1

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

Snowden Leaks
Al Mac notes on what we think we know so far.

Domestic Surveillance by the US Government
Notes by Alister William Macintyre Last updated 2013 June 23
Version 0.6

Table of Contents Snowden Leaks, Introduction (2013 June 15).....................................................................5 Document Structure (2013 June 11)............................................................................5 Credits (2013 Jun 15)...................................................................................................6 Big Picture Summary Links (2013 June 16)....................................................................6 Top Secret America (2013 June 14)............................................................................8 Problem Solving (2013 Jun 17).......................................................................................8 Terminology (2013 June 21)................................................................................................9 Mega Phone Data (2013 June 16)..................................................................................10 Mission Creep and Bad Actors (2013 June 13).............................................................11 Past History of Abuses (2013 June 16)..........................................................................11 Security Illusions (2013 June 16)..................................................................................12 Hack Back (2013 June 22).........................................................................................14 Statistics (2013 June 10)............................................................................................15 Q+A (2013 June 13)..........................................................................................................15 Digital Hiding Tips (2013 June 17)...............................................................................15 Digital Protection Insurance and Assurance (2013 June 17).....................................16 Confidential Security (2013 June 17)........................................................................16 Financial Protection (2013 June 17)..........................................................................17 Snowden career path (2013 June 13).............................................................................18 What computer professionals can see (2013 June 17)...................................................20 View all Data Legitimately (2013 June 17)...............................................................21 Sources of hack attacks (2013 June 12).........................................................................22 How massive data allegedly protects America (2013 June 13).....................................23 4th amendment & exceptions to it (2013 Jun 13)......................................................23 Secretly Collecting Digital Data about the People (2013 June 13) ..........................24 Suspect Lists (2013 June 13).....................................................................................24 Claims denied (2013 June 16)........................................................................................25 US Declassified Surveillance Cases (2013 June 15).....................................................26 ATF armed Mexican Cartels (2013 June 15).............................................................27 Boston Bombing (2013 June 16)...............................................................................27 Headley helped Mumbai attack (2013 June 17)........................................................28 Zazi from Colorado to NYC subway (2013 June 17)................................................29 1 Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

2

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

Major Sources and Citations (2013 June 12).....................................................................30 Government Official Sources (2013 June 12)...............................................................30 EU Parliament June 2013 (2013 June 16)..................................................................30 Other nations with similar systems (2013 June 15)...................................................31 Russia (2013 June 15)................................................................................................31 UN Special Rapporteur (2013 June 14).....................................................................31 US Gov Official Sources (2013 June 16)......................................................................31 US 215 (2013 June 19)..............................................................................................31 US 702 (2013 June 19)..............................................................................................33 US Administration (2013 June 16)............................................................................34 US Court Cases and rulings (2013 June 16)..............................................................34 US CRS (2013 June 14).............................................................................................35 US DHS (2013 June 16)............................................................................................36 US DNI (2013 June 15).............................................................................................36 US DOJ (2013 June 16).............................................................................................37 US FBI (2013 June 14)..............................................................................................38 US FISA and FISC (2013 June 16)...........................................................................38 US Founding Fathers Constitution (2013 June 15)....................................................39 US GAO (2013 June 21)............................................................................................39 US House Intelligence 2013-06-17 hearing (2013 Jun 19).......................................40 US House Judiciary 2011 hearing (2013 Jun 14)......................................................44 US IG (2013 June 17)................................................................................................44 US NSA (2013 June 17)............................................................................................45 US NSL (2013 June 16).............................................................................................45 US PCLOB (2013 June 21)........................................................................................46 US Postal Service (2013 June 10)..............................................................................46 US Prism (2013 June 16)...........................................................................................46 US Representative Rogers (2013 June 15)................................................................47 US Senate Appropriations 2013-06-12 hearing (2013 Jun 16)..................................47 US Senate Intelligence Committee (2013 June 17)...................................................49 US Senator Feinstein (2013 June 17).........................................................................49 US TSA (2013 June 10).............................................................................................49 US White House (2013 June 16)...............................................................................49 Media & Privacy sources International (2013 June 16).................................................50 Stop Watching Us (2013 June 16).............................................................................50 Media & Privacy sources Australia (2013 June 17)......................................................50 News Com Australia (2013 June 21).........................................................................50 Media & Privacy sources Britain (2013 June 15)..........................................................50 BBC in Britain (2013 June 15)..................................................................................50 Daily Mail (2013 June 16).........................................................................................51 Economist (2013 June 16).........................................................................................51 Guardian Newspaper in Britain (2013 June 17)........................................................51 Independent in Britain (2013 June 16).......................................................................52 Reuters (2013 June 17)..............................................................................................53 Media & Privacy sources Pakistan (2013 June 20).......................................................53 Express Tribune (2013 June 20)................................................................................53

