Secret documents reveal broad extent of NSA domestic surveillance
Posted on 21 June 2013.
Two more top secret NSA documents that Edward Snowden shared with reporters of The Guardian have revealed that his claims about what the agency's analysts are authorized to do are true, and have shown that the extent of how much communication from and to U.S. nationals the agency can store is much broader that it was publicly known so far.

The two documents have shown that the NSA keeps "content repositories" holding records of devices associated with U.S. individuals, as well as records of their "electronic communications accounts / addresses / identifiers" that can serve to identify them as U.S. citizens and exempt then from future surveillance.

They also show that despite NSA analysts having been instructed to use "reasonable judgment" when trying to determine if the collected communication is tied to U.S. or non-U.S. persons, they are given a considerable leeway for mistakes.

For example, if the IP address, statements made during the communication and other previously collected information (in the aforementioned "content repositories") by the agency points to the fact that the target is a U.S. citizen, surveillance is to be dropped.

But if there is no definitive information on the potential target's location - for instance, when he or she is using Tor or other online anonymizing software or services - the analysts are allowed to and urged to assume that, if not positively identified as such, the target is a non-U.S. person and to continue the surveillance.

Also, if the communication is encrypted, and especially if the U.S. person is using certain types of cryptology or steganography known to have been used by "individuals associated with a foreign power or foreign territory, analyst are free to collect it and store it for future reference and cryptanalysis attempts. This type of communication is kept "indefinitely."

Communication between the attorneys and their clients - if the clients are under criminal indictment - can also be collected, and if some of the communication deals with national security matters, can be marked and analyzed.

The same applies for domestic communication, except that it's not only when there is indication of danger to national security, but also when there are signs that it contains usable intelligence, information on criminal activity, threat of harm to people or property, or is believed to contain any information relevant to cybersecurity. Such communication can also be sent to other government agencies for further analysis.

"On Sunday, Director of National Intelligence James Clapper released a carefully-worded statement in response to a Cnet article and other reports questioning when intelligence analysts can listen to domestic phone calls. Clapper said: 'The statement that a single analyst can eavesdrop on domestic communications without proper legal authorization is incorrect and was not briefed to Congress,'" noted Cnet's Declan McCullagh.

"Clapper's statement was viewed as a denial, but it wasn't. Today's disclosures reveal why: Because the Justice Department granted intelligence analysts 'proper legal authorization' in advance through the Holder regulations."

The EFF has more about the U.S. Government's word games when talking about NSA domestic spying, and Russ Tice, a former intelligence analyst, also shared on Thursday details about intelligence community's surveillance of U.S. military officials, lawmakers, diplomats, lawyers, and many more.

So far, the U.S. government or the NSA have not commented on these new allegations.









Spotlight

Android Fake ID bug allows malware to impersonate trusted apps

Posted on 29 July 2014.  |  Bluebox Security researchers unearthed a critical Android vulnerability which can be used by malicious applications to impersonate specially recognized trusted apps - and get all the privileges they have - without the user being none the wiser.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Jul 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //