tag:blogger.com,1999:blog-75890458753506971372024-03-14T06:16:20.634+00:00Ryan Gallagher | RJGallagher.co.ukryan j gallagher | journalistRyan Gallagherhttp://www.blogger.com/profile/01155476025158426542noreply@blogger.comBlogger47125tag:blogger.com,1999:blog-7589045875350697137.post-17853461514786782852019-12-20T12:22:00.000+00:002019-12-24T08:32:21.875+00:00UK Police Snowden Probe Declared "Inactive"In 2013, London's Metropolitan Police began a criminal investigation focusing on journalists who reported stories from a trove of secret documents leaked by the National Security Agency whistleblower Edward Snowden. Now, after six years and no arrests or prosecutions, the Met has confirmed that the investigation has been shelved.
<p>
The Met <a href="https://www.scribd.com/document/440482483/Foi-Full-Disclosure-01-Foi-19-011717#fullscreen=1">told me</a> in response to a recent Freedom of Information request that the investigation is "inactive pending further information being received." Since 2014, I've had <a href="https://theintercept.com/2015/11/13/code-name-uk-probe-snowden-reporting-revealed-operation-curable/">several</a> <a href="https://theintercept.com/2015/07/24/uk-met-police-snowden-investigation-journalists/">updates</a> from the Met regarding the investigation, and this marks the first time that its status has changed from "ongoing." In November 2017, the Met <a href="https://theintercept.com/2017/11/29/met-police-snowden-leaks-operation-curable">stated</a> that it was a "complex investigation and enquiries continue."
<p>
The investigation, which was given the code-name Operation Curable, had been led by the Met's Counter-Terrorism Command, under the direction of assistant commissioner Mark Rowley. In March 2018, Rowley retired from the Met -- and with his departure, it seems the Curable investigation went cold.
<p>
The majority of the documents in Snowden's leaked archive revealed classified American mass surveillance operations. But a significant portion of the files <a href="https://www.theguardian.com/uk/2013/jun/21/gchq-cables-secret-world-communications-nsa">disclosed</a> <a href="https://www.theguardian.com/world/2014/feb/27/gchq-nsa-webcam-images-internet-yahoo">explosive</a> <a href="https://theintercept.com/2015/09/25/gchq-radio-porn-spies-track-web-users-online-identities/">information</a> about electronic spying programs operated by the UK’s largest intelligence agency, Government Communications Headquarters, or GCHQ.
<p>
British authorities responded furiously to the Snowden revelations and tried to prevent <i>The Guardian</i> from publishing them. Infamously, representatives from GCHQ <a href="https://www.theguardian.com/us-news/2018/jun/04/surreal-moment-guardian-destroyed-snowden-files">were sent to the newspaper's London offices</a> at one stage to oversee the destruction of hard drives that contained the secret files.
<p>
The police went as far as to argue that publishing the Snowden files was itself a terrorist act, thereby explicitly conflating journalism with terrorism. In August 2013, a memo authored by the Met and domestic spy agency MI5 <a href="https://www.reuters.com/article/us-uk-nsa/uk-snowden-reporters-partner-involved-in-espionage-and-terrorism-idUSBRE9A013O20131101">asserted</a> that “the disclosure [of the Snowden documents], or threat of disclosure, is designed to influence a government and is made for the purpose of promoting a political or ideological cause. This therefore falls within the definition of terrorism.”
<p>
In December 2013, one of the London force’s most senior officers, Cressida Dick, was <a href="https://www.reuters.com/article/us-britain-snowden-guardian/british-news-staff-may-face-terrorism-charges-over-snowden-leaks-idUSBRE9B20TL20131203">questioned</a> about the case during a parliamentary hearing. She acknowledged that the force’s investigation was looking at whether reporters at <i>The Guardian</i> had committed criminal offences -- some carrying potential 10-year prison sentences -- for their role in revealing secret surveillance operations exposed in the documents. “We need to establish whether they have or haven’t [committed offences],” Dick said. “That involves a huge amount of scoping of material.”
<p>
It is unclear how much taxpayer money and police resources were invested in pursuing the Curable investigation. The Met has declined to provide any information about the amount of funds spent on the probe, or disclose the number of officers who worked on it; the force claims that it does not hold records of these details. It is also unclear whether the investigation may at some point resume. The Met said that the probe is inactive <i>pending further information being received</i> -- what that information may be, and whether it will ever actually materialise, is anyone's guess.
Ryan Gallagherhttp://www.blogger.com/profile/01155476025158426542noreply@blogger.com0tag:blogger.com,1999:blog-7589045875350697137.post-9419740732025772832018-12-13T20:18:00.000+00:002018-12-13T20:43:43.794+00:00Leadership of Google's Dragonfly ProjectEarlier this week, Google CEO Sundar Pichai made his first ever appearance in US Congress and <a href="https://theintercept.com/2018/12/11/google-congressional-hearing/">faced criticism</a> from lawmakers over the company's plan to launch as censored search engine in China. Pichai was evasive on several questions about the project, known as Dragonfly, and declined to answer when probed on the leadership personnel at the company involved in it.
<p>
While working on <a href="https://notes.rjgallagher.co.uk/2018/08/google-china-censored-search-coverage.html">a series of stories</a> about the search engine over the last few months, I pieced together a chart to map out the organisational structure of Dragonfly, which I am publishing here today to shine light on the key players behind the plan. The chart is a work in progress; it's not comprehensive and it is not based on any official Google documents. It is based on reliable information that multiple well-placed sources have shared with me.
<p>
In total, only approximately 300 Google employees -- 0.35% of the company's 88,000 total staff -- have worked on the censored search engine, which was designed to blacklist broad categories of information about human rights, democracy, and peaceful protest. The search platform <a href="https://theintercept.com/2018/09/14/google-china-prototype-links-searches-to-phone-numbers/">would also</a> link Chinese users’ search records to their cellphone numbers and share people’s search histories with a Chinese partner company — meaning that Chinese security agencies, which routinely target activists and critics, could obtain the data.
<p>
As I <a href="https://theintercept.com/2018/11/29/google-china-censored-search/">reported</a> in late November, the secrecy that surrounded the China plan was unprecedented inside the company. The top executives at the internet giant went to extraordinary lengths to keep the project under wraps. But who are those executives and what are their roles within the company?
<p>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgb5juMUTEIJmZk9aia3El4gpmzotgrIK6SC8qC_1JXwC6pMikgct4z_WVQ5FqagHh8O7HBUyOGBXgQgiIRJ1k4iBLlYIblnCQ0IrTyNB221aw42Qhahs6FnbrstoYljEuhAnA14loXFEV0/s1600/dragonfly+hierarchy+v1.png" imageanchor="1" ><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgb5juMUTEIJmZk9aia3El4gpmzotgrIK6SC8qC_1JXwC6pMikgct4z_WVQ5FqagHh8O7HBUyOGBXgQgiIRJ1k4iBLlYIblnCQ0IrTyNB221aw42Qhahs6FnbrstoYljEuhAnA14loXFEV0/s1600/dragonfly+hierarchy+v1.png" width="700" height="800" /></a>
<p>
<u><b>Board of directors</b></u>
<br>
It is still unclear to me how much the directors -- with the exception of CEO Sundar Pichai -- knew about Dragonfly and when. The project has been underway inside Google since 2016, but co-founder Sergey Brin <a href="https://theintercept.com/2018/08/17/internal-meeting-reveals-how-google-bosses-misled-staff-on-their-china-censorship-plan-here-are-the-questions-they-must-answer/">claimed</a> that he knew nothing about it until we <a href="https://theintercept.com/2018/08/01/google-china-search-engine-censorship/">exposed the plan</a> at The Intercept in August. Brin has in the past taken a strong anti-censorship stance, and Google sources have <a href="https://theintercept.com/2018/11/29/google-china-censored-search/">suggested</a> to me that some executives (see Scott Beaumont, below) may have deliberately withheld information from him about Dragonfly. I know for sure that other members of the board were looped in on Google's general work in China (such as projects to push out <a href="https://www.washingtonpost.com/news/worldviews/wp/2017/03/29/new-google-translate-app-now-available-in-china-as-company-tries-to-edge-back-in/?noredirect=on&utm_term=.dbfab95a8293">a translate app</a> for the Chinese market, and a <a href="https://www.reuters.com/article/us-jd-com-google-idUSKBN1JE079">$550 million investment</a> in the online Chinese retailer JD.com). But the extent of their knowledge on Dragonfly, and how much of it they signed off on -- I am still trying to establish that.
<p>
<u><b>Sundar Pichai, CEO</b></u>:
<br>
Pichai took over at the helm of Google in 2015 and one of the items at the top of his agenda was -- and still is -- getting back into China. He publicly <a href="https://www.recode.net/2016/6/1/11830654/google-ceo-sundar-pichai-china">declared</a> in 2016: "We want to be in China serving Chinese users.” Following the Dragonfly revelations, Pichai has faced a torrent of criticism over the censored search engine. He has defended the plan while making a series of <a href="https://theintercept.com/2018/08/17/internal-meeting-reveals-how-google-bosses-misled-staff-on-their-china-censorship-plan-here-are-the-questions-they-must-answer/">misleading statements</a> about how advanced the project was inside the company. Pichai appears to have delegated authority to Scott Beaumont, Google's chief in China, to manage the project.
<p>
<u><b>Scott Beaumont, vice president of Google, Greater China & Korea</b></u>
<br>
Beaumont is a British citizen who began his career working for an investment bank in England. He joined Google in 2009, working from London as director of the company’s partnerships in Europe, Asia and the Middle East. In 2013, Beaumont relocated to China to head Google’s operations there. He is a leading force inside the company directing the Dragonfly project, viewing it as an integral step for the growth of the company and liaising directly with CEO Sundar Pichai on the progress of the plan. Beaumont's handling of Dragonfly has caused <a href="https://theintercept.com/2018/11/29/google-china-censored-search/">internal friction</a> -- Yonatan Zunger, who was until last year one of Google's leading engineers, told me Beaumont did not take seriously human rights concerns that were repeatedly raised internally about the censored search engine. Beaumont “wanted the privacy review [of Dragonfly] to be pro forma and thought it should defer entirely to his views of what the product ought to be," said Zunger. "He did not feel that the security, privacy, and legal teams should be able to question his product decisions, and maintained an openly adversarial relationship with them — quite outside the Google norm.”
<p>
<u><b>Kent Walker, senior vice president of global affairs</b></u>
<br>
Walker oversees Google's policy, legal, trust and safety, and corporate philanthropy teams, and formely served as the company's general counsel. His day-to-day involvement in Dragonfly appears to have been fairly limited, but he has been involved in a number of high-level meetings about the project and its policy and legal status with other top executives, including Pichai and Beaumont. Following the public exposure of Dragonfly, Walker helped handle the backlash that ensued. In October, he wrote <a href="https://www.documentcloud.org/documents/5498599-Google-Response-to-Dragonfly-Letter.html">a letter</a> to human rights groups defending Google's mission to provide "access to information to people around the world," while claiming the company remains committed to "protecting the rights to freedom of expression and privacy for our users globally."
<p>
<u><b>Caesar Sengupta, vice president, Next Billion Users Team</b></u>
<br>Sengupta leads Google's effort to "engage the next billion internet users," and has had a leadership role on the Dragonfly project, collaborating closely with Scott Beaumont. One source who worked on Dragonfly told me: "Scott tends to treat Caesar like a lackey. Scott definitely considers himself in charge and Caesar is there to do his bidding." In November, after I <a href="https://theintercept.com/2018/11/29/google-china-censored-search/">reported</a> that Google's privacy and security teams had been shut out of key meetings on Dragonfly and had felt sidelined by Beaumont, Sengupta <a href="https://twitter.com/caesars/status/1068307680777842688">claimed</a> on Twitter that there was "no sidelining of privacy and security" and described Beaumont glowingly as "a person of very high integrity." Sengupta stated that he had experience "working on Dragonfly", but did not mention that he had a leading role on the project.
<p>
<u><b>Andrew Bowers, senior director, project management</b></u>
<br>
Bowers began his career at Google in 2006 as a marketing manager, based out of California. In 2016, he relocated to China as the company began to ramp up its operations in the country. His remit is to "reintroduce Google as a brand" to people in China, doing so through various products, such as a <a href="https://www.washingtonpost.com/news/worldviews/wp/2017/03/29/new-google-translate-app-now-available-in-china-as-company-tries-to-edge-back-in/?noredirect=on&utm_term=.dbfab95a8293">translate app</a> and a <a href="https://www.scmp.com/tech/china-tech/article/2155964/google-takes-another-step-chinese-market-ai-drawing-game-wechat">WeChat game</a> designed specifically for the Chinese market. Working out of Google offices in Hong Kong, Shanghai, and Beijing, Bowers is a key player on the Dragonfly project. He has helped manage the day-to-day operations of Dragonfly and has helped to develop strategy for the launch.
<p>
<u><b>Ben Gomes, head of search</b></u>
<br>
Gomes joined Google in 1999 and is one of the key engineers behind the company’s search engine. He took over the role as Google's head of search in April this year, succeeding John Giannandrea in that role. Giannandrea had helped develop the Dragonfly project before he left Google to take up a new job with Apple. Gomes inherited the blueprint for Dragonfly that Giannandrea had worked on. In July, Gomes <a href="https://theintercept.com/2018/10/09/google-china-censored-search-engine/">told staff</a> in a private meeting that the censored search engine project was "extremely important to the company," and said he hoped it could be launched between January and April 2019 or sooner. “We have to be focused on what we want to enable,” Gomes said. “And then when the opening happens, we are ready for it.”
<p>
<u><b>Product managers</b></u>
<br>
Have been looking at studies profiling the kinds of people that might use Google search in China.
<p>
<u><b>Ranking teams</b></u>
<br>
Working to finely tune the quality of the search results on the censored search engine.
<p>
<b><u>One Box teams</u></b>
<br>
These teams have been localising Google's search results to China, so that when people perform searches for certain phrases they will receive, for example, a separate box displaying information about weather, sports results, or news (see examples of 'one box' results <a href="https://en.ryte.com/wiki/Google_OneBox">here</a>). Notably, sources <a href="https://theintercept.com/2018/09/14/google-china-prototype-links-searches-to-phone-numbers/">have said</a> that the weather results -- specifically, air quality data -- will be provided from a source in Beijing, meaning it could be distorted to downplay toxins in the air. (The Chinese government has a <a href="https://www.theguardian.com/world/2014/nov/10/apec-china-blocks-access-us-air-pollution-data-beijing">track record</a> of manipulating air quality data.) News results will also be heavily censored and they will not include content from many western outlets -- for example, the BBC, New York Times, or Wall Street Journal.
<p>
<u><b>Infrastructure teams</b></u>
<br>
Developing the systems that will run the search engine, host and process the data.
<p>
<u><b>User experience teams</b></u>
<br>
Studying Chinese people's search behaviour and looking at how they might use Google.
<p>
<u><b>Security, privacy, legal teams</b></u>
<br>
Fairly self explanatory: these teams have focused on security, privacy, and legal issues around Dragonfly. But their work has not been straightforward, and sources said their efforts to carry out reviews of the censored search engine was hindered by Scott Beaumont, who handled the project in a "highly unusual" way and opposed the privacy review process (you can read more details on that <a href="https://theintercept.com/2018/11/29/google-china-censored-search/">here</a>).
<p>
<b><u>Designers</u></b>
<br>
Developing the mobile apps for the censored search engine. There are two versions, named Longfei and Maotai. Sources say Google is working on designing the app for both Android and iOS devices.
<p>
<u><b>Ads, Geo, and Identity</b></u>
<br>
Teams working on advertising, Google maps, and identity, respectively. The identity team focuses on user sign-in and authentication issues. The Dragonfly search app will <a href="https://theintercept.com/2018/09/14/google-china-prototype-links-searches-to-phone-numbers/">force people in China to log in to perform searches and will link</a> their search records to their mobile phone number.
<p>
--
<p>
<i>If you know more about the leadership structure of Dragonfly, you can contact me securely using one of the methods detailed on <a href="https://www.rjgallagher.co.uk/p/anonymous-tip.html">this page</a>.</i>
Ryan Gallagherhttp://www.blogger.com/profile/01155476025158426542noreply@blogger.com0tag:blogger.com,1999:blog-7589045875350697137.post-69436212543504435692018-08-16T21:59:00.001+01:002019-04-18T16:30:58.903+01:00Google China Censored Search CoverageMy reporting so far on the Google-China censorship story (from oldest to newest):
<p>
<blockquote><a href="https://theintercept.com/2018/08/01/google-china-search-engine-censorship/">Google Plans to Launch Censored Search Engine in China, Leaked Documents Reveal</a> (1 August)
<p>
<a href="https://theintercept.com/2018/08/03/google-search-engine-china-censorship-backlash/">
Google Struggles to Contain Employee Uproar Over China Censorship Plans</a> (3 August)
<p>
<a href="https://theintercept.com/2018/08/04/senators-pressure-google-china-censorship-dragonfly/">Lawmakers Pressure Google Over “Deeply Troubling” China Censorship Project</a> (4 August)
<p>
<a href="https://theintercept.com/2018/08/08/google-censorship-china-blacklist/">Inside Google’s Effort to Develop a Censored Search Engine in China</a> (8 August)
<p>
<a href="https://notes.rjgallagher.co.uk/2018/08/questions-for-google-on-china-censorship-dragonfly.html">Questions for Google on China Censorship</a> (9 August)
<p>
<a href="https://theintercept.com/2018/08/10/google-censorship-plan-is-not-right-and-stupid-says-former-google-head-of-free-expression/">Google Censorship Plan Is “Not Right” and “Stupid,” Says Former Google Head of Free Expression</a> (10 August)
<p>
<a href="https://notes.rjgallagher.co.uk/2018/08/ethics-human-rights-google-china-censorship.html">How Google's China Censorship Would Likely Violate Its Human Rights Commitments</a> (12 August)
<p>
<a href="https://notes.rjgallagher.co.uk/2018/08/google-china-dragonfly-sergey-brin-yacht.html">Google China Censorship Project Named After Co-Founder Sergey Brin's Luxury Yacht?</a> (16 August)
<p>
<a href="https://theintercept.com/2018/08/16/google-china-crisis-staff-dragonfly/">Google Staff Tell Bosses China Censorship is “Moral and Ethical” Crisis</a> (16 August)
<p>
<a href="https://theintercept.com/2018/08/17/internal-meeting-reveals-how-google-bosses-misled-staff-on-their-china-censorship-plan-here-are-the-questions-they-must-answer/">Google Executives Misled Staff in Meeting on China Censorship. Here Are 13 Questions They Must Answer.</a> (17 August)
<p>
<a href="https://theintercept.com/2018/08/28/google-china-censorship-plan-human-rights/">World’s Leading Human Rights Groups Tell Google to Cancel Its China Censorship Plan</a> (28 August)
<p>
<a href="https://theintercept.com/2018/09/13/google-china-search-engine-employee-resigns/">Senior Google Scientist Resigns Over “Forfeiture of Our Values” in China</a> (13 September)
<p>
<a href="https://theintercept.com/2018/09/14/google-china-prototype-links-searches-to-phone-numbers/">Google China Prototype Links Searches to Phone Numbers</a> (14 September)
<p>
<a href="https://theintercept.com/2018/09/21/google-suppresses-memo-revealing-plans-to-closely-track-search-users-in-china/">Google Suppresses Memo Revealing Plans to Closely Track Search Users in China</a> (21 September)
<p>
<a href="https://theintercept.com/2018/09/26/former-google-scientist-tells-senate-to-act-over-companys-unethical-and-unaccountable-china-censorship-plan/">Former Google Scientist Tells Senate to Act Over Company’s “Unethical and Unaccountable” China Censorship Plan</a> (26 September)
<p>
<a href="https://theintercept.com/2018/10/09/google-china-censored-search-engine/">Leaked Transcript of Private Meeting Contradicts Google’s Official Story on China</a> (9 October)
<p><a href="https://theintercept.com/2018/10/12/google-search-engine-china-censorship/">
Google CEO Tells Senators That Censored Chinese Search Engine Could Provide “Broad Benefits”</a> (12 October)
<p>
<a href="https://theintercept.com/2018/11/26/google-dragonfly-project-china-amnesty-international/">Amnesty International To Stage Worldwide Protests Against Google’s “Dystopian” Censored Search for China</a> (27 November)
<p>
<a href="https://theintercept.com/2018/11/27/hundreds-of-google-employees-tell-bosses-to-cancel-censored-search-amid-worldwide-protests/">Hundreds of Google Employees Tell Bosses to Cancel Censored Search Amid Worldwide Protests</a> (27 November)
<p>
<a href="https://theintercept.com/2018/11/29/google-china-censored-search/">Google Shut Out Privacy and Security Teams From Secret China Project</a> (29 November)
<p>
<a href="https://theintercept.com/2018/12/10/rights-groups-pressure-google-on-china-censorship-ahead-of-congressional-hearing/">Rights Groups Turn Up Pressure on Google Over China Censorship Ahead of Congressional Hearing</a> (10 December)
<p>
<a href="https://theintercept.com/2018/12/11/google-congressional-hearing/">Google CEO Hammered by Members of Congress on China Censorship Plan</a> (11 December)
<p>
<a href="https://notes.rjgallagher.co.uk/2018/12/google-china-dragonfly-leadership.html">Leadership of Google's Dragonfly project</a> (13 December)
<p>
<a href="https://theintercept.com/2018/12/17/google-china-censored-search-engine-2/">Google’s Secret China Project “Effectively Ended” After Internal Confrontation</a> (17 December)
<p>
<a href="https://theintercept.com/2019/01/18/google-dragonfly-project-protests/">Google Faces Renewed Protests and Criticism Over China Search Project</a> (18 January 2019)
<p>
<a href="https://theintercept.com/2019/03/04/google-ongoing-project-dragonfly/">
Google Employees Uncover Ongoing Work on Censored China Search</a>, (4 March 2019)
<p>
<a href="https://theintercept.com/2019/03/27/google-dragonfly-china-review/">Google is Conducting a Secret "Performance Review" of Its Censored China Search Project</a> (27 March 2019)
</blockquote>
<p>
A few interviews on the topic:
<blockquote><p>
<a href="https://www.pri.org/programs/pris-world/threats-midterms-identifying-remains-north-korea-google-and-china">PRI's The World</a> (2 August)
<p>
<a href="https://www.npr.org/2018/08/02/635047694/google-plans-for-a-censored-search-engine-in-china">NPR</a> (2 August)
<p>
<a href="https://www.cnbc.com/video/2018/08/02/intercept-google-plans-censored-search-engine-china-dragonfly-googl-stock.html">CNBC</a> (2 August)
<p>
<a href="https://www.bbc.co.uk/programmes/w172w4kdfshy61d">BBC</a> (at 14m) (2 August)
<p>
<a href="https://www.youtube.com/watch?v=7rwwVEcUb5E&feature=youtu.be">Tech News Today</a> (2 August)
<p>
<a href="https://twitter.com/abcnews/status/1026452737347776512">ABC</a> (6 August)
<p>
<a href="http://www.podbbang.com/ch/10101?e=22685057">TBS EFM</a> (15 August)
<p>
<a href="https://www.pri.org/programs/pris-world/lives-put-hold-trumps-travel-ban-google-employees-protest-china-plans-and-soviet">PRI's The World</a> (17 August)
<p>
<a href="https://slate.com/technology/2018/08/inside-googles-plan-to-launch-a-censored-search-engine-in-china.html">Slate "If Then" podcast</a> (22 August)
</blockquote>
Ryan Gallagherhttp://www.blogger.com/profile/01155476025158426542noreply@blogger.com1tag:blogger.com,1999:blog-7589045875350697137.post-49930564856072366582018-08-15T20:58:00.001+01:002018-08-16T19:53:29.906+01:00Google China Censorship Project Named After Co-Founder Sergey Brin's Luxury Yacht?Google co-founder Sergey Brin is the owner of what is reportedly one of the world’s fastest motor yachts. The luxurious 240-foot boat (pictured below) is worth $80 million and has nine cabins and space for 18 guests and 16 crew. It has an open-air cinema, a bar, and a jacuzzi on the sundeck, which can be converted into a dance floor.
