Articles about NSA

Post-Snowden there is great interest in just what involvement the government has with technology firms. There are frequent requests from government agencies for information about users and the likes of Google, Snapchat, and even the NSA itself have all released transparency reports that reveal, in broad strokes, the number of requests for data they have received.

Amazon is the latest company to release a transparency report -- although the term really should be used in the loosest possible sense. The report includes scant details about the number of subpoenas, search warrants, court orders, and national security requests received in the first five months of 2015. The report is so vague as to be virtually meaningless.

Continue reading →

Today the US Senate passed the USA Freedom Act without amendments, signalling the start of the significant surveillance reform that has been called for since Edward Snowden blew the whistle on the agency's activities. It had already been determined that the bulk collection of phone metadata was illegal, and the expiry of Section 215 of the Patriot Act at the end of May brought this data collection to an end anyway.

The USA Freedom Act sets in concrete the end of the phone data collection program and is seen as a major victory for privacy advocates. It will come as good news to Snowden himself who will undoubtedly feel a sense of relief that his risk-taking paid off. The bill is still to be signed into law by President Obama, but this is now little more than a formality.

Continue reading →

The EFF (Electronic Freedom Foundation) has involved itself in lots of online battles -- including the fightback against NSA surveillance, and the drive for net neutrality. The latest fight sees the organization joining forces with web performance and security firm CloudFlare in tackling the site blocking activities of the record industry.

The digital rights group is battling record labels which it says are forcing web firms into becoming the "copyright police". The move was prompted by the closure of Grooveshark, a music website run by one of CloudFlare's clients. It re-opens the question of who is ultimately responsible for the content that appears on sites -- those posting it, those hosting it, or any other company involved in the delivery?

Continue reading →

Privacy advocates in the US -- and, indeed, the world over -- had pinned great hopes on the USA Freedom Act bringing to an end the mass collection of phone records. Hitting the Senate for the second time this year, the Act was blocked in a 57-42 vote.

Section 215 of the Patriot Act expires on 31 May, and it had been hoped that the hype and momentum surrounding it would have helped push the USA Freedom Act through. Despite making through the House of Representative, the Bill failed to reach the 60 vote goal it needed to hit. But as of 1 June, the NSA will still not be collecting phone data. So what happened?

Continue reading →

The Tor browser is used by many to stay anonymous online -- and it's something that has been embraced by the likes of WikiLeaks as a way to safely gather information whilst hopefully avoiding the surveillance of the NSA. One lesser known project from the same stables is the Tor Cloud service, and Tor has announced that it is closing down.

Based on the Amazon EC2 cloud computing platform, Tor Cloud provided a way to share computing resources and allow faster uncensored access to the internet. However, the project is plagued with "at least one major bug ... that makes it completely dysfunctional" and after failing to find anyone to undertake the work, the decision was taken to shutter Tor Cloud. This does not mean that Tor itself is dead -- far from it -- and developers are being encouraged to create their own forked versions of Tor Cloud.

Continue reading →

It has been hard to avoid talk of the NSA over the past year or so -- Edward Snowden's revelations blew the lid off convert surveillance that has been carried out by the US government. It has been a hugely divisive issue, many heralding Snowden as a hero, others as a traitor and has led people to question whether everyday software might include secret backdoors.

Included in the NSA's activities was the mass collection of metadata about phone calls made and receive by American citizens. Today the US court of appeals ruled that this data collection is illegal. With other countries adopting NSA-style surveillance tactics, the ruling opens up the possibility that the NSA could face further legal proceedings and probes.

Continue reading →

The French government has voted in favor of greater powers of surveillance, giving it intelligence-gathering capabilities on a par with the NSA. The move came in the wake of the Charlie Hebdo attack which led to the deaths of 12 people and prompted the Je Suis Charlie support campaign.

The new laws allow for NSA-style mass collection of metadata online as well as setting up the National Commission for Control of Intelligence Techniques (CNCTR) to oversee data collection. It has been criticized by some as being the French equivalent of the Patriot Act and the ruling Socialist Party is accused of prying too far into the private lives of normal people in the name of counter-terrorism.

