Feeds:
Posts
Comments

Posts Tagged ‘spying’

From The Guardian

Exclusive: UK security agency GCHQ gaining information from world’s biggest internet firms through US-run Prism programme

Documents show GCHQ has had access to the NSA's Prism programme since at least June 2010

Documents show GCHQ (above) has had access to the NSA’s Prism programme since at least June 2010. Photograph: David Goddard/Getty Images

The UK’s electronic eavesdropping and security agency, GCHQ, has been secretly gathering intelligence from the world’s biggest internet companies through a covertly run operation set up by America’s top spy agency, documents obtained by the Guardian reveal.

The documents show that GCHQ, based in Cheltenham, has had access to the system since at least June 2010, and generated 197 intelligence reports from it last year.

The US-run programme, called Prism, would appear to allow GCHQ to circumvent the formal legal process required to seek personal material such as emails, photos and videos from an internet company based outside the UK.

The use of Prism raises ethical and legal issues about such direct access to potentially millions of internet users, as well as questions about which British ministers knew of the programme.

In a statement to the Guardian, GCHQ, insisted it “takes its obligations under the law very seriously”.

The details of GCHQ’s use of Prism are set out in documents prepared for senior analysts working at America’s National Security Agency, the biggest eavesdropping organisation in the world.

Dated April this year, the papers describe the remarkable scope of a previously undisclosed “snooping” operation which gave the NSA and the FBI easy access to the systems of nine of the world’s biggest internet companies. The group includes Google, Facebook, Microsoft, Apple, Yahoo and Skype.

The documents, which appear in the form of a 41-page PowerPoint presentation, suggest the firms co-operated with the Prism programme. Technology companies denied knowledge of Prism, with Google insisting it “does not have a back door for the government to access private user data”. But the companies acknowledged that they complied with legal orders.

The existence of Prism, though, is not in doubt.

Thanks to changes to US surveillance law introduced under President George W Bush and renewed under Barack Obama in December 2012, Prism was established in December 2007 to provide in-depth surveillance on live communications and stored information about foreigners overseas.

The law allows for the targeting of any customers of participating firms who live outside the US, or those Americans whose communications include people outside the US.

The documents make clear the NSA has been able to obtain unilaterally both stored communications as well as real-time collection of raw data for the last six years, without the knowledge of users, who would assume their correspondence was private.

The NSA describes Prism as “one of the most valuable, unique and productive accesses” of intelligence, and boasts the service has been made available to spy organisations from other countries, including GCHQ.

It says the British agency generated 197 intelligence reports from Prism in the year to May 2012 – marking a 137% increase in the number of reports generated from the year before. Intelligence reports from GCHQ are normally passed to MI5 and MI6.

The documents underline that “special programmes for GCHQ exist for focused Prism processing”, suggesting the agency has been able to receive material from a bespoke part of the programme to suit British interests.

Unless GCHQ has stopped using Prism, the agency has accessed information from the programme for at least three years. It is not mentioned in the latest report from the Interception of Communications Commissioner Office, which scrutinises the way the UK’s three security agencies use the laws covering the interception and retention of data.

Asked to comment on its use of Prism, GCHQ said it “takes its obligations under the law very seriously. Our work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the secretary of state, the interception and intelligence services commissioners and the intelligence and security committee”.

The agency refused to be drawn on how long it had been using Prism, how many intelligence reports it had gleaned from it, or which ministers knew it was being used.

A GCHQ spokesperson added: “We do not comment on intelligence matters.”

The existence and use of Prism reflects concern within the intelligence community about access it has to material held by internet service providers.

Many of the web giants are based in the US and are beyond the jurisdiction of British laws. Very often, the UK agencies have to go through a formal legal process to request information from service providers.

Because the UK has a mutual legal assistance treaty with America, GCHQ can make an application through the US department of justice, which will make the approach on its behalf.

Though the process is used extensively – almost 3,000 requests were made to Google alone last year – it is time consuming. Prism would appear to give GCHQ a chance to bypass the procedure.

In its statement about Prism, Google said it “cares deeply about the security of our users’ data. We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government ‘back door’ into our systems, but Google does not have a back door for the government to access private user data”.

Several senior tech executives insisted they had no knowledge of Prism or of any similar scheme. They said they would never have been involved in such a programme.

“If they are doing this, they are doing it without our knowledge,” one said. An Apple spokesman said it had “never heard” of Prism.

In a statement confirming the existence of Prism, James Clapper, the director of national intelligence in the US, said: “Information collected under this programme is among the most important and valuable intelligence information we collect, and is used to protect our nation from a wide variety of threats.”

A senior US administration official said: “The programme is subject to oversight by the foreign intelligence surveillance court, the executive branch, and Congress. It involves extensive procedures, specifically approved by the court, to ensure that only non-US persons outside the US are targeted, and that minimise the acquisition, retention and dissemination of incidentally acquired information about US persons.”

Related

NSA Prism program taps in to user data of Apple, Google and others

Revealed: Google and Facebook DID allow NSA access to data and were in talks to set up ‘spying rooms’ despite denials by Zuckerberg and Page over PRISM project

The Tor system: Welcome to the dark internet where you can search in secret

GCHQ taps fibre-optic cables for secret access to world’s communications

How Microsoft handed the NSA access to encrypted messages

Feds tell Web firms to turn over user account passwords

The American Surveillance State Is Here. Can It Be Evaded?

