LONDON (Reuters) – Britain’s spy agency GCHQ intercepted millions of people’s webcam chats and stored still images of them, including sexually explicit ones, the Guardian newspaper reported on Thursday.
GCHQ files dating between 2008 and 2010 provided to the newspaper by the former U.S. National Security Agency (NSA) contractor Edward Snowden, revealed that the surveillance program, codenamed Optic Nerve, saved one image every five minutes from randomly selected Yahoo Inc webcam chats and stored them on agency databases.
Optic Nerve, which began as a prototype in 2008 and was still active in 2012, was intended to test automated facial recognition, monitor GCHQ’s targets and uncover new ones, the Guardian said. It said that under British law, there are no restrictions preventing images of U.S. citizens being accessed by British intelligence.
GCHQ collected images from the webcam chats of more than 1.8 million users globally in a six-month period in 2008 alone, the newspaper reported.
“It is a long-standing policy that we do not comment on intelligence matters,” a GCHQ representative said on Thursday.
In another sign of the widespread information-sharing between U.S. and British spy agencies which has riled public and politicians on both sides of the Atlantic, the webcam information was fed into the NSA’s search tool and all of the policy documents were available to NSA analysts, the paper said.
It was not clear, however, whether the NSA had access to the actual database of Yahoo webcam images, the Guardian reported.
Yahoo said it had no knowledge the interceptions.
“We were not aware of nor would we condone this reported activity. This (Guardian) report, if true, represents a whole new level of violation of our users’ privacy that is completely unacceptable,” company spokeswoman Suzanne Philion said in an emailed statement.
Snowden, now in Russia after fleeing the United States, made world headlines last summer when he provided details of NSA surveillance programs to the Guardian and the Washington Post.
For decades, the NSA and GCHQ have shared intelligence under an arrangement known as the UKUSA agreement. They also collaborate with eavesdropping agencies in Canada, Australia and New Zealand in what is known as the “Five Eyes” alliance.
Under Optic Nerve, GCHQ tried to limit its staff’s ability to see the webcam images, but they could still see the images of people with similar usernames to intelligence targets, the Guardian said.
GCHQ also implemented restrictions on the collection of sexually explicit images, but its software was not always able to distinguish between these and other images.
“Discussing efforts to make the interface “safer to use”, it (GCHQ) noted that current “naïve” pornography detectors assessed the amount of flesh in any given shot, and so attracted lots of false positives by incorrectly tagging shots of people’s faces as pornography,” the newspaper said.
The spy agency eventually excluded images in which the software had not detected any faces from search results to prevent staff from accessing explicit images, it added.
(Reporting by Julia Fioretti; Editing by Catherine Evans and Grant McCool)
US Secretary of State John Kerry (L) is greeted by Chinese President Xi Jinping, at the Great Hall of the People in Beijing, on February 14, 2014 (AFP Photo/Evan Vucci)
By Peter Symonds
US Secretary of State John Kerry’s visit to Beijing last Friday was the latest move in the Obama administration’s provocative “pivot to Asia,” the purpose of which is to undermine Chinese influence and build up US military forces and alliances in preparation for war. Having deliberately inflamed dangerous flashpoints in Asia over the past four years, the US is seeking to press home its advantage, regardless of the consequences.
In Beijing, Kerry sought to lay down the law to the Chinese leadership across a range of sensitive issues. On the volatile Korean Peninsula, he insisted that China use “every tool at its disposal”—including crippling economic sanctions—to force its ally North Korea to bend to US demands on denuclearisation. In relation to the fraught situation in the East China and South China Seas, he called on Beijing to adopt “a calmer, more rule-of law based, less confrontational regime”—implicitly blaming China for the tensions that the US has deliberately stirred up.
For good measure, Kerry also pressed the Chinese leaders to support the US-led regime-change operation in Syria and toe the US line on Iran in the UN, and expressed concerns about “human rights” in China—“especially with respect to the Tibetan and the Uighur areas.” This last reference was calculated to play on justifiable Chinese fears that the US will exploit separatist movements in these areas of China to fracture the country.
Kerry dressed up Washington’s provocative demands in the language of “peace”, “democracy” and “security.” The US intervention in longstanding maritime disputes between China and its neighbours takes place under the banner of “freedom of navigation.” The standard US refrain is that Beijing must abide by the present rules-based global order—that is, one dominated by US imperialism, where the “rules” are set in Washington. All of this is put into circulation by an utterly submissive media without a word of criticism.
The US, however, operates around the world with complete lawlessness and reckless disregard for the rules it lectures others on. President Obama, following on from President Bush, has arrogated to the US the right to wage “pre-emptive” wars—that is, wars of aggression to further Washington’s global interests and ambitions. The US-led invasion of Afghanistan in 2001 was followed by the wars in Iraq and Libya as well as countless provocations, sanctions and military threats against a string of countries, including Iran and North Korea. Waging a war of aggression is a fundamental breach of international law and was the criminal charge underpinning the Nuremburg trials of Nazi leaders after World War II.
The criminals in the White House treat “human rights”, along with international norms and laws, with complete contempt. Under the bogus “war on terror”, the US pursues a program of murder and assassination by drone strikes without restriction, including against American citizens. Rendition, torture and indefinite detention without trial continue. Within the United States, basic constitutional rights are flouted. Whistleblower Edward Snowden has exposed the National Security Agency’s vast spying operations on the entire American population and people around the world, as well as US cyber warfare and hacking programs against nominal friends and foes alike.
What would the US response be to similar actions by China or any other country? What would happen if foreign warships routinely patrolled waters just off the US coast under the guise of “freedom of navigation”, or a rival established a military base—let alone a string of bases and alliances—anywhere in Latin America, or criticised US abuses of “human rights”, or supported Cuban claims to Guantanamo Bay? To ask the question is to answer it. Any one of these acts would elicit a belligerent response, including the threat of war.
The Obama administration’s actions over the past four years have transformed the whole Indo-Pacific region into a highly unstable powder keg.
* By encouraging Japan and the Philippines, in particular, to press their claims, the US has transformed long-running and largely low-key maritime disputes in the East China and South China Seas into major international flash points. The US signalled its intention, just prior to Kerry’s trip, to wind up tensions in the South China Sea even further by throwing off its pose of “neutrality” in the territorial issues and lining up openly against China.
