NSA has direct access to tech giants' systems for user data, secret files reveal

Final countdown – NSA says it really will end blanket phone spying on US citizens this Sunday

http://www.theregister.co.uk/2015/11/27/nsa_phone_spying_deadline/

 

Minimalist,

I just checked my personal TRUST list and surprise the NSA isn't on it!

 

I trust them. They are definitely stopping bulk data collection as indicated. They are just restarting it under a different legal justification.

It doesnt affect me, I am not in America so I have no rights.

 

Yes, I don't trust them either. But I also don't trust other three letter agencies and other big companies when it comes to privacy.

 

Italian intelligence plans to monitor also communications through the Playstation

http://securityaffairs.co/wordpress/42397/hacking/italian-intelligence-monitoring-playstation.html

 

Revealed: FBI can demand web history, phone location data without a warrant

http://www.zdnet.com/article/fbi-can-force-companies-to-turn-over-user-data-without-a-warrant/

 

It was nice to read about someone beating them in court so their "activities" could be reported. For the individual, the overwhelming concern will be the ENCRYPTION/PASSWORD final determination in the courts (USA issue). They can demand anything they want but if you hand them a FDE computer and stand on the 5th that has higher priority at this time. Its totally touch and go with verdicts all over the place. Usually those that lose on the password issue have made a huge mistake (opsec or admissions) which gets cited as the reason for dis-honoring the 5th so to speak.

Your post screams for the importance of a solid VPN/TOR. If your ISP and others don't know your web activities they can't turn much over. It will come down to YOU defending yourself as to who gets to see your web activities. Thats a better scenario than some big ISP just "laying down" to a letter from some agency.

 

The Good: The U.S. District Court for the Southern District of New York is the "Crown Jewel" of the Federal District Court System (Fed District Courts are the first level-where cases are tried, motions to dismiss , etc. are decided) so the decision has weight.

The Bad: The Court Stayed its ruling until the Appeal by The U.S. Dept . of "Justice" is decided by the Second Circuit Court of Appeals. That Court has not hesitated to throw out decisions of The District Court for BS, obviously flawed reasons where matters of National Security are involved.

For example, in a case brought by a group of Journalists which challenged the legality of the provisions to the National Defense Authorization Act of 2012, that allows the U.S. Military to capture an American Citizen on American Soil and Detain Him/Her Indefinitely with absolutely no Constitutional Rights and in total secrecy including the ability to employ rendition to a foreign country that is known to torture at the sole discretion of The President, was invalidated in a blistering opinion by a judge of the Fed Dist Crt. S.D.N.Y. That decision was reversed by The Second Circuit Court of Appeals on totally bogus grounds. Subsequently, The U.S. Supreme Court denied Cert. (declined to hear the appeal)
See: Hedges v. Obama.

So don't get your hopes up and welcome to our Post-Constitutional World :-(

Haven't you heard there's terrrists out there?

 

I am questioning how long the 5th will work. Steve Gibson from the Security Now podcast commented on this and indicated that providing the password is probably self incrimination but the courts have not answered whether decrypting the data is self incriminating. In the wake of the Paris attacks I question how long it will be before the courts deal with this question.

 

I didn't want to make this a full 5th discussion. My point was that without vpns/tor/encryption THEY have everything and you get no bargaining tool or advanced notice. At least this way access to anything only comes through YOU.

The far better practice is to study vpns and tor and all other network issues to keep the wolf from the door in the first place! The BEST is to throw your computer in a lake and never go online, but that is no fun!!

 

GCHQ confirms that it hacks computers without ‘proper warrants’

http://www.welivesecurity.com/2015/...t-it-hacks-computers-without-proper-warrants/

 

Obama Sides with Cameron in Encryption Fight

http://blogs.wsj.com/digits/2015/01/16/obama-sides-with-cameron-in-encryption-fight/

 

The problem is that at face value it is not an unreasonable request. If the government has a warrant reviewed by a real judge for a single person and needs to decrypt their phone it is reasonable that they should be able to get access. As long as the warrant is made available at a later date and there are no gag orders associated.