<p>
But that is all less interesting to me than the boat’s name: Dragonfly. As I <a href="https://theintercept.com/2018/08/01/google-china-search-engine-censorship/">reported</a> for <i>The Intercept</i> earlier this month, Google has since spring 2017 been working on a secretive project to launch a censored search engine in China. And the internal code-name for the China project is… Dragonfly.
<p>
I’ll explain why this small detail is very curious.
<p>
<div class="separator" style="clear: both; text-align: left;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6ZqmOqb2Jqx1fV9XPpFYViaP5ZGpDybji1C6ddNOjJYRvde1eHiWV1gmPDMjGzKDersVq3oJnJLjA5etNWwWJ-5bx7US52F6X_Z3QktovwcS29sllVUXbmrzo7vNn7HZGOK7If2042JhO/s1600/DRAGONFLY-MOTOR-YACHT-CHARTER_12.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6ZqmOqb2Jqx1fV9XPpFYViaP5ZGpDybji1C6ddNOjJYRvde1eHiWV1gmPDMjGzKDersVq3oJnJLjA5etNWwWJ-5bx7US52F6X_Z3QktovwcS29sllVUXbmrzo7vNn7HZGOK7If2042JhO/s640/DRAGONFLY-MOTOR-YACHT-CHARTER_12.jpg" width="640" height="364" data-original-width="1600" data-original-height="910" /></a></div>
<p>
Back in 2006, Google launched a censored search engine in China. But four years later, in March 2010, it pulled the service out of the country, <a href="https://googleblog.blogspot.com/2010/03/new-approach-to-china-update.html">citing</a> Chinese government efforts to limit free speech, block websites, and hack Google’s computer systems.
<p>
At that time, Sergey Brin was one of the main forces inside Google arguing that the company should not be complicit in Chinese government censorship. As a child, he had spent six years with his family in the Soviet Union, and he was all too familiar with state repression.
<p>
After Google pulled its search engine out of China in 2010, Brin <a href="https://www.wsj.com/articles/SB10001424052748704266504575141064259998090">said</a> of the Chinese government: “In some aspects of their policy, particularly with respect to censorship, with respect to surveillance of dissidents, I see the same earmarks of totalitarianism, and I find that personally quite troubling."
<p>
It’s clear Brin was at the time genuinely uncomfortable with the censorship – he didn't just say what he did for public relations reasons. I have heard this from several people inside the company who spent years working with him. He took a principled stand and had arguments with colleagues over the issue.
<p>
In recent years, Brin has taken a more hands-off role at Google. Since 2015, CEO Sundar Pichai has taken the helm, and he has steered the company’s policy on China. But Brin still serves on Google’s board of directors, and would surely have been briefed on the search engine plans, given their importance for Google both politically and strategically. So did Brin change his mind about the censorship? Was he simply outvoted by his colleagues on the issue?
<p>
More to the point at hand, why was the Chinese censorship project given the same name as Brin’s yacht? Is it possible somebody inside Google is trying to troll Brin, knowing that he has in the past spoken out against the Chinese government censorship? Or was Brin himself involved in giving the project this name, indicating that he has changed his views? Or is it all just some bizarre coincidence?
<p>
I’ll have to add this to my <a href="http://notes.rjgallagher.co.uk/2018/08/questions-for-google-on-china-censorship-dragonfly.html">long list of questions</a> for Google (which the company has still not answered, by the way).
<p>
**
<p>
READ MORE:
<p><ul>
<li><a href="https://theintercept.com/2018/08/01/google-china-search-engine-censorship/">Google Plans to Launch Censored Search Engine in China, Leaked Documents Reveal</a></li>
<p>
<li><a href="https://theintercept.com/2018/08/03/google-search-engine-china-censorship-backlash/">Google Struggles to Contain Employee Uproar Over China Censorship Plans</a></li>
<p>
<li><a href="https://theintercept.com/2018/08/04/senators-pressure-google-china-censorship-dragonfly/">Lawmakers Pressure Google Over “Deeply Troubling” China Censorship Project</a></li>
<p>
<li><a href="https://theintercept.com/2018/08/08/google-censorship-china-blacklist/">Inside Google’s Effort to Develop a Censored Search Engine in China</a></li>
<p>
<li><a href="https://theintercept.com/2018/08/16/google-china-crisis-staff-dragonfly/">Google Staff Tell Bosses China Censorship is “Moral and Ethical” Crisis</a></li></ul>Ryan Gallagherhttp://www.blogger.com/profile/01155476025158426542noreply@blogger.com0tag:blogger.com,1999:blog-7589045875350697137.post-45616981384242256562018-08-12T16:57:00.001+01:002018-08-13T17:33:58.401+01:00How Google's China Censorship Would Likely Violate Its Human Rights CommitmentsAs I <a href="https://theintercept.com/2018/08/01/google-china-search-engine-censorship/">recently reported</a>, Google is planning to launch a censored search engine in China. The search engine has been designed to remove content that China’s authoritarian government views as sensitive, such as information about political opponents, free speech, democracy, human rights, and peaceful protest. It would “blacklist sensitive queries” so that “no results will be shown” at all when people enter certain words or phrases.
<p>
Google’s development of the censored search engine has been <a href="https://theintercept.com/2018/08/04/senators-pressure-google-china-censorship-dragonfly/">condemned</a> by US senators and human rights groups and triggered anger inside the company, with many Google employees feeling that the project is a betrayal of Google’s mission to be a force for good in the world and provide open access to information.
<p>
Significantly, Google’s development of the search engine calls into question the company’s adherence to ethical principles and human rights codes of conduct that it has previously committed to implement. Below, I've put together a short summary detailing some of the codes of practice and human rights standards that Google’s China censorship would likely violate. (I have <a href="https://notes.rjgallagher.co.uk/2018/08/questions-for-google-on-china-censorship-dragonfly.html">asked</a> Google to explain its censorship plans, but so far it has refused to comment.)
<p>
**
<p>
Google is a member of the <a href="https://globalnetworkinitiative.org/">Global Network Initiative</a> (GNI), an organization that seeks to defend digital rights across the world. Companies that join the GNI – like Google – commit to implementing its <a href="https://globalnetworkinitiative.org/gni-principles/">Principles on Freedom of Expression and Privacy</a>. The principles make clear that member companies should not engage in the sort of broad censorship that is widespread in China, stating:
<p>
<blockquote>Participating companies will respect and work to protect the freedom of expression rights of users when confronted with government demands, laws and regulations to suppress freedom of expression, remove content or otherwise limit access to communications, ideas and information in a manner inconsistent with internationally recognized laws and standards.</blockquote>
<p>
Google's search engine plan also has privacy and surveillance implications, because companies providing internet services in China have to operate their servers and data centres in the country, which means user data is accessible to Chinese authorities, who have a track record of monitoring and harassing human rights activists and journalists critical of the ruling Communist Party regime. It is unclear how Google proposes moving its data centres to China while protecting the privacy of Chinese users. The GNI principles are clear on this issue:
<p>
<blockquote>Participating companies will employ protections with respect to personal information in all countries where they operate in order to work to protect the privacy rights of users.</blockquote>
<p>
And:
<blockquote>Participating companies will respect and work to protect the privacy rights of users when confronted with government demands, laws or regulations that compromise privacy in a manner inconsistent with internationally recognized laws and standards.</blockquote>
<p>
The GNI’s principles incorporate parts of the <a href="http://www.un.org/en/universal-declaration-human-rights/">Universal Declaration of Human Rights</a>, one of the pillars of international human rights law. Operating a censored search engine in accordance with Chinese government demands would seem to clearly contravene Article 19 of the declaration, which states:
<p>
<blockquote>Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers.</blockquote>
<p>
The <a href="https://www.ohchr.org/Documents/Publications/GuidingPrinciplesBusinessHR_EN.pdf">United Nations Guiding Principles on Business and Human Rights</a> advise (emphasis added):
<p>
<blockquote>Business enterprises should respect human rights. This means that <b>they should avoid infringing on the human rights of others</b> and should address adverse human rights impacts with which they are involved.</blockquote>
<p>
Companies should also, the Guiding Principles say (emphasis added):
<p>
<blockquote><b>Avoid causing or contributing to adverse human rights impacts through their own activities</b>, and address such impacts when they occur; [and] <b>seek to prevent or mitigate adverse human rights impacts that are directly linked to their operations, products or services</b> by their business relationships, even if they have not contributed to those impacts.</blockquote>
<p>
The UN <a href="https://www.ohchr.org/documents/publications/faq_principlesbussinesshr.pdf">explains</a>:
<p>
<blockquote>Companies can...be complicit in human rights abuses committed by others, including States – for example, if they collude with security forces in violently suppressing protests or provide information on their customers to States that then use it to track down and punish dissidents.</blockquote>
<p>
The Association of Computing Machinery is the world’s largest organisation for computing professionals. Many Google employees are ACM members. According to the ACM’s <a href="https://www.acm.org/code-of-ethics">ethical code</a>, goals of technology development should be (emphasis added):
<p>
<blockquote>
[To] contribute to society and to human well-being, acknowledging that all people are stakeholders in computing. This principle, which concerns the quality of life of all people, affirms <b>an obligation of computing professionals, both individually and collectively, to use their skills for the benefit of society,</b> its members, and the environment surrounding them. <b>This obligation includes promoting fundamental human rights and protecting each individual's right to autonomy</b>. </blockquote>
<p>
The ACM's ethical code also says that (emphasis added):
<p>
<blockquote>Technologies and practices should be as inclusive and accessible as possible and <b>computing professionals should take action to avoid creating systems or technologies that disenfranchise or oppress people.</b> Failure to design for inclusiveness and accessibility may constitute unfair discrimination.</blockquote>
<p>
Earlier this year, there were <a href="https://gizmodo.com/google-employees-resign-in-protest-against-pentagon-con-1825729300">protests</a> inside Google over a project to help develop artificial intelligence for U.S. military drones. The protests caused Google to cancel the project and release a set of <a href="https://blog.google/technology/ai/ai-principles/">artificial intelligence ethical principles</a>. One of the principles was that Google would not "design or deploy":
<p>
<blockquote>Technologies whose purpose contravenes widely accepted principles of international law and human rights.</blockquote>
<p>
The artificial intelligence principles have a direct bearing on Google’s plans to launch a censored search engine, because Google’s search technology <a href="https://www.wired.com/2016/02/ai-is-changing-the-technology-behind-google-searches/">incorporates artificial intelligence</a> to help provide people better search results. Operating a censored search engine in China in compliance with the Communist Party's censorship demands would self-evidently amount to a violation of — or at least complicity in violations of — "accepted principles of international law and human rights," such as Article 19 of the Universal Declaration of Human Rights, because it would restrict Chinese citizens' "freedom to hold opinions without interference and to seek, receive and impart information."
Ryan Gallagherhttp://www.blogger.com/profile/01155476025158426542noreply@blogger.com0tag:blogger.com,1999:blog-7589045875350697137.post-77592776469169102662018-08-09T19:13:00.000+01:002018-08-09T19:42:11.690+01:00Questions for Google on China CensorshipLast week, I <a href="https://theintercept.com/2018/08/01/google-china-search-engine-censorship/">revealed</a> that Google has been working on a confidential plan to launch a censored search engine in China. Since then, several human rights groups have called on Google to cancel the project, and a bipartisan group of six US senators have <a href="https://theintercept.com/2018/08/04/senators-pressure-google-china-censorship-dragonfly/">condemned it</a> as "deeply troubling." Only a a few hundred of Google's employees knew about the project -- code-named Dragonfly -- before we revealed its existence. And once the news spread through the company, <a href="https://theintercept.com/2018/08/03/google-search-engine-china-censorship-backlash/">a wave of anger</a> spread through its offices across the world.
<p>
Despite this, Google has not yet issued any public statement and internally managers have refused to address employee concerns. Dozens of reporters have questioned Google about Dragonfly but have been met with a wall of silence. I have now published several stories about the project and have not received a single response to multiple inquiries I have sent Google's press office. I have worked on many stories involving top secret information from government spy agencies like the NSA and GCHQ, and I have found them to be more responsive to my questions than Google has been in regard to Dragonfly -- seriously.
<p>
It is not tenable for Google to continue to stay silent in the face of widespread concerns about the project, which would affect hundreds of millions of people in China and have implications for internet freedom globally. Google's leadership must come out and provide an explanation to the public.
<p>
Here are a number of questions that Google should answer. I have sent these to the company and in the unlikely event that I receive a response I will post it here.
<p>
**
<p>
<b>1)</b> In 2010, Google pulled its search engine out of China, <a href="https://googleblog.blogspot.com/2010/03/new-approach-to-china-update.html">citing</a> efforts to limit free speech, block websites, and hack Google computer systems as reasons why it “could no longer continue censoring our results.” Since 2010, according to analysts and human rights groups, internet censorship in China has become more pervasive. Can you explain why Google wants to now relaunch a censored version of its search engine in China? What has changed in the last eight years that has prompted this decision? Does Google leadership no longer have concerns about censorship in China, or the “forces of totalitarianism” in the country that co-founder Sergey Brin <a href="https://www.telegraph.co.uk/technology/google/7503641/Sergey-Brin-My-upbringing-in-USSR-helped-shape-Googles-views-on-China.html">described</a> in 2010?
<p>
<b>2)</b> A bipartisan group of six US senators has called Google’s censorship plans for China “<a href="https://theintercept.com/2018/08/04/senators-pressure-google-china-censorship-dragonfly/">deeply troubling</a>.” Human rights groups including <a href="https://www.amnesty.org/en/latest/news/2018/08/google-search-china-censorship/">Amnesty International</a>, <a href="https://www.hrw.org/news/2018/08/07/china-us-tech-firms-risk-complicity-abuses">Human Rights Watch</a>, <a href="https://www.accessnow.org/google-beta-tests-selling-its-soul/">Access Now</a>, <a href="https://rsf.org/en/news/china-rsf-urges-google-reject-beijings-censorship-demands">Reporters Without Borders</a>, and <a href="https://www.hrichina.org/en/press-work/hric-comment/googles-reported-plan-work-chinese-censors">Human Rights in China</a> have each issued statements raising concerns about the project. Amnesty said: “It is impossible to see how such a move is compatible with Google’s ‘do the right thing’ motto, and we are calling on the company to change course.” What is Google’s response to this?
<p>
<b>3)</b> Before and during the planning and development of the censored search engine, did Google consult with any human rights experts familiar with the situation in China? If so, what did these experts advise and did Google accept their recommendations? Will Google publish any advice it received from China human rights experts? If Google did not consult any organisations specialising in Chinese human rights issues, why not?
<p>
<b>4)</b> The Association of Computing Machinery is the world’s largest organisation for computing professionals. Many Google employees are ACM members. According to the ACM’s <a href="https://www.acm.org/code-of-ethics">ethical code</a>, goals of technology development should be “to contribute to society and to human well-being” and “promoting human rights and protecting each individual’s right to autonomy.” The code also states that, “computing professionals should take action to avoid creating systems or technologies that disenfranchise or oppress people.” Does Google believe that its censored search platform for China is consistent with the ACM’s ethical code?
<p>
<b>5)</b> Earlier this year, there were <a href="https://gizmodo.com/google-is-helping-the-pentagon-build-ai-for-drones-1823464533">protests</a> inside Google over a project to help develop artificial intelligence for U.S. military drones. The protests caused Google to cancel the project and release a set of <a href="https://blog.google/technology/ai/ai-principles/">artificial intelligence ethical principles</a>. One of the principles was that Google should not help build “technologies whose purpose contravenes widely accepted principles of international law and human rights.” Does Google only hold this value in relation to artificial intelligence work? If this principle applies more broadly to all of Google’s work, can Google explain how its planned censored search engine in China does not contravene “widely accepted principles of international law and human rights”?
<p>
<b>6)</b> According to Google documents I have seen, the censored search engine will operate as part of a “joint venture” with another company, which will presumably be based out of China, because internet companies providing services in China are required by law to operate their servers and data centers in the country. My understanding is that Google will supply the third-party company with an “application programming interface,” or API, which will potentially allow it to add blacklisted words or phrases to the search engine without Google’s approval. Is this correct? How will the relationship with the partner company work in practice, and how will Google have oversight of the phrases and websites and other information that is censored?
<p>
<b>7)</b> Will Google publicly release, outside of China, the list of blacklisted websites and "sensitive search queries" that will be censored? If not, why not?
<p>
<b>8)</b> Who at Google approves particular websites or search terms to be censored? Is this a decision made by legal and policy teams, or can blacklists be created by programmers and engineers? Is there a single person with ultimate authority over this duty, or is control delegated to a particular department?
<p>
<b>9)</b> Google employees were told not to discuss the project with colleagues. Only a few hundred of the company's 88,000 staff knew about it. Why did Google feel the need to keep the project so secret inside the company?
<p>
<b>10)</b> Google employees say the company's leadership has issued no internal statement yet about Dragonfly since the news broke, despite widespread concern about it within the company. Why? Does Google plan to issue a statement to employees?
<p>
<b>11)</b> Companies operating in China are required by law to turn over data to security agencies upon request. How will Google safeguard its Chinese users’ data from the Communist Party regime, which routinely targets people – including human rights activists and journalists – who express criticism of its orthodoxies? How will Google ensure that information about people's search queries are not monitored by the Chinese state?
<p>
<b>12)</b> Google’s stated <a href="https://www.google.com/about/our-company/">central mission</a> is to “organize the world’s information and make it universally accessible and useful.” The company’s informal motto is “don’t be evil.” Google has since its early years maintained a list of “<a href="https://www.google.com/about/philosophy.html">10 things</a>” that represent foundational values for the company. One of these values is: “You can make money without doing evil.” Another is: “Democracy on the web works.” Can Google explain how these values are consistent with its plan to launch a censored search engine in China, which will limit people’s access to information about subjects such as human rights, democracy and peaceful protest?
<p>
**
<p>
READ MORE:
<p><ul>
<li><a href="https://theintercept.com/2018/08/01/google-china-search-engine-censorship/">Google Plans to Launch Censored Search Engine in China, Leaked Documents Reveal</a></li>
<p>
<li><a href="https://theintercept.com/2018/08/03/google-search-engine-china-censorship-backlash/">Google Struggles to Contain Employee Uproar Over China Censorship Plans</a></li>
<p>
<li><a href="https://theintercept.com/2018/08/04/senators-pressure-google-china-censorship-dragonfly/">Lawmakers Pressure Google Over “Deeply Troubling” China Censorship Project</a></li>
<p>
<li><a href="https://theintercept.com/2018/08/08/google-censorship-china-blacklist/">Inside Google’s Effort to Develop a Censored Search Engine in China</a></ul></li>
Ryan Gallagherhttp://www.blogger.com/profile/01155476025158426542noreply@blogger.com0tag:blogger.com,1999:blog-7589045875350697137.post-67799848235932526602018-07-31T14:08:00.000+01:002018-07-31T15:13:33.869+01:00WikiLeaks-Trump timelineI put together a short timeline comparing WikiLeaks' public statements on Trump with its leaked private comments on him. Useful for anybody trying to keep track of all the duplicity that's going on:
<br>
<p>
**
<p>
<b>Privately, 19 Nov 2015:</b> WikiLeaks says "we believe it would be much better for GOP to win." Calls Clinton a "well connected, sadistic sociopath." (Source: <a href="https://theintercept.imgix.net/wp-uploads/sites/1/2018/02/wl1-1518631166.jpg?auto=compress%2Cformat&q=90&w=1000&h=481">copy of DMs</a> - via <a href="https://theintercept.com/2018/02/14/julian-assange-wikileaks-election-clinton-trump/">The Intercept</a>. Note: I personally verified the authenticity of these DMs.)
<p>
<b><font color="red">Publicly</font>, 26 Aug 2016:</b> Assange <a href="https://archive.org/details/FOXNEWSW_20160826_100000_FOX__Friends/start/3976.2/end/4016.9">appears</a> on Fox & Friends and says "We do have some information about the Republican campaign" but suggests he won't publish it because "it’s actually hard for us to publish much more controversial material than what comes out of Donald Trump’s mouth every second day." (The material is never disclosed.)
<p>
<b>Privately, 20 Sept 2016:</b> <a href="https://pbs.twimg.com/media/DjYwLiJXsAEv9Cl.jpg:large">WikiLeaks sends Donald J Trump Jr a password</a> to an anti-Trump website which it claims to have "guessed." (Source: Twitter DMs - copies <a href="https://twitter.com/DonaldJTrumpJr/status/930228239494209536">released</a> by Donald J Trump Jr.)
<p>
<b>Privately, 3 Oct 2016:</b> WikiLeaks <a href="https://pbs.twimg.com/media/DjYwAFKXsAMaDP3.jpg:large">asks</a> Donald J Trump Jr to "push" a dubiously sourced story from a conservative website called "True Pundit" alleging Hillary Clinton wanted to kill Assange with a drone. (Source: Twitter DMs - copies <a href="https://twitter.com/DonaldJTrumpJr/status/930228239494209536">released</a> by Donald J Trump Jr.)
<p>
<b><font color="red">Publicly</font>, 7 Oct 2016:</b> The Washington Post, at about 4pm US Eastern Time, <a href="https://www.washingtonpost.com/politics/trump-recorded-having-extremely-lewd-conversation-about-women-in-2005/2016/10/07/3b9ce776-8cb4-11e6-bf8a-3d26847eeed4_story.html?noredirect=on&postshare=2491475870527101&utm_term=.1f27ebfa2630">publishes</a> a now infamous video recording in which Donald Trump can be heard boasting about grabbing women's genitals. Within an hour, WikiLeaks publishes an email leak from Hillary Clinton's campaign chair, John Podesta. (Source: <a href="https://www.politifact.com/truth-o-meter/statements/2016/dec/18/john-podesta/its-true-wikileaks-dumped-podesta-emails-hour-afte/">Politifact</a>.)
<p>
<b>Privately, 21 Oct 2016:</b> WikiLeaks <a href="https://pbs.twimg.com/media/DjYwsTKWsAAuoNl.jpg">asks Trump Jr</a> to let it publish copies of his father Donald Trump's tax returns because it says doing so would "dramatically improve the perception of our impartiality" & get "much higher impact" for "the vast amount of stuff that we are publishing about Clinton." (Source: Twitter DMs - copies <a href="https://twitter.com/DonaldJTrumpJr/status/930228239494209536">released</a> by Donald J Trump Jr.)
<p>
<b>Privately, 8 Nov 2016 (day of the election, before results announced):</b> WikiLeaks <a href="https://pbs.twimg.com/media/DjYxReLWsAAhc_z.jpg">advises</a> Donald J Trump Jr that Donald Trump shouldn't concede the election if he loses & instead should blame "rigging" and "media corruption" to "keep his base alive." (Source: Twitter DMs - copies <a href="https://twitter.com/DonaldJTrumpJr/status/930228342774816769">released</a> by Donald J Trump Jr.)
<p>
<b><font color="red">Publicly</font>, 10 Nov 2016 (after Trump election victory announced):</b> WikiLeaks <a href="https://pbs.twimg.com/media/DjYxlSSX0AotFaX.jpg">claims</a> in a Reddit AMA that "allegations that we have colluded with Trump, or any other candidate for that matter...are just groundless and false." (Source: <a href="https://www.reddit.com/r/IAmA/comments/5c8u9l/we_are_the_wikileaks_staff_despite_our_editor/d9up6ox/">Reddit</a>.)
<p>
<b><font color="red">Publicly</font>, 10 Nov 2016:</b> WikiLeaks <a href="https://pbs.twimg.com/media/DjYxlSSX0AotFaX.jpg">claims</a> in a Reddit AMA that "we were not publishing with a goal to get any specific candidate elected." Claims it did not "editorially back one candidate over another." (Source: <a href="https://www.reddit.com/r/IAmA/comments/5c8u9l/we_are_the_wikileaks_staff_despite_our_editor/d9ul7e1/">Reddit</a>.)