* On the Korean Peninsula, the Obama administration has refused to take part in any international talks on North Korea’s nuclear programs unless Pyongyang meets all US demands. The US has recklessly courted disaster on more than one occasion by reacting to any incident with a massive show of force. Last March/April, in response to North Korea’s bellicose but empty rhetoric, the Pentagon sent nuclear-capable B-52 and B-2 bombers, as well as warships, to South Korea, and announced a major upgrade of its anti-missile systems in North East Asia.
* The Obama administration has upgraded the US military posture throughout the region, with plans to shift 60 percent of all naval and air assets to the Indo-Pacific by 2020. The US has strengthened alliances, particularly with Japan and Australia, is restructuring or establishing basing arrangements in Japan, South Korea, Australia, Singapore and the Philippines, and is boosting strategic ties with virtually every country in the region. US think tanks closely connected to the military establishment publicly discuss plans, preparations and strategies for war with China.
Far from being a force for “peace” and “security”, US imperialism is the most destabilising factor in world politics today. Five years after the 2008–09 global financial meltdown, the US is seeking to overcome its continuing economic crisis by foisting new burdens onto the working class at home and its rivals abroad. The Obama administration is exploiting American military superiority to ensure continued US hegemony in Asia, which has become the globe’s chief cheap-labour hub, with China at the centre. Its “rules-based” global order seeks to reduce China to the status of a subservient semi-colony.
In opposing the US drive to war against China, no support can be given to the Chinese leadership, which is deeply hostile to the working class and seeks above all to strike a deal with Washington. The Chinese Communist Party has greatly weakened any ability to resist US aggression through the dismantling of nationalised property relations and the integration of China in global capitalism as a vast cheap labour platform over the past three decades. The CCP is above all organically hostile to any independent mobilisation of the Chinese and international working class, the only social force capable of ending the danger of a catastrophic war through the abolition of its root cause—the bankrupt profit system and its outmoded nation-state system.
The decision to launch The Intercept now was driven by the team’s sense of urgency and responsibility to continue and expand their reporting on the NSA story. The site’s first news article, by Greenwald and (Jeremy) Scahill, raises troubling new questions about the NSA’s methods of identifying targets for lethal drone strikes.
“Glenn, Laura, and Jeremy are relentless in their pursuit of a story and rigorous in finding the truth,” said Omidyar. “We share a belief in the fundamental importance of a free and independent press on keeping a democracy vital and strong. In all of our reporting, at The Intercept and beyond, we will be anchored by that vision and hold ourselves to the highest journalistic standards. First Look journalists have editorial independence and support and are encouraged to pursue the transformative and engaging stories of our time, no matter the subject.”
In the press release, First Look reports that The Intercept is the first “of what will eventually become a family of digital magazines.”
The Intercept’s editors are Glenn Greenwald, Laura Poitras and Jeremy Scahill. Photograph: /Public domain
A new website featuring journalist Glenn Greenwald and funded by the billionaire founder of eBay was unveiled early Monday, with two stories about US government surveillance.
The site, called the Intercept, reported Monday that the National Security Agency has used cell phone geolocation to help pinpoint targets for US drone strikes overseas, and published previously unseen photographs of major US intelligence facilities.
The Intercept is part of a suite of planned sites to be published by First Look media, founded by eBay chairman Pierre Omidyar. Its editors are Greenwald and fellow journalists Laura Poitras and Jeremy Scahill.
The Intercept will focus on reporting based on documents released by former NSA contractor Edward Snowden, the site’s editors said in an introductory statement. “Our focus in this very initial stage will be overwhelmingly on the NSA story,” the statement said.
The involvement of the NSA in the drone program was previously reported, based on information found in the Snowden documents. However, the Intercept story, written by Scahill and Greenwald, appears to add significant new sourcing from inside the drone program itself, citing an unnamed “former drone operator for the military’s Joint Special Operations Command (JSOC) who also worked with the NSA.”
The story quotes the former operator as saying that innocent people have “absolutely” been killed in strikes based on geolocation techniques that can find a mobile phone but cannot verify who is holding it.
The NSA declined to respond to questions for the article, the Intercept said.
The editors accelerated the launch of the site, their statement said, to fight intensifying attacks on journalists working on stories about government surveillance and other secret programs. Director of national intelligence James Clapper told Congress last month that Snowden had committed a crime and had “accomplices,” in a reference widely interpreted as threatening to journalists working on stories based on the Snowden documents.
Congressman Mike Rogers, a Michigan Republican who heads the House intelligence committee, last week called Greenwald “a thief.”
“None of this will deter the journalism we are doing,” the editors’ statement said. “A primary function of the Intercept is to insist upon and defend our press freedoms from those who wish to infringe them.”
Further plans for the site include a column by Greenwald, who previously wrote for the Guardian.
British spies employed ‘dirty tricks’ including ‘honey traps’ to trap nations, hackers, terror groups, suspected criminals and arms dealers, according to leaked documents.
The bombshell revelations have been made public through the release of documents taken from the National Security Agency by whistle-blower Edward Snowden.
The Powerpoint slides outline techniques apparently used by the Joint Threat Research and Intelligence Group (JTRIG), a British spy unit whose goal is to ‘destroy, deny, degrade [and] disrupt’ enemies.
British spies employed ‘dirty tricks’ including honey traps’ in a bid to trap nations, hackers, terror groups, suspected criminals and arms dealers
The slides from 2010 and 2012, published by NBC News show that the JTRIG completed their mission by ‘discrediting’ adversaries through misinformation and hacking their communications.
Two main methods of attack detailed in the ‘Effects’ campaigns are cyber operations and propaganda campaigns.
The bombshell revelations have been made public through the release of documents taken from the National Security Agency by whistleblower Edward Snowden
JTRIG, which is part of the NSA’s British counterpart, the cyber spy agency known as GCHQ, used Twitter, Flickr, Facebook and YouTube for deception, mass messaging and ‘pushing stories’.
Another strategy is ‘false flag’ operations – this is when British agents carry out online actions that are designed to look like they were performed by one of Britain’s adversaries.
The main cyber attack is the ‘distributed denial of service’ (DDoS) attack.
This is when computers are taken over by hackers and they bombard a website’s host computers with requests for information causing it to crash - this is a method successfully used by Wikileaks hackers.
Earlier this week it was revealed that JTRIG agents issued their DDoS on Anonymous chat rooms, preventing its users from communicating with one another.
