Paul vows to return to Capitol Hill on Sunday to block bill, end NSA spying

Kentucky GOP Sen. Rand Paul says he’ll try to block last-ditch efforts Sunday to renew NSA and other anti-terrorist and surveillance programs.

“I will force the expiration of the NSA illegal spy program,” Paul, also a 2016 presidential candidate, said Saturday. “I am ready and willing to start the debate on how we fight terrorism without giving up our liberty.”

The Libertarian-minded Paul led a filibuster-like effort over the Memorial Day weekend that helped block legislation to extend federal surveillance efforts but suggested upon leaving the Senate chambers that he might reconsider.

“It depends,” he said. “Sometimes things change as deadlines approach.”

Barring a last-minute deal in Congress, three post-Sept. 11 surveillance laws used against spies and terrorists will expire when Sunday turns into Monday.

Senate Majority Leader Mitch McConnell has called back the upper chamber for a rare Sunday session to decide on whether to accept a House-passed bill that extends the programs. Congress would then send the measure to President Obama to sign before midnight.

The House’s USA Freedom Act passed overwhelmingly in the Republican-controlled chamber but fell three votes short of the 60 needed to proceed in the Senate. And efforts in the upper chamber to extend the current law also have failed.

Much of the debate has focuses on the National Security Agency’s collection of Americans’ telephone calling records, authorized under one of the expiring provisions, Section 215 of the Patriot Act.

Independent evaluations have cast doubt on that program’s importance, and even law enforcement officials say in private that losing this ability would not carry severe consequences.

Yet the fight over those records has jeopardized other surveillance programs that have broad, bipartisan support and could fall victim to congressional gridlock.

The FBI uses Section 215 to collect other business records tied to specific terrorism investigations.

A separate section in the post-9/11 Patriot Act allows the FBI to eavesdrop, via wiretaps, on suspected terrorists or spies who discard phones to dodge surveillance. A third provision, targeting "lone wolf" attackers, has never been used and thus may not be missed if it lapses.

If the Freedom Act becomes law, the business-records provision and the roving-wiretap authority would return immediately. The NSA would resume collecting American telephone records for a six-month period while shifting to a system of searching phone company records case by case.

If no agreement is reached, all the provisions will expire.

A third possibility is a temporary extension of current law while lawmakers work out a deal, but House members have expressed opposition.

“I have fought for several years now to end the illegal spying of the NSA on ordinary Americans,” Paul also said in a statement released Saturday. “Let me be clear: I acknowledge the need for a robust intelligence agency and for a vigilant national security. I believe we must fight terrorism. …  But we do not need to give up who we are to defeat them.”

Failure to pass the legislation would mean new barriers for the government in domestic, national-security investigations, at a time when intelligence officials say the threat at home is growing.

Government and law enforcement officials, including Attorney General Loretta Lynch and Director of National Intelligence James Clapper, have said in recent days that letting the wiretap and business records provisions expire would undercut the FBI’s ability to investigate terrorism and espionage.

Lynch said it would mean "a serious lapse in our ability to protect the American people." Clapper said in a statement Friday that prompt passage by the Senate of the House bill "is the best way to minimize any possible disruption of our ability to protect the American people."

And President Obama used his weekly radio and Internet address Saturday to accuse opponents of hijacking the debate for political reasons. "Terrorists like al Qaeda and ISIL aren’t suddenly going to stop plotting against us at midnight tomorrow, and we shouldn’t surrender the tools that help keep us safe," he said, using an acronym for the Islamic State group.

Civil liberties activists say the pre-Sept. 11 law gives the FBI enough authority to do its job. To bolster their case, they cite a newly released and heavily blacked out report by the Justice Department’s internal watchdog that examined the FBI’s use up to 2009 of business record collection under Section 215.

"The government has numerous other tools, including administrative and grand jury subpoenas, which would enable it to gather necessary information," in terrorism investigations, the American Civil Liberties Union said in a statement.

Section 215 allows the FBI to serve a secret order requiring a business to hand over records relevant to a terrorism or espionage investigation. The FBI uses the authority "fewer than 200 times a year," Director James Comey said last week.

The inspector general’s report said it was used in "investigations of groups comprised of unknown members and to obtain information in bulk concerning persons who are not the subjects of or associated with an authorized FBI investigation."

But from 2007 to 2009, the report said, none of that material had cracked a specific terrorism case.

The report analyzed several cases, but most of the details are blacked out. In some cases, the FBI agent pronounced the 215 authority "useful" or "effective," but the context and detail were censored.

Fox News’ Chad Pergram and The Associated Press contributed to this report.