<p>
<b><font color="red">Publicly</font>, 10 Nov 2016:</b> WikiLeaks <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdWrbKW8qxk85TPyTQOfTEjDDXPHyPmjX9C1OgsV_uegtMzH0_9iJ38DGNGlKzYghpYS5rp8SGsQAVQwDtERovaJ6oW9m_v0PRKL0r-JO3eelEKfdpDnsCTX67ZKZSyU80Ixc_qKRE6yWp/s1600/Screenshot+from+2018-07-31+12-54-30.png">says</a> in a Reddit AMA that it has "not received information on Donald Trump’s campaign." (Three months earlier, on 26 Aug 2016, Assange said "We do have some information about the Republican campaign" - see above.) (Source: <a href="https://www.reddit.com/r/IAmA/comments/5c8u9l/we_are_the_wikileaks_staff_despite_our_editor/d9uk41g/">Reddit</a>.)
<p>
<b>Privately, 16 Dec 2016:</b> WikiLeaks <a href="https://pbs.twimg.com/media/DjYx-37WsAEQWDW.jpg">asks</a> Donald J Trump Jr to get Donald Trump to pressure Australia to "appoint Assange ambassador to DC" because he is a "really smart tough guy." (Source: Twitter DMs - copies <a href="https://twitter.com/DonaldJTrumpJr/status/930228342774816769">released</a> by Donald J Trump Jr.)
<p>
<b><font color="red">Publicly</font>, 14 Jan 2017:</b> WikiLeaks <a href="https://pbs.twimg.com/media/DjYyiaRW0AAc5gZ.jpg">denies</a> Assange is trying to endear himself to Trump, claims it's just "using Trump aligned media to amplify its publications and critiques of secrecy and war." (Source: <a href="https://twitter.com/wikileaks/status/820337016768499713">Twitter</a>.)
<p>
**
<p>
(The <a href="https://twitter.com/DonaldJTrumpJr">Donald J Trump Jr</a> private messages were first disclosed in Nov 2017; the original source material can be found in three parts, <a href="https://twitter.com/DonaldJTrumpJr/status/930228239494209536">here</a>, <a href="https://twitter.com/DonaldJTrumpJr/status/930228342774816769">here</a>, and <a href="https://twitter.com/DonaldJTrumpJr/status/930228511343865858">here</a>. The other referenced private messages were first <a href="https://theintercept.com/2018/02/14/julian-assange-wikileaks-election-clinton-trump/">disclosed in Feb 2018</a> by my colleagues at The Intercept - the full archive of 11,000 private messages were released this week by activist Emma Best and can be found <a href="https://emma.best/2018/07/29/11000-messages-from-private-wikileaks-chat-released/">here</a>. This is only a partial analysis; it is not comprehensive. There's a lot more information out there. I may add to this timeline once I have reviewed other material.)Ryan Gallagherhttp://www.blogger.com/profile/01155476025158426542noreply@blogger.com0tag:blogger.com,1999:blog-7589045875350697137.post-43331333667073294392017-05-02T14:26:00.003+01:002017-05-02T14:33:41.396+01:00Home Office vs. WhatsApp EncryptionLast month, the British government's home secretary Amber Rudd launched a crusade against the encrypted messaging service WhatsApp. Because WhatsApp was reportedly used by Khalid Masood – the man responsible for the Westminster terror attack – Rudd suggested that she would like encryption to be banned, <a href="https://www.theguardian.com/technology/2017/mar/26/intelligence-services-access-whatsapp-amber-rudd-westminster-attack-encrypted-messaging">saying</a> that “a secret place for terrorists to communicate” could not be permitted.
<p>
For several years the government has been pushing a similar line, arguing that there can be no “<a href="https://www.theguardian.com/politics/2015/jan/14/theresa-may-no-safe-spaces-terrorists-communicate">safe space</a>” allowed for terrorists to communicate. The position is controversial because the real outcome of such a policy would mean no “safe space” for <i>anyone</i> to communicate; terrorists are not the only people who use WhatsApp. The service has more than a billion users, the majority of whom are ordinary citizens who just want to be able to chat privately and securely with friends and family.
<p>
Rudd's statement cast a shadow of blame over WhatsApp for Masood's atrocity. But because he was <a href="https://www.theguardian.com/uk-news/2017/mar/23/mi5-launches-review-to-check-if-it-could-have-stopped-khalid-masood">not under surveillance</a> at the time of his attack, and is <a href="http://www.bbc.com/news/uk-39396101">believed to have acted alone</a>, even if WhatsApp were not encrypted it is unlikely that the security services would have been in a position to prevent his rampage. And it was not the case that his communications were entirely beyond the reach of the police, as Rudd implied they were. Investigators were reportedly <a href="http://www.telegraph.co.uk/news/2017/04/28/westminster-terror-attacker-khalid-masoods-final-message-revealed/">able to recover</a> WhatsApp messages from his phone in the aftermath of the incident.
<p>
These facts did not stop Rudd's posturing, however. She used the incident as an opportunity to call a meeting in the Home Office with what she described as a “fairly long list” of technology companies. Among those invited were internet giants Google, Microsoft, Twitter, and Facebook, whose policy officials <a href="http://www.cityam.com/262088/google-facebook-twitter-microsoft-respond-amber-rudd-tech">published a joint letter</a> after the gathering pledging a commitment to do more to remove terrorist propaganda from their services. But who else attended the meeting is a mystery. Curiously, the Home Office's security and counter-terrorism department is refusing to release the details, and <a href="https://www.documentcloud.org/documents/3690121-FOI-whatsapp-home-office-uk.html">told me</a> last week in response to a Freedom of Information Act request that the names have to stay secret on national security grounds:
<p>
<blockquote>Disclosure of the information in scope of your request would reveal those organsistions [sic]
that are working with the Home Office to combat terrorism especially in the online space.
By releasing the names, we are informing the public which sites host the most content and
therefore potentially providing information that could make it easier for those searching for
this material to locate it on the internet. This would serve to undermine the Prevent Strategy, and hence weaken and prejudice the national security of the UK. There is a serious terrorist threat to the United Kingdom and disclosure of the information requested could put national security at risk by jeopardising or negating the Government’s efforts to prevent acts of terrorism and terrorist related crime.</blockquote>
<p>
It added that information is also subject to commercial confidentiality agreements:
<p>
<blockquote>Releasing the information about individuals provided in confidence would breach confidential commercial relationships with the Home Office and could result in breach of confidence action against the Home Office. It would also damage our standing in dealing with individuals who would not have confidence to engage with us in future, and may decide to take action against us.</blockquote>
<p>
Both of these claims are perplexing. First of all, it is hard to understand how merely naming a technology company could somehow increase the terror threat or encourage people to seek out terrorism-related content that is hosted by it. Any disturbed individual who is looking for a bomb-making manual or Islamic State propaganda magazine can find it with a few cursory Google searches if they so wish. That is the nature of the internet. The Home Office will not make the problem any better or worse by disclosing the names of technology companies it is meeting with.
<p>
The second point, on confidentiality, is equally tenuous. Companies that the government has “commercial relationships” with are paid for by the taxpayer. Therefore, there is no good reason why the details of the contract should not be disclosed. Quite the contrary, there is good reason that the contract <i>should</i> be disclosed, as taxpayers have a right to know how their money is being spent. In this instance I was not even seeking specific contractual details – I was merely asking for a list of companies that attended a meeting. But this was deemed unacceptable to the Home Office, which like many other British government departments is obsessed with secrecy and routinely refuses to release even the most banal information just because it can.
<p>
Notably, one thing the Home Office did acknowledge in its response to me was that “the meeting did not cover encryption” and instead “focused on the issue of online terrorist content.” So after the stink Amber Rudd made about banning “secret places” and cracking down on WhatsApp, for the time being she seems to have backed down on the issue.
<p>
I am appealing the decision to withhold the company names – and will update here when I have more news on the case.Ryan Gallagherhttp://www.blogger.com/profile/01155476025158426542noreply@blogger.com2tag:blogger.com,1999:blog-7589045875350697137.post-31412812313588465652015-10-28T16:30:00.000+00:002015-10-28T18:12:52.066+00:00UK Police Spying Expert Heading Probe into Snowden Leak JournalistsBack in July, London's Metropolitan
Police <a href="https://theintercept.com/2015/07/24/uk-met-police-snowden-investigation-journalists/">admitted</a> that it was still conducting a criminal
investigation it launched two years ago into journalists who have
reported on Edward Snowden's leaked documents.<br />
<br />
Since then, I have been trying to find
out more details about the investigation through the Freedom of
Information Act. The Met is refusing to disclose virtually anything
about the probe, but recently it did provide me with one new detail:
<br />
<blockquote class="tr_bq">
<div style="margin-bottom: 0cm;">
Specialist Operations under the
direction of AC Mark Rowley is the MPS [Metropolitan Police Service]
unit involved in the
investigation related to the Snowden documents.</div>
</blockquote>
<div style="margin-bottom: 0cm;">
Rowley (pictured below) has taken over the
Snowden investigation from Cressida Dick, the Met's former head of
Specialist Operations, who quit the force in December last year to take up a <a href="https://theintercept.com/2015/04/10/cressida-dick-uk-foreign-office-secret/">secret new job</a> at the Foreign Office. The Met confirmed this in an <a href="https://www.scribd.com/doc/287525302/Met-Snowden-Foia-Sept-2015">emailed letter</a> it sent me late last month (I'd have written about it sooner but have been a <a href="https://theintercept.com/2015/09/25/gchq-radio-porn-spies-track-web-users-online-identities">bit</a> <a href="https://theintercept.com/drone-papers/the-life-and-death-of-objective-peckham/">swamped</a> with other projects).</div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhiLGnzxzpDxA5BKATzVzKhl9AGzlgujXgoU2obbUTm9GHdmtO8iYKuRhjSUNaszpKU-nFn3MjbStIzMe1dt335J_tmEWu6L_AJD8nnsxmNWf-0U2rxhBOrHxN0jCFBx6PDtJcuNfJ9aRpE/s1600/url.jpeg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="132" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhiLGnzxzpDxA5BKATzVzKhl9AGzlgujXgoU2obbUTm9GHdmtO8iYKuRhjSUNaszpKU-nFn3MjbStIzMe1dt335J_tmEWu6L_AJD8nnsxmNWf-0U2rxhBOrHxN0jCFBx6PDtJcuNfJ9aRpE/s200/url.jpeg" width="200" /></a></div>
<div style="margin-bottom: 0cm;">
Rowley is an expert in
covert surveillance methods and pioneered the development of new police spying techniques across the UK while working as a
detective superintendent in the 1990s with the National Criminal
Intelligence Service. Notably, he recently <a href="http://www.telegraph.co.uk/news/uknews/crime/11168788/We-will-continue-to-use-Ripa-powers-against-journalists-says-Mets-assistant-commissioner.html">made clear</a> he has no
qualms about monitoring journalists' communications if he deems it
necessary to “chase down criminals." He has also <a href="http://www.computerweekly.com/news/2240177752/Interview-Metropolitan-Police-assistant-commissioner-Mark-Rowley">boasted</a> about
the London police being at the “cutting edge” of covert
surveillance through the use of “specialist hardware and software.”
(These specialist tools include powerful portable spying devices the Met uses
to monitor mobile phone communications across targeted areas of
London, as <a href="http://www.theguardian.com/uk/2011/oct/30/metropolitan-police-mobile-phone-surveillance">I reported</a> back in 2011.)</div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
The Met first <a href="http://content.met.police.uk/News/Statement-regarding-High-Court-decision/1400019343048/1257246745756">announced</a> it had launched
an investigation related to the Snowden documents in August 2013,
saying the criminal probe was being headed by its Counter Terrorism
Command, which is a division of the Specialist Operations department.
In December 2013, Rowley's predecessor Cressida Dick <a href="http://www.telegraph.co.uk/news/uknews/crime/10492749/Guardian-journalists-could-face-criminal-charges-over-Edward-Snowden-leaks.html">acknowledged</a>
during a parliamentary hearing that the investigation was looking at
whether reporters at <i>The</i> <i>Guardian </i>had committed
criminal offenses for their role in revealing secret surveillance
operations exposed in the Snowden documents.</div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
For almost seven months earlier this
year, the Met <a href="https://firstlook.org/theintercept/2015/03/20/uk-met-police-snowden-investigation-secret/">refused to confirm or deny</a> whether the investigation
remained ongoing, repeatedly claiming doing so would be “detrimental
to national security.” But the force performed a <a href="https://theintercept.com/2015/07/24/uk-met-police-snowden-investigation-journalists/">sudden volte-face</a> on its position in late
July following an intervention from the Information Commissioner’s
Office, the public body that enforces the UK’s freedom of
information laws.</div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
I'm currently seeking more information
about the investigation, such as details about how much money it has
cost the taxpayer to date and the names of outside agencies or contractors
that have assisted. The Met has so far refused to release this
information — again spuriously claiming that doing so could somehow jeopardise national security — but I have lodged an appeal in an
effort to have this decision reversed. Will post updates as and when
I have them.</div>
Ryan Gallagherhttp://www.blogger.com/profile/01155476025158426542noreply@blogger.com2tag:blogger.com,1999:blog-7589045875350697137.post-90703093699660265432015-06-14T03:59:00.001+01:002015-06-15T22:02:11.367+01:00Questions About The Sunday Times Snowden StoryThe<i> Sunday Times</i> has a <a href="https://pbs.twimg.com/media/CHaQ3kUWIAA8NdQ.jpg">front page story</a> out today <a href="http://pastebin.com/mgADBP9K">claiming</a> that the Chinese and Russian governments have somehow managed to obtain National Security Agency whistleblower Edward Snowden's trove of documents. The story is sourced from anonymous UK government officials who make a series of significant allegations, unfortunately backed up with zero evidence. It's worth going through some of the key points of the story to cast some critical scrutiny on the central claims and to raise a few questions about them:<br />
<ul>
</ul>
<blockquote class="tr_bq">
1)<i> "RUSSIA and China have cracked the top-secret cache of files stolen by the fugitive US whistleblower Edward Snowden...according to senior officials in Downing Street, the Home Office and the security services."</i></blockquote>
<ul>
</ul>
Is the claim here that a full archive of encrypted files was "cracked" by some sort of brute-force decryption attack? If so, how did these "senior officials" establish that? How did the Russians and Chinese allegedly obtain the encrypted material in the first place?
<br />
<blockquote>
2) <i>"forcing MI6 to pull agents out of live operations in hostile countries."</i></blockquote>
This was a surprise to me because I've reviewed the Snowden documents and I've never seen anything in there naming active MI6 agents. Were the agents pulled out as a precautionary measure? Keeping in mind that the UK government does not actually know exactly what Snowden leaked, how do these officials know there were documents in there that implicated MI6 operatives and live operations in the first place?
<br />
<blockquote>
3) <i>"Moscow gained access to more than 1m classified files held by the former American security contractor"</i></blockquote>
Snowden has <a href="http://www.nytimes.com/2013/10/18/world/snowden-says-he-took-no-secret-files-to-russia.html?_r=0">said</a> <a href="http://www.reuters.com/article/2013/10/11/us-usa-security-snowden-idUSBRE99A0LK20131011">repeatedly</a> that he did not carry any files with him when he left Hong Kong for Moscow. Is this article alleging that he is lying? If so, where's the evidence to support that? Moreover, I've seen nothing in the region of 1m documents in the Snowden archive, so I don't know where that number has come from. Oh, wait:
<br />
<blockquote>
4)<i> "Snowden, a former contractor at the CIA and National Security Agency (NSA), downloaded 1.7m secret documents"</i></blockquote>
This 1.7m figure was <a href="http://www.bloomberg.com/news/articles/2014-01-09/pentagon-finds-snowden-took-1-7-million-files-rogers-says">invented</a> by US officials and since then it has been regurgitated repeatedly and unquestioningly by various media outlets. I've seen the trove of documents; the claim or insinuation that he leaked 1.7m is not true.
<br />
<blockquote>
5)<i> "A senior Downing Street source said: 'It is the case that Russians and Chinese have information'."</i></blockquote>
<b>
</b>
Of course they do: the same information that the rest of the world has access to in public news reports and documents published as part of those. If the claim here is that the Russians and Chinese have access to every single document in the entire archive (i.e. all the unpublished material), where is the evidence to support that? How do the officials know? Are they speculating? These are serious claims — and serious claims demand serious evidence. Which is unfortunately not provided here.
<br />
<blockquote>
6)<i> “Why do you think Snowden ended up in Russia?” said a senior Home Office source. “Putin didn’t give him asylum for nothing."</i></blockquote>
I thought this one had long since been debunked by now, but apparently not. The reality is that Snowden never <a href="http://www.huffingtonpost.com/2014/05/28/edward-snowden-interview_n_5403117.html">intended</a> to stay in Russia. He was trying to get to Latin America and only ended up in Russia because his passport was revoked by the US government while he was transiting through.
<br />
<blockquote>
7) <i>Senior Home Office source: "His documents were encrypted but they weren’t completely secure and we have now seen our agents and assets being targeted.”</i></blockquote>
So the UK Home Office is alleging Snowden lied about taking documents to Moscow? How has it established that? And the "targeted" assets — how does the source know this has happened as a direct consequence of the Snowden leaks? There are many other factors at play here, and correlation does not imply causation. Especially with regard to Russia, given that anonymous UK "security sources" claimed months ago — again <a href="http://www.thesundaytimes.co.uk/sto/news/article1522510.ece">in the <i>Sunday Times</i></a> — that they are engaged in a "new Cold War" against Kremlin spies due to the broader issue of Vladimir Putin's heightened military posturing.
<br />
<blockquote>
8)<i> "A British intelligence source said: 'We know Russia and China have access to Snowden’s material'."</i></blockquote>
As I noted above: the Russians and Chinese have access to documents published with public news reports, sure, that's obvious and true. But is the claim here that they have access to material beyond that? If so, where's the evidence? How does this source "know" and what does he "know," exactly? Why the vague statement? Let's hear what it is the source knows and how so we can properly assess and scrutinise the merit of the allegation.
<br />
<blockquote>
9) <i>"It is not clear whether Russia and China stole Snowden’s data, or whether he voluntarily handed over his secret documents in order to remain at liberty in Hong Kong and Moscow."</i></blockquote>
If it's not clear then why does the top line of the story say the Chinese and Russians "cracked" the documents? If Snowden just handed them over, why would they need to "crack" them? And if the Russians and Chinese somehow stole the documents in encrypted form, how did they a) manage to obtain them in the first place (especially given Snowden says he didn't carry the files with him into Russia), and then b) break the encryption?