In one case, reported the BBC, agents are said to have tricked a hacker nicknamed P0ke who claimed to have stolen data from the US government. They did this by sending him a link to a BBC article entitled: ‘Who loves the hacktivists?’
Eric King, an attorney who currently teaches IT law at the London School of Economics, told NBC it is ‘remarkable’ that the GCHQ has become so adept at launching DDoS attacks without ‘clear lawful authority,’ particularly because the British government has criticised similar strategies used by other governments.
‘GCHQ has no clear authority to send a virus or conduct cyber-attacks,’ he said. ‘Hacking is one of the most invasive methods of surveillance.’
According to notes on the 2012 documents, a computer virus called Ambassadors Reception was ‘used in a variety of different areas’ and was ‘very effective.’
When sent to adversaries, says the presentation, the virus will ‘encrypt itself, delete all emails, encrypt all files, make [the] screen shake’ and block the computer user from logging on.
One of the ways to block a target communicating reads: ‘Bombard their phone with text messages, bombard their phone with calls, delete their online presence, block up their fax machine.’
The slide details examples of how this was used in Afghanistan including significantly disrupting the Taliban, sending targets a text message ‘every 10 seconds or so’ and ‘calling targets on a regular basis’.
The British cyber spies also used blog posts and information spread via blogs in an operation against Iran.
One of the ways to stop a target communicating reads: ‘Bombard their phone with text messages, bombard their phone with calls, delete their online presence, block up their fax machine’
The same 2012 presentation describes the ‘honey trap’ method of discrediting a target commenting it is ‘very successful’ when it works.
The individual is lured ‘to go somewhere on the internet, or a physical location’ where they are then ‘met by a friendly face.’
It does not give any examples of when the honey trap has been used by British agents, but the same slide also details how ‘paranoia’ can be heightened by changing a target’s photo on a social networking website – the slide reads ‘You have been warned JTRIG is about!’
A programme called ‘Royal Concierge’ took advantage of hotel reservation systems to track the location of foreign diplomats and the slides encourage agents to monitor targets through ‘close access technical operations’.
It also suggests they question ‘Can we influence hotel choice? Can we cancel their visits?’
According to reports in Der Spiegel last year, British intelligence tapped the reservations systems of over 350 top hotels around the world for the past three years to set up the programme.
Using the GCHQ’s SIGINT (signal-intelligence) program it was used to spy on trade delegations, foreign diplomats, and other targets with a taste for the high life.
NBC news reported GCHQ would not comment on the newly published documents or on JTRIG’s operations.
In a statement it told them: ‘All of GCHQ’s work is carried out in accordance with a strict legal and policy framework,’ said the statement, ‘which ensure[s] that our activities are authorized, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the Parliamentary Intelligence and Security Committee. All of our operational processes rigorously support this position.’
US and UK spy agencies piggyback on commercial data
Details can include age, location and sexual orientation
Documents also reveal targeted tools against individual phones
By James Ball
GCHQ documents use Angry Birds – reportedly downloaded more than 1.7bn times – as a case study for app data collection.
The National Security Agency and its UK counterpart GCHQ have been developing capabilities to take advantage of “leaky” smartphone apps, such as the wildly popular Angry Birds game, that transmit users’ private information across the internet, according to top secret documents.
The data pouring onto communication networks from the new generation of iPhone and Android apps ranges from phone model and screen size to personal details such as age, gender and location. Some apps, the documents state, can share users’ most sensitive information such as sexual orientation – and one app recorded in the material even sends specific sexual preferences such as whether or not the user may be a swinger.
Many smartphone owners will be unaware of the full extent this information is being shared across the internet, and even the most sophisticated would be unlikely to realise that all of it is available for the spy agencies to collect.
Dozens of classified documents, provided to the Guardian by whistleblower Edward Snowden and reported in partnership with the New York Times and ProPublica, detail the NSA and GCHQ efforts to piggyback on this commercial data collection for their own purposes.
Scooping up information the apps are sending about their users allows the agencies to collect large quantities of mobile phone data from their existing mass surveillance tools – such as cable taps, or from international mobile networks – rather than solely from hacking into individual mobile handsets.
Exploiting phone information and location is a high-priority effort for the intelligence agencies, as terrorists and other intelligence targets make substantial use of phones in planning and carrying out their activities, for example by using phones as triggering devices in conflict zones. The NSA has cumulatively spent more than $1bn in its phone targeting efforts.
The disclosures also reveal how much the shift towards smartphone browsing could benefit spy agencies’ collection efforts.
One slide from a May 2010 NSA presentation on getting data from smartphones – breathlessly titled “Golden Nugget!” – sets out the agency’s “perfect scenario”: “Target uploading photo to a social media site taken with a mobile device. What can we get?”
The question is answered in the notes to the slide: from that event alone, the agency said it could obtain a “possible image”, email selector, phone, buddy lists, and “a host of other social working data as well as location”.
In practice, most major social media sites, such as Facebook and Twitter, strip photos of identifying location metadata (known as EXIF data) before publication. However, depending on when this is done during upload, such data may still, briefly, be available for collection by the agencies as it travels across the networks.
Depending on what profile information a user had supplied, the documents suggested, the agency would be able to collect almost every key detail of a user’s life: including home country, current location (through geolocation), age, gender, zip code, martial status – options included “single”, “married”, “divorced”, “swinger” and more – income, ethnicity, sexual orientation, education level, and number of children.
The agencies also made use of their mobile interception capabilities to collect location information in bulk, from Google and other mapping apps. One basic effort by GCHQ and the NSA was to build a database geolocating every mobile phone mast in the world – meaning that just by taking tower ID from a handset, location information could be gleaned.
A more sophisticated effort, though, relied on intercepting Google Maps queries made on smartphones, and using them to collect large volumes of location information.
So successful was this effort that one 2008 document noted that “[i]t effectively means that anyone using Google Maps on a smartphone is working in support of a GCHQ system.”
The information generated by each app is chosen by its developers, or by the company that delivers an app’s adverts. The documents do not detail whether the agencies actually collect the potentially sensitive details some apps are capable of storing or transmitting, but any such information would likely qualify as content, rather than metadata.
Data collected from smartphone apps is subject to the same laws and minimisation procedures as all other NSA activity – procedures that the US president, Barack Obama, suggested may be subject to reform in a speech 10 days ago. But the president focused largely on the NSA’s collection of the metadata from US phone calls and made no mention in his address of the large amounts of data the agency collects from smartphone apps.
