• NSA program captures, replays phone calls

    The NSA’s MYSTIC program, created in 2009, deploys a “retrospective retrieval” (RETRO) tool which allows agents to rewind and playback all phone conversations that have taken place in the past thirty days in an unnamed foreign country, according to Edward Snowden-leaked documents. The MYSTIC program differs from other NSA surveillance programs revealed by Snowden because it captures the content of phone conversations, not just calls’ metadata.

  • Facebook making snooping more difficult

    Facebook has joined its Silicon Valley competitors to improve cybersecurity following a recent report suggesting that the NSA may have posed as Facebook to infect targeted computers. Joe Sullivan, Facebook’s chief security officer, said Facebook was working to “make sure the system is robust enough that everyone should be coming in the front door with legal process and not getting information any other way.” He added that no one could pose as Facebook servers any more since the company made “https,” a secure method of accessing Web pages, standard last year.

  • MetaPhone: The sensitivity of telephone metadata

    Is telephone metadata sensitive? This is, at base, a factual dispute. Is it easy to draw sensitive inferences from phone metadata? How often do people conduct sensitive matters by phone, in a manner reflected by metadata? New research finds that phone metadata is unambiguously sensitive, even in a small population and over a short time window. The researchers were able to infer medical conditions, firearm ownership, and more, using solely phone metadata.

  • Collecting digital user data without compromising privacy

    The statistical evaluation of digital user data is of vital importance for analyzing trends. It can also undermine users’ privacy. Computer scientists have now developed a novel cryptographic method that makes it possible to collect data and protect the privacy of the user at the same time.

  • DHS drops plans for national license-plate database

    DHS has recalled its solicitation for bids by private companies to help the department create a national license-plate database which would allow unlimited access to information obtained from commercial and law enforcement license plate readers (LPRs). DHS wanted to use the database to track fugitive undocumented immigrants and others sought by law enforcement, but the database, which could have contained more than one billion records, raised privacy concerns and questions about the safeguards which would be used to protect innocent citizens.

  • Identifying, thwarting insider threats before they do damage

    Researchers argue that one way to identify and predict potential insider threats even before these individuals begin to do damage like stealing and leaking sensitive information, is by using Big Data to monitor changes in behavior patterns. Researchers at PARC, for example, found that individuals who exhibit sudden decrease in participation in group activity, whether in a game like World of Warcraft or corporate e-mail communications, are likely to withdraw from the organization. A withdrawal represents dissatisfaction with the organization, a common trait of individuals who are likely to engage in insider security breaches.

  • Snowden stole co-worker’s password to gain access to secret databanks: NSA

    One reason National Security Agency (NSA) former analyst Edward Snowden was able to gain such broad access to a wide variety of agency’s secret documents was that he copied a password from a co-worker who has since resigned. After Snowden was denied access to NSANet, the agency’s computer network which connects into many of the agency’s classified databases, he persuaded a co-worker, an NSA civilian employee, to use his – the co-worker’s — Public Key Infrastructure (PKI) certificate to gain access. The NSA told Congress Snowden used what the agency describes as “digital deception”: the civilian NSA employee entered his password on Snowden’s computer, not realizing that Snowden was able to capture the password, allowing him even greater access to classified information. Once he gained access to NSANet, Snowden released a “Web crawler” inside the system. The crawler automatically indexed the NSANet, and using the passwords Snowden held – one his, one or more those of co-workers – copied every document in its path.

  • German IT industry hopes to benefit from NSA leaks-inspired distrust of U.S. tech companies

    The German IT sector is hoping to benefit from trust lost in American technology firms in the aftermath of Edward Snowden’s leaks. The German government is looking to develop Internet security initiatives, with government departments vying with each other for a lead role. Both inside and outside the German government a proposal, known as “Schengen Routing,” is advanced which calls for data originated in Europe to be processed and stored within Europe. Critics warn that plans to create a European routing system could affect the openness of the Internet.

  • Portland’s Christmas Bomber challenges NSA-gathered evidence used to convict him

    Mohamed Mohamud, a Somali immigrant and former Oregon State University student, was convicted last year of attempting to detonate a bomb in 2010 near Portland’s Christmas holiday tree-lighting ceremony at Pioneer Courthouse Square. His lawyers are questioning the legality of evidence used against him. Attorneys for Mohamud are claiming that the evidence used was obtained without a warrant and should have been barred by the court.

