him the sources would have inferred confidentiality from their interactions with agents.

Dan Metcalfe, who directed the Justice Department’s Office of Information and Privacy for more than 25 years before retiring in 2007, and has represented the FBI in dozens of similar cases, said it was “extremely rare” for the bureau to be forced to reveal the identity of a source.

“I can think of just a handful of cases at most in which the FBI has had to disclose potentially identifying information about a confidential source over the past 40 years,” he said.

The case, he said, was a significant blow for the FBI, which is very strongly opposed to revealing the identity of its sources, not least because doing so could discourage future informants from co-operating.

Metcalfe, now a law professor at the American University, said the solicitor general was highly unlikely to launch an appeal.

“I’ve read thousands and thousands of FOIA opinions,” he said. “I would put this in the top percentile for being analytically sound and written exceptionally well. Based upon the facts that one gleans from reading the opinion, this is an entirely correct outcome. I see little or no prospect for reversal on appeal.”

Mike German, a former FBI agent now with the Brennan Center for Justice at New York University, said he believed the two informants in the case, one of whom is said to have attended anti-capitalist meetings, could be private investigators.

“That is something that, having seen the documents, the judge may be less keen on keeping secret,” he said.

German said the fact an act of vandalism against the Four Seasons was even investigated by the FBI’s counter-terrorism teams followed a pattern of investigations into protest movements that are “more about suppressing dissent than investigating serious or violent crime”.

Detective Vincent Antignano, the federal marshall deputised to run the FBI’s investigation into the protest, said in a deposition conducted by Sennett’s legal team he believed Sennett was “like-minded like anarchists”, because she was among the 16 people captured on the hotel’s surveillance video.

“Everyone on that video is a suspect, so that’s the way I look at it,” he said, adding that he assumed she had similar views to the protesters captured in the video “who despise their government”.

Asked to elaborate, Antignano said that while he did not know Sennett’s dietary preference, “she could also be a vegan like … [people] who are against animal protests [sic] or animal research or won’t eat meat and stuff like that.”

Antignano had a broad notion of what behaviour constituted “terrorism”, saying that even an assault could fall within the definition.

“If you get assaulted and you believe you’ve been terrorised, then maybe that is terrorism,” he told Sennett’s lawyer.

The deposition was part of a separate case, in which Sennett’s lawyers sued the FBI for damages they said Sennett suffered as part of the raid on her home, which was led by Antignano.

Sennett said the raid was traumatising. Around two-dozen agents “yanked my 19-year-old son out of bed at gunpoint”, she said, before quizzing her about political books on her shelf and asking what “kind of an American” she was.

Sennet said she replied: “I’m a photographer.”

A freelancer whose images have appeared on CNN, MSNBC and the History Channel and in the Toronto Free Press, Sennett is adamant the FBI must have known she was present at the protest in a journalistic capacity. The FBI denied its agents knew of her occupation.

Sennett was never arrested or charged. She believes undercover police or moles within the protest group may have been responsible for giving the FBI details, including a cellphone number, which allowed agents to track her down.

Her lawyer, DC-based Jeffrey Light, argued that her status as a photojournalist should have barred agents from seizing her material, under a clause of the Privacy Protection Act.

However in that case a district court ruled against Sennett – a decision upheld in 2012 by the court of appeal, which found that while Sennett’s occupation provided “an innocent explanation” for her presence at the protest, the FBI, when it launched its inquiry, still had “probable cause” to believe she was part of a conspiracy to commit vandalism.

Wednesday’s court ruling by judge Boasberg, a Barack Obama appointee, was far more sympathetic to Sennett’s case.

Boasberg said the FBI had failed to provide sufficient proof that its informants “inferred that their communications with the bureau would remain confidential”. While acknowledging the FBI’s argument regarding preserving the confidentiality of informants – “one of source protection and empowerment of law-enforcement agencies” – Boasberg added: “That solicitude, however, can only carry the court so far.”

Light said he hoped Wednesday’s victory, which the government has 90 days to appeal, would take the capital’s protest community a step closer to discovering the identity of potential moles in their midst.

“People want to know who is spying on them,” he said.

Sennett said she hoped that by identification of the FBI’s informants in her case would discourage the bureau from conducting similar quasi-terrorist investigation in the future.

“I pursued this case because I don’t think anyone – activists, freelancers, bloggers – should have to go through what I went through.”

The US attorney’s office said it was reviewing the case but declined to offer further comment.

The FBI also declined a request for comment.

Paul Lewis in Washington
theguardian.com, Friday 2 May 2014 18.01 BST

Find this story at 2 May 2014

© 2014 Guardian News and Media Limited or its affiliated companies.