The latest disclosures could also add to mounting public concern about how the technology sector collects and uses information, especially for those outside the US, who enjoy fewer privacy protections than Americans. A January poll for the Washington Post showed 69% of US adults were already concerned about how tech companies such as Google used and stored their information.
The documents do not make it clear how much of the information that can be taken from apps is routinely collected, stored or searched, nor how many users may be affected. The NSA says it does not target Americans and its capabilities are deployed only against “valid foreign intelligence targets”.
The documents do set out in great detail exactly how much information can be collected from widely popular apps. One document held on GCHQ’s internal Wikipedia-style guide for staff details what can be collected from different apps. Though it uses Android apps for most of its examples, it suggests much of the same data could be taken from equivalent apps on iPhone or other platforms.
The GCHQ documents set out examples of what information can be extracted from different ad platforms, using perhaps the most popular mobile phone game of all time, Angry Birds – which has reportedly been downloaded more than 1.7bn times – as a case study.
From some app platforms, relatively limited, but identifying, information such as exact handset model, the unique ID of the handset, software version, and similar details are all that are transmitted.
Other apps choose to transmit much more data, meaning the agency could potentially net far more. One mobile ad platform, Millennial Media, appeared to offer particularly rich information. Millennial Media’s website states it has partnered with Rovio on a special edition of Angry Birds; with Farmville maker Zynga; with Call of Duty developer Activision, and many other major franchises.
Rovio, the maker of Angry Birds, said it had no knowledge of any NSA or GCHQ programs looking to extract data from its apps users.
“Rovio doesn’t have any previous knowledge of this matter, and have not been aware of such activity in 3rd party advertising networks,” said Saara Bergström, Rovio’s VP of marketing and communications. “Nor do we have any involvement with the organizations you mentioned [NSA and GCHQ].”
Millennial Media did not respond to a request for comment.
In December, the Washington Post reported on how the NSA could make use of advertising tracking files generated through normal internet browsing – known as cookies – from Google and others to get information on potential targets.
However, the richer personal data available to many apps, coupled with real-time geolocation, and the uniquely identifying handset information many apps transmit give the agencies a far richer data source than conventional web-tracking cookies.
“They are gathered in bulk, and are currently our single largest type of events,” the document stated.
The ability to obtain targeted intelligence by hacking individual handsets has been well documented, both through several years of hacker conferences and previous NSA disclosures in Der Spiegel, and both the NSA and GCHQ have extensive tools ready to deploy against iPhone, Android and other phone platforms.
GCHQ’s targeted tools against individual smartphones are named after characters in the TV series The Smurfs. An ability to make the phone’s microphone ‘hot’, to listen in to conversations, is named “Nosey Smurf”. High-precision geolocation is called “Tracker Smurf”, power management – an ability to stealthily activate an a phone that is apparently turned off – is “Dreamy Smurf”, while the spyware’s self-hiding capabilities are codenamed “Paranoid Smurf”.
Those capability names are set out in a much broader 2010 presentation that sheds light on spy agencies’ aspirations for mobile phone interception, and that less-documented mass-collection abilities.
The cover sheet of the document sets out the team’s aspirations:
Another slide details weak spots in where data flows from mobile phone network providers to the wider internet, where the agency attempts to intercept communications. These are locations either within a particular network, or international roaming exchanges (known as GRXs), where data from travellers roaming outside their home country is routed.
These are particularly useful to the agency as data is often only weakly encrypted on such networks, and includes extra information such as handset ID or mobile number – much stronger target identifiers than usual IP addresses or similar information left behind when PCs and laptops browse the internet.
The NSA said its phone interception techniques are only used against valid targets, and are subject to stringent legal safeguards.
“The communications of people who are not valid foreign intelligence targets are not of interest to the National Security Agency,” said a spokeswoman in a statement.
“Any implication that NSA’s foreign intelligence collection is focused on the smartphone or social media communications of everyday Americans is not true. Moreover, NSA does not profile everyday Americans as it carries out its foreign intelligence mission. We collect only those communications that we are authorized by law to collect for valid foreign intelligence and counterintelligence purposes – regardless of the technical means used by the targets.
“Because some data of US persons may at times be incidentally collected in NSA’s lawful foreign intelligence mission, privacy protections for US persons exist across the entire process concerning the use, handling, retention, and dissemination of data. In addition, NSA actively works to remove extraneous data, to include that of innocent foreign citizens, as early as possible in the process.
“Continuous and selective publication of specific techniques and tools lawfully used by NSA to pursue legitimate foreign intelligence targets is detrimental to the security of the United States and our allies – and places at risk those we are sworn to protect.”
The NSA declined to respond to a series of queries on how routinely capabilities against apps were deployed, or on the specific minimisation procedures used to prevent US citizens’ information being stored through such measures.
GCHQ declined to comment on any of its specific programs, but stressed all of its activities were proportional and complied with UK law.
“It is a longstanding policy that we do not comment on intelligence matters,” said a spokesman.
“Furthermore, all of GCHQ’s work is carried out in accordance with a strict legal and policy framework that ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the Parliamentary Intelligence and Security Committee. All our operational processes rigorously support this position.”
• A separate disclosure on Wednesday, published by Glenn Greenwald and NBC News, gave examples of how GCHQ was making use of its cable-tapping capabilities to monitor YouTube and social media traffic in real-time.
GCHQ’s cable-tapping and internet buffering capabilities , codenamed Tempora, were disclosed by the Guardian in June, but the new documents published by NBC from a GCHQ presentation titled “Psychology: A New Kind of SIGDEV” set out a program codenamed Squeaky Dolphin which gave the British spies “broad real-time monitoring” of “YouTube Video Views”, “URLs ‘Liked’ on Facebook” and “Blogspot/Blogger Visits”.
A further slide noted that “passive” – a term for large-scale surveillance through cable intercepts – give the agency “scalability”.
The means of interception mean GCHQ and NSA could obtain data without any knowledge or co-operation from the technology companies. Spokespeople for the NSA and GCHQ told NBC all programs were carried out in accordance with US and UK law.
When a smartphone user opens Angry Birds, the popular game application, and starts slinging birds at chortling green pigs, spies may be lurking in the background to snatch data revealing the player’s location, age, sex and other personal information, according to secret British intelligence documents.