Continue reading →

Twitter has updated its privacy policy, creating a two-lane service that treats US and non-US users differently. If you live in the US, your account is controlled by San Francisco-based Twitter Inc, but if you're elsewhere in the world (anywhere else) it's handled by Twitter International Company in Dublin, Ireland. The changes also affect Periscope.

What's the significance of this? Twitter Inc is governed by US law, it is obliged to comply with NSA-driven court requests for data. Data stored in Ireland is not subject to the same obligation. Twitter is not alone in using Dublin as a base for non-US operations; Facebook is another company that has adopted the same tactic. The move could also have implications for how advertising is handled in the future.

Continue reading →

Largely due to the exposés in the media following Edward Snowden's NSA revelations, there is now great interest in security and privacy. From this sprang a new breed of report -- transparency reports detailing the number of data requests legal and governmental agencies made about a particular service.

Google, Facebook, Yahoo, Microsoft and Apple are among the companies who have released transparency reports, and the latest name on the list is Snapchat. As with other similar reports there is a limit to what they are able to reveal, but it does show that various agencies had an interest in no fewer than 666 Snapchat accounts.

Continue reading →

A security audit of TrueCrypt has determined that the disk encryption software does not contain any backdoors that could be used by the NSA or other surveillance agencies. A report prepared by the NCC Group for Open Crypto Audit Project found that the encryption tool is not vulnerable to being compromised.

However, the software was found to contain a few other security vulnerabilities, including one relating to the use of the Windows API to generate random numbers for master encryption key material. Despite this, TrueCrypt was given a relatively clean bill of health with none of the detected vulnerabilities considered severe enough to lead "to a complete bypass of confidentiality in common usage scenarios".

Continue reading →

Edward Snowden is heralded as both a hero and villain. A privacy vigilante and a traitor. It just depends who you ask. The revelations he made about the NSA's surveillance programs have completely changed the face of online security, and changed the way everyone looks at the internet and privacy.

But just before the whistle was blown, it seems that the NSA was considering bringing its telephone data collection program to an end. Intelligence officials were, behind the scenes, questioning whether the benefits of gathering counter-terrorism information justified the colossal costs involved. Then Snowden went public and essentially forced the agency's hand.

Continue reading →

You'd think that governments would be encouraging people to keep their computers and personal data safe. Until relatively recently, this has been exactly what the FBI has been pushing -- suggesting that phone users should enable encryption on their handsets. But it seems that there has been something of a change of heart. It's probably Snowden's fault.

Now, as part of an "ongoing website redesign", advice about using encryption and protective PINs has vanished from the FBI website. Forget the security-focused devices such as the Blackphone 2, it appears that the bureau wants your data, and you, to be insecure.

Continue reading →

Microsoft has teamed up with the likes of Mozilla, Silent Circle, Human Rights Watch, the Electronic Frontier Foundation and others, signing a letter to the White House and Congressional leaders that calls for an end to bulk collection of data. Many people and organizations have called for reform to the USA Patriot Act and this letter is the latest attempt to pile pressure on the government to make changes.

Scores of signatories point out that the USA PATRIOT Act Section 215 is due to expire in June, and now is the time to instigate reform. A call is made for greater privacy protection to be put in place when data is collected, as well as for improvements in transparency.

Continue reading →

Opera Software, the company behind the web browser of much the same name, has acquired SurfEasy, a provider of VPN security. SurfEasy's software bolsters the security of internet users by adding a layer of encryption that helps to protect privacy.

More than this, the software also makes it possible to bypass some online restrictions and to access sites that are region locked. Few details have been revealed yet, but it's possible we could see VPN features integrated into future versions of the desktop and mobile Opera browser.

Continue reading →

When Edward Snowden blew the whistle on the activities of the NSA, it sparked a global interest in how internet traffic is monitored. The UK's Intelligence and Security Committee of Parliament today published a report into online surveillance carried out by GCHQ, MI5 and MI6 after an 18-month inquiry.

Among the findings is the conclusion that surveillance is legal, but an overhaul is needed to increase transparency. The suggestion that GCHQ's interception of emails "does not equate to blanket surveillance, nor does it equate to indiscriminate surveillance" is likely to be met with skepticism. But what's likely to raise more eyebrows is the revelation that the agency has apparently managed to crack encryption.

Continue reading →