You might say the day is never really done in consumer technology news. Your workday, however, hopefully draws to a close at some point. This is the Daily Roundup on Engadget, a quick peek back at the top headlines for the past 24 hours -- all handpicked by the editors here at the site. Click on through the break, and enjoy.
By now, it's no secret that the NSA has courted privacy violations, but new documents divulge just how long such incidents have occurred. Director of National Intelligence James Clapper released approximately 1,800 pages of declassified files, which reveal that the NSA's phone record program violations happened between 2006 (when it first came under court supervision) and 2009, when the Foreign Intelligence Surveillance Court ordered changes to the operation. During that period, a total of 17,835 phone numbers were listed for checking against Uncle Sam's database, and only about 1,800 were based on the standard of reasonable suspicion. According to Clapper, congress received the papers we're seeing now at the time of the incidents, and corrective measures have been put in place. Among the preventative actions are a complete "end-to-end" review of telephony metadata handling, the creation of the Director of Compliance position and a fourfold increase of the compliance department's personnel.
As it turns out, the missteps are (again) said to have been accidents. "There was nobody at the NSA who had a full understanding of how the program worked," an intelligence official claims. Sure, the increased transparency is certainly welcome, but a recently-leaked NSA audit from May of 2012 suggests that collection of protected data is still occurring from a combination of human error and technical limits. To pore through the National Security Agency's fresh load of documents, hit the second source link below.
Filed under: Internet
Via: Wall Street Journal
It's not every day you see Google, Facebook and Yahoo aligned on a issue, but a push toward increased governmental transparency is just the sort of cause that'll put competing web companies on the same outraged page. All three noted today through their respective channels that they've filed petitions with the Foreign Intelligence Surveillance Court (FISC) to disclose the number of requests the government has issued for user data under national security statutes. Says Yahoo general counsel Ron Bell:
We believe that the U.S. Government's important responsibility to protect public safety can be carried out without precluding Internet companies from sharing the number of national security requests they may receive.
Following in the footsteps of Facebook -- which revealed its first Global Government Requests Report just a few weeks ago -- Yahoo is finishing out the week by publishing data of its own. The firm's first "global law enforcement transparency report" covers governmental requests for user data from January 1st through June 30th of this year, and the outfit plans to put out subsequent reports every six months. Of note, Yahoo claims that it's including "national security requests within the scope of [its] aggregate statistics," and for the paranoid in attendance, you may be relieved to know that said requests comprise "less than one one-hundredth of one percent (<.01%)" of Yahoo's global userbase. Feel free to dig in at the links below, but sadly, you won't find anything other than high-level macro figures. (As an aside, that logo.)
Filed under: Internet
Via: Tumblr (Yahoo)
Source: Yahoo Transparency Report
As reporters at the New York Times, the Guardian and ProPublica dig deeper into the documents leaked by Edward Snowden, new and disturbing revelations continue to be made. Two programs, dubbed Bullrun (NSA) and Edgehill (GCHQ), have just come to light, that focus on circumventing or breaking the security and encryption tools used across the internet. The effort dwarfs the $20 million Prism program that simply gobbled up data. Under the auspices of "Sigint (signals intelligence) enabling" in a recent budget request, the NSA was allocated roughly $255 million dollars this year alone to fund its anti-encryption program.
The agencies' efforts are multi-tiered, and start with a strong cracking tool. Not much detail about the methods or software are known, but a leaked memo indicates that the NSA successfully unlocked "vast amounts" of data in 2010. By then it was already collecting massive quantities of data from taps on internet pipelines, but much of it was safely protected by industry standard encryption protocols. Once that wall fell, what was once simply a torrent of scrambled ones and zeros, became a font of "exploitable" information. HTTPS, VoIP and SSL are all confirmed to have been compromised through Bullrun, though, it appears that some solutions to the NSA's "problem" are less elegant than others. In some cases a super computer and simple brute force are necessary to peel back the layers of encryption.