In their globe-spanning surveillance for terrorism suspects and other targets, the National Security Agency and its British counterpart have been trying to exploit a basic byproduct of modern telecommunications: With each new generation of mobile phone technology, ever greater amounts of personal data pour onto networks where spies can pick it up.
According to dozens of previously undisclosed classified documents, among the most valuable of those unintended intelligence tools are so-called leaky apps that spew everything from users’ smartphone identification codes to where they have been that day.
The N.S.A. and Britain’s Government Communications Headquarters were working together on how to collect and store data from dozens of smartphone apps by 2007, according to the documents, provided by Edward J. Snowden, the former N.S.A. contractor. Since then, the agencies have traded recipes for grabbing location and planning data when a target uses Google Maps, and for vacuuming up address books, buddy lists, phone logs and the geographic data embedded in photos when someone sends a post to the mobile versions of Facebook, Flickr, LinkedIn, Twitter and other services.
The eavesdroppers’ pursuit of mobile networks has been outlined in earlier reports, but the secret documents, shared by The New York Times, The Guardian and ProPublica, offer far more details of their ambitions for smartphones and the apps that run on them. The efforts were part of an initiative called “the mobile surge,” according to a 2011 British document, an analogy to the troop surges in Iraq and Afghanistan. One N.S.A. analyst’s enthusiasm was evident in the breathless title — “Golden Nugget!” — given to one slide for a top-secret 2010 talk describing iPhones and Android phones as rich resources, one document notes.
The scale and the specifics of the data haul are not clear. The documents show that the N.S.A. and the British agency routinely obtain information from certain apps, particularly some of those introduced earliest to cellphones. With some newer apps, including Angry Birds, the agencies have a similar capability, the documents show, but they do not make explicit whether the spies have put that into practice. Some personal data, developed in profiles by advertising companies, could be particularly sensitive: A secret 2012 British intelligence document says that spies can scrub smartphone apps that contain details like a user’s “political alignment” and sexual orientation.
President Obama announced new restrictions this month to better protect the privacy of ordinary Americans and foreigners from government surveillance, including limits on how the N.S.A. can view “metadata” of Americans’ phone calls — the routing information, time stamps and other data associated with calls. But he did not address the avalanche of information that the intelligence agencies get from leaky apps and other smartphone functions.
And while he expressed concern about advertising companies that collect information on people to send tailored ads to their mobile phones, he offered no hint that American spies routinely seize that data. Nothing in the secret reports indicates that the companies cooperate with the spy agencies to share the information; the topic is not addressed.
The agencies have long been intercepting earlier generations of cellphone traffic like text messages and metadata from nearly every segment of the mobile network — and, more recently, computer traffic running on Internet pipelines. Because those same networks carry the rush of data from leaky apps, the agencies have a ready-made way to collect and store this new resource. The documents do not address how many users might be affected, whether they include Americans, or how often, with so much information collected automatically, analysts would see personal data.
“N.S.A. does not profile everyday Americans as it carries out its foreign intelligence mission,” the agency said in a written response to questions about the program. “Because some data of U.S. persons may at times be incidentally collected in N.S.A.’s lawful foreign intelligence mission, privacy protections for U.S. persons exist across the entire process.” Similar protections, the agency said, are in place for “innocent foreign citizens.”
The British spy agency declined to comment on any specific program, but said all its activities complied with British law.
Two top-secret flow charts produced by the British agency in 2012 show incoming streams of information skimmed from smartphone traffic by the Americans and the British. The streams are divided into “traditional telephony” — metadata — and others marked “social apps,” “geo apps,” “http linking,” webmail, MMS and traffic associated with mobile ads, among others. (MMS refers to the mobile system for sending pictures and other multimedia, and http is the protocol for linking to websites.)
In charts showing how information flows from smartphones into the agency’s computers, analysts included questions to be answered by the data, including “Where was my target when they did this?” and “Where is my target going?”
As the program accelerated, the N.S.A. nearly quadrupled its budget in a single year, to $767 million in 2007 from $204 million, according to a top-secret Canadian analysis written around the same time.
Even sophisticated users are often unaware of how smartphones offer a unique opportunity for one-stop shopping for information about them. “By having these devices in our pockets and using them more and more,” said Philippe Langlois, who has studied the vulnerabilities of mobile phone networks and is the founder of the Paris-based company Priority One Security, “you’re somehow becoming a sensor for the world intelligence community.”
Smartphones almost seem to make things too easy. Functioning as phones — making calls and sending texts — and as computers — surfing the web and sending emails — they generate and also rely on data. One secret report shows that just by updating Android software, a user sent more than 500 lines of data about the phone’s history and use onto the network.
Such information helps mobile ad companies, for example, create detailed profiles of people based on how they use their mobile device, where they travel, what apps and websites they open, and other factors. Advertising firms might triangulate web shopping data and browsing history to guess whether someone is wealthy or has children, for example.
The N.S.A. and the British agency busily scoop up this data, mining it for new information and comparing it with their lists of intelligence targets.
One secret 2010 British document suggests that the agencies collect such a huge volume of “cookies” — the digital traces left on a mobile device or a computer when a target visits a website — that classified computers were having trouble storing it all.
“They are gathered in bulk, and are currently our single largest type of events,” the document says.
The two agencies displayed a particular interest in Google Maps, which is accurate to within a few yards or better in some locations. Intelligence agencies collect so much data from the app that “you’ll be able to clone Google’s database” of global searches for directions, according to a top-secret N.S.A. report from 2007.
“It effectively means that anyone using Google Maps on a smartphone is working in support of a G.C.H.Q. system,” a secret 2008 report by the British agency says.
(In December, The Washington Post, citing the Snowden documents, reported that the N.S.A. was using metadata to track cellphone locations outside the United States and was using ad cookies to connect Internet addresses with physical locations.)
In another example, a secret 20-page British report dated 2012 includes the computer code needed for plucking the profiles generated when Android users play Angry Birds. The app was created by Rovio Entertainment, of Finland, and has been downloaded more than a billion times, the company has said.
Rovio drew public criticism in 2012 when researchers claimed that the app was tracking users’ locations and gathering other data and passing it to mobile ad companies. In a statement on its website, Rovio says that it may collect its users’ personal data, but that it abides by some restrictions. For example, the statement says, “Rovio does not knowingly collect personal information from children under 13 years of age.”