<br />
<blockquote>
10) <i>"David Miranda, the boyfriend of the Guardian journalist Glenn Greenwald, was seized at Heathrow in 2013 in possession of 58,000 'highly classified' intelligence documents after visiting Snowden in Moscow."</i></blockquote>
This is wrong. Miranda was detained at Heathrow after visiting Laura Poitras in Berlin. He wasn't visiting Snowden in Moscow and I think this is the first time I've ever seen this asserted. It's false.<br />
<br />
*****<br />
<br />
All in all, for me the <i>Sunday Times</i> story raises more questions than it answers, and more importantly it contains some pretty dubious claims, contradictions, and inaccuracies. The most astonishing thing about it is the total lack of scepticism it shows for these grand government assertions, made behind a veil of anonymity. This sort of credulous regurgitation of government statements is antithetical to good journalism.<br />
<br />
The government has an obvious vested interest in portraying Snowden as a terrible person who's helped "the enemy" — it has been badly stung by his surveillance revelations and the political fallout that has ensued as a result of them. For that reason alone its claims should be treated with caution and not repeated unchallenged. Evidence should be necessary for allegations of this magnitude, which have such big ramifications. The <i>Sunday Times</i> has a long and commendable history of holding the government to account with great investigative journalism. But in this case, sadly, it has allowed itself to be used by faceless officials as a mouthpiece.<br />
<br />
<a href="http://notes.rjgallagher.co.uk/2015/06/sunday-times-snowden-china-russia-questions.html" name="update"></a><b><a href="http://notes.rjgallagher.co.uk/2015/06/sunday-times-snowden-china-russia-questions.html#update">UPDATE</a>, 14 June 2015, 19:30 BST</b>: My colleague Glenn Greenwald has <a href="https://firstlook.org/theintercept/2015/06/14/sunday-times-report-snowden-files-journalism-worst-also-filled-falsehoods/">a post</a> up at <i>The Intercept</i> dissecting the <i>Sunday Times</i> report, which he blasts as "pure stenography of the worst kind." Greenwald writes that "the exact kinds of accusations laundered in the <i>Sunday Times</i> today are made — and then disproven — in every case where someone leaks unflattering information about government officials." He says the story is "as shoddy and unreliable as it gets. Worse, its key accusations depend on retraction-level lies."<br />
<br />
The <i>Guardian</i> has <a href="http://www.theguardian.com/us-news/2015/jun/14/snowden-files-read-by-russia-and-china-five-questions-for-uk-government">a good piece</a> from Ewen MacAskill with five pertinent questions for the British government about the claims. "Anonymous sources are an unavoidable part of reporting, but neither
Downing Street nor the Home Office should be allowed to hide behind
anonymity in this case," writes MacAskill, who travelled with Greenwald and Laura Poitras to meet Snowden in Hong Kong back in 2013. "Where is the evidence?" he asks.<br />
<br />
In another interesting development, the <i>Sunday Times</i> quietly deleted the false assertion I noted above (see #10) about David Miranda having documents on his possession "after visiting Snowden in Moscow." This has been removed from the <a href="http://www.thesundaytimes.co.uk/sto/news/uk_news/National/article1568673.ece">online version</a> of the story with no correction or note, but it can still be found in the paper version, which I <a href="https://twitter.com/rj_gallagher/status/610144713497251844">got a copy of</a>. The inaccuracy was significant as it underpinned the central dubious narrative of the story — that the documents were "held" by Snowden in Moscow, the insinuation being that this was how the Kremlin was supposed to have gotten hold of them, a claim presented in the story as unquestionable fact because nameless officials "confirmed" it (without offering any evidence).<br />
<br />
<b><a href="http://notes.rjgallagher.co.uk/2015/06/sunday-times-snowden-china-russia-questions.html" name="update2"></a><a href="http://notes.rjgallagher.co.uk/2015/06/sunday-times-snowden-china-russia-questions.html#update2">UPDATE II</a>, 15 June 2015, 19:00 BST: </b>The lead reporter on the <i>Sunday Times</i> article, Tom Harper, has given <a href="http://edition.cnn.com/videos/us/2015/06/14/tom-harper-nsa-files-snowden-howell-intv-nr.cnn/video/playlists/intl-latest-world-videos/">an interview with CNN</a> that has to be seen to be believed. In it, Harper is quizzed by host George Howell about the piece — and his answers highlight the many problems with the story's central allegations and how they were sourced. Here's a transcript of the important bits; I'll dissect some key points below.<br />
<br />
<blockquote class="tr_bq">
<b>Howell: How do senior officials at 10 Downing Street know that these files were breached?</b><br />
<br />
Harper: Well, uhh, I don't know the answer to that George. All we know is that this is effectively the official position of the British government ... we picked up on it a while ago and we've been working on it and trying to stand it up through multiple sources, and when we approached the government late last week with our evidence, they confirmed effectively what you read today in the <i>Sunday Times</i>, so it's obviously allegations at the moment from our point of view and it's really for the British government to defend it.<br />
<br />
<b>How do they know what was in them [the files], if they were encrypted? Has the British government also gotten into these files?</b><br />
<br />
Well, the files came from America and the UK, so they may already have known for some time what Snowden took — uhh, again, that's not something we're clear on ... we don't go into that level of detail in the story we just publish what we believe to be the position of the British government at the moment.<br />
<b><br />Your article asserts that it is not clear if the files were hacked or if he just gave these files over when he was in Hong Kong or Russia, so which is it?</b><br />
<br />
Well again sorry to just repeat myself George, but we don't know so we haven't written that in the paper. It could be either, it could be another scenario ... when you're dealing with the world of intelligence there are so many unknowns and possibilities it's difficult to state anything with certainty and so we've been very careful to just stick to what we are able to substantiate.<br />
<br />
<b>The article mentions these MI6 agents ... were they directly under threat as a result of the information leaked or was this a precautionary measure?</b><br />
<br />
Uhh, again, I'm afraid to disappoint you, we don't know ... there was a suggestion some of them may have been under threat but the statement from senior Downing Street sources suggests that no one has come to any harm, which is obviously a positive thing from the point of view of the West.<br />
<br />
<b>So essentially you are reporting what the government is saying, but as far as the evidence to substantiate it, you're not really able to comment or explain that at this point?</b><br />
<br />
No. We picked up on the story a while back from an extremely well placed source in the Home Office. and picked up on trying to substantiate through various sources in various agencies throughout Britain, and finally presented the story to the government, and they effectively confirmed what you read in today's <i>Sunday Times</i>. But obviously when you're dealing with intelligence it's the toughest nut to crack and unless you have leaked documents like Snowden had, it's difficult to say anything with certainty.</blockquote>
<br />
So, in summary: How were the files breached? "I don't know." Were the files hacked or did Snowden hand them over? "We don't know." Were MI6 agents directly under threat? "We don't know." How did the government know what was in the files? "That's not something we're clear on." Can you substantiate the claims? "No."<br />
<br />
The interview is quite extraordinary because it makes absolutely clear that not only was this entire dubious story based solely on claims made anonymously by government officials, the reporters who regurgitated the claims did not even seek to question the veracity of the information. They just credulously accepted the allegations and then printed them unquestioningly. That really is the definition of stenography journalism — it's shameful.<br />
<br />
It's also worth noting that in Harper's interview he admits he has no idea how the Chinese and Russian governments supposedly obtained the files, yet the whole story was based on a bombshell claim that the trove of files was somehow "cracked" by Chinese and Russian government operatives (i.e. that the encryption on them was broken). As I noted above in point #9, if Snowden just handed over the files, why would these governments then need to "crack" them, unless the claim is that he handed over a set of encrypted documents? Either way, Harper says he has no idea how the files were obtained, so how does he know they were "cracked"? This central allegation seems to have been invented completely out of thin air, at worst a fabrication by technologically inept reporters who don't understand what terminology like "cracked" means, at best derived from evidence-free conjecture from spineless government officials too afraid to put their names to the claims.<br />
<br />
It is also very telling to note that Harper cites "an extremely well placed source in the Home Office" as the initial person who tipped him off about the story. That's presumably the same "senior Home Office source" quoted in the story insinuating that Snowden chose to go to Russia and hand over documents in return for asylum. That absurd allegation, as I noted in point #6 above, contradicts the fact that Snowden only ended up in Moscow because the US government foolishly revoked his passport and stranded him there while he was passing through on route to Latin America; moreover, Snowden has said repeatedly that he didn't take any documents to Russia. Any reporter familiar with the story knows this. An assertion from an official claiming Snowden went there to hand over documents should surely have set off alarm bells about the credibility of his claims<i>, </i>and should have at least prompted a demand for evidence to back them up, given their magnitude.<br />
<br />
But no alarm bells were triggered in our boy Harper's head. Sounding more like a government press officer than a journalist, he told CNN: "we just publish what we believe to be the position of the British government at the moment."<br />
<br />
And that brings me to my final point on this. Harper claimed in his CNN interview that his story was<i> "</i>effectively the official position of the British government." If that's the case, then why will no one in the government come out and say so publicly? As the well-sourced BBC security correspondent Gordon Corera <a href="http://www.bbc.com/news/uk-33125068">noted</a> in a measured analysis on Sunday: "No one in government today is confirming that they are sure that the
Russians and Chinese have got full access — that remains in the realm of 'no comment'."Ryan Gallagherhttp://www.blogger.com/profile/01155476025158426542noreply@blogger.com33tag:blogger.com,1999:blog-7589045875350697137.post-77459924730111850362015-04-05T20:17:00.001+01:002015-04-05T23:34:19.083+01:00UK Military Exports to Israel During 2014 Gaza BombardmentBetween July and August last year, the Israeli military launched its "Operation Protective Edge" in the Gaza strip. The conflict led to the deaths of more than 2000 people, the majority of whom were Palestinian civilians, including a <a href="http://www.imemc.org/article/68969">reported</a> 578 children, 263 women, and 102 elderly.<br />
<br />
Israel's heavy bombardment of Gaza during the operation was <a href="http://time.com/3556631/israel-amnesty-international-gaza-war-crimes/">widely</a> <a href="http://www.reuters.com/article/2014/09/11/us-mideast-gaza-war-idUSKBN0H60XZ20140911">condemned</a> by human rights groups and governments across the world. The UK government <a href="https://www.gov.uk/government/news/foreign-secretary-calls-for-ceasefire-in-gaza">called for a ceasefire</a> and deputy prime minister Nick Clegg <a href="http://www.haaretz.com/news/diplomacy-defense/1.605735">said</a> Israel's actions amounted to "a disproportionate
form of collective punishment" that was leading to "a humanitarian crisis
in Gaza."<br />
<br />
But documents reveal that while the conflict was ongoing, the UK government continued approving the export of military equipment to Israel.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEic7ClLtRFIUuFnaPETVT7MPkmgH1PI0hs5qSpQApkxLGzUpb4U1Pns8AFXsr6wJ_LScq6v3S3iA8_j4uDC1IAWYxhMu4rD2i40HC_0mZYPneNCdo3HGCthh6SEo9x6HgVKQ0LltsIudKvS/s1600/Screenshot+from+2015-04-05+18:29:58.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEic7ClLtRFIUuFnaPETVT7MPkmgH1PI0hs5qSpQApkxLGzUpb4U1Pns8AFXsr6wJ_LScq6v3S3iA8_j4uDC1IAWYxhMu4rD2i40HC_0mZYPneNCdo3HGCthh6SEo9x6HgVKQ0LltsIudKvS/s1600/Screenshot+from+2015-04-05+18:29:58.png" height="86" width="400" /></a></div>
<br />
<br />
<br />
<br />
<br />
<br />
Arms exports <a href="http://www.scribd.com/doc/260948801">records</a> for the period between July and September 2014 show the UK approved exports of military and other equipment to Israel worth more than £2.3 million (that's about $3.4 million) including "components for combat helicopters" and "military aircraft navigation equipment" to be used by the Israeli air force, plus "targeting equipment," "components for targeting equipment," "components for electronic warfare equipment," and "military radars."<br />
<br />
During the same period, the UK government also approved a licence that covered the trade of assault rifles, sniper rifles, pistols, weapon sights, small arms ammunition, and body armour between a number of countries, including Israel.<br />
<br />
Read the export report <a href="http://www.scribd.com/doc/260948801">here</a> (Israel details are between pages 145 and 149).Ryan Gallagherhttp://www.blogger.com/profile/01155476025158426542noreply@blogger.com0tag:blogger.com,1999:blog-7589045875350697137.post-59735507463270207132015-01-05T20:25:00.000+00:002015-01-06T16:53:41.423+00:00Year in ReviewWell, 2014 turned out to be quite a year. For me, it was a really productive one, and I was lucky enough to get the opportunity to work on some great projects. Below are a few personal highlights that I've put together as a sort of 'year in review', along with a list of notable <a href="http://notes.rjgallagher.co.uk/2015/01/year-in-review-2014-gchq-nsa-surveillance.html#stories">stories and developments</a> in the realm of surveillance and national security, some '<a href="http://notes.rjgallagher.co.uk/2015/01/year-in-review-2014-gchq-nsa-surveillance.html#towatch">ones to watch</a>' for 2015, and a few <a href="http://notes.rjgallagher.co.uk/2015/01/year-in-review-2014-gchq-nsa-surveillance.html#awards">awards</a> that I've decided to hand out for dishonourable government conduct, just because there was so much of it over the last twelve months, and the worst offenders deserve some recognition...<br />
<br />
(I meant to post this last week, but I've been on a remote Spanish island
on holiday with no internet connection... so here it is, better late than never...)<br />
<br />
<b>January to March </b><br />
<br />
In January I worked with Canadian broadcaster CBC to <a href="http://www.cbc.ca/news/politics/csec-used-airport-wi-fi-to-track-canadian-travellers-edward-snowden-documents-1.2517881">reveal details</a> about domestic surveillance in the Canada. In February, <i>The Intercept</i> launched, and I contributed to <a href="https://firstlook.org/theintercept/article/2014/02/18/snowden-docs-reveal-covert-surveillance-and-pressure-tactics-aimed-at-wikileaks-and-its-supporters/">a story</a> that revealed some new details about US and UK government efforts to target WikiLeaks. In March, I had <a href="https://firstlook.org/theintercept/article/2014/03/12/nsa-plans-infect-millions-computers-malware/">a report out</a> shining a light on how the US National Security Agency has worked alongside its UK partner Government Communication Headquarters to infect large numbers of computers across the world with malware. I also worked on <a href="https://firstlook.org/theintercept/article/2014/03/20/inside-nsa-secret-efforts-hunt-hack-system-administrators/">a story</a> exposing the NSA's targeting of innocent system administrators as part of its covert attempts to hack into communication networks. <br />
<br />
<b>April to June </b><br />
<br />
In March, I worked with German news magazine Der Spiegel on <a href="https://firstlook.org/theintercept/article/2014/03/29/der-spiegel-nsa-ghcq-hacked-german-companies-put-merkel-list-122-targeted-leaders/">a story</a> revealing new details about the NSA's surveillance of world leaders. In April, I <a href="https://firstlook.org/theintercept/2014/04/30/gchq-prism-nsa-fisa-unsupervised-access-snowden/">reported on</a> British spies' attempts to get broad unsupervised access into NSA troves of surveillance data. And in June, I worked with some great reporters at Danish newspaper <i>Dagbladet Information</i> to reveal <a href="https://firstlook.org/theintercept/2014/06/18/nsa-surveillance-secret-cable-partners-revealed-rampart-a/">new information</a> showing how the NSA forms secret partnerships with countries across the world in order to help significantly expand its surveillance reach.<br />
<br />
<b>July to September </b><br />
<br />
In August, the US military <a href="https://firstlook.org/theintercept/2014/08/20/u-s-military-bans-the-intercept/">banned</a> its personnel from reading <i>The Intercept</i>, and a few days later we published one of the most important stories I've worked on to date, <a href="https://firstlook.org/theintercept/2014/08/25/icreach-nsa-cia-secret-google-crisscross-proton/">exposing a vast US surveillance search system</a> used to share huge troves of private data among dozens of US government agencies, including domestic law enforcement. The story revealed the decades-long history of US agencies' use of masses of metadata to monitor people's behaviour, and exposed how the CIA was using metadata to aid its efforts to secretly kidnap terror suspects (a practice that often resulted in the suspects — some of whom were <a href="http://notes.rjgallagher.co.uk/2014/08/extraordinary-rendition-metadata-cia-erroneous.html">totally innocent</a> — being brutally tortured).<br />
<br />
In September, we began <a href="https://firstlook.org/theintercept/2014/09/15/new-zealand-gcsb-speargun-mass-surveillance/">reporting details</a> at <i>The Intercept</i> about the scope of surveillance in New Zealand, and <a href="https://firstlook.org/theintercept/2014/09/15/questions-new-zealand-mass-surveillance/">shined a light</a> on deceptive statements made by the government there about its spying efforts; meanwhile, police <a href="https://firstlook.org/theintercept/2014/10/16/nicky-hager-raid/">raided and ransacked</a> the home of the excellent investigative reporter that we were (and are) working with on Snowden revelations related to New Zealand.<br />
<br />
<b>October to December</b> <br />
<br />
In November, I worked on <a href="https://firstlook.org/theintercept/2014/11/24/secret-regin-malware-belgacom-nsa-gchq/">a story revealing</a> how one of the most sophisticated pieces of malware ever discovered — dubbed "Regin" by security experts — was linked to cyberattacks perpetrated by British spies against Belgian telecommunications company Belgacom and European Union offices. This piece was an interesting one to work on in that it combined both news reportage with malware analysis — something that's never been done before in journalism, I think — and was published alongside downloadable samples of the Regin malware.<br />
<br />
In December, I had <a href="https://firstlook.org/theintercept/2014/12/04/nsa-auroragold-hack-cellphones/">a new report out</a> revealing a secret NSA program that involves spying on emails sent among hundreds of mobile phone companies around the world, a practice that helps the agency hack into phone networks. The story exposed how the NSA targeted a London-headquartered trade group that represents tech giants like Microsoft and Facebook, and provided evidence that NSA had been working to insert security vulnerabilities into global telecommunications infrastructure so that they can be exploited for surveillance.<br />
<br />
Also in December, I reported <a href="https://firstlook.org/theintercept/2014/12/13/belgacom-hack-gchq-inside-story/">new details</a> about the GCHQ hack of Belgian telecommunications company Belgacom as part of a reporting collaboration with newspapers in Belgium and the Netherlands. This particular story is one that I am especially proud of; it was the culmination of about six months of work, and took a huge amount of cooperation with different teams operating out of four separate countries simultaneously. We were able to tell the full story of the British hack on Belgacom, a hugely significant incident representing an unprecedented cyberattack by one EU member state on another. The story included new 'smoking gun' evidence showing that the Regin malware samples contained code-names that also appeared in secret GCHQ documents obtained from whistleblower Edward Snowden.<br />
<br />
<h3>
<a href="http://notes.rjgallagher.co.uk/2015/01/year-in-review-2014-gchq-nsa-surveillance.html" name="stories"></a><a href="http://notes.rjgallagher.co.uk/2015/01/year-in-review-2014-gchq-nsa-surveillance.html#stories">Vital stories</a></h3>
Here a list of some reports and developments that stood out to me in 2014:<br />
<br />
<a href="http://www.theguardian.com/world/2014/jan/16/nsa-collects-millions-text-messages-daily-untargeted-global-sweep">NSA collects millions of text messages daily in 'untargeted' global sweep</a>, <i>The Guardian</i>, 16 January.<br />
<br />
<a href="http://www.nbcnews.com/feature/edward-snowden-interview/exclusive-snowden-docs-show-uk-spies-attacked-anonymous-hackers-n21361">Snowden docs show UK spies attacked Anonymous, hackers</a>, NBC News, 4 February.<br />
<br />
<a href="https://firstlook.org/theintercept/2014/02/10/the-nsas-secret-role/">The NSA’s secret role in the US assassination program</a>, <i>The Intercept</i>, 10 February.<br />
<br />
<a href="http://www.theguardian.com/world/2014/feb/27/gchq-nsa-webcam-images-internet-yahoo">Optic Nerve: millions of Yahoo webcam images intercepted by GCHQ</a>, <i>The Guardian</i>, 27 February. <br />
<br />
<a href="http://www.washingtonpost.com/world/national-security/nsa-surveillance-program-reaches-into-the-past-to-retrieve-replay-phone-calls/2014/03/18/226d2646-ade9-11e3-a49e-76adc9210f19_story.html">NSA surveillance program reaches ‘into the past’ to retrieve, replay phone calls</a>, <i>Washington Post</i>, 18 March. <br />
<br />
<a href="http://www.bbc.co.uk/news/world-europe-26935096">Top EU court rejects EU-wide data retention law</a>, BBC News, 8 April.<br />
<br />
<a href="http://www.rollingstone.com/politics/news/death-from-above-how-american-drone-strikes-are-devastating-yemen-20140414">Death from above: how American drone strikes are devastating Yemen</a>, <i>Rolling Stone</i>, 14 April.<br />
<br />
<a href="http://www.reuters.com/article/2014/04/25/us-turkey-intelligence-idUSBREA3O1RK20140425">Turkish president approves law widening secret service's powers</a>, Reuters, 24 April.<br />
<br />
<a href="https://firstlook.org/theintercept/2014/05/19/data-pirates-caribbean-nsa-recording-every-cell-phone-call-bahamas/">The NSA is recording every cell phone call in the Bahamas</a>, <i>The Intercept</i>, 19 May.<br />
<br />
<a href="http://www.bbc.com/news/world-europe-28160767">Germany arrests man suspected of spying for US</a>, BBC News, 4 June.<br />
<br />
<a href="http://www.theregister.co.uk/2014/06/05/how_the_interenet_was_broken/">NSA: Inside the five-eyed vampire squid of the Internet</a>, The Register, 5 June. <br />
<br />
<a href="http://www.theguardian.com/business/2014/jun/06/vodafone-reveals-secret-wires-allowing-state-surveillance"><span id="goog_1239123850"></span>Vodafone reveals existence of secret wires that allow state surveillance<span id="goog_1239123851"></span></a>, <i>The Guardian</i>, 6 June. <br />
<br />
<a href="http://www.washingtonpost.com/world/national-security/us-officials-scrambling-to-nab-snowden-hoped-he-would-take-a-wrong-step-he-didnt/2014/06/14/057a1ed2-f1ae-11e3-bf76-447a5df6411f_story.html">US officials scrambled to nab Snowden, hoping he would take a wrong step. He didn’t</a>, <i>Washington Post</i>, 14 June.<br />
<br />
<a href="http://www.telegraph.co.uk/technology/internet-security/10905014/GCHQ-sanctions-spying-on-every-Facebook-Google-and-Twitter-user.html">GCHQ sanctions spying on every Facebook, Google and Twitter user</a>, <i>The Telegraph</i>, 17 June.<br />
<br />
<a href="http://www.washingtonpost.com/world/national-security/in-nsa-intercepted-data-those-not-targeted-far-outnumber-the-foreigners-who-are/2014/07/05/8139adf8-045a-11e4-8572-4b1b969b6322_story.html">In NSA-intercepted data, those not targeted far outnumber the foreigners who are</a>, <i>Washington Post</i>, 5 July.<br />
<br />
<a href="http://www.independent.co.uk/news/world/europe/germany-to-spy-on-us-for-first-time-since-1945-after-double-agentscandal-9590645.html">Germany to spy on US for first time since 1945 after ‘double agent’ scandal</a>, <i>The Independent</i>, 7 July.<br />
<br />
<a href="https://firstlook.org/theintercept/2014/07/09/under-surveillance/">Meet the Muslim-American leaders the FBI and NSA have been spying on</a>, <i>The Intercept</i>, 9 July.<br />
<br />
<a href="https://firstlook.org/theintercept/2014/07/14/manipulating-online-polls-ways-british-spies-seek-control-internet/">Hacking online polls and other ways British spies seek to control the Internet</a>, <i>The Intercept</i>, 14 July.<br />
<br />
<a href="https://firstlook.org/theintercept/2014/07/23/blacklisted/">The secret government rulebook for labeling you a terrorist</a>, <i>The Intercept</i>, 23 July. <br />
<br />
<a href="http://www.washingtontimes.com/news/2014/jul/31/cia-admits-improperly-hacking-senate-computers-sea/?page=all">CIA Admits improperly hacked into Senate computers</a>, <i>Washington Times</i>, 31 July.<br />
<br />
<a href="https://firstlook.org/theintercept/2014/08/05/watch-commander/">Barack Obama’s secret terrorist-tracking system, by the numbers</a>, <i>The Intercept</i>, 5 August.<br />
<br />
<a href="http://news.vice.com/video/the-islamic-state-full-length">The Islamic State (documentary)</a>, Vice, 7 August.<br />
<br />
<a href="https://firstlook.org/theintercept/2014/08/07/leaked-files-german-spy-company-helped-bahrain-track-arab-spring-protesters/">German spy company helped Bahrain hack Arab Spring protesters</a>, <i>The Intercept</i>, 8 August.<br />
<br />
<a href="http://www.reuters.com/article/2014/09/02/us-usa-security-photos-idUSKBN0GX1ZA20140902">Photos of alleged 9/11 '20th hijacker' can stay classified: court</a>, Reuters, 2 September.<br />
<br />
<a href="http://www.npr.org/2014/09/02/342494225/mraps-and-bayonets-what-we-know-about-the-pentagons-1033-program">MRAPs and bayonets: what we know about the Pentagon's 1033 program</a>, NPR, 2 September.<br />
<br />
<a href="https://firstlook.org/theintercept/2014/09/14/nsa-stellar/">The NSA and GCHQ campaign against German satellite companies</a>, <i>The Intercept</i>, 14 September.<br />
<br />
<a href="http://www.nytimes.com/2014/09/17/opinion/israels-nsa-scandal.html?_r=1">Israel's NSA scandal</a>, <i>New York Times</i>, 16 September.<br />
<br />
<a href="http://www.theguardian.com/technology/2014/sep/16/wikileaks-finfisher-files-malware-surveillance">Wikileaks releases FinFisher files to highlight government malware abuse</a>, <i>The Guardian</i>, 16 September.<br />
<br />
<a href="https://firstlook.org/theintercept/2014/10/02/the-nsa-and-me/">The NSA and me</a>, <i>The Intercept</i>, 2 October.<br />