CONTINUE READING…

Probable Cause: Linchpin of the 4th Amendment

 

 

Except for the definition and mechanism of proving treason, no area of the Constitution addressing the rights of all persons when the government is pursuing them is more specific than the Fourth Amendment. The linchpin of that specificity is the requirement that the government demonstrate probable cause to a judge as a precondition to the judge issuing a search warrant. The other specific requirement is identity: The government must identify whose property it wishes to search or whose behavior it wishes to monitor, because the Fourth Amendment requires that all warrants specifically describe the place to be searched or the person or thing to be seized.

The principal reason for these requirements is the colonial revulsion over general warrants. A general warrant does not specifically describe the place to be searched or the person or thing to be seized, and it is not based on the probable cause of criminal behavior of the person targeted by the government.

With a general warrant, the government simply gets authority from a judge to search a haystack looking for a needle, and in the process, it may disturb and move all the straw it wants. Stated differently, a general warrant permits the government to intrude upon the privacy of persons as to whom it has no probable cause of criminal behavior and without stating what it is looking for.

The Foreign Intelligence Surveillance Act (FISA) court has been issuing general warrants to the National Security Agency (NSA) since 1978, but it was not until last June that we learned that these general warrants have been executed upon the telephone calls, text messages, emails, bank records, utility bills and credit card bills of all persons in America since 2009.

The constitutional requirement of probable cause is not political fancy; rather, it saves us from tyranny. Probable cause is a quantum of evidence that is sufficient to lead a neutral judge to conclude that the person about whom the evidence has been presented is more likely than not to possess further evidence of criminal behavior, or has more likely than not engaged in criminal behavior that is worthy of the government’s use of its investigatory tools such that the government may lawfully and morally invade that person’s natural right to privacy.

Last week, Robert S. Litt, general counsel for the Office of the Director of National Intelligence, which runs the NSA, engaged in a curious colloquy with members of the president’s Privacy and Civil Liberties Oversight Board. Litt complained that presenting probable cause about individuals to judges and then seeking search warrants from those judges to engage in surveillance of each of those individuals is too difficult.

This is a remarkable admission from the chief lawyer for the nation’s spies. He and the 60,000 NSA employees and vendors who have been spying on us have taken oaths to uphold the Constitution. There are no loopholes in their oaths. Each person’s oath is to the entire Constitution — whether compliance is easy or difficult.

Yet the “too difficult” admission has far-reaching implications.

This must mean that the NSA itself acknowledges that it is seeking and executing general warrants because the warrants the Constitution requires are too difficult to obtain. Stated differently, the NSA knows it is violating the Fourth Amendment to the Constitution, because that amendment expressly forbids general warrants.

In my career as a lawyer, judge, law professor, author and television commentator, I have heard many excuses for violating the Constitution. I reject all of them when they come from one who has sworn to uphold the Constitution, yet I understand the intellectually honest excuses — like exigent circumstances — when they are based on duty. The NSA’s excuses are not intellectually honest, and they are not based on duty. They are based on laziness.

But there was more than met the eye in Litt’s testimony last week. Two days after Litt admitted to the use of general warrants, and while the president was in Europe, the White House leaked to the press its plans to curtail the massive NSA spying. Those plans, which would change only the appearance of what the NSA does but not its substance, have three parts.

The first change relieves the NSA of the need for general warrants to require delivery of massive amounts of data about innocent Americans as to which the NSA has no probable cause, because the second change requires the computer servers and telecoms to preserve their records — instead of the NSA preserving them — and make them “immediately” available to the NSA when it comes calling. And the third is the requirement of a warrant from a FISA judge before the NSA may access that stored data. But because that warrant is not based on probable cause but rather on NSA whim, it is a foregone conclusion that the general warrants for examination, as opposed to delivery, will be granted. The FISA court has granted well in excess of 99 percent of the general warrants the NSA has sought.

Litt must have known what the White House planned to leak when he made his “too difficult” complaint, as it fits nicely with this new scheme. Yet the scheme itself, because it lacks the requirement of probable cause that the Constitution requires, is equally as unconstitutional and morally repugnant as what the NSA has been doing for five years. Moreover, the NSA will not exactly go hat in hand to the computer servers and telecoms once it wishes to hear telephone calls or read emails or credit card bills. Its agents will simply press a few buttons on their computers when they wish, and the data they seek will be made available to them.