The secret report noted that the profiles vary depending on which of the ad companies — which include Burstly and Google’s ad services, two of the largest online advertising businesses — compiles them. Most profiles contain a string of characters that identifies the phone, along with basic data on the user like age, sex and location. One profile notes whether the user is currently listening to music or making a call, and another has an entry for household income.
Google declined to comment for this article, and Burstly did not respond to multiple requests for comment. Saara Bergstrom, a Rovio spokeswoman, said that the company had no knowledge of the intelligence programs. “Nor do we have any involvement with the organizations you mentioned,” Ms. Bergstrom said, referring to the N.S.A. and the British spy agency.
Another ad company creates far more intrusive profiles that the agencies can retrieve, the report says. The apps that generate those profiles are not identified, but the company is named as Millennial Media, which has its headquarters in Baltimore.
In securities filings, Millennial documented how it began working with Rovio in 2011 to embed ad services in Angry Birds apps running on iPhones, Android phones and other devices.
According to the report, the Millennial profiles contain much of the same information as the others, but several categories listed as “optional,” including ethnicity, marital status and sexual orientation, suggest that much wider sweeps of personal data may take place.
Millennial Media declined to comment for this article.
Possible categories for marital status, the secret report says, include single, married, divorced, engaged and “swinger”; those for sexual orientation are straight, gay, bisexual and “not sure.” It is unclear whether the “not sure” category exists because so many phone apps are used by children, or because insufficient data may be available.
There is no explanation of precisely how the ad company defined the categories, whether users volunteered the information, or whether the company inferred it by other means. Nor is there any discussion of why all that information would be useful for marketing — or intelligence.
The agencies have had occasional success — at least by their own reckoning — when they start with something closer to a traditional investigative tip or lead. The spies say that tracking smartphone traffic helped break up a bomb plot by Al Qaeda in Germany in 2007, and the N.S.A. bragged that to crack the plot, it wove together mobile data with emails, log-ins and web traffic. Similarly, mining smartphone data helped lead to arrests of members of a drug cartel hit squad for the 2010 murder of an employee of an American Consulate in Mexico.
But the data, whose volume is soaring as mobile devices have begun to dominate the technological landscape, is a crushing amount of information for the spies to sift through. As smartphone data builds up in N.S.A. and British databases, the agencies sometimes seem a bit at a loss on what to do with it all, the documents show. A few isolated experiments provide hints as to how unwieldy it can be.
In 2009, the American and British spy agencies each undertook a brute-force analysis of a tiny sliver of their cellphone databases. Crunching just one month of N.S.A. cellphone data, a secret report said, required 120 computers and turned up 8,615,650 “actors” — apparently callers of interest. A similar run using three months of British data came up with 24,760,289 actors.
“Not necessarily straightforward,” the report said of the analysis. The agencies’ extensive computer operations had trouble sorting through the slice of data. Analysts were “dealing with immaturity,” the report said, encountering computer memory and processing problems. The report made no mention of anything suspicious in the enormous lumps of data.
Secret services fugitive Edward Snowden claimed on Sunday that US government officials ‘want to kill me’ in an interview with a German TV channel.
The intelligence leaker’s Moscow lawyer had already voiced similar fears after controversial comments from unattributed sources.
Snowden – currently hiding from US justice in Russia, where he is believed to be under the protection of the The Federal Security Service of the Russian Federation (FSB) – said he has received threats on his life.
‘These people, and they are government officials, have said they would love to put a bullet in my head or poison me when I come out of the supermarket, and then watch as I die in the shower,’ he said.
Still hiding: Edward Snowden, 30, has revealed he has received threats against his life in the wake of his intelligence leaking scandal
The translated Snowden quotes were issued by German public television netowork ARD with the promise of further comments from the renegade intelligence contractor.
The interview was broadcast in Moscow in secret.
Snowden’s concerns follow a BuzzFeed article entitled ‘American Spies Want Edward Snowden Dead’, which cited an alleged Pentagon official.
Michael Hayden, former head of NSA and CIA, has become a leading media defender of government eavesdropping — and a critic of Mr. Snowden. Photograph: Brendan Smialowski/Getty Images
Michael Hayden, who served as NSA director and CIA director under the last administration, called the suggestion of clemency for Snowden “outrageous.”
Former CIA Director James Woolsey said the NSA leaker should be “hanged” if he’s ever tried and convicted of treason. “I think giving him amnesty is idiotic,” Woolsey said. “He should be prosecuted for treason. If convicted by a jury of his peers, he should be hanged by his neck until he is dead.”Former U.S. Chairman of the Joint Chiefs of Staff General Hugh Shelton called the prospect of giving Snowden amnesty a “grave error.”
A demonstrator holds a sign with a photograph of Edward Snowden during 4 July celebrations in Boston, Massachusetts. Photograph: Brian Snyder/REUTERS
Now that President Obama’s promise in December of a “pretty definitive statement” about the nation’s electronic intelligence-gathering practices has been fulfilled with Friday’s speech, it is worth looking at what will actually happen as a result, at least in the near term, and what won’t.The speech was preceded by seven months of arguably the most damaging leaks of national-security information—how we collect electronic intelligence—in the nation’s history, as the result of disclosures by former government contractor Edward Snowden. Yet the president made no recommendation as to how such leaks might be stopped.
To be sure, he mentioned the “avalanche of unauthorized disclosures” that resulted in “revealing methods to our adversaries that could impact our operations . . . for years to come.” But the rhetorical afterburners immediately kicked in to carry us to a higher altitude: “[T]he task before us now is greater than simply repairing the damage done to our operations or preventing more disclosures from taking place in the future.”
Forgive this brief demurrer, but consider: A young man gets a medical discharge from the military notwithstanding that his avocations include kickboxing, then has a rocky and brief tenure at the CIA that ends with his negotiated retention of his security clearance—which allowed him then to be employed by a military contractor in a job that gave him access to the secrets he later leaked—and then he manages to disable a complex computer system and steal more than a million-and-a-half documents. Are we not entitled at least to some brief assurance that the holes in the system that allowed Edward Snowden to do what he did have been sewn up?
But back to higher things. Perhaps the most definitive part of the president’s “pretty definitive statement” concerned the program whereby the National Security Agency gathers from telephone companies information about the calling number, the called number, and the date and time of domestic telephone calls. The information goes into an NSA database indicating whether a foreign number—say, of a terrorist safe house—has called or been called by a domestic number. If such contact has been made, the NSA can also determine other phone numbers that have been in communication with the domestic number.