<br />
<a href="https://citizenfourfilm.com/">Citizen Four (documentary)</a>, 10 October. <br />
<br />
<a href="http://foreignpolicy.com/2014/10/22/why-was-the-nsa-chief-playing-the-market/">Why was the NSA chief playing the market?</a> Foreign Policy, 22 October.<br />
<br />
<a href="http://www.theguardian.com/world/2014/oct/24/mi5-spied-historians-eric-hobsbawm-christopher-hill-secret-files">MI5 spied on leading British historians for decades, secret files reveal</a>, <i>The Guardian</i>, 24 October. <br />
<br />
<a href="http://www.nytimes.com/2014/10/27/us/in-cold-war-us-spy-agencies-used-1000-nazis.html">In Cold War, US spy agencies used 1,000 Nazis</a>, <i>New York Times</i>, 26 October. <br />
<br />
<a href="https://firstlook.org/theintercept/2014/10/30/hacking-team/">Secret manuals show the spyware sold to despots and cops worldwide</a>, <i>The Intercept</i>, 30 October.<br />
<br />
<a href="http://gizmodo.com/brazils-keeping-its-promise-to-disconnect-from-the-u-s-1652771021">Brazil is keeping its promise to avoid the US Internet</a>, Gizmodo, 30 October.<br />
<br />
<a href="http://www.information.dk/514369">Disguised as climate negotiators</a>, <i>Dagbladet Information</i>, 1 November. <br />
<br />
<a href="http://www.theguardian.com/world/2014/nov/06/intelligence-agencies-lawyer-client-abdel-hakim-belhaj-mi5-mi6-gchq">UK intelligence agencies spying on lawyers in sensitive security cases</a>, <i>The Guardian</i>, 7 November.<br />
<br />
<a href="http://bigstory.ap.org/article/89470f11697641518c1043aab01773ac/fbi-admits-agent-impersonated-ap-reporter">FBI says it impersonated AP reporter in 2007 case</a>, AP, 7 November.<br />
<br />
<a href="http://www.wsj.com/articles/americans-cellphones-targeted-in-secret-u-s-spy-program-1415917533">Americans’ cellphones targeted in secret US spy program</a>, <i>Wall Street Journal</i>, 14 November.<br />
<br />
<a href="http://gizmodo.com/whatsapp-now-provides-end-to-end-encryption-for-your-me-1660089798">WhatsApp now provides end-to-end encryption for your messages</a>, Gizmodo, 18 November.<br />
<br />
<a href="http://bigstory.ap.org/article/acc54fc0c64c4c3eae29b8ac380cc065/ap-exclusive-snowden-debate-inside-nsa">Before Snowden, a debate inside NSA</a>, AP, 19 November.<br />
<br />
<a href="https://firstlook.org/theintercept/2014/11/20/us-firms-accused-enabling-surveillance-central-asian-states/">US firms accused of enabling surveillance in despotic Central Asian regimes</a>, <i>The Intercept</i>, 20 November.<br />
<br />
<a href="http://international.sueddeutsche.de/post/103543418200/snowden-leaks-how-vodafone-subsidiary-cable">How Vodafone-subsidiary Cable & Wireless aided GCHQ’s spying efforts</a>, <i>Süddeutsche Zeitung</i>, 25 November.<br />
<br />
<a href="http://www.documentcloud.org/documents/1376748-sscistudy1.html">CIA torture report</a>, 9 December.<br />
<br />
<a href="http://www.bloomberg.com/news/2014-12-21/wikileaks-releases-purported-cia-documents-on-operatives-travel.html">WikiLeaks CIA leaks</a>, <a href="http://wikileaks.org/cia-hvt-counterinsurgency/">18</a> & <a href="http://wikileaks.org/cia-hvt-counterinsurgency/">21</a> December. <br />
<br />
<a href="http://www.spiegel.de/international/germany/inside-the-nsa-s-war-on-internet-security-a-1010361.html">Inside the NSA's war on internet security</a>, Der Spiegel, 27 December. <br />
<br />
<a href="http://sabufiles.com/">The Sabu Files</a>, Vice/Daily Dot.<br />
<br />
<a href="http://www.pressgazette.co.uk/subject/Save%20Our%20Sources">Save our sources campaign</a>, The Press Gazette.<br />
<br />
<h3>
<a href="http://notes.rjgallagher.co.uk/2014/03/2015/01/year-in-review-2014-gchq-nsa-surveillance.html" name="towatch"></a><a href="http://notes.rjgallagher.co.uk/2015/01/year-in-review-2014-gchq-nsa-surveillance.html#towatch">Ones to watch in 2015</a></h3>
Some things worth keeping an eye on...<br />
<br />
A <a href="http://www.reuters.com/article/2014/12/04/us-cybersecurity-doj-idUSKCN0JI1MN20141204">new US cybersecurity unit</a> that will advise agencies on surveillance operations.<br />
<br />
Details about a secret database being used by federal agents in the US, the existence of which has become the <a href="http://www.courthousenews.com/2014/12/01/court-demands-more-information-on-feds-secret-spying-program.htm">subject of dispute</a> in an ongoing court case.<br />
<br />
Information about <a href="http://www.bbc.com/news/uk-27050861">documents being shredded en masse</a> in a UK police anti-corruption investigation.<br />
<br />
Developments in the US government's ongoing criminal investigation into WikiLeaks, which <a href="http://notes.rjgallagher.co.uk/2014/05/sabu-wikileaks-lulzsec-fbi-undercover-sting.html">may have involved</a> the use of a prominent informant.<br />
<br />
The long-overdue publication of a government-commissioned <a href="https://www.rusi.org/news/ref:N5399836649AAC">post-Snowden review</a> of UK surveillance operations. <br />
<br />
The US government <a href="http://www.nytimes.com/2014/07/28/us/politics/us-justice-dept-moves-to-shield-anti-iran-groups-files-united-against-nuclear-iran.html?_r=0">using state secrecy powers</a> to block the release of files from anti-Iran group.<br />
<br />
Renewed 'crypto wars' as law enforcement agencies in the US <a href="http://www.theguardian.com/us-news/2014/oct/16/fbi-director-attacks-tech-companies-encryption">push for</a> <a href="http://thehill.com/policy/cybersecurity/221147-crypto-wars-return-to-congress">more powers</a> to combat privacy-protecting encryption technologies.<br />
<br />
More <a href="http://www.courthousenews.com/2014/10/03/72098.htm">details</a> about the CIA's hacking of Senate computers.<br />
<br />
A <a href="http://www.slate.com/articles/technology/future_tense/2012/08/how_governments_and_telecom_companies_work_together_on_surveillance_laws_.html">continuing</a> government effort to introduce new laws bolstering surveillance powers in the US, UK, Australia, Canada, and New Zealand.<br />
<br />
Many more stories from the Snowden documents related to secret spying conducted by the US, UK, Australia, Canada, New Zealand, and other countries.<br />
<br />
<h3>
<a href="http://notes.rjgallagher.co.uk/2015/01/year-in-review-2014-gchq-nsa-surveillance.html" name="awards"></a><a href="http://notes.rjgallagher.co.uk/2015/01/year-in-review-2014-gchq-nsa-surveillance.html#awards">Now for a few awards...</a></h3>
Because I feel like handing out some dubious accolades:<br />
<br />
<u><i>Bullshit statement of the year</i></u><br />
<br />
Winner: Recently retired GCHQ spy chief Sir Iain Lobban for his <a href="http://www.itv.com/news/west/update/2014-10-21/gchq-head-denies-mass-surveillance/">claim in October</a> that<i> </i>the agency doesn't engage in "anything remotely resembling mass surveillance." A completely false statement that could not be further from <a href="http://www.theguardian.com/uk/2013/jun/21/gchq-cables-secret-world-communications-nsa">the truth</a>.<br />
<br />
Runner-up: UK home secretary Theresa May for "<a href="http://www.telegraph.co.uk/news/uknews/law-and-order/11167349/Home-Secretary-Theresa-May-insists-GCHQ-needs-haystack-of-data-to-find-needle.html">collection of bulk data is not mass surveillance.</a>"<br />
<br />
3rd prize: former US vice-president Dick Cheney for "<a href="http://www.washingtonpost.com/blogs/post-politics/wp/2014/12/14/a-defiant-dick-cheney-defends-cias-brutal-interrogation-program/">we were very careful to stop short of torture</a>." <br />
<br />
Dishonourable mentions: former NSA and CIA chief Michael Hayden for "<a href="http://www.politico.com/magazine/story/2014/12/torture-report-michael-hayden-not-sorry-113450_Page2.html">I didn’t do anything wrong</a>"; New GCHQ spy chief Robert Hannigan for "<a href="http://www.ft.com/cms/s/2/c89b6c58-6342-11e4-8a63-00144feabdc0.html">GCHQ is happy to be part of a mature debate on privacy in the digital age</a>."<br />
<br />
<u><i>Orwellian euphemism of the year</i></u><br />
<br />
New Zealand's prime minister
John Key tries and fails to make mass
surveillance palatable to the public in September by re-branding it "<a href="http://www.3news.co.nz/politics/key-denies-greenwalds-claims-of-mass-surveillance-2014091317">mass protection</a>."<br />
<br />
<u><i>Outrageous admission of the year</i></u><br />
<br />
Former NSA and CIA chief Michael Hayden <a href="http://www.nybooks.com/blogs/nyrblog/2014/may/10/we-kill-people-based-metadata/">tells an audience</a> at Johns Hopkins University in April: "We kill people based on metadata."<br />
<br />
<i><u>Understatement of the year</u></i><br />
<br />
President Barack Obama, in August, on the CIA's brutal human rights abuses post 9/11: "<a href="http://www.cbsnews.com/news/obama-we-tortured-some-folks-after-911/">We tortured some folks</a>."<br />
<br />
<u><i>Gaffe of the year</i></u><br />
<br />
UK foreign secretary Philip Hammond, who is responsible for signing off on GCHQ surveillance operations, <a href="https://www.youtube.com/watch?v=-1PNttDlois">illustrates that he doesn't have a clue</a> what he's been approving during a parliamentary hearing in October.<br />
<br />
<i><u>Hypocrite of the year</u></i><br />
<br />
Michael Hayden, the CIA chief who overseen the agency's secret extrajudicial kidnapping operations that involved imprisoning and torturing terrorism suspects, some of whom were <a href="http://www.nytimes.com/2014/12/13/us/politics/amid-details-on-torture-data-on-26-held-in-error-.html?_r=0">entirely innocent</a>, <a href="http://www.bbc.com/news/world-us-canada-30423280">complains in December</a> that a Senate report criticising CIA torture methods was like being "tried and convicted in absentia. We were not given an opportunity
to mount a defense."<br />
<br />
<u><i>Most bizarre mass surveillance justification of the year</i></u><br />
<br />
UK prime minister David Cameron <a href="http://www.telegraph.co.uk/news/uknews/crime/10608439/David-Cameron-TV-crime-dramas-show-need-for-snoopers-charter.html">explains to British lawmakers in January</a> that fictional TV crime dramas demonstrate the need for new dragnet spying powers.<br />
<br />
<i><u>Most absurd response to surveillance revelations of the year</u></i><br />
<br />
A special joint award that goes to the Canadian prime minister's parliamentary secretary, Paul Calandra, and John Key, New Zealand's prime minister. Instead of addressing the substance of revelations about secret government spying in 2014 (that I was involved in reporting), Calandra and Key both resorted to weird and childish petty insults, calling my colleague Glenn Greenwald a "<a href="https://www.techdirt.com/articles/20140131/12542726062/canadian-govt-responds-to-spying-revelations-its-all-lie-calling-glenn-greenwald-porn-spy.shtml">porn spy</a>" (Calandra) and a "<a href="http://www.nzherald.co.nz/national/news/video.cfm?c_id=1503075&gal_cid=1503075&gallery_id=145457">loser</a>" (Key).<br />
<br />
<u><i>Villain of the year</i></u><br />
<br />
UK police and security agencies for <a href="https://twitter.com/rj_gallagher/status/491572536195698688">establishing</a> <a href="http://www.theguardian.com/uk-news/2014/jul/22/uk-definition-terrorism-political-journalists-bloggers-watchdog">a precedent</a> that means journalism — the mere publication of <a href="https://twitter.com/rj_gallagher/status/491571866889629696">facts and opinions</a> — can now be considered terrorism; for <a href="http://www.theguardian.com/media/2014/sep/03/met-journalist-phone-records-sun-political-editor-plebgate">working to secretly identify</a> journalists' confidential sources; and for <a href="http://www.theguardian.com/world/2014/nov/06/intelligence-agencies-lawyer-client-abdel-hakim-belhaj-mi5-mi6-gchq">eavesdropping on lawyers'</a> privileged communications. <br />
<br />Ryan Gallagherhttp://www.blogger.com/profile/01155476025158426542noreply@blogger.com0tag:blogger.com,1999:blog-7589045875350697137.post-38870931710544524102014-08-28T20:17:00.000+01:002014-08-28T22:57:18.824+01:00Extraordinary Rendition and the Secret Role of MetadataOn Monday, I had a <a href="https://firstlook.org/theintercept/article/2014/08/25/icreach-nsa-cia-secret-google-crisscross-proton/">new story</a> out at <i>The Intercept</i> revealing a secret search engine that the National Security Agency built to share a massive amount of data with other US government agencies, including domestic law enforcement. There are many new and important details scattered through the piece. But there is one in particular I would like to take a minute to focus on here, because it is a fact that strikes at the heart of the debate about government surveillance and deserves some more attention.
<p>
In <a href="https://firstlook.org/theintercept/document/2014/08/25/metadata-sharing-memorandum-2005">one of the classified documents</a> that we published with the story, dated from 2005, the NSA outlined some of the "successes" of a data-sharing project called CRISSCROSS that was led by the Central Intelligence Agency. The document shows that metadata collected about communications was integral to the CIA's extraordinary rendition program during the Bush Administration, which involved kidnapping terror suspects and taking them to secret "black site" jails where they would be brutally interrogated and sometimes tortured. The NSA document says:
<p>
<blockquote>Since 9/11, the contributions to the GWOT [global war on terror] due to our increased collection of signaling metadata are innumerable and significant. It is safe to say that it has been a contribution to virtually every successful rendition of suspects and often, the deciding factor.</blockquote>
<p>
This is an incredible detail. Remember, metadata is not the audio content of a phone call or the words contained within the body of an email message. It is merely information showing who you have contacted and when. Governments have often sought to defend the mass-scale collection of metadata by insisting that it is not information that is sensitive or very private. In June last year, President Obama <a href="http://blogs.wsj.com/washwire/2013/06/07/transcript-what-obama-said-on-nsa-controversy/">tried to dismiss</a> concerns about metadata collection in the United States by claiming that "nobody is listening to your telephone calls." But, clearly, the government doesn't need to be <i>listening</i> to your calls to deem you a threat. That metadata has been the deciding factor in targeting people for extraordinary rendition is a profound illustration of that — and it shows that metadata collection has real-world ramifications: it is not just some benign activity.
<p>
You might think, "well, I'm not a terror suspect so what do I care?" But this is not only about the Bad Guys — there are much wider consequences at play here. During the height of the extraordinary rendition program, for instance, some of the people targeted were victims of what was called "erroneous rendition." In other words, the CIA would kidnap the wrong person. (Yes, seriously.) In 2005, it was <a href="http://www.washingtonpost.com/wp-dyn/content/article/2005/12/03/AR2005120301476_pf.html">reported</a> by the <i>Washington Post</i> that the CIA's inspector general was investigating a "growing number" of erroneous renditions, with some anonymous government officials saying that they believed there were as many as 30 instances of it having taken place.
<p>
Much is still unknown about these cocked-up renditions because the information has been kept secret. But now that we know metadata played a key role in targeting people — in some cases even being the "deciding factor" — questions must surely be asked about whether this method was ever to blame. From a legal and human rights perspective, it is disturbing enough that the CIA was secretly kidnapping, imprisoning, and then torturing people. But the possibility of innocent individuals being targeted on the basis of their metadata trail clearly adds a chilling extra dimension. It is a policy of guilt by association that bears all the hallmarks of a kind of terrible and flawed style of totalitarian policing.
<p>
Today, the practice of extraordinary rendition appears to have been largely phased out by President Obama. But the concerns raised by the use of metadata to target people are still highly pertinent. Indeed, as <i>The Intercept</i> <a href="https://firstlook.org/theintercept/article/2014/02/10/the-nsas-secret-role/">reported</a> back in February, metadata is actively being used to target and kill terror suspects in drone strikes in countries like Yemen, Pakistan and Somalia. One military source said that the method can result in the "wrong people" being bombed. And if you think that sounds far-fetched — that the US would not launch missiles at people because of their metadata — you don't need to take my word for it. Just go and listen to what former CIA and NSA chief Michael Hayden has to say. As he <a href="http://www.nybooks.com/blogs/nyrblog/2014/may/10/we-kill-people-based-metadata/">boasted</a> in April: "We kill people based on metadata."
Ryan Gallagherhttp://www.blogger.com/profile/01155476025158426542noreply@blogger.com0tag:blogger.com,1999:blog-7589045875350697137.post-68261224176294757902014-05-26T14:47:00.000+01:002014-08-28T22:57:37.186+01:00Sabu, LulzSec, and the FBI's WikiLeaks InvestigationSome very intriguing new details emerged on Friday about the case of former Anonymous hacker turned FBI informant Hector Monsegur, or "Sabu" as he is better known.
<p></p>
A <a href="http://www.scribd.com/doc/226131199">document</a> filed in a New York district court shed light on the "extraordinarily valuable and productive" extent of Sabu's cooperation with the government over a period of approximately three years.
<p></p>
It is already widely known that Sabu <a href="http://www.foxnews.com/tech/2012/03/06/hacking-group-lulzsec-swept-up-by-law-enforcement/">secretly helped authorities</a> track down and jail his former hacker comrades who were part of LulzSec, a high-profile Anonymous splinter group that attacked and infiltrated major corporate and government websites in the summer of 2011.
<p></p>
But the latest court document for the first time hints at Sabu's broader role aiding another major FBI undercover operation — one that I believe likely relates to an aggressive investigation into WikiLeaks and its founder Julian Assange. The section of the document in question is vague, deliberately so, but offers enough detail to indicate that it directly involves WikiLeaks and is potentially of high importance, for reasons I'll explain below. The document states:
<p></p>
<blockquote>Monsegur also engaged in a significant undercover operation in an existing investigation through which, acting at the direction of law enforcement, Monsegur gathered evidence that exposed a particular subject’s role in soliciting cyber attacks on a foreign government. The evidence he enabled the Government to obtain was extremely valuable, and the Government could not otherwise have obtained it without his assistance. Although this cooperation has not resulted in any prosecutions to date, the Government believes his information, and the evidence he helped to obtain in this matter, is extremely significant.</blockquote>
<p></p>
To understand why this matters and why it struck me straight away, a bit of background is necessary.
<p></p>
As I reported last year in <a href="http://www.slate.com/articles/technology/future_tense/2013/08/sigurdur_thordarson_icelandic_wikileaks_volunteer_turned_fbi_informant.html">a piece for <i>Slate</i></a>, Sabu, while working as an FBI informant in 2011, was in contact with a young WikiLeaks volunteer who had established a close relationship with Assange.
<p></p>
The volunteer, <a href="http://www.smh.com.au/content/dam/images/2/r/y/s/7/image.related.articleLeadwide.620x349.2ryiu.png">Sigurdur Thordarson</a>, told me that with Assange's approval he set up a line of communication between Sabu, LulzSec, and WikiLeaks. He said he then solicited the hackers to infiltrate computers at the Icelandic Ministry of Finance to find evidence of anti-WikiLeaks sentiment. "That was the first assignment WikiLeaks gave to LulzSec," Thordarson claimed, because the Ministry of Finance had months earlier <a href="http://www.dv.is/frettir/2011/1/21/telur-tengsl-vid-wikileaks-hafa-hindrad-2-milljadra-fjarfestingu/">thwarted</a> an attempt by DataCell, a company that processes WikiLeaks donations, to purchase a large new data center in Reykyavik. The FBI appears to have monitored the exchange between WikiLeaks and LulzSec through Sabu, and a few days later contacted Icelandic authorities to warn them about an imminent cyber attack. Icelandic police travelled to the United States to discuss the matter, according to <a href="http://www.rikissaksoknari.is/um-embaettid/frettir/nr/54">information</a> published by the country's state prosecutor.
<p></p>
According to Thordarson, the LulzSec hackers eventually turned over some confidential documents to WikiLeaks that related to the US embassy in Iceland, as well as other hacked files, such as a huge trove of emails mined from Syrian government servers that were later <a href="http://wikileaks.org/syria-files">released by WikiLeaks</a>. Thordarson alleged that Assange spoke with Sabu over Skype during this time, and he <a href="http://www.scribd.com/doc/158911532/Siggi-Sabu-transcript">showed me records of chats</a> he had with Sabu that appear to support his version of events. Again, Sabu was secretly working as an FBI informant during his correspondence with WikiLeaks; FBI agents, who were monitoring Sabu's online activity 24/7 and directing his conduct, would have almost certainly been watching over his shoulder during any conversations with Assange or others.
<p></p>
In a bizarre twist, Thordarson himself later became an FBI informant, before he found out that Sabu, too, was working for the Bureau. (You can read the whole crazy backstory <a href="http://www.slate.com/articles/technology/future_tense/2013/08/sigurdur_thordarson_icelandic_wikileaks_volunteer_turned_fbi_informant.html">here</a>.) WikiLeaks says Thordarson was a rogue operative and has accused the FBI of using "coercion and payments" in an effort to extract information that could be used against its staff in a prosecution. It is unclear whether Assange was personally involved at all in any attempt to solicit the hacking of foreign government computers.
<p></p>
Either way, one thing that is clear and undisputed is that Sabu <i>was</i> in contact with WikiLeaks while he was working for the FBI. And the new court document in Sabu's case strongly suggests to me that the contact was not some random occurrence — rather, it suggests it was part of a concerted FBI undercover sting operation aimed at implicating Assange and his colleagues in criminal activity.
<p></p>
The mention of "a particular subject’s role in soliciting cyber attacks on a foreign government" stood out to me immediately as a likely reference to the Assange-Thordarson-Sabu-Iceland affair, perhaps even intended as a warning shot from the Justice Department that this is an angle still being pursued. WikiLeaks seems to have noticed it, as well, <a href="https://twitter.com/wikileaks/status/470353259111387136">tweeting</a> on Saturday that the document contained an "apparent reference to [an] FBI operation against WL."
<p></p>
It is worth recalling that the FBI and the Justice Dept. still have an active and ongoing criminal investigation into WikiLeaks, a fact that was most recently confirmed just <a href="http://www.smh.com.au/world/assange-targeted-by-fbi-probe-us-court-documents-reveal-20140520-38l1p.html">last week</a>. But because of constitutional press freedom protections in the United States under the First Amendment, to prosecute any WikiLeaks staff for their role in publishing leaked classified US government documents would be untenable. That is precisely why it is far more likely that the FBI will be seeking to find other charges it can lay against Assange, such as conspiracy, and that is where I think Sabu comes into the frame. The new court document refers to an "existing investigation" and notes that while the information Sabu gleaned about the cyber attacks being solicited "has not resulted in any prosecutions <i><b>to date</b></i>," it remains "extremely significant." [Emphasis added.]
<p></p>
So watch this space. I expect more details about this dramatic debacle are going surface before long — possibly even in an indictment against Assange, if the FBI gets its way.
Ryan Gallagherhttp://www.blogger.com/profile/01155476025158426542noreply@blogger.com0tag:blogger.com,1999:blog-7589045875350697137.post-84022434737144447652014-03-26T18:56:00.002+00:002014-03-27T14:04:48.482+00:00The Detainee Report and the UK Government Flouting FOIA LawBack in September, as I explained in a <a href="http://notes.rjgallagher.co.uk/2013/11/detainee-inquiry-preliminary-report-uk-rendition-torture-mi6-mi5.html">previous post</a>, I filed a Freedom of Information Act (FOIA) request with the UK government in an attempt to obtain a long-withheld report on British spies' complicity in torture and extraordinary rendition. The government repeatedly ignored my requests — refusing to even acknowledge them, as obligated under the law — but finally <a href="https://www.gov.uk/government/publications/report-of-the-detainee-inquiry">published the report</a> in December.
<p></p>
As I suspected it would, the so-called 'Detainee Inquiry' report shined a light on the dubious involvement of the UK's security services in brutal interrogation tactics and kidnapping methods carried out by US government operatives in the aftermath of the September 11 attacks. British agents, <a href="http://www.theguardian.com/uk-news/2013/dec/19/gibson-report-mi6-detainees-torture-cooperated">it found</a>, were under no obligation to report breaches of the Geneva conventions and turned a "blind eye" to the torture of detainees held in foreign prisons.
<p></p>
The report was put together by the Detainee Inquiry as a <i>preliminary</i> report and, unfortunately, it only scratched the surface. Headed by retired judge Sir Peter Gibson, the inquiry was originally supposed to dig deep into the allegations of complicity in the abuses. However, it was <a href="http://www.bbc.co.uk/news/world-16614514">postponed in 2012</a> amid controversy because the government said that it clashed with ongoing police investigations into some of the same cases. Justice Secretary Ken Clarke <a href="http://www.bbc.co.uk/news/world-16614514">promised</a> that an independent judge-led inquiry would continue in time, but the government suddenly pulled a policy reversal in December and now says the issues will be dealt with (or should I say, swept under the rug) by the largely toothless parliamentary intelligence and security committee — a move that has been strongly criticised by <a href="http://www.amnesty.org.uk/press-releases/uk-decision-hand-torture-inquiry-intelligence-committee-strongly-criticised">human rights groups</a>, <a href="http://www.leighday.co.uk/News/2013/December-2013/Lawyers-call-for-judge-led-inquiry">lawyers</a>, and <a href="http://www.ohchr.org/EN/NewsEvents/Pages/DisplayNews.aspx?NewsID=14138&LangID=E">two United Nations special rapporteurs</a>.
<p></p>
Aside from pointing to substance of the Gibson report, though, I wanted address something else here: that is, he dismal conduct of the government in ignoring my original request to obtain it. The Cabinet Office repeatedly failed to respond to my inquires for a period of about five months, even after the <a href="http://ico.org.uk">Information Commissioner's Office</a> (ICO) got involved. (The ICO is the public body that enforces access to information legislation in the UK.) Under the terms of the FOIA law, the government should have responded to my initial request within 30 days. Instead, it chose not to respond at all — not even an acknowledgement; nothing. I've never experienced anything like that, and I have submitted quite a lot of FOIA requests in my time.