2

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

3

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

Media & Privacy sources in USA (2013 June 15).........................................................53 ABC News (2013 June 17)........................................................................................53 ACLU (2013 June 17)................................................................................................54 AP (2013 June 16).....................................................................................................55 Atlantic (2013 June 17)..............................................................................................55 Bloomberg (2013 June 16).........................................................................................55 Brookings (2013 June 16)..........................................................................................55 CATO Institute (2013 June 16)..................................................................................55 CDT (2013 June 16)...................................................................................................56 CIS (2013 June 16)....................................................................................................56 CNN (2013 June 17)..................................................................................................57 Council on Foreign Relations (2013 June 14)...........................................................57 CREW (2013 June 16)...............................................................................................57 Daily Caller (2013 June 14).......................................................................................58 EFF (2013 June 16)....................................................................................................58 EPIC (2013 June 16)..................................................................................................58 FAS Secrecy News (2013 June 17)...........................................................................59 Forbes (2013 June 16)................................................................................................60 Hill (2013 June 16)....................................................................................................60 Huffington Post (2013 June 16).................................................................................60 Lawfare (2013 June 16).............................................................................................60 Lawfare June-15 week ending (2013 June 16)......................................................60 Lawfare June-14 daily info (2013 June 16)...........................................................61 Lawfare June-13 daily info (2013 June 16)...........................................................62 Lawfare June-12 daily info (2013 June 16)...........................................................63 Lawfare June-11 daily info (2013 June 16)...........................................................64 Lawfare June-10 daily info (2013 June 16)...........................................................65 Lawfare June-8 week ending (2013 June 16)........................................................66 Lawfare June-7 daily info (2013 June 16).............................................................67 Lawfare June-6 daily info (2013 June 16).............................................................69 Lawfare more stories (2013 June 16).....................................................................69 Los Angeles Times (2013 June 16)...........................................................................70 MSNBC-TV (2013 June 17)......................................................................................70 National Journal (2013 June 16)................................................................................70 New York Times (2013 June 16)...............................................................................71 New Republic (2013 June 16)....................................................................................71 NPR (2013 June 16)...................................................................................................71 Politico (2013 June 16)..............................................................................................71 Reason (2013 June 21)...............................................................................................71 Schneier on Security (2013 June 17).........................................................................72 USA Today (2013 June 17).......................................................................................72 Wall Street Journal (2013 June 16)............................................................................73 Washington Post (2013 June 16)...............................................................................73 Wikipedia USA (2013 June 16).................................................................................75 Wired (2013 June 16).................................................................................................76 Tech info sources (2013 June 12)..................................................................................76