The database, retaining information about millions of calls, is made available to only 22 NSA employees, who gain access only upon authorization from their superiors. It has been opened about 300 times in a year, there is no evidence it has been abused, and the president believes “it is important that the capability that this program is designed to meet is preserved.”
Nonetheless, Mr. Obama is now ending the program in its current form, with the feasibility of putting the database in the hands of a nongovernment entity to be explored by the director of national Intelligence and the attorney general. But effective immediately, the NSA may not consult the database unless permission is granted by the Foreign Intelligence Surveillance Court (FISC) based on a showing that the NSA has a reasonably articulable suspicion that there is cause to check out a number. The FISC provision sounds like a small thing. It isn’t—either practically or doctrinally.
Each application to the FISC must be prepared and reviewed by cadres of lawyers. When I served as U.S. attorney general, it was my job as the final member of that cadre to sign those applications. I would regularly be visited by a Justice Department lawyer from the National Security Division carrying several applications, each close to an inch thick. They were not in any sense light reading. The submission then had to be reviewed by FISC legal assistants, and eventually by one of the court’s judges.
To impose such a burden on the NSA as the price of simply running a number through a database that includes neither the content of calls nor the identity of callers is perverse. The president said that this step may be dispensed with only in a “true emergency,” as if events unfold to a musical score with a crescendo to tell us when a “true emergency” is at hand.
The president wants the database transferred to a private entity. Why? Because even though the database has not been abused—and notwithstanding the safeguards that surround it and the absence of motive in anyone with access to do anything but guard against a threat to national security—there exists the abstract possibility that the information could be used to draw a detailed profile of a person by mapping all the phone calls that the person has made or received.
Telephone carriers sensibly do not wish to be compelled to undertake the risks of storing the data, and could not as readily provide it to the NSA as the agency’s own storage facility. A private entity is likely to be far less secure than the NSA and staffed by less reliable personnel. The paradoxical result is that the Chinese and the Russians could wind up with easier access to the data than those trying to protect us.
Mr. Obama called upon Congress to establish a panel of nongovernment lawyers, presumably with security clearance, to “provide an independent voice in significant cases.” But last week, the Senate Intelligence Committee released a letter written by John D. Bates, a former FISC chief judge on behalf of current and former members of that court. The judges said “a privacy advocate is unnecessary—and could prove counterproductive—in the vast majority” of cases. The advocate, unable to communicate with the surveillance target or conduct an independent investigation, could not “constructively assist the Courts in assessing the facts.”
The president noted explicitly that a good deal of foreign tut-tutting over America’s capacity to tap into communications abroad came from people who themselves try to conduct the same surveillance on us and in any event are happy to rely on the information we obtain. Yet he insisted that we must do what no other nation does: offer the same privacy protections to citizens of other countries as we do to our own. So information about people who are not subject to U.S. laws and who owe this country no allegiance is to be gathered, stored and disseminated on the same terms as information about American citizens.
Whether wittingly or unwittingly, the choosing of venues for presidential speeches conveys a message. Thus in 2009 the president spoke at West Point to announce a troop surge in Afghanistan, and last spring at the National Defense University to describe his approach to defending the country.
Friday’s speech was delivered not at the NSA but at the Justice Department. The choice was revealing: The Justice Department’s engagement with the intelligence community in this administration has been at arm’s length and sometimes at sword’s point—notably in the refusal to recognize militant Islamism as the proper focus of intelligence-gathering, and in the reopening of previously closed investigations of CIA operators for alleged transgressions in the treatment of terrorists.
Many people whose job it is to decide how aggressively we will fight our enemies watched President Obama’s speech from the Justice Department and got the message—the “pretty definitive statement”—that when it comes to intelligence-gathering, the president would rather protect us from hypothetical abuses than from present dangers. That could be the most lasting effect of all.
Mr. Mukasey served as U.S. attorney general (2007-09) and as a U.S. district judge for the Southern District of New York (1988-2006).
WASHINGTON — Three top congressional lawmakers said Sunday that Russia may have assisted Edward Snowden in leaking classified national security intelligence.
Russia has hosted Snowden in the wake of the leak scandal, but the nation has not been implicated in assisting the former National Security Agency contractor on the front end of the largest U.S. intelligence leak in the nation’s history. Snowden downloaded a vast trove of documents on American surveillance programs and has been leaking them to the press.
House Intelligence Chairman Mike Rogers, R-Mich., told NBC’s Meet the Press that he believes Snowden was assisted in stealing the information. Rogers said the “vast majority” of the information had nothing to do with the controversial collection of private data but rather details about U.S. military forces who “have been incredibly harmed by the data that he has taken with him.”
Rogers added: “Well, let me just say this: I believe there’s a reason he ended up in the hands – the loving arms – of a (Russian Federal Security Service) agent in Moscow. I don’t think that’s a coincidence.”
Pressed on whether he believes the Russian government aided Snowden, Rogers said, “I believe there are questions to be answered there. I don’t think it was a gee-whiz luck event that he ended up in Moscow.”
Appearing on the same program, Senate Intelligence Chairwoman Dianne Feinstein, D-Calif., said Snowden “may well have” had assistance from Russian agents, but that there was no certainty “at this stage.” Both chairs said there was “absolutely” an investigation going on into Russia’s role in the leak.
Homeland Security Chairman Mike McCaul, R-Texas, appeared on ABC’s This Week and said he could not say definitively if Russia played a role, “but I personally believe that he was cultivated by a foreign power to do what he did.”
McCaul appeared on the program from Russia, the host nation of the 2014 Winter Olympics.
Russian President Vladimir Putin also appeared on This Week, where he was asked if Snowden could stay in Russia as long as he wants. “Yes, sure, definitely,” Putin said, noting that under the provisional asylum he can travel freely throughout the nation, including to the Olympic Games. “He can just buy a ticket and come here,” he said.
The Obama administration has set the stage for a push that could rekindle cries of class warfare — calling for renewed long-term unemployment benefits, a minimum wage increase and a campaign against what Democrats call “income inequality.”
Ahead of his multi-week, holiday vacation in Hawaii, President Obama pushed Congress to move forward on extending federal unemployment benefits that weren’t included in the budget deal Senate Democrats and House Republicans struck to fund the federal government for the next two years. The White House has scheduled an East Room event on Tuesday in which the president will appear with people who lost that insurance.