<p></p>
It seemed that the Cabinet Office was clearly flouting its legal obligations, so I decided to submit a formal complaint with the ICO. Last month, <a href="http://www.scribd.com/doc/214570115/ICO-decision-notice">the ICO issued a "decision notice" in my case</a> (see below), finding in my favour that the government broke the law under <a href="http://www.legislation.gov.uk/ukpga/2000/36/section/10">section 10</a> of the Freedom of Information Act by ignoring my request. The ICO threatened to pursue contempt of court action against the government in the High Court if it did not contact me within a further 35 days. Unsurprisingly, earlier this month, about a day before the deadline was due to expire, the Cabinet Office <a href="http://www.scribd.com/doc/214751941"><i>finally</i> responded</a> — claiming "oversights" were the cause of the long delay while having the cheek to open its letter by referring to my "recent" FOIA request. The request was submitted half a year prior.
<p></p>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0pJJ_FvRg3b0tNDRS39xswce4-uAqd2J8tUoj7B0PaWxzjcLFPvr_68Osv24-0-ux5uGQYI4Pr1a9o6YkygtF9RDzncHLTWaECqMYXB_KvTNfaXqp6RHWBxeItI29jEA3lev1D1_XgIiu/s1600/Decision+notice.png" title="ICO Decision Notice, February 13th 2014"><img alt="" border="0" id="BLOGGER_PHOTO_ID_5722191027523705330" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0pJJ_FvRg3b0tNDRS39xswce4-uAqd2J8tUoj7B0PaWxzjcLFPvr_68Osv24-0-ux5uGQYI4Pr1a9o6YkygtF9RDzncHLTWaECqMYXB_KvTNfaXqp6RHWBxeItI29jEA3lev1D1_XgIiu/s1600/Decision+notice.png" style="cursor: pointer; float: height: 354px; margin: 0pt 10px 10px 0pt; width: 273px;" /></a></div>
Cabinet officials were contacted on several occasions about my request over this six-month period; they confirmed to the ICO over the phone that they had received it, and were then <a href="http://www.scribd.com/doc/188445158/From-the-ICO-Re-rendition-report-FOI-Complaint">warned</a> about potential "enforcement action." Yet they continued to not respond to me. It was not until the government was formally threatened with contempt in the decision notice that it acted. And by then, the Detainee Inquiry report that I was originally seeking had been <a href="https://www.gov.uk/government/publications/report-of-the-detainee-inquiry">released publicly</a> anyway.
<p></p>
I have no idea whether the government deliberately ignored my request in a bid to delay releasing the report, so that it could release it later on its own terms. But frankly that does not seem like a far-fetched possibility, especially given that some public bodies, like London's Metropolitan Police, have <a href="http://liberalconspiracy.org/2012/02/22/how-scotland-yard-monitors-prying-bloggers-and-journalists/">admitted</a> treating FOIA requests from journalists as "high risk" — even though all requests are supposed to be treated "applicant and motive blind." Either way, whether the failure to respond was calculated or just down to total incompetence, I have certainly not come away from this debacle with a sense that the government cares much about fulfilling its legal responsibilities in the realm of transparency.
<p></p>
For that reason, there is a satisfaction in seeing the government get reprimanded by the ICO for its unlawful conduct in this case. But ultimately there is a kind of depressing futility about the finding. The decision notice will go against the government — damaging the Cabinet Office's FOIA credentials with the Information Commissioner, especially if other cases such as this continue to stack up. (The Cabinet could be placed on the ICO's "<a href="http://ico.org.uk/what_we_cover/monitoring_compliance">monitoring programme</a>" if it keeps egregiously flouting its FOIA obligations.) However, that doesn't really count for much in practice. I would like to see the ICO given much stronger powers to enforce compliance with FOIA law — the power to dish out heavy fines for flagrant violations and inexplicably extreme delays in responding to people. Otherwise it seems highly likely that the government and other public bodies will continue to be content to ignore requests whenever it suits them to do so.
<p></p>
<b><a href="http://notes.rjgallagher.co.uk/2014/03/detainee-inquiry-foia-cabinet-office-flouting-law.html" name="update"></a><a href="http://notes.rjgallagher.co.uk/2014/03/detainee-inquiry-foia-cabinet-office-flouting-law.html#update">UPDATE</a>, 27 March 2014</b>: As a commenter below has pointed out, it turns out that the Cabinet Office has in fact already been placed on the "monitoring programme" by the Information Commissioner's Office after "serious shortcomings" were identified in its responses to freedom of information requests. The ICO <a href="http://ico.org.uk/news/latest_news/2014/cabinet-office-monitored-over-foi-response-times-23012014">announced in January</a>, while my complaint was still ongoing, that it would be examining the Cabinet's responses to requests received between 1 January and 31 March 2014. The ICO claims that "failure to show signs of improvement during this period may result in enforcement action."Ryan Gallagherhttp://www.blogger.com/profile/01155476025158426542noreply@blogger.com2tag:blogger.com,1999:blog-7589045875350697137.post-3176170219944533242014-02-01T21:51:00.002+00:002014-02-08T00:09:25.612+00:00Canada's WiFi Surveillance and CSEC's Non-Denial DenialsOn Thursday, a report I worked on with Glenn Greenwald and Greg Weston <a href="http://www.cbc.ca/news/politics/csec-used-airport-wi-fi-to-track-canadian-travellers-edward-snowden-documents-1.2517881">was published in Canada</a>, revealing how the country's spy agency CSEC secretly developed a program to monitor WiFi users in a major Canadian airport.
<p></p>
The piece, based on documents leaked by the former US National Security Agency contractor Edward Snowden, has led to CSEC being <a href="http://www.theglobeandmail.com/globe-debate/now-we-know-ottawa-can-snoop-on-any-canadian-what-are-we-going-to-do/article16625310">accused of acting unlawfully</a> and has triggered calls for better oversight of the agency.
<p></p>
But one of the most intriguing aspects of the fallout from the story has been the Canadian government's response — which merits some scrutiny and analysis.
<p></p>
First, some context.
<p></p>
Back in November, Greenwald, Weston and I <a href="http://www.cbc.ca/news/politics/new-snowden-docs-show-u-s-spied-during-g20-in-toronto-1.2442448">reported separate revelations</a> about Canada's role in an NSA operation to spy at the G8 and G20 summits in Canada in 2010. In response, CSEC's chief John Forster <a href="http://www.cbc.ca/news/politics/top-spy-won-t-answer-questions-about-g20-surveillance-1.2444004">claimed</a> in response to reporters' questions:
<p></p>
<blockquote>
What I can tell you is that CSEC, under its legislation, cannot target Canadians anywhere in the world or anyone in Canada, including visitors to Canada.</blockquote>
<p></p>
During a <a href="http://www.cse-cst.gc.ca/gtec/speech-2013-10-09-eng.html">speech in October</a>, Forster had made a similar statement:
<p></p>
<blockquote>I can tell you that we do not target Canadians at home or abroad in our foreign intelligence activities, nor do we target anyone in Canada. In fact, it's prohibited by law. Protecting the privacy of Canadians is our most important principle.</blockquote>
<p></p>
And again, in January, he repeated this assertion <a href="http://www.cse-cst.gc.ca/home-accueil/media/media-2014-01-29-eng.html">in a letter to a Canadian newspaper</a>:
<p></p>
<blockquote>
Under the law, CSE’s foreign intelligence mandate specifically dictates that our activities be directed only at foreign entities, and not at Canadians or anyone in Canada. That is the law and we fully respect that.</blockquote>
<p></p>
Having analysed Canadian documents in the Snowden material, these statements struck me as quite astonishing.
<p></p>
Why? Because one of the top-secret Snowden documents revealed that, in 2012, CSEC had set up a program that involved monitoring WiFi usage at a large Canadian airport. The secret files showed how CSEC was able to use a huge amount of data about the WiFi connections to follow users "backward and forward in recent time" — identifying visits to hotels, other airports, Internet cafes, coffee shops, and a library.
<p></p>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOamHgwsoUVIVLl9WLRbrPYwJMV2g4GEWaqjUqVprZ_qzCXJOVUa1Y5q4MoZeCCNSSydF2GOdgjuKeP3uHkovVvhrhBfoGFfxMQXWGDpkAXKxWwU-ardKzo4rTtP-5mSfI3Te0y8k6UqqY/s1600/canada2.jpg" imageanchor="1"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOamHgwsoUVIVLl9WLRbrPYwJMV2g4GEWaqjUqVprZ_qzCXJOVUa1Y5q4MoZeCCNSSydF2GOdgjuKeP3uHkovVvhrhBfoGFfxMQXWGDpkAXKxWwU-ardKzo4rTtP-5mSfI3Te0y8k6UqqY/s1600/canada2.jpg" height="300" width="400" /> </a>
<p></p>
The tactic is described by CSEC in the files as "IP profiling" — a surveillance method that can be used to track users' movements over time. In one case, as <a href="http://www.cbc.ca/news/politics/csec-used-airport-wi-fi-to-track-canadian-travellers-edward-snowden-documents-1.2517881">we reported at CBC</a> on Thursday, the spy agency says that it performed a sweep of an entire "modest-sized" city and identified 300,000 user IDs:
<p></p>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjysr-JpEZEvdWm9fcpcI19dZ9X4yOq6R0cTda3U8-IfalymY9TJXtOwdxDOCARVYqYa-Al-ZQpkaMyClyC5PEkTJ-OydV9luAoQX1cOcmmDGn-n2SMp2rjeFkjFR4lwbz8ohUew_3j-GHO/s1600/canada3.jpg" imageanchor="1"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjysr-JpEZEvdWm9fcpcI19dZ9X4yOq6R0cTda3U8-IfalymY9TJXtOwdxDOCARVYqYa-Al-ZQpkaMyClyC5PEkTJ-OydV9luAoQX1cOcmmDGn-n2SMp2rjeFkjFR4lwbz8ohUew_3j-GHO/s1600/canada3.jpg" height="100" width="400" /> </a>
The "mission impact" of the tactic, according to the document, is that it can alert spies to "target country location changes" and "webmail logins with time-limited cookies":
<p></p>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGYo0VkvEhDgMC-WqRcsWsaiKUhCJgq5_CVd1pilD6MNYXno3k8BCJ0uxPc4q7J_EQTwnxb0lYTO4T0FLKJHUsuWcfOL5MMZXHpZLMPGf5GDrU2yczCdDjHkUHixk2P3AyXARLYqzOKCFr/s1600/canada1.jpg" imageanchor="1"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGYo0VkvEhDgMC-WqRcsWsaiKUhCJgq5_CVd1pilD6MNYXno3k8BCJ0uxPc4q7J_EQTwnxb0lYTO4T0FLKJHUsuWcfOL5MMZXHpZLMPGf5GDrU2yczCdDjHkUHixk2P3AyXARLYqzOKCFr/s1600/canada1.jpg" height="300" width="400" /> </a>
<p></p>
The <a href="http://www.cbc.ca/news2/pdf/airports_redacted.pdf">full document</a> [pdf] speaks for itself. It illustrates a secret surveillance operation was conducted on Canadian soil — sweeping up metadata on the WiFi usage of thousands of people not suspected of any crime. Equally significant, the revelation contradicts CSEC chief Forster's repeated assertion that "we do not target Canadians at home or abroad in our foreign intelligence activities, nor do we target anyone in Canada."
<p></p>
After we reported the airports story, it got more interesting.
<p></p>
CSEC <a href="http://www.cse-cst.gc.ca/home-accueil/media/media-2014-01-30-eng.html">issued a statement</a> that was notable for three reasons. First, the agency did not repeat its previous mantra claiming not to "target anyone in Canada." Second, it appeared to make an admission that it is sweeping up metadata within Canada, saying that it was "legally authorized" to "collect and analyze" this information. And third, it issued a fresh denial, saying that "no Canadian or foreign travellers were tracked. No Canadian communications were, or are, targeted, collected or used."
<p></p>
Shortly afterwards, on Friday, a similar denial was made by the Canadian prime minister's parliamentary secretary, who launched <a href="http://www2.macleans.ca/2014/01/31/paul-calandra-calls-glenn-greenwald-a-porn-spy/">a bizarre personal attack</a> on Greenwald while claiming that the "facts" were that "nothing in the stolen documents showed that Canadians' communications were targeted, collected, or used, nor that travellers' movements were tracked."
<p></p>
But these denials are hollow.
<p></p>
It's a straw man to claim that the revelations were about communications being "targeted, collected, or used." That is not what our story was about. The issue at hand is how CSEC initiated a program to sweep up information showing when people are connecting to WiFi networks and using this information to build "profiles" of their movements back and forward in time.
<p></p>
And that brings us to the more important point. CSEC and the prime minister's secretary claimed that "no Canadian or foreign travellers were tracked." However, what they did not say was how they were defining the word "tracked."
<p></p>
The documents quite clearly show how the agency used user "IP profiles" to monitor WiFi users' movements over time, with this capability enabling it to generate "alerts" when a person relocates to another country.
<p></p>
The <a href="http://www.thefreedictionary.com/tracking">dictionary definition</a> of "tracking" says that it means "the act or process of following something or someone." CSEC's IP profiling is exactly that — monitoring users' location and keeping tabs on where they are. Indeed, the document says as much, outlining how CSEC uses this tactic to "<i>follow IDs backward and forward in recent time</i>." The documents also mention how CSEC used tools called "Quova" and "Atlas database" — which are technologies used to pinpoint the geolocation of an IP address.
<p></p>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgttJ4nMmUsc-uFzyHfoFInw4zFZXE974XRAp9lioiXRfjqKdBlqzm44VTNSYSGoZA6EgguchJWcoStRmAdRsVvZfp0gldnaPzR7QOIIuioBIlhpwE9Zfut72JXomfpKcfn3JeV_yryPZxJ/s1600/canada4.jpg" imageanchor="1"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgttJ4nMmUsc-uFzyHfoFInw4zFZXE974XRAp9lioiXRfjqKdBlqzm44VTNSYSGoZA6EgguchJWcoStRmAdRsVvZfp0gldnaPzR7QOIIuioBIlhpwE9Zfut72JXomfpKcfn3JeV_yryPZxJ/s1600/canada4.jpg" height="300" width="400" /> </a>
<p></p>
CSEC's denial that it "tracked" Canadians or foreign travellers, I think, hinges upon a narrowly defined interpretation of the word. The US Department of Defence, for instance, uses "tracking" as a specific technical term meaning the "<a href="http://books.google.com/books?id=DQ0odBYeblEC&pg=PT228&lpg=PT228&dq=%22Precise+and+continuous+position-finding+of+targets+by+radar,+optical,+or+other+means%22&source=bl&ots=VZMft0rwdJ&sig=7Zkrrlzpy1u3m39wuWTuBsz1YiU&hl=pt-BR&sa=X&ei=Oi_tUofDMOiayAGN7YCQBg&ved=0CCgQ6AEwAg">precise and continuous position-finding of targets by radar, optical, or other means</a>." CSEC's IP profiling definitely fits the <i>dictionary definition</i> of "tracking" as it is understood by most people — but does it fit the narrower <i>military definition</i>? Perhaps CSEC believes that IP profiling does not constitute "precise and continuous" tracking. But if so, it should be explaining this — as otherwise its denial is highly misleading.
<p></p>
Spy agencies are professionals in the art of deception, and sometimes that seems to be reflected in their public relations strategy. Afterall, we have seen misleading denials issued repeatedly by the National Security Agency and its Five Eyes counterparts about various surveillance revelations in recent months. Again and again, officials have used <a href="http://www.slate.com/articles/news_and_politics/politics/2013/07/nsa_lexicon_how_james_clapper_and_other_u_s_officials_mislead_the_american.html?utm_source=tw&utm_medium=sm&utm_campaign=button_toolbar">narrowly defined words</a> or jargon terms in a carefully crafted way in order to issue non-denial denials in which they appear to refute an allegation but on closer reading do not really refute it at all.
<p></p>
The ultimate point here is that the tactics being used by CSEC and the Canadian government to deflect criticism of their secret surveillance programs merit as much attention as the revelations themselves. That is especially clear when, in response to disclosures about their secret programs, senior government officials launch <a href="http://www2.macleans.ca/2014/01/31/paul-calandra-calls-glenn-greenwald-a-porn-spy/">childish character assassination attempts</a> against the journalists who reported the information. In a democratic society, surely a higher standard is required. It is not enough for governments and spy agencies to spit out a few indignant statements and denials with the expectation that people should just blindly trust that they are telling the truth.
<p></p>
Also, no matter how "tracking" is being defined, what is clear is that CSEC was (and <a href="http://www.cbc.ca/news/politics/csec-snowden-docs-mps-grill-defence-minister-on-spying-revelation-1.2518564">our sources say</a> still is) running a large-scale surveillance operation on domestic soil, seriously calling into question spy chief Forster's previous statements that "our activities" are not directed "at Canadians or anyone in Canada." The CSEC boss is <a href="http://www.straight.com/news/578421/csec-and-canadas-top-spies-scheduled-answer-questions-senate-defence-committee">due to appear</a> before a Senate committee hearing on Monday. Hopefully Canada's lawmakers will take the opportunity to ask some probing questions.
<p></p>
<br />
<b><a href="http://notes.rjgallagher.co.uk/2014/02/canada-wifi-airports-surveillance-denial-csec-snowden.html" name="update"></a><a href="http://notes.rjgallagher.co.uk/2014/02/canada-wifi-airports-surveillance-denial-csec-snowden.html#update">UPDATE</a>, 7 February 2014</b>: Since the story was <a href="http://www.cbc.ca/news/politics/csec-used-airport-wi-fi-to-track-canadian-travellers-edward-snowden-documents-1.2517881">published last week</a>, there have been several developments. There have been <a href="http://www.cbc.ca/news/canada/british-columbia/csec-wi-fi-snooping-experiment-prompts-calls-for-review-1.2520018">more calls</a> for an independent review of CSEC's activities, while spy chief Forster was <a href="http://www.cbc.ca/news/politics/spy-agencies-prime-minister-s-adviser-defend-wi-fi-data-collection-1.2521166">forced to publicly defend</a> the surveillance in Monday's Senate hearing.
<p></p>
There have also been some interesting analyses of the leaked documents worth responding to.
<p></p>
First, the surveillance blog <a href="http://electrospaces.blogspot.com/2014/02/did-csec-really-tracked-canadian.html">Electrospaces</a> claimed that the secret documents seemed to have been "incorrectly interpreted" in our CBC report. The blog published an anonymous analysis from someone who says that CSEC's surveillance project was "was not surveillance of Canadian citizens per se but just a small research project." The second analysis came from Bruce Schneier, <a href="https://www.schneier.com/blog/archives/2014/02/csec_surveillan.html">who claimed that</a> it was "not really true" that CSEC used "airport Wi-Fi information to track travellers."
<p></p>
First of all, it is a mischaracterization to claim that the CSEC project was just a small research project that didn't implicate Canadians "per se." It was part of a pilot initiative that involved sweeping up data on hundreds of thousands of people — many of whom would have been Canadian citizens. Our sources for the story told us that the pliot had since gone live — i.e. that it had gone from being a "proof-of-concept" to an operationally active domestic program. This is about much more than a "small research project."
<p></p>
Second, it is absolutely the case that CSEC tracked travellers' movements based on the Internet activity by using IP and ID data and honing in on a major Canadian airport's WiFi system.
<p></p>
It may be about more than that — and I agree with Schneier when he <a href="https://www.schneier.com/blog/archives/2014/02/csec_surveillan.html">says that</a> it is "actually far more interesting than simply eavesdropping on airport Wi-Fi sessions" because of the wider ramifications of this kind of 'big data' analysis.
<p></p>
But this particular initiative was focused on pulling out a huge trove of user ID and IP data and following users "<i>backward and forward in recent time</i>" to and from a Canadian airport to see if it would be possible to keep tabs movements and trigger alerts based on those movements.
<p></p>
<a href="http://www.cbc.ca/news/politics/csec-used-airport-wi-fi-to-track-canadian-travellers-edward-snowden-documents-1.2517881">What we reported</a> was accurate and remains so: "Canada's electronic spy agency used information from the free internet service at a major Canadian airport to track the wireless devices of thousands of ordinary airline passengers for days after they left the terminal."
<p></p>
Even CSEC chief Forster has since <a href="http://www.cbc.ca/news/politics/spy-agencies-prime-minister-s-adviser-defend-wi-fi-data-collection-1.2521166">come out and admitted</a> that a kind of tracking was going on (though he says it didn't occur in "real time," which is not something we actually claimed):
<p></p>
<blockquote>Forster said the agency used metadata to develop a model that showed they could track an internet user's network activity "around a public access mode," and that the tracking didn't happen in real time.</blockquote>
<p></p>
Some of the more insightful analysis on the CSEC affair has come from Bill Robinson, a Canadian surveillance expert <a href="http://www.thestar.com/opinion/commentary/2013/06/11/big_brother_really_is_watching_and_listening.html">described</a> by the <i>Toronto Star </i>as "Canada's authority on CSEC."
<p></p>
Robinson makes some <a href="http://luxexumbra.blogspot.com.br/2014/02/more-on-wi-fi-spy-guys.html">interesting points</a> on the meaning of "tracking" in this context and CSEC's initial denial that it had tracked people — and I think he could be hitting the nail on the head here:
<p></p>
<blockquote>While normal human beings might conclude that both Canadian and foreign travellers were indeed tracked, CSEC's claim may be that only devices were tracked in the specific tests reported in the document. Since no device was tracked specifically on account of the fact that it belongs to a particular person, and the analysis itself (as far as I know) did not seek to associate particular individuals with particular devices (although it may well have utilized information associated or associatable with specific individuals), CSEC may feel it is justified in stating that no individuals were tracked. The same or similar logic seems to underlie the agency's claim that it can collect metadata related to thousands or even millions of Canadians and persons in Canada for foreign intelligence purposes while at the same time stating that its foreign intelligence operations do not "target" any Canadians or persons in Canada.</blockquote>
<p></p>
In a <a href="http://luxexumbra.blogspot.com.br/2014/02/wi-fi-spy-guys-ii.html">separate blog post</a> after spy chief Forster's testimony before the Canadian Senate committee on Monday, Robinson wrote:
<p></p>
<blockquote>In essence, the government's position is that the metadata project reported by the CBC did take place, that its purpose was to develop targeting and analysis techniques that are in fact now being used operationally by CSEC, and that the collection, analysis, use, and retention of Canadian metadata is a normal part of CSEC's operations, necessary to those operations, and entirely legal. Officials also insist, however, that CSEC does not use the data to target Canadians for foreign intelligence purposes.
</blockquote>
To have CSEC now appearing to admit (under pressure) that it is using metadata to conduct domestic monitoring on a mass scale is revelatory — and that is where the focus should be. As I wrote here previously, how "tracking" is being defined as a word should not be the most central point in the debate. The attention should be on CSEC conducting a large-scale surveillance operation on Canadian soil and misleading Canadian citizens about it in a series of public statements. Robinson asks the right questions in his <a href="http://luxexumbra.blogspot.com/2014/02/more-on-wi-fi-spy-guys.html">earlier blog post</a>:
<p></p>
<blockquote>If real-world operations are now being conducted using the techniques described in the document, or similar kinds of techniques, those operations will indeed involve the tracking of specific individuals who are either known before the tracking began or identified subsequent to their being singled out by analysis of the data.
<p></p>
Will the government state that no Canadian or foreign travellers have ever been tracked (or, if it prefers, detected in a number of different locations over time) in Canada, either by CSEC or by any other Canadian or allied agency, under any mandate, using these or similar metadata-based techniques?
</blockquote>Ryan Gallagherhttp://www.blogger.com/profile/01155476025158426542noreply@blogger.com9tag:blogger.com,1999:blog-7589045875350697137.post-5253711021586566782014-01-11T22:55:00.000+00:002014-01-12T13:56:21.376+00:00The EU Parliamentary Inquiry's Report on Mass SurveillanceAfter about five months of hearings and investigating, the European Parliament's civil liberties committee has published its report on the revelations about mass surveillance leaked by the American former National Security Agency contractor Edward Snowden.
<p>
The comprehensive 52-page report, <a href="http://www.europarl.europa.eu/meetdocs/2009_2014/documents/libe/dv/moraes_1014703_/moraes_1014703_en.pdf">published Wednesday in draft form</a> [pdf], contains a large number of important findings and recommendations — some of which I think it's worth highlighing here.
