NSA has direct access to tech giants' systems for user data, secret files reveal

"ACLU v. Clapper" dismissed but fight is not over.
https://www.eff.org/deeplinks/2013/...ointing-fight-over-programs-legality-far-over
Further reading:
http://www.theguardian.com/world/2013/nov/22/nsa-bulk-data-collection-constitutional-rights-aclu

 

Glenn Greenwald: ‘A Lot’ More NSA Documents to Come

 

Timeline of NSA Domestic Spying.
https://www.eff.org/nsa-spying/timeline

 

How Worried Should We Be About the Alleged RSA-NSA Scheming?
http://www.wired.com/opinion/2013/12/what-we-really-lost-with-the-rsa-nsa-revelations/

 

http://www.spiegel.de/international...ffort-to-spy-on-global-networks-a-940969.html

 

http://www.scidev.net/asia-pacific/...-surveillance-hits-media-freedom-in-asia.html

 

NSA drowning in overcollected data, can't do its job properly.

Related: NSA Struggles to Make Sense of Flood of Surveillance Data.

-- Tom

 

In the EU there are already stiff laws about data protection. It is basically illegal in the EU for data on individuals to be collected and processed. BUT there is a special agreement between the US and the EU that US companies can claim safe harbour status, This means they may declare that they do not conform to EU standards of data protection and thereby operate within the EU while flouting those EU data protection laws. Some of the US companies that claim this safe harbour status include the usual suspects, Google, Facebook, Microsoft etc. I would say a complete list of those US companies claiming safe harbour status in the EU would make a good guide to which US companies would be best avoided by all of those, regardless of nationality, who value their privacy.
It will be interesting to see not only what the official EU reaction to all this will be but also the public reaction and how it affects US based tech companies operating there. I believe the EU has been generally suspicious of US post 911 shenanigans for most of the past decade not least by the Bush administration's scheme to exploit the situation for an excuse to attack Iraq and invade Afganistan. These revelations of spying and information gathering will only serve to increase anti US sentiment there. The EU citizens may not be able to influence anything the US government does but this time US corporations will be left carrying the can.

 

NSA intercepting laptops purchased online to install spy malware

"According to a new report from Der Spiegel based on internal NSA documents, the signals intelligence agency's elite hacking unit (TAO) is able to conduct sophisticated wiretaps in ways that make Hollywood fantasy look more like reality. The report indicates that the NSA, in collaboration with the CIA and FBI, routinely and secretly intercepts shipping deliveries for laptops or other computer accessories in order to implant bugs before they reach their destinations. According to Der Spiegel, the NSA's TAO group is able to divert shipping deliveries to its own "secret workshops" in a method called interdiction, where agents load malware onto the electronics or install malicious hardware that can give US intelligence agencies remote access."

http://www.theverge.com/2013/12/29/5253226/nsa-cia-fbi-laptop-usb-plant-spy

"Sometimes it appears that the world's most modern spies are just as reliant on conventional methods of reconnaissance as their predecessors.

Take, for example, when they intercept shipping deliveries. If a target person, agency or company orders a new computer or related accessories, for example, TAO can divert the shipping delivery to its own secret workshops. The NSA calls this method interdiction. At these so-called "load stations," agents carefully open the package in order to load malware onto the electronics, or even install hardware components that can provide backdoor access for the intelligence agencies. All subsequent steps can then be conducted from the comfort of a remote computer.

These minor disruptions in the parcel shipping business rank among the "most productive operations" conducted by the NSA hackers, one top secret document relates in enthusiastic terms. This method, the presentation continues, allows TAO to obtain access to networks "around the world."

Even in the Internet Age, some traditional spying methods continue to live on. "

http://www.spiegel.de/international...ort-to-spy-on-global-networks-a-940969-3.html

 

Some things you just can't do from a keyboard, and special hardware avoids that whole nasty Flame-type business where unintended targets being infected leads to discovery.

Lotuseclat79, that claim doesn't surprise me much. I can imagine quite a large number of "regular" employees don't much like these blanket programs.

 

Of little value perhaps, but interesting to have read.

It must (or at least should) be painfull when you started for the greater good and end up in creating a surveillance state by disintegrating privacy and therefore the core of democracy; liberty.
Unless you're such an autistic freak geek, you've been unable to develop a conscience oc.

 

At least NSA agents have a sense of humor. As long as you hire humans though, someone at some point is going to abuse their powers and clearances. They just are. But the rest of them just going about their day and going home, I can't see them being very supportive of all this. I'm sure the thought never leaves their head that they and their families aren't excluded from the surveillance.

 

Well, it draws attention to some of the risks posed by crash reports and similar types of data collection ("telemetry", "metrics" "health reports", "customer experience improvement programs", etc). Even in cases where the information is being sent over secure connections that aren't revealing to or being snooped by a third party, there is still the issue of sharing that information with the software manufacturer (what they do with it, who they knowingly share it with, who might gain unauthorized access to it, etc). Perhaps more people will wise up and disable such features, avoid beta software where it can't be disabled, etc.

 

At least we now all know the reason why the potentialy very powerful Windows firewall had its outbound side crippled before its release in Vista.

 

Welcome to the panopticon

http://www.spiegel.de/international...ffort-to-spy-on-global-networks-a-940969.html
http://www.spiegel.de/international...back-doors-for-numerous-devices-a-940994.html

Game's over, I guess. If you're hooked up to the Internet, you will be spied on, and nothing you can do can change it.

Still, I think it's worth spreading the word as far and wide as possible. Knowledge is worth something in itself, even if it doesn't empower anyone, no?

 

You can't change what is already out there, no. And for most of us what is already out there is bad enough. But you can stop leaking, if you are willing to forget using just about everything on our modern web. No Java, no Flash, no Javascript, nothing. Forget using your phone as well. I believe in time these powers will be toned down. It will just take years of more political fallout and loss of money before it happens. Mr. Snowden said it himself, the mission is accomplished. By the way, yes, I was being sarcastic about stopping the leakage. we're all screwed in the short term.

 

I don't know if that is the reason or not. But I think only the most naive would be willing to dismiss that idea as tin foil BS at this point.

 

The Supreme Court Logic That Could Destroy Privacy in America.

-- Tom

 

That could be said of nearly all the tech laws. U.S laws are so far behind common technology at this point that it is laughable. Honestly so is the Constitution, namely the 4th Amendment.

 

Re: Welcome to the panopticon

Jacob Appelbaum has given a presentation at the Hamburg, Germany 29th C3/Chaos Computer Club congress link with keynote video.
Cory Doctorow on Boingboing;

.

 

http://www.spiegel.de/international...fers-spy-gadgets-for-every-need-a-941006.html

 

So are we to safely assume components such as CPUs and motherboards have or will soon be compromised ?
If so, building your own rig will offer no more safety from government (and perhaps corporate) intrusion than buying from Dell, HP, etc.

 

I think it is safe to assume nearly every scenario at this point. However, I am not entirely sure we need to stay awake sweating at night in belief that every system we ever order is going to their shop for tweaking. Siphoning data from the pipes and engaging in that kind of massive, ungodly expensive and global operation are nowhere near the same and isn't feasible for any agency. I have a feeling that these hardware altering operations are carried out in a very tiny percent of cases, but just being blown up in the media because the NSA is so hot of a topic.

 

Remember a few years ago when it was revealed certain brands of cell phone could be connected to remotely and used as a bugging device without the users knowledge ? If they would do that to cell phones we should probably assume they would implement similar hardware based functionality into other devices such as PC motherboards.

 

That's true, but China makes most everything except hard-core government/military stuff.

So it cuts both (or many) ways.