3

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

4

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

Anonymous (2013 Jun 10).........................................................................................76 Apple (2013 June 16).................................................................................................76 AOL (2013 June 16)..................................................................................................76 Cryptome (2013 June 21)...........................................................................................77 Facebook (2013 June 17)...........................................................................................78 Firefox (2013 June 15)...............................................................................................79 Google (2013 June 17)...............................................................................................80 Humor (2013 Jun 10).................................................................................................81 Microsoft (2013 June 17)...........................................................................................81 Pal Talk (2013 June 16).............................................................................................82 RISKS (2013 Jun 12).................................................................................................82 Skype (2013 June 16).................................................................................................84 Tech Companies (2013 Jun 15).................................................................................84 Yahoo (2013 June 16)................................................................................................84 You Tube (2013 June 16)..........................................................................................85 Other Topics (2013 Jun 14)...............................................................................................85 Drones+ (2013 June 14).............................................................................................86 IRS scandals+ (2013 June 14)...................................................................................87 Revision History (2013 June 14).......................................................................................89 Version 0.1 (2013 June 14)........................................................................................90 Version 0.2 (2013 June 15)........................................................................................90 Version 0.3 (2013 June 16)........................................................................................91 Version 0.4 (2013 June 17)........................................................................................93 Version 0.5 (2013 June 23)........................................................................................94 Version 0.6 (2013 June 23)........................................................................................95

Snowden Leaks, Introduction (2013 June 15)
Here will be my notes1 on Edward Joseph Snowden,2 a former high school drop out who apparently was given the keys to US cyber intelligence command, although the people in charge are denying many allegations about this, then he became concerned about some aspects of what was being done, felt it was his US American patriotic duty3 to travel to Hong Kong4 then leak details to the world, through the British Guardian, US Washington Post, and other news media. There have been a lot of claims and counter claims which I seek to wrap my mind around. As I do so, my sources may not yet be as diverse as I eventually hope to check. See footnotes for full url source citations. However, I often interject my own reactions to what I am seeing at the sources.

1 2

I am Alister Wm Macintyre, a semi-retired news junkie, and book-a-holic. https://en.wikipedia.org/wiki/Edward_Snowden http://blogs.fas.org/secrecy/2013/06/snowden-leaks/ http://www.bbc.co.uk/news/world-us-canada-22836378 https://www.nytimes.com/2013/06/10/us/former-cia-worker-says-he-leaked-surveillance-data.html http://www.newyorker.com/online/blogs/culture/2013/06/snowden-girlfriend-lindsay-mills-blog.html 3 http://firstamendmentcoalition.org/2013/06/leaker-wants-public-to-know-about-secret-domestic-spying/ 4 http://world.time.com/2013/06/14/the-5-places-in-hong-kong-snowden-should-hide-in/

4

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

5

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

Document Structure (2013 June 11)
At the end of each chapter heading is a date. That shows when I last added or updated any text to that chapter. So as I come out with new versions, people with old versions can see what I have updated since their last copy.

Credits (2013 Jun 15)
Thanks to many connections in various social media, for steering me to wonderful links and quotes, including: • Bob.S • David.K • Google Plus • Linked In • Mark.W • V. You know who you are, and government surveillance knows who you are.

Big Picture Summary Links (2013 June 16)
USG = US Government. USG denies some of this big picture.5 See US 215 and US 702 chapters. My understanding of recent leak revelations: • NSA is getting logs of 100% phone calls domestically, all phone companies, not just Verizon. 1. These logs include phone # each end, how long it lasted, who called whom, geography of people at each end, info about the type of phone equipment used. 2. USG denies some of this.6 See US 215 chapter. 3. This info does not include the content of the calls, except by inference. The US legal authority to do this, is from section 215 of the Patriot Act. • NSA is getting copies of 100% e-mail, Internet browsing, chats, downloads, uploads, domestically of all people in USA. 1. This is not just the mega log data like with the phone calls, but also the content of the communications. 2. USG denies some of this.7 See US 702 chapter. 3. The US legal authority to do this, is from section 702 of the FISA Amendments Act. • FBI is able to tap phone calls using a type of pirate cell tower, which performs a call relay service, while at the same time recording the content.
5 6

http://www.lawfareblog.com/wp-content/uploads/2013/06/Backgrounder.pdf http://www.lawfareblog.com/wp-content/uploads/2013/06/Backgrounder.pdf 7 http://www.lawfareblog.com/wp-content/uploads/2013/06/Backgrounder.pdf