  • Nevada trial of Sikh terrorist postponed by two years to clarify FISA-related issues

    Balwinder Singh, 39, who received asylum in the United States in 1997, was indicted as a member of Babbar Khalsa International (BKI) and Khalistan Zindabad Force (KZF). Both groups use bombings, kidnappings, and murders in a campaign to establish an independent Sikh state in the Punjab region of India, to be called Khalistan. U.S. District Judge Larry Hicks agreed with the prosecution and defense that the trial should be postponed from February 2014 to February 2016 so that issues related to FISA-authorized NSA surveillance of Singh could be clarified. Judge Hicks said that “the ends of justice served by this continuance outweighs the defendant’s and public’s best interests in a speedy trial.”

  • Snowden’ leaks derailed important cybersecurity initiatives

    Edward Snowden’s leaks created such a climate of distrust around the NSA that many important cybersecurity initiatives died, stalled, or became non-starters. Security experts say that this is a case of throwing the baby out with the bathwater, and that the result of these stalled cybersecurity initiatives is that the United States is now more vulnerable to cyberattacks on its infrastructure, and government agencies and American corporations more exposed to sensitive information being compromised and stolen. U.S. officials have found it more difficult to respond to cyberattacks from Russia, China, and elsewhere. “All the things [the NSA] wanted to do are now radioactive, even though they were good ideas,” says James Lewis, a cybersecurity expert at the Center for Strategic and International Studies(CSIS).

  • Arizona lawmaker pushes measure to limit NSA operations in the state

    Arizona State Senator Kelli Ward, a tea party Republican representing the Lake Havasu area, is pushing a bill in the State Senate which would impose limits on the ability of the NSA to operate in Arizona. In December Ward became the first legislator in the nation to declare she would introduce legislation to limit NSA activities in the state, and so far legislators in twelve other states have introduced similar bills. Arizona SB 1156 would. Among other things, prohibit local and state law enforcement officials from cooperating with the NSA and would prevent state or local prosecutors from using NSA-collected information which had not been obtained with a warrant. The bill would also withhold funds from state universities and colleges supporting the NSA with research or recruitment. Legal scholars say the courts would in all likelihood strike down Ward’s measure because Arizona, in essence, is trying to regulate the federal government.

  • A first: Constitutionality of NSA warrantless surveillance challenged by terrorism suspect

    Jamshid Muhtorov, a refugee from Uzbekistan now facing terrorism charges in Colorado, is the first criminal defendant who, as part of his lawyers’ defense strategy, is challenging the constitutionality of the NSA’s warrantless surveillance program. Muhtorov filed a motion Wednesday in federal court in Denver to suppress any evidence obtained through the agency’s surveillance program on grounds that it was unlawful. In July 2013 the Justice Department reversed an earlier policy, and now informs defendants whether the case against them, in whole or in part, is based on information obtained through warrantless surveillance. To date, six months after the review process at Justice was launched, Muhtorov and Mohamed Mohamud, a Portland, Oregon teenager who had been convicted after an FBI sting operation of attempting to detonate a bomb at a Christmas tree lighting ceremony, are the only defendants to receive such a disclosure.

  • A first: Judge in terrorism case rules defense may examine government secret FISA application

    U.S. District Judge Sharon Johnson Coleman ruled yesterday (Wednesday) that the U.S. government cannot keep secret its request to conduct clandestine surveillance of an accused would-be terrorist. The ruling gives defense attorneys an unprecedented access to a request made to the Foreign Intelligence Surveillance Act (FISA) court for permission to spy on an American citizen. Judge Coleman said her ruling is the first time a defendant’s lawyers will be given access to an application prosecutors submitted to the FISA court. Security experts warned that opening FISA applications to review in a criminal case may set a dangerous precedent.

  • Minnesota wants to limit law-enforcement use of wireless tracking devices

    The Minnesota Department of Public Safety’s acquisition of Kingfish and Stingray II wireless surveillance devices has come under scrutiny as the department’s Bureau of Criminal Apprehension(BCA) has used the devices in investigations. Some legislators are considering placing limits on law enforcement’s use of the data captured by the devices because of concerns over who has access to the data and how long it is being kept.