The problem is that it becomes a very slippery slope. As soon as it is possible to decrypt a device/message the government will put in secret court orders or "thematic warrants" (I love that term) from a court controlled by the government and prevent disclosure of the nature of the order. As soon as you move from "trust no-one encryption" to trust the device/app provider then you have no privacy.

Steve Gibson (Security Now podcast) commented on the issue indicating that the government should be allowed access. I disagree with his stance as he really underestimates the slippery slope. Great discussion though particularly for Wilders Security Forum users.
https://www.grc.com/securitynow.htm

 

@driekus
I see two problems with government getting an access to encrypted data:
1. how to implement it? Till now I didn't hear yet how that would be possible without someone else getting an access also. If one government gets in, others will want same access also, and hackers will get that access also - sooner or later.
2. "bad guys" won't use backdoored services. If provider will allow government to get to encrypted data, they will lose all users that cherish their privacy. Users will just use another provider or other tools. At the end government will get access to less secure data of ordinary people. IMO this is really what they want to achieve. In real democracy government is most afraid of their people and not some criminals and terrorists. Controlling their people is what they all want, fight against criminal and terrorists is just something they want to sell people to give up on their right to privacy.

 

Agree completely with your statements. I am definitely not in favour of government access, just to be clear. It is just when it is presented to the general population as "If the government has a warrant reviewed by a real judge for a single person and needs to decrypt their phone it is reasonable that they should be able to get access." I can see it as a very tough argument to refute. At face value ignoring the implications it is not unreasonable.

The government one (point 1) is particularly interesting because you end up with the situation of trying to determine who the "good" governments are that should be allowed access and who the "bad" governments are. And yes any backdoor will eventually be found. The other problem with backdoors is that you lose access to certain powerful encryption tools (perfect forward secrecy as one I can think of).

 

No real need for explicit backdoors when - for example - the draft Investigatory Powers Bill in the UK already admits to "equipment interference" both targeted and in bulk. This hacking has relied on backdoored or weakened products/services, or the exploitation of bugs, both pretty easy to the weaponisers of the internet, and with the resources to attack all main operating systems..

This makes the effectiveness of encryption more moot - if you can install a KSL (they can and do) - then your encryption passwords are known. Sir David Omand (ex GCHQ) effectively threatened this if encryption proved troublesome.

 

They really prove the point why we wouldnt trust them with a backdoor

 

The French Gov will not block Tor neither Free Wi-Fi

http://securityaffairs.co/wordpress/42737/intelligence/french-gov-will-not-block-tor.html

 

Thought that would be the case. The proposal was deliberately leaked to gauge public opinion.

 

@driekus - as well as those tactics, I believe there is an agreed-behind-the-scenes tactic to have a) coordinated public attacks on things like encryption, and b) attempts to slip anti-privacy legislation into one jurisdiction, and then use that fact as a justification to allow all the other jurisdictions to join in - after all, x does it, so it must be alright. The UK IPB is a case in point, attempting to legitimise mass-surveillance, the UK version of NSLs, and state-mass-hacking. It then makes it much easier for the X-eye countries to do the same, or at least, outflank their local privacy safeguards using the UK as a proxy to give them what they want.

 

Agreed, the US seems to be trying to edge in behind the UK.

They are also trying to introduce the same concept (backdoor on encryption) in different ways, each time trying to confuse a public that struggles to understand even the most basic cryptographic concepts.

 

https://theintercept.com/2015/12/17/a-secret-catalogue-of-government-gear-for-spying-on-your-cellphone/

p.s. This post may be better suited to this thread. Please move if best, thanks.

 

Great read, I found the original document The Intercept reported on to be very useful as well.
https://theintercept.com/document/2015/12/17/government-cellphone-surveillance-catalogue/

The GPS tracking capabilities concern me more than the voice interception.

 

Searching for something completely unrelated, I stumbled across this story. I can't vouch for its accuracy but if it is real it is frightening.

http://climateviewer.com/2014/01/18...-computer-cellphone-screen-using-radio-waves/

 

Sneaky US Government Passes CISA Bill, Hidden Inside Generic Budget Bill

http://news.softpedia.com/news/snea...idden-inside-generic-budget-bill-497865.shtml