Filed under: Internet
Source: New York TImes, Guardian, ProPublica
The latest national security related revelation to come from the documents leaked by Edward Snowden is an account of how offensive computer operations work, and how many there are. The Washington Post reports that in 2011, 231 took place with about three quarters of them against "top-priority" targets, which its sources indicate include Iran, Russia, China and North Korea. Also interesting are details of software and hardware implants designed to infiltrate network hardware, persist through upgrades and access other connected devices or networks. The effort to break into networks is codenamed Genie, while the "Tailored Access Operations" group custom-builds tools to execute the attacks. One document references a new system "Turbine" that automates control of "potentially millions of implants" to gather data or execute an attack. All of this access isn't possible for free however, with a total cyber operations budget of $1.02 billion which includes $25.1 million spent this year to purchase software vulnerabilities from malware vendors. Get your fill of codenames and cloak-and-dagger from the article posted tonight, or check out the "Black Budget" breakdown of overall intelligence spending.
Filed under: Internet
Source: Washington Post (1), (2)
The mounting national debt? Yeah, you're probably better off just ignoring why exactly it's mounting. The Guardian is continuing the blow the lid off of the whole NSA / PRISM saga, today revealing new documents that detail how the NSA paid out "millions" of dollars to cover PRISM compliance costs for a multitude of monolithic tech outfits. As the story goes, the National Security Agency (hence, tax dollars from American taxpayers) coughed up millions "to cover the costs of major internet companies involved in the PRISM surveillance program after a court ruled that some of the agency's activities were unconstitutional." The likes of Yahoo, Google, Microsoft and Facebook are expressly named, and while Google is still angling for permission to reveal more about its side of the story, other firms have conflicting tales.
For whatever it's worth, a Yahoo spokesperson seemed a-okay with the whole ordeal, casually noting that this type of behavior is perfectly legal: "Federal law requires the US government to reimburse providers for costs incurred to respond to compulsory legal process imposed by the government. We have requested reimbursement consistent with this law." Meanwhile, Facebook stated that it had "never received any compensation in connection with responding to a government data request." Microsoft, as you might imagine, declined to comment, though we heard that Steve Ballmer could be seen in the distance throwing up a peace sign. At any rate, it's fairly safe to assume that your worst nightmares are indeed a reality, and you may have a far more enjoyable weekend if you just accept the fact that The Man knows everything. Better, right?
Source: The Guardian
Lavabit shut down its email services a couple weeks ago in response to governmental pressure regarding NSA whistleblower Edward Snowden's account. At the time, founder Ladar Levison stated he was shutting down Lavabit because he didn't want to "become complicit in crimes against the American people," but didn't expound upon what that statement meant due to a governmental gag order. The Guardian spoke with Levison recently, however, and while he still didn't deliver details about his legal dealings with Uncle Sam, he did share some thoughts about governmental surveillance in general.
As you might expect, Levison is against ubiquitous governmental surveillance of communications between citizens. To that end, he's calling for a change to be made in US law so that private and secure communications services can operate without being used as "listening posts for an American surveillance network." He's not wholly against the feds tapping phone lines, though, as he recognizes the role such surveillance plays in law enforcement. However, he thinks the methods that are being used to conduct that surveillance should be made public -- not an unreasonable request, by any means. You can read Levison's full take on the matter, along with a recounting of reasons behind Lavabit's creation at the source below.
Source: The Guardian
You might say the day is never really done in consumer technology news. Your workday, however, hopefully draws to a close at some point. This is the Daily Roundup on Engadget, a quick peek back at the top headlines for the past 24 hours -- all handpicked by the editors here at the site. Click on through the break, and enjoy.
The question of how much contact the NSA has with internet traffic throughout the US is being raised again, this time by the Wall Street Journal. Yesterday The Atlantic took issue with the security agency's mathematics and 1.6 percent claim, while the WSJ report looks more closely at its reach into telecommunications companies. The mishmash of codenamed programs are said to cover up to 75 percent of US internet traffic, although the amount actually stored and accessed is much smaller. The main difference between the calculations may be due to the difference between what ISPs -- handing over data under FISA orders -- carry, and what the NSA specifically requests. Its capabilities mean it can pull a lot more than just metadata, with access to the actual content of what's sent back and forth becoming even more troubling as privacy violations exposed by its own audits come to light.
There's an FAQ-style breakdown of what's new and notable from the usual "current and former" officials to get those interested up to speed quickly -- keep your tinfoil hats and end-to-end encrypted communications systems close by.
Filed under: Internet
Source: Wall Street Journal (1), (2)