5

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

6

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

The FBI is seeking expanded authorities to backdoor everything we own software, phones, devices -- for surveillance purposes (aka "CALEA 2.0") and the Administration reportedly is supporting these measures despite security experts warning that such capabilities have the potential to cause significant and widespread cyber security concerns.8 The Post Office has a record of all snail mail to whom, allegedly from who, using the return address on the envelope.

Here are some links which provide summary info on each of the many dimensions of the big picture. I plan to explore each of these dimensions in more detail in individual chapters, but this here is to help us all see if there are any particular dimensions we failed to see, because of media heavy focus on some, while neglect of others. There’s a lot more to this story.9 NSA collecting phone records of millions of Verizon customers daily U.S. intelligence mining data from nine U.S. Internet companies in broad secret program NSA slides explain the PRISM data-collection program US Postal Service records all snail mail USA Intellectual Property Theft Commission Recommends Malware! What the NSA costs taxpayers by Jeanne Sahadi, CNN Money, June 7. "The budget of the National Security Agency, located in Fort Meade, Md., is classified but experts say it's likely to be at least $10 billion a year." President Obama's let's-have-a-debate defense by Josh Gerstein, Politico, June 7. "The Obama administration has a familiar refrain on surveillance of Americans' phone records: the president and his team are eager to have the debate. Eager, that is, only after others have brought the tactics to light and the administration has spent years employing them." The system functioned as intended. The oversight mechanisms, intended to correct abuses already exist, and indeed had signed off on the surveillance activities. Those programs are “under very strict supervision by all three branches of government,” President Obama said Friday. How the U.S. Government Hacks the World by Michael Riley, Bloomberg Businessweek, May 23. "The key role NSA hackers play in intelligence gathering makes it difficult for Washington to pressure other nations--China in particular--to stop hacking U.S. companies to mine their databanks for product details and trade secrets."
8 9

https://cyberlaw.stanford.edu/blog/2013/06/initial-thoughts-nsa-verizon-surveillance-order https://www.propublica.org/article/the-best-stories-on-the-governments-growing-surveillance

6

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

7

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

2013-0611.pdf

How NSA Mistakenly Began the Vietnam War

The 2011 tax return for the Washington D.C.-based charity American Friends of Bilderberg, which I found on a site of government documents available for public review. UN human rights report analyses the implications of States’ surveillance of communications for the exercise of the human rights to privacy and to freedom of opinion and expression.

Top Secret America (2013 June 14)
Here is an effort, by the Washington Post, to put this into perspective,10 as of Sep 2010.

Problem Solving (2013 Jun 17)
I am a semi-retired Geek, who worked at mid-sized businesses from the 1960’s to 2010’s in IT of platforms made mainly by IBM. My philosophy includes: I want a government which WORKS effectively for the best interests of the people. Since I became semi-retired in 2009 (I will be age 70 in 2014), I have had time to pursue some interests impractical when I was a work-aholic, such as going behind the headlines to figure out more details than we get from reading a few news stories, then going beyond the details to analyze proposed solutions to mitigate against the next instance of same kind of challenge. Often some new incident grabs our attention, before I get all the way done. I could be described today as a news-junkie and book-aholic. In an earlier era, maybe I would have been described as an intellectual, but my academic credentials are not that great. When I was full-time, I solved technical problems brought to my attention by co-workers. Now that I am semi-retired, I look to solve political problems brought to my attention by the news media. I share my personal hobby research investigations multiple places, based on convenience of access for me, and diversity because these places sometimes break down, go out of business, or in the case of Linked In, get improved to the point of no longer usable. See Other Topics section for links to my research notes. I have found a common theme in many of the different challenges which I have looked into. As our technology and society get more complex, our leaders need to be skilled in several areas: • Using and understanding state-of-art of technology effectively • Understanding advances of science and technology relevant to our professions • Having a clear understanding of the constitution and laws relevant to our professions
10