These so-called changes should be rejected by Congress, which should overhaul the NSA instead. Hasn’t Congress seen enough? The NSA and the CIA spy on the courts, Congress, the military, the police and everyone in America. This keeps none of us safer. But it does lessen our freedom when those in whose hands we repose the Constitution for safekeeping look the other way. What other freedoms are slipping because Congress, too, thinks upholding the Constitution is too difficult?

CONTINUE READING…

Has U.S. started an Internet war?

By Bruce Schneier, Special to CNN

updated 10:46 AM EDT, Tue June 18, 2013

Editor’s note: Bruce Schneier is a security technologist and author of "Liars and Outliers: Enabling the Trust Society Needs to Survive."

(CNN) — Today, the United States is conducting offensive cyberwar actions around the world.

More than passively eavesdropping, we’re penetrating and damaging foreign networks for both espionage and to ready them for attack. We’re creating custom-designed Internet weapons, pre-targeted and ready to be "fired" against some piece of another country’s electronic infrastructure on a moment’s notice.

This is much worse than what we’re accusing China of doing to us. We’re pursuing policies that are both expensive and destabilizing and aren’t making the Internet any safer. We’re reacting from fear, and causing other countries to counter-react from fear. We’re ignoring resilience in favor of offense.

Bruce Schneier

Bruce Schneier

Welcome to the cyberwar arms race, an arms race that will define the Internet in the 21st century.

Presidential Policy Directive 20, issued last October and released by Edward Snowden, outlines U.S. cyberwar policy. Most of it isn’t very interesting, but there are two paragraphs about

"Offensive Cyber Effect Operations," or OCEO, that are intriguing:

"OECO can offer unique and unconventional capabilities to advance U.S. national objectives around the world with little or no warning to the adversary or target and with potential effects ranging from subtle to severely damaging. The development and sustainment of OCEO capabilities, however, may require considerable time and effort if access and tools for a specific target do not already exist.

"The United States Government shall identify potential targets of national importance where OCEO can offer a favorable balance of effectiveness and risk as compared with other instruments of national power, establish and maintain OCEO capabilities integrated as appropriate with other U.S. offensive capabilities, and execute those capabilities in a manner consistent with the provisions of this directive."

Opinion: Cyber arms control? Forget about it

Obama: NSA programs are transparent

Releasing NSA leaks: A public service?

NSA fallout could be ‘harmful’

Could the NSA leaker defect to China?

These two paragraphs, and another paragraph about OCEO, are the only parts of the document classified "top secret." And that’s because what they’re saying is very dangerous.

Cyberattacks have the potential to be both immediate and devastating. They can disrupt communications systems, disable national infrastructure, or, as in the case of Stuxnet, destroy nuclear reactors; but only if they’ve been created and targeted beforehand. Before launching cyberattacks against another country, we have to go through several steps.

We have to study the details of the computer systems they’re running and determine the vulnerabilities of those systems. If we can’t find exploitable vulnerabilities, we need to create them: leaving "back doors" in hacker speak. Then we have to build new cyberweapons designed specifically to attack those systems.

Sometimes we have to embed the hostile code in those networks, these are called "logic bombs," to be unleashed in the future. And we have to keep penetrating those foreign networks, because computer systems always change and we need to ensure that the cyberweapons are still effective.

Like our nuclear arsenal during the Cold War, our cyberweapons arsenal must be pretargeted and ready to launch.

That’s what Obama directed the U.S. Cyber Command to do. We can see glimpses in how effective we are in Snowden’s allegations that the NSA is currently penetrating foreign networks around the world: "We hack network backbones — like huge Internet routers, basically — that give us access to the communications of hundreds of thousands of computers without having to hack every single one."

The NSA and the U.S. Cyber Command are basically the same thing. They’re both at Fort Meade in Maryland, and they’re both led by Gen. Keith Alexander. The same people who hack network backbones are also building weapons to destroy those backbones. At a March Senate briefing, Alexander boasted of creating more than a dozen offensive cyber units.

Longtime NSA watcher James Bamford reached the same conclusion in his recent profile of Alexander and the U.S. Cyber Command (written before the Snowden revelations). He discussed some of the many cyberweapons the U.S. purchases:

"According to Defense News’ C4ISR Journal and Bloomberg Businessweek, Endgame also offers its intelligence clients — agencies like Cyber Command, the NSA, the CIA, and British intelligence — a unique map showing them exactly where their targets are located. Dubbed Bonesaw, the map displays the geolocation and digital address of basically every device connected to the Internet around the world, providing what’s called network situational awareness. The client locates a region on the password-protected web-based map, then picks a country and city — say, Beijing, China. Next the client types in the name of the target organization, such as the Ministry of Public Security’s No. 3 Research Institute, which is responsible for computer security — or simply enters its address, 6 Zhengyi Road. The map will then display what software is running on the computers inside the facility, what types of malware some may contain, and a menu of custom-designed exploits that can be used to secretly gain entry. It can also pinpoint those devices infected with malware, such as the Conficker worm, as well as networks turned into botnets and zombies — the equivalent of a back door left open…