Revealed: NSA program collects ‘nearly everything a user does on the internet’

Advertisements

Read Full Post »

From Digital Trends

The Web is a dangerous place for privacy. Here, a list of the companies that are tracking your Web activity on the top 100 most-visited websites in the United States.

It’s no secret: Every move you make on the Web is being tracked, recorded, compiled, and used to sell advertising or otherwise finance the sites that we all know and love.

But such activity has come under increasing scrutiny from privacy advocates, and even the U.S. government. Which got me thinking: What are these companies that are doing the tracking? And which websites are they using to gather this information? Using two of the most popular anti-tracking extensions, Ghostery and Do Not Track Plus, I visited each of the top 100 most-visited websites in the U.S., according to Alexa, to dig a bit deeper into this whole tracking debacle.

In total, about 125 different companies or company products are used to track your online activity through the top 100 sites. Many of these are simple advertising networks — but others are particularly nefarious. To get a better sense of what each of these companies are, I reached out to attorney Sarah Downey, a privacy strategist for Abine, which created Do Not Track Plus. Based on her extensive research, here are some of the companies you should be most concerned about.

Read the full article here

Read Full Post »

ISPs and other network providers can use deep packet inspection to monitor all the data transmitted to and from your computer; encryption via a virtual private network keeps your data transfers private.

Imagine a technology that can stop spam and malware, identify and block illegal downloads, and allow ISPs to prioritize the data they transmit by content as well as by type. Sounds pretty good.

Now imagine a technology that gives network managers and governments the ability to monitor everything you do on the Internet, including reading and recording your e-mail and other digital communications, and tracking your every move on the Web.

Of course, it’s the same technology–deep packet inspection by name. That’s how governments around the world are able to spy on their citizens’ online activities and control their access to the Internet.

Bills pending in U.S. Congress, (the UK) and Canadian House of Commons propose making it mandatory for ISPs to retain for 12 months the information the companies collect about their customers and deliver it on demand to law enforcement agencies. This information includes IP addresses, credit-card numbers, and other private data.

ISPs have long been able to record every site you visit and track what you do on those sites. They can and do block access to specific sites.

But only recently has it become practical from a bandwidth and resource perspective for network providers to read all the data in the packets sent from and delivered to their customers’ computers without slowing their networks to a crawl.

North Korea, China, Iran, and other countries routinely use deep packet inspection to block Internet content and keep tabs on their citizens, according to a synopsis on TechCrunch Europe.

(CNET Crave writer Edward Moyer reports on the Tor Project’s attempts to help Iranians overcome that country’s disruption of encrypted data connections.)

The primary sponsor of the Protecting Children from Internet Pornographers Act is House Judiciary chairman Lamar Smith (R-Texas), who also sponsored–and recently pulled–the controversial Stop Online Piracy Act.

While the fate of the proposed legislation is uncertain, many people are rightly concerned about having a record of their Internet activities stored in a huge repository that will likely be the target of data thieves.

The easiest way to cover your Web tracks is to encrypt your data and network connection. The most popular encryption services use a virtual private network.

Free VPN services come with a price

The free HTTPS Everywhere Firefox add-on from the Electronic Frontier Foundation automatically encrypts connections on sites that support the technology. Unfortunately, not all sites support HTTPS, among other limitations.

A more thorough technique for preventing your Web activities from being recorded is to establish a VPN connection. The Tech Support Alert site rates several free VPN services in its guide to anonymous-surfing products.

Topping the list are CyberGhost VPN, ProXPN, and SecurityKiss, the last of which I wrote about in a post from last February.

I tried the free versions of ProXPN and OpenVPN’s Private Tunnel, but the first is too slow (and annoying), and the second gives you only 100MB of data transfers. The paid versions of both products remove these limitations, as you might have guessed.

Quick and simple setup, but painful performance in the free version

It took only a few minutes to install ProXPN and sign up for a free account. Click the red lock icon that appears in the Windows notification area or Mac menu bar to establish an encrypted connection.

Information about the VPN server you’re connecting through is shown when you hover over the green lock icon.

Once your VPN connection is established, hover over the green lock icon to view the IP address and other information about the VPN server you’re linking through.

The free version’s slow 100Kbps maximum transfer speed harkens back to the pre-broadband days of dial-up modems. Also, when you open your browser you have to click through an annoying ProXPN “upgrade now” screen to get to your designated home page.

According to the company’s site, the ProXPN Premium service has “no bandwidth restrictions, all available ports are open, PPTP VPN enabled (in addition to our standard OpenVPN), full access to all proXPN servers world-wide, and port selection.” The premium version costs $10 a month or $50 for six months; the company offers a 7-day free trial.

Not much encryption offered by the free version of OpenVPN’s Private Tunnel

Apart from the 100MB data limit, the open-source Private Tunnel service is a breeze to sign up for and use. But most Internet users will burn through the free version’s data-transfer allotment in a couple of days. As with ProXPN, Private Tunnel places an icon on the desktop that you click to establish an encrypted connection.

Original article

*Update How Long Before VPNs become illegal?

*Free VPN providers should not be trusted outright where a client’s anonymity is concerned. See this article on multi-VPN security also  Which VPN Providers Really Take Anonymity Seriously? (TorrentFreak article)

Read Full Post »