Before the break, Obama called on Congress to follow the lead of 14 states that hiked their minimum wages and do the same for the federal wage.
“We know that there are airport workers, and fast-food workers, and nurse assistants, and retail salespeople who work their tails off and are still living at or barely above poverty,” the president said during a Dec. 4 speech in Washington. “And that’s why it’s well past the time to raise a minimum wage that in real terms right now is below where it was when Harry Truman was in office.”
The president went on to suggest that economic inequality, brought on partially by the current federal minimum wage, is a drag on the American way of life.
“The combined trends of increased inequality and decreasing mobility pose a fundamental threat to the American dream, our way of life and what we stand for around the globe,” the president said in the December speech.
Critics suggest the president is turning to populist themes — and stoking the class warfare debate — in an effort to pivot away from the troubled rollout of his signature health care law. Far fewer people than projected have enrolled in the federal health care exchange, and one official over the weekend played down the administration’s goal of 7 million enrollees. Talk of ladders of opportunity and a strengthened middle class would create a stark contrast to the badgering the White House took on health care to end 2013.
Still, some say pitting one class of people against another could backfire on an administration that has already seen its approval numbers plummet over the last year.
“I think the administration is playing with dynamite,” Karl Rove, a Fox News contributor and former adviser to President George W. Bush, told Fox News. “In the short run they get some advantage from talking about the minimum wage and the extension of unemployment benefits. But the more this becomes a question of taking from those who have to those that don’t have, the more they engage the American people in a very negative way for the administration.”
That potential blowback hasn’t stopped some Democrats from taking the president’s upcoming agenda and running with it.
In his inauguration speech, newly elected New York City Mayor Bill De Blasio focused almost exclusively on what he called a tale of two, unequal cities.
“When I said we would take dead aim at the Tale of Two Cities, I meant it. And we will do it,” De Blasio said. “I will honor the faith and trust you have placed in me. And we will give life to the hope of so many in our city. We will succeed as One City.”
De Blasio touted the idea of raising taxes on the wealthiest New Yorkers to fund city programs aimed at educating poor children.
“Please remember, we do not ask more of the wealthy to punish success. We do it to create more success stories,” he said.
The president is expected to aim his populist rhetoric directly at Congress during the Jan. 28 State of the Union Address where he’ll likely promote an agenda headlined by economic inequality, continuing implementation of the health law and immigration reform. In a separate speech sometime in January, he’s also expected to address an administration overhaul of the NSA spying programs after a recent review brought on by the leaks by former NSA employee Ed Snowden.
While Snowden’s revelations have taken a toll on the president’s ratings, it’s the health care law that some Democrats worry will outweigh a populist tone.
“I think there is a very compelling case that Democrats could make on those particular issues, how food stamps affect the pocket, how it affects children. But if they don’t do that and spend more time running from ObamaCare I don’t see how Democrats really have [the] upper hand,” said Basil Smikle, a Democratic strategist.
And the president even hedged a bit in his December remarks about whether much of his agenda on economic inequality can make it through Congress either this year, or before the end of his presidency.
“I realize we are not going to resolve all of our political debates over the best ways to reduce inequality and increase upward mobility this year, or next year, or in the next five years,” he said. “But it is important that we have a serious debate about these issues.”
Republicans such as Florida Sen. Marco Rubio are ready for that debate but see a very different fix to the nation’s continuing economic woes.
In a web video posted to mark the 50th anniversary of President Lyndon Johnson’s “War on Poverty,” Rubio called that war a failure, and said more government intervention isn’t the way to help the poor.
“After fifty years, isn’t it time to declare big government’s war on poverty a failure?” Rubio said. “Instead of continuing to borrow and spend trillions of dollars on government programs that don’t work, what our nation needs is a real agenda that helps people acquire the skills they need to lift themselves out of poverty and to pursue the American dream.”
President Barack Obama returned to Washington on Sunday after a 2½-week vacation in Hawaii. Waiting for him is an imposing mix of unfinished work and an aggressive agenda for the new year.
Here’s what’s on Obama’s plate for the coming weeks.
Shortly after leaving for Hawaii, President Obama’s aides symbolically enrolled him in a health care exchange under the Affordable Care Act, in an attempt to raise awareness ahead of key deadlines and show the Administration’s confidence in recent fixes. While the worst of the Obamacare website woes are behind him and millions of people have gained coverage under the law, the President returns to Washington as questions remain about the law’s sustainability.
After taking six weeks to provide the first enrollment numbers in the Affordable Care Act exchanges, the Obama Administration has been quick to highlight every positive milestone as more people sign up for health insurance through the law. But important questions remain unanswered: How many people have paid for their new coverage? Have enough young and healthy individuals signed up to make the exchanges sustainable?
Edward Snowden’s revelations dominated Obama’s 2013, and in 2014, the American people will finally hear the President respond to them. Obama has pledged to deliver a speech in the next several weeks to respond to the 46 recommendations of his hand-selected review group that studied the National Security Agency’s controversial intelligence program. Already he has rejected one: splitting the job of overseeing the military’s Cyber Command and the NSA into two separate positions. The group also recommended ending a program by which the NSA maintains a database of telephone metadata.
In his speech Obama will have to explain the complex programs to the American public, while trying to mollify a diverse coalition of critics that has brought together libertarian Republicans and Democratic privacy activists.
Progressive Democrats and the White House are planning to spend much of the year talking about income inequality, an issue they believe will work in their favor come November’s midterm election. It’s a problem that is close to Obama’s heart, serving as one of the reasons he decided to become a community organizer in Chicago. After five years of intense focus on dealing with the recession and the national deficit, the issue will almost certainly be the centerpiece of Obama’s coming State of the Union on Jan. 28.
For Obama there are two tests inherent in embracing the issue of income inequality: can he avoid alienating more-moderate Democrats who worry about the economic impact of legislation like raising the minimum wage, and can he avoid blowback for raising awareness about an issue he can do little about.
The surest sign the White House and Democrats have struck a chord is that Republicans are rushing to follow them, albeit striking out on their own path. Senator Marco Rubio released a video on Sunday morning calling for a focus on those who are struggling to make ends meet. Representative Paul Ryan and House Majority Leader Eric Cantor have similarly discussed the issue over the past year, but little has been done about it.