"The buying and using of such a subscription by nation-states could be seen as an act of war. ‘If you are engaged in reconnaissance on an adversary’s systems, you are laying the electronic battlefield and preparing to use it’ wrote Mike Jacobs, a former NSA director for information assurance, in a McAfee report on cyberwarfare. ‘In my opinion, these activities constitute acts of war, or at least a prelude to future acts of war.’ The question is, who else is on the secretive company’s client list? Because there is as of yet no oversight or regulation of the cyberweapons trade, companies in the cyber-industrial complex are free to sell to whomever they wish. "It should be illegal,’ said the former senior intelligence official involved in cyberwarfare. ‘I knew about Endgame when I was in intelligence. The intelligence community didn’t like it, but they’re the largest consumer of that business.’"

That’s the key question: How much of what the United States is currently doing is an act of war by international definitions? Already we’re accusing China of penetrating our systems in order to map "military capabilities that could be exploited during a crisis." What PPD-20 and Snowden describe is much worse, and certainly China, and other countries, are doing the same.

All of this mapping of vulnerabilities and keeping them secret for offensive use makes the Internet less secure, and these pre-targeted, ready-to-unleash cyberweapons are destabalizing forces on international relationships. Rooting around other countries’ networks, analyzing vulnerabilities, creating back doors, and leaving logic bombs could easily be construed as an act of war. And all it takes is one over-achieving national leader for this all to tumble into actual war.

It’s time to stop the madness. Yes, our military needs to invest in cyberwar capabilities, but we also need international rules of cyberwar, more transparency from our own government on what we are and are not doing, international cooperation between governments and viable cyberweapons treaties. Yes, these are difficult. Yes, it’s a long slow process. Yes, there won’t be international consensus, certainly not in the beginning. But even with all of those problems, it’s a better path to go down than the one we’re on now.

We can start by taking most of the money we’re investing in offensive cyberwar capabilities and spend them on national cyberspace resilience. MAD, mutually assured destruction, made sense because there were two superpowers opposing each other. On the Internet there are all sorts of different powers, from nation-states to much less organized groups. An arsenal of cyberweapons begs to be used, and, as we learned from Stuxnet, there’s always collateral damage to innocents when they are. We’re much safer with a strong defense than with a counterbalancing offense.

Follow @CNNOpinion on Twitter.

Join us at Facebook/CNNOpinion.

The opinions expressed in this commentary are solely those of Bruce Schneier.

CONTINUE READING…

Anger swells after NSA phone records collection revelations

outrage

 

Senior politicians reveal that US counter-terrorism efforts have swept up personal data from American citizens for years


NSA taps in to internet giants’ systems to mine user data, secret files reveal

 

The scale of America’s surveillance state was laid bare on Thursday as senior politicians revealed that the US counter-terrorism effort had swept up swaths of personal data from the phone calls of millions of citizens for years.

After the revelation by the Guardian of a sweeping secret court order that authorised the FBI to seize all call records from a subsidiary of Verizon, the Obama administration sought to defuse mounting anger over what critics described as the broadest surveillance ruling ever issued.

A White House spokesman said that laws governing such orders “are something that have been in place for a number of years now” and were vital for protecting national security. Dianne Feinstein, the Democratic chairwoman of the Senate intelligence committee, said the Verizon court order had been in place for seven years. “People want the homeland kept safe,” Feinstein said.

But as the implications of the blanket approval for obtaining phone data reverberated around Washington and beyond, anger grew among other politicians.

Intelligence committee member Mark Udall, who has previously warned in broad terms about the scale of government snooping, said: “This sort of widescale surveillance should concern all of us and is the kind of government overreach I’ve said Americans would find shocking.” Former vice-president Al Gore described the “secret blanket surveillance” as “obscenely outrageous”.

The Verizon order was made under the provisions of the Foreign Intelligence Surveillance Act (Fisa) as amended by the Patriot Act of 2001, passed in the wake of the 9/11 attacks. But one of the authors of the Patriot Act, Republican congressman Jim Sensenbrenner, said he was troubled by the Guardian revelations. He said that he had written to the attorney general, Eric Holder, questioning whether “US constitutional rights were secure”.

He said: “I do not believe the broadly drafted Fisa order is consistent with the requirements of the Patriot Act. Seizing phone records of millions of innocent people is excessive and un-American.”