http://projects.washingtonpost.com/top-secret-america/

7

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

8

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

It seems to me that many have fallen down in one or more of these areas. In some of the recent scandals in the news, common problems seem to be: • People who witness what they think is wrong doing, in the work place, often don’t seem to have a good collection of channels for spiritual guidance, or legal whistle blowing, so some of them go totally outside and do leaks which are not in the best interests of fixing the problems, since they may not know the whole big picture, while others seek transfers away from what they disagree with, not reporting anything. Just as the military has chaplains for every religious faith, I think that government agencies engaged in confidential and secret work, like ATF CIA IRS, ought to have similar persons that people can go to, to help them see constructive opportunity choices, in confidence, where those advisors are within the envelope of people the workers are allowed to talk to, about the secret work. • GAO and IG investigations seem to get launched when some problem has festered for years, then got so bad that there are lots of people complaining, and it gets into the news media. We need systems of audits, to find problems much earlier in their life cycle. • Many lessons of 9/11 have not yet been applied. Congress is still dysfunctional. Many different government agencies had advance dots about the Boston Bombers, which were never shared, in time to prevent that attack. Each dot was trivial, not justifying action. But had the CIA FBI State-Dept, the two foreign governments, combined their info, and seen what NSA had captured, there was more than enough to show risk of big trouble from these people. Perhaps the reporting systems, which have been defunded, can have their data also go into the NSA collection, so when there is reasonable suspicion about someone, ALL the info reported to government is available to the investigators.

Terminology (2013 June 21)
There are a mountain of acronyms and other technical concepts which ought to be defined, clarified. This chapter plans to either explain them for reference, or point at chapter(s) where they are best explained, but initially will just list some of the words, as they come up. I believe that MOST people are familiar with these terms, but I ought to define them out of courtesy. At the beginning of many chapters, I have a mini-glossary of major acronyms used in that chapter. I recognize that spelling out what the initials mean, often is not enough of story needed.
The 3rd amendment supposedly protects Americans from government human agents using their physical property without proper compensation. Does that also apply to government cyber agents on our computers and cell phones? Even when eminent domain authorizes seizing of real estate, the old owner is supposed to be compensated. The 4th amendment supposedly protects Americans from government intrusion into papers and personal possessions, unless officials get a search warrant or a subpoena demanding certain

8

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

9

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

papers, from a judge, after they show the judge reasonable suspicion. Suspicionless fishing expeditions are not to be authorized. See chapter listing exceptions to 4 th amendment.

5 Eyes - espionage alliance of the US, Britain, Canada, Australia, and New Zealand.11 ATC ATF Catch-22 CIA Constitutional rights C-Span DHS DNI Expectation of Privacy FAA FBI FISA FTP – see Google. GED GCHQ = UK's electronic surveillance agency IRS IT = Information Technology = people who administer computers, and their data, for some institution MOD = Britain’s Ministry of Defense, the equivalent of USA’s Pentagon NSA NSL NYC OSHA Patriot Act Prism Subpoena UK = Britain Verizon Warrant Who Watches the Watchers?

Mega Phone Data (2013 June 16)
USG = US Government. USG denies some of this.12 See US 215 chapter. June 7, 2013 Why Metadata Matters <snip>
11

http://www.news.com.au/breaking-news/world/snowden-files-show-massive-uk-spying-op/storye6frfkui-1226667923388 12 http://www.lawfareblog.com/wp-content/uploads/2013/06/Backgrounder.pdf