<p>
The report accuses spy agencies — particularly in the US (NSA) and the UK (GCHQ) — of operating dragnet snooping programs that appear to involve illegal actions. It says that the UK government has on at least two occasions breached the <a href="http://human-rights-convention.org/">European Convention on Human Rights</a> and the <a href="http://www.eucharter.org/">EU Charter</a> in how it has tried to crack down on reporting of the Snowden leaks (examples cited are the <a href="http://www.theguardian.com/world/2013/aug/18/glenn-greenwald-guardian-partner-detained-heathrow">detention</a> of former <i>Guardian</i> journalist Glenn Greenwald's partner and the <a href="http://worldnews.nbcnews.com/_news/2013/08/19/20094967-guardian-editor-uk-authorities-forced-us-to-destroy-computers-holding-snowden-files?lite">destruction</a> of <i>Guardian</i> computers). In addition, the committee calls for the European Parliament to suspend data sharing deals with the US government, and it says new legal protections are necessary for journalists and whistleblowers.
<p>
Crucially, the report does not shy away from attempting to address some of the larger issues — such as the profound and unprecedented existential questions new mass surveillance technologies raise for modern democracies. It calls on US authorities and EU member states to "prohibit blanket mass surveillance activities and bulk processing of personal data," adding:
<p>
<blockquote>[The committee] sees the surveillance programmes as <b>yet another step towards the establishment of a fully fledged preventive state, changing the established paradigm of criminal law in democratic societies</b>, promoting instead a mix of law enforcement and intelligence activities with blurred legal safeguards, often not in line with democratic checks and balances and fundamental rights, especially the presumption of innocence. [Emphasis added.]</blockquote>
<p>
This kind of policing, it warns, is leading to "every citizen being treated as a suspect." For that reason, the report notes that the committee
<p>
<blockquote>condemns in the strongest possible terms the vast, systemic, blanket collection of the personal data of innocent people, often comprising intimate personal information; emphasises that the systems of mass, indiscriminate surveillance by intelligence services constitute a serious interference with the fundamental rights of citizens; stresses that privacy is not a luxury right, but that it is the foundation stone of a free and democratic society; points out, furthermore, that mass surveillance has potentially severe effects on the freedom of press, thought and speech as well as a significant potential for abuse of the information gathered against political adversaries; emphasises that these mass surveillance activities appear also to entail illegal actions by intelligence services and raise questions regarding extraterritoriality of national law.</blockquote>
<p>
UK surveillance laws are singled out for criticism, with the inquiry concluding that the UK's legal framework is in need of an overhaul because it is outdated. But the finger is not pointed solely at the spooks in the UK and the US. The report accuses countries including France, Germany, and Sweden of running their own mass surveillance programs, too. It also rightly blasts the general incompetence of oversight committees — both in Europe and the US — that are supposed to be tasked with holding spy agencies accountable:
<p>
<blockquote>despite the fact that oversight of intelligence services’ activities should be based on both democratic legitimacy (strong legal framework, ex ante authorisation and ex post verification) and an adequate technical capability and expertise, <b>the majority of current EU and US oversight bodies dramatically lack both, in particular the technical capabilities</b>. [Emphasis added.]</blockquote>
<p>
Moreover, it calls on the European Commission — the EU's executive body — to evaluate the possibility of introducing legal liabilities that could be used to punish technology companies for not fixing known vulnerabilities in their software or for installing secret backdoors for spying. It wants the European Parliament to consider only procuring software that is <a href="http://opensource.org/osd">open source</a>, so that the software code can be reviewed to ensure it is secure and free from backdoors inserted for spying. And it also urges European Union member states to initiate investigations into "possible cybercrimes and cyber attacks committed by governments or private actors in the course of the activities under scrutiny."
<p>
"Trust has been profoundly shaken," the report says. "Trust between the two transatlantic partners, trust among EU Member States, trust between citizens and their governments, trust in the respect of the rule of law, and trust in the security of
IT services...in order to rebuild trust in all these dimensions a comprehensive plan is urgently needed."
<p>
It's worth a read if you have the time. The full report is <a href="http://www.europarl.europa.eu/meetdocs/2009_2014/documents/libe/dv/moraes_1014703_/moraes_1014703_en.pdf">here [pdf]</a>.
Ryan Gallagherhttp://www.blogger.com/profile/01155476025158426542noreply@blogger.com0tag:blogger.com,1999:blog-7589045875350697137.post-11929644197277610862013-12-12T01:21:00.000+00:002015-10-31T11:26:37.490+00:00GCHQ's Dubious Role in The 'Quantum' Hacking Spy TacticI've not posted here for a while, but I've got a good excuse. For the last month or so I've been out in Brazil working on a series of stories with the American journalist and former <i>Guardian</i> columnist Glenn Greenwald. We've been reporting a series of revelations about government surveillance based on the trove of files leaked by former NSA contractor Edward Snowden.<br />
<br />
I've had some time to take a breather tonight and I want to draw attention to something important in one of the latest stories we worked on with a team of excellent Swedish journalists from <i>Uppdrag Granskning</i> — an investigative unit that operates as part of Sweden's national public broadcaster SVT.<br />
<br />
We worked on <a href="http://www.svt.se/ug/read-all-articles-in-english">several stories</a> with <i>Uppdrag Granskning</i> in the lead up to <a href="http://www.svt.se/ug/view-the-report-about-the-snowden-documents-and-sweden-with-english-subtitles">an hour-long documentary</a>, aired Wednesday, about Sweden's major role in the global surveillance nexus that is led by the United States, the United Kingdom, and the other members of the so-called Five Eyes group — Australia, Canada, and New Zealand.<br />
<br />
As we reported, the documents reveal how Sweden has become a key partner for the US and the UK, and top-secret agreements have been made in the last decade that bolster Sweden's spying role like never before.<br />
<br />
But aside from these crucial details, which are hugely important for Swedish citizens to be informed about, I'd like to highlight here one smaller piece of information that we reported that I think is highly notable.<br />
<br />
Earlier this year, it was <a href="http://www.spiegel.de/international/europe/british-spy-agency-gchq-hacked-belgian-telecoms-firm-a-923406.html">disclosed</a> that UK spy agency GCHQ was involved in hacking into the Belgian telecom company Belgacom's computer systems in order to covertly gather intelligence on unknown targets. But what is interesting is that, despite being involved in using these hacking methods, GCHQ has been worrying behind the scenes about their legality.<br />
<br />
<a href="https://www.documentcloud.org/documents/894386-legal-issues-uk-regarding-sweden-and-quantum.html">One of the Snowden documents</a> we revealed on the <i>Uppdrag Granskning</i> documentary — dated circa April 2013 — shows the NSA describing a so-called 'Quantum' hacking initative that GCHQ was involved in at a "proof-of-concept" level. However, the document notes:
<br />
<blockquote>
Continued GCHQ involvement <i>may be in jeopardy due to British legal/policy restrictions</i>, and in fact NSA’s goal all along has been to transition this effort to a bilat with the Swedish partner. [Emphasis added.]</blockquote>
This struck me because, <a href="http://www.slate.com/articles/technology/future_tense/2012/08/how_governments_and_telecom_companies_work_together_on_surveillance_laws_.2.html">last year</a>, I uncovered a <a href="http://www.scribd.com/doc/100875514/3GPP-Estonia-2010">document</a> showing something similar. In obscure technical standards meetings with telecom companies about implementing new surveillance capabilities, GCHQ representatives from a little-known unit of the agency called the National Techical Assistance Centre were voicing the same concerns about hacking techniques.<br />
<br />
At meetings held between 2010 and 2011 in Estonia and Italy, at which a GCHQ representative was present, the UK was said to be anxious about the legality of performing a so-called '<a href="http://www.computerhope.com/jargon/m/mitma.htm">man-in-the-middle</a>' attack to covertly hack and eavesdrop on communications:
<br />
<blockquote>
An additional concern in the UK is that performing an active attack, such as the Man-in-the-Middle attack proposed in the Lawful Interception solution...may be illegal. The UK <a href="http://www.legislation.gov.uk/ukpga/1990/18/contents">Computer Misuse Act 1990</a> provides legislative protection against unauthorised access to and modification of computer material. The act makes specific provisions for law enforcement agencies to access computer material under powers of inspection, search or seizure. However, the act makes no such provision for modification of computer material. A Man-in-the-Middle attack causes modification to computer data and will impact the reliability of the data.</blockquote>
This could not be clearer. The UK's position was that it might be unlawful for authorities to hack a computer in order to monitor communications and/or exfiltrate data. That was the position in 2010/11, and I think the same concern is what is being referenced in the 2013 NSA document when UK "legal/policy restrictions" are mentioned.<br />
<br />
Yet despite this concern — and this is perhaps the most important point — GCHQ has marched ahead with its participation in clandestine surveillance operations that involve hacking. The Belgacom case is a specific example, but the NSA documents on Sweden illustrate that Belgacom was not an isolated case. GCHQ was (and likely continues to be) involved in a program called WINTERLIGHT that explicitly involves trying to infect hundreds of targeted computers with so-called 'implants' of malware. GCHQ even operates a covert computer server that it uses to help infect targets with the malware, likely by masquerading as legitimate websites such as LinkedIn, as <a href="http://www.spiegel.de/international/world/ghcq-targets-engineers-with-fake-linkedin-pages-a-932821.html">previous reports have suggested</a>. These covert servers are mentioned in <a href="https://www.documentcloud.org/documents/894387-se-xkeyscore-ingvar-akesson-dirnsa-meeting-2013.html">one of the NSA documents</a> on Sweden, dated April 2013, revealed by <i>Uppdrag Granskning</i>:
<br />
<blockquote>
Last month, we received a message from our Swedish partner that GCHQ received FRA [Swedish spy agency] QUANTUM tips that led to 100 shots, five of which were successfully redirected to the GCHQ server.</blockquote>
So, the question here is: how can this be legal? If GCHQ was previously concerned that performing active hacking attacks may be unlawful under the UK's Computer Misuse Act, then how has that situation been resolved? Has the agency been granted immunity to perform these operations? If so, who granted the immunity? Alternatively, has the UK government, with zero public debate and under cover of total secrecy, produced a classified interpretation of the law aimed at justifying and rendering lawful the use of this clandestine hacking technique?<br />
<br />
Another very intriguing theory I have considered is that GCHQ lets one of the other agencies do the "dirty work" — the part of the hack that would illegal under UK law. The NSA may deploy the malware, for instance, while GCHQ plays a lesser role by merely facilitating the attack by hosting the server — but still reaping the benefits (i.e. it gets access to the intercepted data). Having spent countless hours now looking at the Snowden documents, it certainly appears to me that this is something that occurs — that the spy agencies circumvent their domestic laws by allowing partner agencies to do things that they could not do themselves.<br />
<br />
Either way, GCHQ's clear and undeniable role in Quantum hacking attacks raises hugely significant legal questions and it is remarkable to me — but perhaps not totally surprising — that the blundering British parlimentarians who are supposed to hold the agency to account have thus far failed to raise any of these key issues.Ryan Gallagherhttp://www.blogger.com/profile/01155476025158426542noreply@blogger.com14tag:blogger.com,1999:blog-7589045875350697137.post-27373847184524505972013-11-07T01:37:00.000+00:002014-03-26T20:17:51.519+00:00The Torture & Rendition Report the UK Government Hasn't PublishedLast year, the UK government was presented with a preliminary report about an inquiry into British security services' alleged role in the extraordinary rendition and torture of terror suspects. The government said at the time that it would make the report public — but it has never surfaced.
<p></p>
The report was produced as part of the so-called '<a href="http://www.detaineeinquiry.org.uk/about/">Detainee Inquiry</a>', set up by prime minister David Cameron in 2010 to investigate allegations of British security agencies' involvement in the mistreatment of individuals accused of terror offences. Spy agency MI6, for instance, has been blamed for <a href="http://notes.rjgallagher.co.uk/2013/03/rendition-jack-straw-torture-belhaj-mi6-libya.html">helping to facilitate</a> the abduction and subsequent alleged torture of a Libyan Islamist and his pregnant wife, who were covertly 'rendered' from Bangkok and reportedly taken to a Libyan prison run by the Gaddafi regime in 2004.
<p></p>
Headed by retired judge Sir Peter Gibson, the Detainee Inquiry was supposed to look into these allegations and others. It was <a href="http://www.bbc.co.uk/news/world-16614514">scrapped in 2012</a> amid controversy because the government said that it clashed with ongoing police investigations into some of the same cases. But a preliminary report <i>was</i> produced by the inquiry and sent to the prime minister on 27 June 2012. At the time, the government <a href="http://www.parliament.uk/documents/commons-vote-office/July_2012/17-07-12/21-Justice-Detainee-Inquiry.pdf">issued a statement</a> saying that the report focused on "preparatory work to date, highlighting particular themes or issues which might be the subject of further examination." Justice Secretary Ken Clarke said that the government was committed to publishing "as much of this interim report as possible."
<p></p>
Almost 18 months on, however, where is the preliminary report? That is exactly what I have been trying to find out. And the UK government is not returning my emails.
<p></p>
In September, I sent a Freedom of Information Act request seeking a copy of the report to the government's Cabinet Office. Under the FOIA, the government has 20 working days to issue a response. 31 working days have now passed and I have sent three separate emails related to the request. I have received nothing in response — not even an acknowledgement informing me that my request has been received. This means that the government is violating its legal obligations, according to an official I consulted at the <a href="http://www.ico.org.uk">Information Commissioner's Office</a>, the public body that enforces access to information legislation in the UK.
<p></p>
I submit quite a lot of FOI requests, and I can't think of another occasion when a government department has flat-out ignored a request in this way. It is very unusual. Normally, the procedure is that you will receive an acknowledgement within a few days. And a couple of weeks later the respective department will either send you the information or refuse to release it, usually citing some flimsy national security secrecy exemption.
<p></p>
Notably, the chap who runs the website <a href="http://spyblog.org.uk">Spy Blog</a> has also previously attempted to obtain a copy of the preliminary report. His efforts have so far been stonewalled. But unlike me, Spy Blog has at least been privileged enough to <a href="http://spyblog.org.uk/mt436/mt-search.cgi?IncludeBlogs=1&tag=Detainee%20Inquiry&limit=20">receive responses</a> from the Cabinet Office, most recently in July. The Cabinet refused to disclose the report to the website, claiming that officials were busy "clearing the report for publication" and adding that they expected that it could be published "in the autumn, although no date has been set."
<p></p>
It is not clear why the Cabinet Office has needed almost a year and a half to "clear" a report for public consumption. At best, it looks to me like a case of incompetence and bureaucratic inefficiency; at worst, it is a red herring being deployed to delay the release of controversial information for political convenience. Either way, the delay suggests that there could be some interesting details contained in the report. And the government is running out of excuses to postpone publication. Indeed, under section 22 of the Freedom of Information Act, the government can decline to disclose information requested if it is already intended for future release. However, Ministry of Justice <a href="http://www.justice.gov.uk/ downloads/information-access-rights/foi/foi-exemption-s22.pdf">guidance</a> on the Section 22 exemption explicitly states that:
<p></p>
<blockquote>These qualifications recognise that sometimes there will be an overriding public interest in the information
being released prior to the intended publication date. Public authorities should not be able to avoid putting
information in the public domain by adopting unreasonable publication timetables or an 'intention' to publish
where there is little prospect of that happening within a reasonable timescale.
</blockquote>
<p></p>
Given the seriousness of the allegations about UK security agencies' role in facilitating extraordinary rendition and torture, there is evidently a very strong public interest case for this preliminary report to be immediately released under the Freedom of Information Act. That is especially true given the inexplicably lengthy delay that we have already had to endure.
<p></p>
It's worth also pointing out that despite the sort of behaviour detailed above, the government continues to audaciously insist it is committed to transparency. Just last week the Cabinet Office was <a href="https://www.gov.uk/government/news/uk-uses-open-government-partnership-summit-to-make-transparency-a-reality-for-citizens">proclaiming</a> "wide-ranging new commitments to bring more of the benefits of transparency into people’s everyday lives." Cabinet minister Francis Maude was quoted as saying that "transparency is an idea whose time has come."
<p></p>
Unfortunately, the section of Maude's own department responsible for implementing transparency does not appear to have received the memo — and is currently flouting the Freedom of Information Act in a case involving the withholding of important information that the public clearly has a right to know.
<p></p>
I have lodged a formal complaint about the Cabinet Office's conduct with the Information Commissioner's Office — so watch this space.
<p></p>
<b><a href="http://notes.rjgallagher.co.uk/2013/11/detainee-inquiry-preliminary-report-uk-rendition-torture-mi6-mi5.html" name="update"></a><a href="http://notes.rjgallagher.co.uk/2013/11/detainee-inquiry-preliminary-report-uk-rendition-torture-mi6-mi5.html#update">UPDATE</a>, 4 December 2013</b>: Late last month, the Information Commissioner's Office replied to the complaint I filed about the UK government's non-response to my request that it release the rendition/torture report. An official from the ICO said he had contacted the government's Cabinet Office to confirm that my request had been received and to give the government a 10-day deadline to contact me. The ICO reminded the government of its obligations under the Freedom of Information Act and noted that it "may consider taking enforcement action" should similar complaints arise (read the ICO's correspondence <a href="http://www.scribd.com/doc/188445158">here</a>).
<p></p>
However, despite this light reprimand from the ICO, incredibly I've still received no response from the government about the rendition report. The 10-day deadline expired yesterday and I've heard nothing — I've not yet so much as received an acknowlegement that my initial request is being dealt with, even though it was submitted more than two months ago (the government is supposed to respond within 20 working days; it's now been more than 50). This means that the Cabinet Office, which <a href="https://www.gov.uk/government/news/uk-uses-open-government-partnership-summit-to-make-transparency-a-reality-for-citizens">likes to tout</a> its transparency credentials, is not only actively flouting its obligations under the Freedom of Information Act — it has also now failed to act on a formal request made by the authority that enforces the FOIA law, the ICO. Before the end of the week, I'll be following up my complaint with the ICO in the hope that more serious action can be taken. Of course, I'll post further updates here with any new developments in this strange case as and when they arise.
<p></p>
<b><a href="http://notes.rjgallagher.co.uk/2013/11/detainee-inquiry-preliminary-report-uk-rendition-torture-mi6-mi5.html" name="update2"></a><a href="http://notes.rjgallagher.co.uk/2013/11/detainee-inquiry-preliminary-report-uk-rendition-torture-mi6-mi5.html#update2">UPDATE</a>, 29 December 2013</b>: The government has released the Detainee Report today; <a href="http://www.theguardian.com/uk-news/2013/dec/19/gibson-report-mi6-detainees-torture-cooperated">the <i>Guardian</i> reports</a> that it reveals how "MI6 officers were under no obligation to report breaches of the Geneva conventions and turned a 'blind eye' to the torture of detainees in foreign jails, according to the report into Britain's involvement in the rendition of terror suspects." I am still pursuing my complaint against the Cabinet Office for its handling of my FOIA request.
<p></p>
<b><a href="http://notes.rjgallagher.co.uk/2013/11/detainee-inquiry-preliminary-report-uk-rendition-torture-mi6-mi5.html" name="update3"></a><a href="http://notes.rjgallagher.co.uk/2013/11/detainee-inquiry-preliminary-report-uk-rendition-torture-mi6-mi5.html#update3">UPDATE</a>, 26 March 2014</b>: In response to my complaint, the Information Commissioner's Office issued a "decision notice" stating that the Cabinet Office breached section 10 of the Freedom of Information Act in ignoring my request. More details <a href="http://notes.rjgallagher.co.uk/2014/03/detainee-inquiry-foia-cabinet-office-flouting-law.html">here</a>.Ryan Gallagherhttp://www.blogger.com/profile/01155476025158426542noreply@blogger.com0tag:blogger.com,1999:blog-7589045875350697137.post-24146881132643721662013-07-23T23:30:00.000+01:002013-07-24T02:20:59.215+01:00The Chenagai Madrassa IncidentOn 30 October 2006, an Islamic school in Pakistan was targeted in a missile strike that killed up to 81 people, most of whom were <a href="http://www.thenews.com.pk/TodaysPrintDetail.aspx?ID=4043&Cat=13&dt=11/5/2006">reportedly</a> children, some as young as seven.
<p></p>
At the time of the strike, which took place in the town of Chenagai in the tribal area of Bajaur, Pakistan's military <a href="http://news.bbc.co.uk/1/hi/world/south_asia/6097636.stm">claimed responsibility</a>, saying it had targeted the school — known as a madrassa — because it was being used as a terrorist training facility. However, an anonymous former Pakistan official, described as an ex-"key aide" to then-President Pervez Musharraf, <a href="http://www.timesonline.co.uk/tol/news/world/article650044.ece">later reportedly claimed</a> that the attack had been carried out by a US drone, according to the <i>Sunday Times</i>. The US <a href="https://www.nytimes.com/2006/10/30/world/asia/30iht-pakistan.3335330.html?_r=0">denied any role</a>, saying it was "completely done by the Pakistani military."
<p></p>
Now, <a href="http://www.thebureauinvestigates.com/2013/07/22/exclusive-leaked-pakistani-report-confirms-high-civilian-death-toll-in-cia-drone-strikes/">a newly published report</a> has raised fresh questions about exactly who was behind this horrific incident. A <a href="http://www.thebureauinvestigates.com/2013/07/22/get-the-data-the-pakistan-governments-secret-document/">leaked Pakistan government document</a>, published by London's <i>Bureau of Investigative Journalism</i> on Monday, lists the Bajaur case among a series of US Predator drone strikes and NATO-backed attacks in Pakistan between 2006 and 2009. The <i>Bureau</i> says that the document shows the attack was the result of "a single drone strike," though the document does not specify whether a drone or other aircraft was involved.
<p></p>
So who carried out this controversial attack?
<p></p>
At the time of the strike, Pakistan's army spokesman <a href="https://www.nytimes.com/2006/10/30/world/asia/30iht-pakistan.3335330.html?_r=0">said</a> that it had been carried out by Pakistan military helicopter gunships that fired four or five missiles into the madrassa. One local villager <a href="http://news.bbc.co.uk/1/hi/world/south_asia/6097636.stm">told the BBC</a> he had "heard helicopters flying in and then heard bombs." An NBC news correspondent, who was <a href="http://www.nbcnews.com/id/15486181/ns/world_news-south_and_central_asia/t/nbc-on-scene-blasted-pakistan-madrassa/">reportedly</a> about a mile away from the madrassa at the time of the incident, said that it "was dark and very early in the morning when the blast occurred. And then I heard helicopters over the village of Chenagai where the madrassa school is located."
<p></p>
Analysts speculated that Pakistan's military may have not had the skills required to conduct the helicopter strike, because it was apparently conducted at 5am while it was still dark and had the hallmarks of an elite operation. Hours after the attack, Bill Roggio at the <a href="http://www.longwarjournal.org/archives/2006/10/a_closer_look_at_the.php"><i>Long War Journal</i></a> suggested that a US special operations team may have been behind it. "Look for signs of Task Force 145 having carried out this raid," Roggio wrote, "with unmanned Predators firing Hellfire missiles, and possibly C-130 and helicopters following up."
<p></p>
Others had an alternative theory. On October 31, 2006, Syed Saleem Shahzad at the <a href="http://www.atimes.com/atimes/South_Asia/HJ31Df03.html"><i>Asia Times</i></a> wrote:
<p></p>
<blockquote>Recently, Islamabad agreed with NATO that it could conduct operations in Pakistan from across the border in Afghanistan... Significantly, Pakistan and Taliban authorities struck a peace deal in Bajour only two days ago and were scheduled to sign a document to that effect on Monday. This lends credence to the possibility that it was NATO and not Pakistani forces that made the raid.</blockquote>
<p></p>
Among those who died in the attack was the leader of the madrassa, a <a href="http://news.bbc.co.uk/1/hi/world/south_asia/6097636.stm">reportedly</a> pro-Taliban radical cleric named Maulana Liaqat. Pakistan officials also <a href="http://articles.timesofindia.indiatimes.com/2006-11-01/pakistan/27826755_1_zawahiri-suicide-bombers-al-qaida">claimed</a> that Ayman al-Zawahiri — who was then Osama bin Laden's deputy — had used the madrassa to train suicide bombers. That would certainly have given both US and NATO forces a motive to want to target the building. And Pakistan has <a href="http://edition.cnn.com/2013/04/11/world/asia/pakistan-musharraf-drones">covered up</a> for US drone strikes in the past.