The White House sought to defend what it called “a critical tool in protecting the nation from terrorist threats”. White House spokesman Josh Earnest said Fisa orders were used to “support important and highly sensitive intelligence collection operations” on which members of Congress were fully briefed.

“The intelligence community is conducting court-authorized intelligence activities pursuant to a public statute with the knowledge and oversight of Congress and the intelligence community in both houses of Congress,” Earnest said.

He pointed out that the order only relates to the so-called metadata surrounding phone calls rather than the content of the calls themselves. “The order reprinted overnight does not allow the government to listen in on anyone’s telephone calls,” Earnest said.

“The information acquired does not include the content of any communications or the name of any subscriber. It relates exclusively to call details, such as a telephone number or the length of a telephone call.”

But such metadata can provide authorities with vast knowledge about a caller’s identity. Particularly when cross-checked against other public records, the metadata can reveal someone’s name, address, driver’s licence, credit history, social security number and more. Government analysts would be able to work out whether the relationship between two people was ongoing, occasional or a one-off.

The disclosure has reignited longstanding debates in the US over the proper extent of the government’s domestic spying powers.

Ron Wyden of Oregon, a member of the Senate intelligence committee who, along with Udell, has expressed concern about the extent of US government surveillance, warned of “sweeping, dragnet surveillance”. He said: “I am barred by Senate rules from commenting on some of the details at this time, However, I believe that when law-abiding Americans call their friends, who they call, when they call, and where they call from is private information.

“Collecting this data about every single phone call that every American makes every day would be a massive invasion of Americans’ privacy.”

‘Beyond Orwellian’

Jameel Jaffer, deputy legal director at the American Civil Liberties Union, said: “From a civil liberties perspective, the program could hardly be any more alarming. It’s a program in which some untold number of innocent people have been put under the constant surveillance of government agents.

“It is beyond Orwellian, and it provides further evidence of the extent to which basic democratic rights are being surrendered in secret to the demands of unaccountable intelligence agencies.”

Under the Bush administration, officials in security agencies had disclosed to reporters the large-scale collection of call records data by the NSA, but this is the first time significant and top-secret documents have revealed the continuation of the practice under President Obama.

The order names Verizon Business Services, a division of Verizon Communications. In its first-quarter earnings report, published in April, Verizon Communications listed about 10 million commercial lines out of a total of 121 million customers. The court order, which lasts for three months from 25 April, does not specify what type of lines are being tracked. It is not clear whether any additional orders exist to cover Verizon’s wireless and residential customers, or those of other phone carriers.

Fisa court orders typically direct the production of records pertaining to a specific, named target suspected of being an agent of a terrorist group or foreign state, or a finite set of individually named targets. The unlimited nature of the records being handed over to the NSA is extremely unusual.

Senators Dianne Feinstein, chairman of the Senate intelligence committee, and Saxby Chambliss, the vice chairman, speak to reporters about the NSA cull of phone records.

Senators Dianne Feinstein, chairman of the Senate intelligence committee, and Saxby Chambliss, the vice chairman, speak to reporters about the NSA cull of phone records. Photograph: Alex Wong/Getty Images

Feinstein said she believed the order had been in place for some time. She said: “As far as I know this is the exact three-month renewal of what has been the case for the past seven years. This renewal is carried out by the [foreign intelligence surveillance] court under the business records section of the Patriot Act. Therefore it is lawful. It has been briefed to Congress.”

The Center for Constitutional Rights said in a statement that the secret court order was unprecedented. “As far as we know this order from the Fisa court is the broadest surveillance order to ever have been issued: it requires no level of suspicion and applies to all Verizon [business services] subscribers anywhere in the US.

“The Patriot Act’s incredibly broad surveillance provision purportedly authorizes an order of this sort, though its constitutionality is in question and several senators have complained about it.”

Russell Tice, a retired National Security Agency intelligence analyst and whistleblower, said: “What is going on is much larger and more systemic than anything anyone has ever suspected or imagined.”

Although an anonymous senior Obama administration official said that “on its face” the court order revealed by the Guardian did not authorise the government to listen in on people’s phone calls, Tice now believes the NSA has constructed such a capability.

“I figured it would probably be about 2015” before the NSA had “the computer capacity … to collect all digital communications word for word,” Tice said. “But I think I’m wrong. I think they have it right now.”

Daily Email

Get the Guardian’s daily US email

Our editors’ picks for the day’s top news and commentary delivered to your inbox each morning.

Sign up for the daily email

Continue Reading…