9

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

10

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

What they are trying to say is that disclosure of metadata, the details about phone calls, without the actual voice isn't a big deal, not something for Americans to get upset about if the government knows. Let's take a closer look at what they are saying: • They know you rang a phone sex service at 2:24 am and spoke for 18 minutes. But they don't know what you talked about. • They know you called the suicide prevention hotline from the Golden Gate Bridge. But the topic of the call remains a secret. • They know you spoke with an HIV testing service, then your doctor, then your health insurance company in the same hour. But they don't know what was discussed. • They know you received a call from the local NRA office while it was having a campaign against gun legislation, and then called your senators and congressional representatives immediately after. But the content of those calls remains safe from government intrusion. • They know you called a gynecologist, spoke for a half hour, and then called the local Planned Parenthood's number later that day. But nobody knows what you spoke about. Sorry, your phone records oops, "so-called metadata" can reveal a lot more about the content of your calls than the government is implying. Metadata provides enough context to know some of the most intimate details of your lives. And the government has given no assurances that this data will never be correlated with other easily obtained data. They may start out with just a phone number, but a reverse telephone directory is not hard to find.13 Given the public positions the government has taken on location information, it would be no surprise if they include location information demands in Section 215 orders for metadata. If the President really welcomes a robust debate on the government's surveillance power, it needs to start being honest about the invasiveness of collecting your metadata.14

Mission Creep and Bad Actors (2013 June 13)
Many well meaning government leaders create systems to solve problems, but over time several problems can develop. Mission Creep is where some project originally approved for some benign purpose, also gets used for other purposes. The original checks & balances may no longer be adequate for the added functions, but there may be a failure to upgrade them to satisfy the increased risks. Bad Actors is where there may be people abusing the power granted them to do their job, giving everyone in that job a bad reputation, because no one really knows who is a bad actor and who is a good actor.

13

They ought to use a reverse phone directory, which is up-to-date at same time as the phone call info is captured, because over time, people move. Someone else might have that phone # in a few years, when suspicion gets cast upon a person who used that phone # several years ago. 14 https://www.eff.org/deeplinks/2013/06/why-metadata-matters

10

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

11

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

Past History of Abuses (2013 June 16)
Check out: • Church Commission15 • Enemies lists of Hoover & Nixon • Fusion Centers16

Security Illusions (2013 June 16)
• Security Mirror is when a person defines security based on what they know how to do, ignoring what other people may be able to do, not consulting with security professionals who probably know about all the different kinds of risks out there. This is one reason why we have an epidemic of cyber security breaches. There are other reasons. Security by Obscurity is when security works by not telling people things. o Our personal info can be used by Identity Crooks to steal our bank accounts, so that security works, only by keeping info confidential. There’s a lot of National Security which works the same way. o Something Ed Snowden’s on-the-job training apparently lacked, is to communicate to him the notion that our enemies do not have as good access to the Internet as the free peoples of the West, so while one bunch of our enemies may have figured out something they can use against us, most of them probably have not, until we blurt it out in our Internet and Media discussions about it. o This is a topic, which I consider essential for people in the IT profession to understand. When we discover a security flaw in some software or hardware, we need to communicate it to the institution(s) in charge of quality control for that product or service. Often those institutions fail to act on our info. If we, at that point, go public with what we have found, then in addition to maybe hundreds of hackers and malware writers who already knew about the flaw, there are tens of thousands of me-too trouble makers exploiting it. o Over a decade ago, I figured out a flaw in Airport Security, and I reported it to the proper authorities, who decided the risk was so microscopic, it was not worth plugging the hole. Had I gone public, some trouble maker might have exploited it, and caused a mega disaster, or the authorities would have had to spend astronomical money to fix the flaw. My responsibility ended when I reported what I had found, to the proper authorities. o Unfortunately, for many people, it is not obvious, who or what are the proper authorities for some problem, then what we should do if it seems like we have been talking to a brick wall.

