FBI, NSA said to be secretly mining data from nine U.S. tech giants

[Spider]

Summary: UPDATED: Turns out U.S. government agencies might be tapping into into a lot more than just Verizon customer records.


By Rachel King for Between the Lines | June 6, 2013 -- 22:23 GMT (15:23 PDT)

Both the National Security Agency and the Federal Bureau of Investigation are said to have been secretly mining data directly from the servers of at least nine top U.S.-based technology companies, according to The Washington Post.

NSA is watching you

• US gov't defends NSA surveillance, slams 'reprehensible' journalists
• FBI, NSA said to be secretly mining data from tech giants
• Anonymous leaks more NSA-related docs
• NSA: All up in your privacy junk since 1952
• NSA 'top secret' spying order affects millions of Americans: FAQ
• Verizon records tapped by NSA
• The great paradox of our national security

Citing a leaked presentation intended for only senior analysts within the NSA's Signals Intelligence Directorate, which was then obtained by the Post, this was all done since 2007 under a highly-classified program dubbed "PRISM."

As for the companies involved, it's a who's who list filled with Silicon Valley behemoths that is surely going to upset lawmakers and average Internet users alike.

The ring of nine consists of Microsoft, Yahoo, Google, Facebook, AOL, Skype, YouTube, Apple, and video chat room community PalTalk. Apparently Dropbox was slated to be the next one added to the list.

The kind of content being extracted from the central servers at theses tech companies include audio, video, photos, e-mails, documents and connection logs.

According to the report, the data was extracted to produce analysis that could point toward tracking a person’s movements and contacts over time.

The Washington Post's Barton Gellman and Laura Poitras highlighted why this is particularly alarming that the NSA was involved:

It is all the more striking because the NSA, whose lawful mission is foreign intelligence, is reaching deep inside the machinery of American companies that host hundreds of millions of American-held accounts on American soil.


​

The NSA is already under fire after it was discovered on Wednesday that the agency has been collecting millions of Verizon Wireless customer records on a daily basis.

As first reported by The Guardian, based on another leaked "top secret" court order, the nation's largest mobile provider was ordered on an "ongoing, daily basis" to hand over information outlining call data in its systems to the NSA.

On Thursday, ZDNet obtained a copy of a note sent by Verizon chief counsel Randy Milch to employees.

In the note, he didn't confirm or deny the story. But in describing it as an "alleged" court order, he stressed that the text "forbids Verizon from revealing the order's existence."

Slides via The Guardian

 

[pharoah]

not trying to be smart,but who didnt already know we were being spied on.

 

[Spider]

The NSA PRISM Spying Program with Apple, Google, Microsoft, Yahoo, Verizon and Others Explained in Plain English

The Internet, the country, and indeed the whole world is abuzz with the news of PRISM, the no-longer-secret program of the U.S. National Security Agency (NSA) first exposed by Glenn Greenwald of the British newspaper The Guardian, through which the United States federal government is accessing and mining all sorts of user data from the major ISPs and cell phone companies. Data which is potentially about just about anybody and everybody, even you. The list of companies and ISPs alleged to be involved with PRISM, by which we mean allowing the government to data mine their users' data, is impressive (read as "scary") indeed, although most of them are quick to deny it. However, we have evidence (see screenshots below) that even though they are denying it, Apple, Microsoft, Yahoo, Facebook, PalTalk, YouTube, Skype, and AOL are all involved. There are rumours of DropBox and Amazon joining. And Verizon is also giving the Feds access to their user data. But as 1984 as this all is, we really only have one question: why is anybody surprised?

The NSA PRISM Spying Program with Apple, Google, Microsoft, Yahoo, Verizon and Others Explained in Plain English - The Internet Patrol

 

[Spider]

Summary: Yes, you have many options for protecting your privacy on the Internet. But are these measures worth the time and sacrifice required? That's up to you.

By Steven J. Vaughan-Nichols for Networking |June 14, 2013 -- 20:56 GMT (13:56 PDT)

Worried sick about the NSA, or someone else, looking over your shoulder? Well, you can do things that will make it harder for someone to eavesdrop on you.

That's the good news. The bad news is that all these things require a fair amount of effort, some will cripple your use of the modern Internet, and none of them will stop a sufficiently determined electronic Peeping Tom.

1) Abandon the cloud

IT professionals who've resisted moving to a public cloud have never liked the idea of putting their programs and data into someone else's hands. Now, as David S. Linthicum, the CTO and founder of Cloud Technology Partners, recently wrote, "Personally, I don't see much of a connection between the NSA and cloud computing, but those on the fence regarding cloud computing will cite this as another reason to kick the can further down the road. Thanks for nothing, NSA."

True, the NSA probably isn't sitting in Amazon, Google, or Microsoft's data-centers, but the NSA could be sitting at tier one ISPs watching your data go by on its way to the cloud.

Regardless of what the NSA might or might not be doing, we already know the government can, and will, grab cloud servers. Just ask Kim Dotcom about the seizure of Megaupload cloud storage servers. Whether Dotcom was guilty of anything is still open to doubt, but all of Megaupload's former customers' data is still sitting in seized servers.