<p></p>
But still, there is still no <i>concrete</i> information that has been presented confirming beyond doubt that a US drone or any other US or NATO military aircraft was involved.
<p></p>
Indeed, secret US diplomatic cables published by WikiLeaks in 2010, four years after the strike, did not hint at any US or NATO role. US officials writing in classified cables dated from 2006 described the incident alternately as a "<a href="http://cablegatesearch.net/cable.php?id=06ISLAMABAD22046">Pakistan military strike against a madrassa/militant training camp</a>" and a "<a href="http://cablegatesearch.net/cable.php?id=06ISLAMABAD22024">Pak-Mil attack on an extremist madrassa</a>."
<p></p>
Even with the <i>Bureau of Investigative Journalism</i>'s publication of the leaked Pakistani document attributing the attack to NATO forces or a US drone, in my view, the facts remain murky and contentious. And that is perhaps one of the most shocking elements of this story — that seven years on there is still such a lack of clarity about the circumstances of this grave incident, involving the reported deaths of dozens of innocent children.
<p></p>
Without an answer to such a simple question — who pulled the trigger? — there can be no accountability, no closure, no recourse for justice for the families of those who lost a child on that day in Chenagai. It is an incident that seems to symbolise the bloody, faceless brutality of the ruthless covert warfare that has become a staple feature of the so-called War on Terror over the past decade, especially in the tribal regions of Pakistan. But just because there may be dangerous, high-level terror targets operating in these places, military forces, wherever they are from, should not get a pass to kill and maim with impunity. For that reason alone, the madrassa strike surely requires serious further scrutiny — perhaps from UN special rapporteur Ben Emmerson, who is currently <a href="http://www.thebureauinvestigates.com/2013/01/24/un-launches-major-investigation-into-civilian-drone-deaths/">investigating</a> the issue of civilian drone deaths. Ryan Gallagherhttp://www.blogger.com/profile/01155476025158426542noreply@blogger.com0tag:blogger.com,1999:blog-7589045875350697137.post-62401808652060276382013-07-20T00:30:00.000+01:002013-07-21T02:43:18.653+01:00How UK Surveillance is on the RiseEarlier this week, the UK's official communications interception commissioner <a href="http://www.iocco-uk.info/docs/2012%20Annual%20Report%20of%20the%20Interception%20of%20Communications%20Commissioner%20WEB.pdf">published his annual report</a>. The commissioner releases statistics every year that offer an insight into the levels of surveillance being conducted by UK authorities, including police, security and intelligence agencies.
<p></p>
The latest report provides more evidence that the trend in recent years has been towards a general increase in surveillance of communications. In 2012, the report shows, there were a record 570,135 authorisations for police and other agencies to obtain so-called "communications data." This can include subscriber information about suspects' phone and email accounts, as well as call and email records showing who a suspect is phoning/emailing and when. It does not include the actual content of the communication.
<p></p>
Notably, the 570,135 figure is a 15 percent increase on the figure for 2011 and amounts to about an average 1,562 communications data authorisations every day. In addition, the commissioner noted in his report that "979 communications data errors" were made by authorities in cases involving the wrongful collection of data from innocent individuals. The botched surveillance had serious ramifications, with six members of the public "wrongly detained / accused of crimes" as a consequence.
<p></p>
Here's a quick graph I've knocked up showing how, with the exception of a unusual drop in authorisations in 2011, UK authorities have been increasingly obtaining communications data as part of investigations in recent years:
<p></p>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiV1c2AI75JRIHOYGkqF6r2W5kFopENsjvwxpMeA_1B_keMnJKA3GvYQPWLuyuvvGg8pQWaKFoPP9ZUJxZHuw5k5CdKVdOaCX1e-3G0hp0HgQFkdlZzvnE0Y9egXPgyqTQcdOIx9wGGzxsE/s1600/comms+data+2.png" imageanchor="1" ><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiV1c2AI75JRIHOYGkqF6r2W5kFopENsjvwxpMeA_1B_keMnJKA3GvYQPWLuyuvvGg8pQWaKFoPP9ZUJxZHuw5k5CdKVdOaCX1e-3G0hp0HgQFkdlZzvnE0Y9egXPgyqTQcdOIx9wGGzxsE/s400/comms+data+2.png" /></a>
<p></p>
The same trend is reflected in the latest statistics on the interception of communications. Interception is when the authorities obtain a warrant, signed off by the secretary of state, enabling them to secretly eavesdrop on phone calls or read emails and texts. There were 3,372 interception warrants authorised in 2012, which represents a 16 percent increase on the figure for 2011. It is crucial to note that a single interception warrant can encompass large groups of individuals. It is not known exactly how many people were swept up in the 3,372 warrants because these figures are, unfortunately, not published.
<p></p>
Here's a graph that illustrates the steady increase in interceptions since 2008:
<p></p>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivb5j2RvHSEN06UnHPMAPymq0Z4LcuSoOKPQ-y4fgum_lNGALgV1E_v_6zB78bQM3y3-t8_hvv-XTDwnapEQiU0lEUHzAAMikc5q-shrDpxwW5j-Hha-8Riq9lmXuNo9Enp_-MSqMrMrp2/s1600/intercept.png" imageanchor="1" ><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivb5j2RvHSEN06UnHPMAPymq0Z4LcuSoOKPQ-y4fgum_lNGALgV1E_v_6zB78bQM3y3-t8_hvv-XTDwnapEQiU0lEUHzAAMikc5q-shrDpxwW5j-Hha-8Riq9lmXuNo9Enp_-MSqMrMrp2/s400/intercept.png" /></a>
<p></p>
While surveillance is on the rise, as the above graphs show, the UK government has been <a href="http://www.guardian.co.uk/technology/2012/jun/14/snoopers-charte-proposal-tory-row">arguing</a> that it does not have enough digital spying capabilities and needs more surveillance powers.
<p></p>
The government's case may have recently been damaged, however, by leaked secret documents, published by the <i><a href="http://www.guardian.co.uk/uk/2013/jun/21/gchq-cables-secret-world-communications-nsa">Guardian</a></i> in June, that revealed how UK spy agency GCHQ was tapping into internet cables and reportedly monitoring some 600 million "telephone events" every day. The exposed extent of GCHQ's spying offered a rare and startling insight into the sweeping scope of surveillance already being conducted by the UK government, and seemed to affirm what the UN's special rapporteur on free expression, Frank La Rue, warned about in an <a href="http://www.ohchr.org/Documents/HRBodies/HRCouncil/RegularSession/Session23/A.HRC.23.40_EN.pdf">unprecedented report</a> published just weeks before the leaks.
<p></p>
"Technological advancements," La Rue wrote, "mean that the state’s effectiveness in conducting surveillance is no longer limited by scale or duration."
Ryan Gallagherhttp://www.blogger.com/profile/01155476025158426542noreply@blogger.com0tag:blogger.com,1999:blog-7589045875350697137.post-6636807948076165642013-07-12T14:46:00.000+01:002013-07-13T18:19:54.996+01:00Rights Groups on SnowdenEdward Snowden is the NSA whistleblower whose document leaks have in recent weeks cracked open the US and UK governments' secret surveillance programs to an unprecedented level of public scrutiny. The former Hawaii-based NSA contractor, 30, is currently holed up in Sheremetyevo airport in Moscow, Russia, as he attempts to seek asylum in a number of countries — fearing persecution if he returns to the United States.
<p></p>
But Snowden's options are limited. The US government has <a href="http://www.reuters.com/article/2013/06/23/us-usa-security-passport-idUSBRE95M0CW20130623">revoked his passport</a> while exerting <a href="http://www.nytimes.com/2013/07/12/world/americas/us-is-pressing-latin-americans-to-reject-snowden.html?pagewanted=all&_r=0">extraordinary pressure</a> on countries across the world in order to prevent the whistleblower from gaining asylum. This has raised questions about the US government's commitment to international law and has led a number of human rights groups to weigh in with criticism of US officials' actions. Today, Snowden is said to have <a href="http://www.bbc.co.uk/news/world-europe-23283684">set up a meeting</a> with groups including Amnesty International in order to discuss his next steps.
<p></p>
Below, I've compiled a quick list for my own reference of the various rights groups that have issued a statement on the Snowden case so far. There may be others that I've missed. If so, add a comment at the bottom or send me a link <a href="https://twitter.com/rj_gallagher">via Twitter</a> and I'll update this post.
<p></p>
<b>American Civil Liberties Union</b>
<p></p>
"In addition to infringing on Mr. Snowden's right to asylum, [the US government's] actions also create the risk of providing cover for other countries to crack down on whistleblowers and deny asylum to individuals who have exposed illegal activity or human rights violations." (<a href="http://www.aclu.org/blog/human-rights-national-security/us-actions-snowden-case-threaten-right-seek-asylum">Statement</a>, 11 July.)
<p></p>
<b>Amnesty International</b>
<p></p>
"The US authorities’ relentless campaign to hunt down and block whistleblower Edward Snowden’s attempts to seek asylum is deplorable and amounts to a gross violation of his human rights." (<a href="http://www.amnesty.org/en/news/usa-must-not-persecute-whistleblower-edward-snowden-2013-07-02">Statement</a>, 2 July.)
<p></p>
<b>Article 19</b>
<p></p>
“The manhunt for Edward Snowden must be stopped. More energy is being spent on arresting one whistleblower that exposed human rights violations than has been spent on finding and arresting perpetrators of war crimes or crimes against humanity." (<a href="http://www.article19.org/resources.php/resource/37147/en/manhunt-for-snowden-must-be-stopped">Statement</a>, 5 July.)
<p></p>
<b>Government Accountability Project</b> (US)
<p></p>
"Snowden disclosed information about a secret program that he reasonably believed to be illegal. Consequently, he meets the legal definition of a whistleblower, despite statements to the contrary made by numerous government officials and security pundits." (<a href="http://www.whistleblower.org/blog/44-2013/2760-gap-statement-on-edward-snowden-a-nsa-domestic-surveillance">Statement</a>, 14 June.)
<p></p>
<b>
Human Rights Watch</b>
<p></p>
"[The US government] should not apply a double standard by working against other governments that might extend asylum in this case." (<a href="http://www.hrw.org/news/2013/07/03/countries-should-consider-snowden-s-asylum-claim-fairly">Statement</a>, 3 July.)
<p></p>
“Edward Snowden has a serious asylum claim that should be considered fairly by Russia or any other country where he may apply. He should be allowed at least to make that claim and have it heard... Washington’s actions appear to be aimed at preventing Snowden from gaining an opportunity to claim refuge, in violation of his right to seek asylum under international law.” (<a href="http://www.hrw.org/news/2013/07/12/russia-others-should-treat-snowden-s-asylum-claim-fairly">Statement</a>, 12 July.)
<p></p>
<b>Index on Censorship</b>
<p></p>
"The mass surveillance of citizens’ private communications is unacceptable – it both invades privacy and threatens freedom of expression. The US government cannot use the excuse of national security to justify either surveillance on this scale or the extradition of Snowden for revealing it." (<a href="http://www.indexoncensorship.org/2013/06/us-needs-to-protect-whistleblowers-and-journalists/">Statement</a>, 24 June.)
<p></p>
<b>Norwegian PEN</b>
<p></p>
"The threat of criminal prosecution against whistleblower Edward Snowden on the charge of espionage is an allegation against an individual who has used his right to free speech in order to uncover serious abuse, not worthy of a country that abides by the rule of law. By going out with this information, Edward Snowden has questioned the democratic openness of US counter-terrorism strategy. The practice uncovered in the United States is in clear conflict with the principles of a democratic constitutional state." (<a href="http://www.norskpen.no/English/EnglishDetails/tabid/515/ArticleID/1502/Norwegian-PEN-ask-minister-of-justice-to-reconsider-Snowdens-application-for-asylum.aspx">Statement</a>, 3 July.)
<p></p>
<b>Reporters Without Borders</b>
<p></p>
"Now that Edward Snowden, the young American who revealed the global monitoring system known as Prism, has requested asylum from 20 countries, the EU nations should extend a welcome, under whatever law or status seems most appropriate... [European Union] countries owe Snowden a debt of gratitude for his revelations, which were clearly in the public interest... American leaders should realize the glaring contradiction between their soaring odes to freedom and the realities of official actions, which damage the image of their country." (<a href="http://en.rsf.org/why-european-nations-must-protect-03-07-2013,44886.html">Statement</a>, 3 July.)
Ryan Gallagherhttp://www.blogger.com/profile/01155476025158426542noreply@blogger.com2tag:blogger.com,1999:blog-7589045875350697137.post-16153123484019054012013-06-18T00:23:00.000+01:002013-09-11T01:31:28.870+01:00Prism D NoticeFollowing <a href="www.guardian.co.uk/world/2013/jun/06/us-tech-giants-nsa-data">disclosures</a> by the <i>Guardian</i> earlier this month about a US National Security Agency internet surveillance program called Prism, it has emerged that UK government officials issued a so-called "D notice" in a bid to censor coverage of spy tactics.
<p></p>
The D notice following the NSA leaks was <a href="http://www.guardian.co.uk/world/2013/jun/17/defence-d-bbc-media-censor-surveillance-security">reportedly</a> issued to news organisations including the BBC on 7 June, the day after the Prism story broke. Prism is a system used by the NSA to monitor emails, file transfers, photos, videos, chats, and other data. Intelligence gleaned from the system has been <a href="http://www.bbc.co.uk/news/uk-politics-22824379">passed to GCHQ</a>, the UK's version of the NSA.
<p></p>
The notice to the media organisations was marked "Private and Confidential: Not for publication, broadcast or use on social media," according to Jeff Stein at <a href="http://www.andmagazine.com/content/phoenix/13003.html"><i>And Magazine</i></a>. It added:
<p></p>
<blockquote>There have been a number of articles recently in connection with some of the ways in which the UK Intelligence Services obtain information from foreign sources.
<p></p>
Although none of these recent articles has contravened any of the guidelines contained within the Defence Advisory Notice System, the intelligence services are concerned that further developments of this same theme may begin to jeopardize both national security and possibly UK personnel.</blockquote>
<p></p>
It particularly warned against reporting on:
<p></p>
<blockquote>specific covert operations, sources and methods of the security services, SIS and GCHQ, Defence Intelligence Units, Special Forces and those involved with them, the application of those methods, including the interception of communications and their targets; the same applies to those engaged on counter-terrorist operations.</blockquote>
<p></p>
The D-notice system was first set up in 1912 and operates in accordance with a <a href="http://www.dnotice.org.uk/danotices/index.htm">voluntary code</a> — providing "advice and guidance to the media about defence and counter-terrorist information the publication of which would be damaging to national security." In 2010, for instance, a D notice was <a href="http://www.indexoncensorship.org/2010/11/us-uk-wikileaks-d-notice-leak/">reportedly</a> issued prior to WikiLeaks' release of thousands of US government diplomatic cables. A D notice has no formal legal authority, but defying it can make journalists vulnerable to prosecution under the UK's Official Secrets Act. Ryan Gallagherhttp://www.blogger.com/profile/01155476025158426542noreply@blogger.com0tag:blogger.com,1999:blog-7589045875350697137.post-18059792733884549312013-06-17T23:32:00.000+01:002013-06-18T01:50:40.608+01:00Snowden's FateOn <i>Democracy Now</i> today there was an insightful <a href="http://www.democracynow.org/2013/6/17/as_world_awaits_us_reaction_to">interview</a> with Hong Kong legislator Charles Mok on the potential next steps for US National Security Agency whistleblower Edward Snowden.
<p></p>
Snowden is currently believed to be in Hong Kong after passing a batch of NSA documents revealing top-secret surveillance programs to the <a href="http://www.guardian.co.uk/world/2013/jun/06/us-tech-giants-nsa-data"><i>Guardian</i></a>, the <a href="http://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internet-companies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html"><i>Washington Post</i></a>, and the <a href="http://www.scmp.com/news/hong-kong/article/1259508/edward-snowden-us-government-has-been-hacking-hong-kong-and-china"><i>South China Morning Post</i></a>. US authorities have <a href="http://uk.reuters.com/article/2013/06/17/uk-usa-security-idUKBRE95G0ST20130617">initiated</a> a criminal investigation over the leaks and will probably pursue Snowden's extradition in the weeks and months ahead.
<p></p>
Mok talks about what that process could entail, and says that though Hong Kong enjoys independence from mainland China on many issues, the international magnitude of the Snowden case means the final decision that will determine his fate is ultimately likely to be made by central government in Beijing:
<p></p>
<blockquote><p></p>
Please understand that at least we have a one-country, two-system system in Hong Kong and between Hong Kong and the mainland. So our laws are different from the laws in China. And we do have a border and so on. We do have different governments, even though as a regional government, we do report to the central government.
<p></p>
So I think what we want locally is to make sure that we can protect [Snowden] and make sure that we can live up to our core values and make sure that we treat this person according to all the rights that he should be getting under Hong Kong law. And... exactly what I don’t want to see, is that this sort of political influence to be interfering into the justice process, the judicial process that Mr. Snowden may end up having to get in Hong Kong. If, for example, the US starts by contacting the Hong Kong government to try to initiate an extradition, and if Mr. Snowden decides to try to get asylum or apply for refugee status here in Hong Kong, he — if he chose to do that, if the process comes to that point, he should be getting all the rights. [...]
<p></p>
If the US started to initiate a process [to] say that we want to arrest this person and start an extradition process, then Mr. Snowden could apply in Hong Kong for refugee status. And then there would be at least two tests: first by the United Nations High Commission on Refugees to determine whether or not, for example, that he will face torture at home and whether or not this is political persecution and so on, and second, also by the Hong Kong court. [...]
<p></p>
He will be accorded rights to appeal all the way up to our highest court in Hong Kong. So, assuming that money and financial issues — because you do need to get lawyers and so on — assuming those are not an issue, these processes in the past could have taken quite a bit of time. But... if [Snowden] isn’t successful and there has to be a final decision to be made about the extradition, our chief executive in Hong Kong, which is pretty much [like] our president... he will have to make the final decision. But because this case very likely will involve foreign relations, then he has to consult the central government. So, in the end, it means that the process can be a pretty prolonged process, and, second, Beijing will probably come into the equation to make a final decision in the end.</blockquote>
<p></p>
You can watch the full interview <a href="http://www.democracynow.org/2013/6/17/as_world_awaits_us_reaction_to">here</a>.Ryan Gallagherhttp://www.blogger.com/profile/01155476025158426542noreply@blogger.com0tag:blogger.com,1999:blog-7589045875350697137.post-58658951682938583972013-06-13T02:29:00.000+01:002014-03-27T14:58:58.434+00:00NSA Chief Quizzed Over Legality of Phone Records Grab: TranscriptGeneral Keith Alexander, the chief of the US National Security Agency, today appeared before a Senate committee and was quizzed publicly for the first time on issues related to the agency's recently revealed surveillance programs.
<p></p>
Most of the questions Alexander faced concerned the secret mass retention of Americans' phone records, <a href="http://www.guardian.co.uk/world/2013/jun/06/nsa-phone-records-verizon-court-order">exposed by the <i>Guardian</a></i> last week, which the spy chief said is necessary to conduct retrospective surveillance of patterns of communication during counter-terrorism investigations — enabling the agency to go "back and time" to monitor who has called whom, when, and for how long.
<p></p>
Perhaps the most notable point in Alexander's appearance came during an exchange with Oregon Senator Jeff Merkley (Democrat), who asked a few specific, probing questions about the section of the Patriot Act (215) being used to justify storing the records. Merkley seemed to believe the NSA had exceeded its authority in mass retaining the records, and I think his comments pinpoint a crucial part of the legal debate about the scope of the surveillance that we will see more of in the weeks ahead. Merkley also pressed for secret interpretations of the law being used by the government to justify the surveillance to be declassified and published, a point that Alexander seemed to agree was necessary though said he couldn't guarantee it because he was "not the only decision maker in the administration."
<p></p>
See the relevant part of the exchange below:
<p></p>
<blockquote><b>Sen. Merkley</b>: You referred to section 215 [of the Patriot Act] and 215 requires for an application for production of any tangible thing. It says in it that this application must have a statement of facts showing reasonable grounds that the tangible things sought are relevant to an authorised investigation. So we have several standards of law embedded in this application: A statement of facts, reasonable grounds, and tangible things that are relevant to an authorised investigation.
<p></p>
Now as it's been described in this conversation and in the press, the standard for collecting phone records on Americans is now all phone records, all the time, all across America. How do we get from the reasonable grounds, relevant authorised investigation, statement of facts, to all phone records, all the time, all locations? How do you make that transition and how has the standard of the law been met?
<p></p>
<b>General Alexander</b>: So this is what we have to deal with the court and I think that... we go through this court process... it's a very deliberate process where we meet all of those portions of the 215. We lay out for the court what we're going to do and to meet that portion we just said. The answer is we don't get to look at the data, we don't get to swim through the data....
<p></p>
<b>Sen. Merkley</b>: Let me stop you there, because these are requirements to acquire the data, not to analyze the data, to acquire the data ... this is the application to acquire the data. So here I have my Verizon phone, my cell phone, what authorized investigation gave you the grounds for acquiring my cellphone data?
<p></p>
<b>General Alexander</b>: On this part here, on the legal standards and stuff, on this part here I think we need to get Department of Justice and others because it is a complex area and you're asking a specific question. I don't want to shirk that but I want to make sure I get it exactly right. And so I do think part of what we should do is perhaps at the closed hearing tomorrow walk through that with the intent of taking what you've asked and seeing if we can get it declassified and out to the American people so they can see how exactly how we do it because I do think that should be answered.
<p></p>
<b>Sen. Merkley</b>: In between these two pieces, the FISA court gives an interpretation of the plain language of the law, their interpretation is what translates the standards of the law into what is governable in terms of what you can do. I had an amendment last December that said these findings of law that translate the requirements that are in the law into what is permissible needs to be declassified so we can have the debate. I believe that what you just said is that you want to have that information to be declassified that explains how you get from these standards of law to the conduct that has now been presented publicly. Did I catch that right and do you support the standards of law, the interpretations of the FISA court of the plain language to be set before the American people so we can have this debate?
<p></p>
<b>General Alexander</b>: I think that makes sense. I'm not the only decision maker in the administration on this process so there are two issues I'm not equivocating. I just want to make sure that I put this expectation exactly right and that is I don't want to jeopardize the security of Americans by making a mistake and saying yes we're going to do all that, but the intent is to get the transparency there.
<p></p>
So Senator I will work hard to do that, and if I can't do that I will come back to you and tell you why and we will have that discussion and run it out and I defer to the chair of the intelligence committee. But I think that's reasonable to get this out. Having said that I don't have the legal background that perhaps you have in this area.
<p></p>
I want this debate out there for a couple of reasons. I think that what we're doing to protect American citizens here is the right thing. Our agency takes great pride in protecting this nation and our civil liberties and privacy and doing it in partnership with this committee, with congress and the courts. We aren't trying to hide it we are trying to protect America so we need your help in doing that. [...]
<p></p>
<b>Sen. Merkley</b>: General I thank you for your statement of support. I also want to thank chair Feinstein who helped develop and send a letter expressing this concern about the secrecy of the interpretations of the FISA court ... I think it's time that [the FISA interpretations] become understandable and public because otherwise how in a democracy do you have a debate if you don't know what the plain language [of the law] means. I do have concerns about that translation and I will continue this conversation.</blockquote>
Ryan Gallagherhttp://www.blogger.com/profile/01155476025158426542noreply@blogger.com0