This is discussed within my Drone Terms document: http://www.scribd.com/doc/105029922/Drone-Terms-by-Al-Mac 16 This is discussed within my Drone Terms document: http://www.scribd.com/doc/105029922/Drone-Terms-by-Al-Mac
15

11

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

12

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

• •

Security Tests: here are some simple things to do, to find out if your place of employment has quality security, or normal brain dead security: o Look at the ceiling of your work place. Are the ceilings solid with the walls, or do you have acoustical tiles? If the latter, get up on sturdy furniture or a step ladder, and look at what is above the tiles. Does the wall go all the way up to a real ceiling, or is there a way to get into the adjacent office, by going over the top? Don’t actually do it, because the supports are so flimsy you could fall and break your neck. Most modern offices have these hanging ceilings to provide easy access to wiring, lighting, etc. without being unsightly. If anyone asks what you are doing, just say you are investigating something. If building security later gives you the third degree, then you know there is good security here, otherwise you know there’s a gaping hole, where someone with legal access to any one office, can get into any other office, which may be locked, without needing a key to locked doors. o Is there an elevator? Can you climb up through a trap door in the ceiling, and no one question your movements? That’s another security hole. o Does your work place have a chain link fence with a gate which is padlocked every night? Is the padlock hanging unlocked, for the convenience of the last person to leave the facility, so only the first person who comes next morning needs the key? Think thru this: some crooks could substitute THEIR padlock for the official one, so that at night the place is locked up with the padlock for which the crooks have a key, then late nite they drive in, steal the place blind, then replace their padlock with the official one, being careful to wipe off any fingerprints. o Do my examples with physical security sound like places, doing this, have not thought through security risks? Well that’s what computer security is often like. Something is installed, and no one thinks through what could go wrong. Security Theater is when it is more important to send a message that we are doing a good job with security, than to actually do a good job. Airport security is a prime example. Security Theater, Smoke, and Mirrors is when people propose solutions, which are disconnected from any sane reality, where the people and their proposals are more important than the end mission. o For example, many US states mandate security on school buses which are exactly the kind of systems which kill and maim children in crashes, as found by national safety testing, which have also found systems which work effectively, but are illegal or unfunded in most US states.

Want to see what information the government has on YOU? With a simple Freedom of Information Act (FOIA) request, any U.S. citizen can obtain one's NSA or FBI file, if such a file exists.17
17

http://www.dailykos.com/story/2013/06/11/1215421/-Want-to-See-Your-NSA-or-FBI-File-Here-s-How

12

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

13

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

It simply takes a few minutes to fill out the requisite forms and mail them to the appropriate address. An independent site – www.getmyfbifile – will, free of charge, generate the necessary forms for you already filled out. Of course, you can also do this directly through the NSA or FBI if you are worried about providing personal information to an independent site.

Hack Back (2013 June 22)
Should it be legal, and is it even practical, for the victims of hack attacks, to fight back using the same tactics?18 In the 1970’s I first witnessed hack attacks. I saw multiple electronic methods were technically feasible to fight back, but I worried about their legality, so I reached out to the government criminal prosecutors of cyber crime cases to inquire about options. I quit that effort when one of them asked me what drugs I was taking. The notion of hack back was totally alien to their thinking, so getting a good answer was out of the question. I opted to fight back by non-cyber means, but now regret the results, since other innocents got hurt along the way. Victims of cyber attacks need guidance regarding what measures are reasonable for them to take, which are both legal, and do not put additional people at risk. It seems to me that if someone is to engage in hack back, they need to capture plenty evidence of the original attack, to show that their self-defense was justified, otherwise it can be like an escalation in a war, where the attack back is treated as a criminal act, and as a reason to redouble the original attacks. Currently, the copyright police are targeting many consumers and businesses who are innocent, because their systems, for identifying alleged copyright pirates, are flawed.19 The Commission on the Theft of American Intellectual Property20 suggests that so-called hack-back options be made available if simpler attempts to deter IP theft fail. Existing laws and IP protection provisions in international trade agreements have failed to address the issue so far.21 Here is a press release, explaining the commission.22 We can download their 100 page report here:23 http://www.ipcommission.org/ I downloaded a copy for myself, and included it in a collection of similar reports, using my PC folders: STUDIES / NATL SECURITY / CYBER and CRITICAL INFRASTRUCTURE. This final sub-folder now contains:24 • APW Phishing 2013 April report
18 19