Want to be sure your data is secure? Keep it on your own servers, datacenters, or private cloud and keep your traffic on the corporate intranet. A system administrator may still be able to walk out with your corporate secrets on a USB stick, but at least it won't be an outsider stealing your data.

In addition, when you're thinking about the cloud, consider all those software as a service (SaaS) apps that you use everyday such as Office 365 and Gmail. Keep in mind that every time you use one of those convenient, free or inexpensive apps your work is potentially visible to the eyes of others.

2) Stop texting and using most instant messaging services

When you text or instant message (IM) someone, you might think your message goes directly to the person you're writing to. It doesn't.

Instead, typically, your first message goes to a server, where a copy is kept, and then is sent out to your buddy. Those stored texts can be used against you. Just ask former Detroit mayor Kwame Kilpatrick, whose texting lead to his pleading guilty to felony charges back in 2008.

You can't do a lot to make texting safer, but you can make IM safer. First, you must avoid using any public IM service such as AIM, Microsoft Messenger/Skype, or Google Talk. Instead run your own IM service with your own Extensible Messaging and Presence Protocol (XMPP) server, such as Cisco United Presence.

Keep in mind, though, that the second you send a message from your IM network to an external XMPP compatible IM network, such as Google Hangouts, your messages will end up being kept in a third-party server anyway.

3) Encrypt your e-mail

There have been technologies such as PGP (Pretty Good Privacy) and Secure/Multipurpose Internet Mail Extensions (S/MIME) that you can use to encrypt your e-mail messages for ages. There's just one little problem with them: They're a pain in the rump to use and the people you e-mail must always use them.

As Peter Bright and Dan Goodin wrote recently, "The long and the short of it is that e-mail isn't a very good system for secure communications. You're wholly dependent on other people doing the right thing and sending you properly encrypted mail." Be that as it may, all of us still use e-mail for important communications every day of the year.

4) Hide your Web browsing

Secure-socket layer (SSL) can be broken, but using SSL whenever possible is still a good idea. One way to do this is with the Electronic Frontier Foundation's HTTPS Everywhere Web browser extension. Unfortunately, HTTPS Everywhere is only available for Firefox and Chrome.

That's fine as far as it goes, but it's still easy to see which sites you visit and when. If you want to really disguise your tracks on the Web, you need to use Tor. Tor takes your Internet communications and bounces it around a distributed network of relays so a watcher can't see what sites you're visiting. It also keeps Web site owners from figuring out where you're browsing from.

There are lots of way to put Tor to work, but the easiest is to use Tor Browser Bundle (TBB). There are TBB versions for Linux, Mac OS X, and Windows.

Practically speaking, Tor connections can be very, very slow. Your connection -- because it depends on the kindness of strangers for bandwidth and multiple relays -- will only be as fast as the slowest link.

5) Turn off all services you don't need

If you're a system or network administrator, you already know you should never run or open your firewall to any service you don't need. But, have you looked at your tablet or smartphone lately?

In your pocket at this very moment, your phone may very well be syncing your contacts, calendar, browser history, and messages with others -- and let's not even talk about GPS.

Actually, let's do talk about GPS. Want to scare yourself silly? If you use Google location services for finding your way around or locating the nearest pub, check out your location history. Why, yes, you were in that bar two weeks ago weren't you!

Now, you can stop Google from recording your location; but with any location service from any vendor you're constantly sending out a "Here I am" message. So, if you want to really maintain your privacy, you're going to want to stop using all those apps that want your location. That's easier said than done. Lots of apps want your location.

There are groups, like the Android alternative firmware maker CyanogenMod, that are working on features such as "Run in Incognito Mode", that will make it easier to lock down your smartphone privacy, but it's never going to be easy to be private with the current generation of tablets and smartphones.

6) Quit social networks: All of them

Facebook may be the worst of the social networks at hanging on to your data, but if you're sharing your personal information on a social network--any of them--then you're potentially sharing it with the world.

Think about it. If you're blabbing to the world, or just your closest buddies, on Google+, Twitter, whatever, you're putting out lots of information about yourself that can be picked up by snoopers.

Real Privacy

Let's say you do make yourself an Internet hermit; is that enough? No. No, it's not. You may be able to conceal the contents of your messages, but thanks to the trio of big data, metadata, and traffic analysis, an expert with access to your Internet traffic can still work out what you're up to.

In short, sure, if you're Anonymous, you can hide on the Internet. For the rest of us, though, especially if you want to get all the goodness that comes from SaaS, cloud storage, IM, GPS, social networks, etc., you're going to have to learn to live with the knowledge that if someone with expertise and access really wants to know what you're doing on the Internet, they can find out.

If we really want to protect our privacy on the net what we need is more than better technology, we need fundamental changes in our laws and how we enforce the privacy laws we do have. Then, and only then, will we have a fighting chance of keeping our privacy on the Internet.