https://www.networkworld.com/news/2011/012011-retaliation-answer-cyber-attacks.html https://www.networkworld.com/news/2013/052313-us-urged-to-let-companies-270108.html?page=2 20 http://www.ipcommission.org/ 21 https://www.networkworld.com/news/2013/052313-us-urged-to-let-companies-270108.html 22 http://www.ipcommission.org/press/IPC_press_release_052013.pdf 23 http://www.ipcommission.org/ 24 I can arrange to get copies to people who share my interests. I have downloaded, for study, more reports than I have actually read so far. Those I have studied, where their copyright (if any) permits, I have uploaded to same places where I have shared my own notes.

13

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

14
• • • • • • • •

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

Confidential report which I am not to share. CRS Electrical Security 2004 April (A Congressional Research report not made public for almost 10 years, because DHS did not want it known how vulnerable our CI is). IP Theft 2013 May Personal write-up on Cyber Attack on Critical Infrastructure Personal write-up on Cyber Crime Statistics IRS Personal write-up on Cyber Security Advice Verizon 2013 DBIR 2013 April (Report on Breaches) WH XO Cyber Security Strategy 2012 Dec (White House draft)

Statistics (2013 June 10)
The order to capture ALL customer activity with a particular phone company is ONE order, but it is millions of customers. Statistically that is millions of customers, but in federal number crunching it is ONE spy order. In all of 2012, the Obama administration went to the secretive Foreign Intelligence Surveillance Court only 200 or so times to ask for Americans’ “business records” under the USA Patriot Act. But some of them were like the Verizon order for millions of different people. 25

Q+A (2013 June 13)
With many voices making contradictory claims, I think some of this is easier to comprehend by using the format: Some claim or allegation … maybe who has made these claims. Some denials … who makes those denials, and are they only denying part of the story? Then what is the apparent credibility of the people sources on the various sides of the controversies? Do they have conflicts of interest against being truthful? Are they in a career position where they might have access to quality info?

Digital Hiding Tips (2013 June 17)
Since we do not know the scope of government snooping, we do not know which electronic hiding systems are really effective. However, the government is not the only form of snooping, so partial protection is possible against the other snoops. I have written about some of this kind of topic before, in previous scandals, so here are some tips, for people new to this issue, and to help keep ordinary people as safe as is practical. There are links to additional guidance in the EFF chapter. Note the Security Illusion chapter, for Security Tests you can try where you work, and other places where other people have a fiduciary responsibility to provide good security, but often do not.
25

http://www.wired.com/threatlevel/2013/06/nsa-numbers/

14

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

15

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

There is clothing which allegedly makes a person invisible to drones and CCTV. I have links to the manufacturers of that, and explanations of how effective it is, in my Drone Terms doc.26

Digital Protection Insurance and Assurance (2013 June 17)
Insurance = Bad stuff can happen, so you have Insurance to compensate you after it happens. This includes deals with Insurance Companies, and digital backups. Assurance = Bad stuff can happen, so things are done, to help prevent them from happening to you, such as locking your stuff, having a good password system. Do you use a cell phone for something other than phone calls? Does it have security under your control, like the security on your home computer, personal auto, or residence? If not, you are at extreme risk of all sorts of things can go wrong. Good Security is theoretically possible, but usually humans are careless, because the security is inconvenient, or the institution budget does not support separate computers for separate functions. For example, some institutions have computers, not connected to the Internet, surrounded by a faraday cage (which blocks remote electronic surveillance). People, who work there, connect their laptops to the Internet, do their thing, and unknowingly get infected with some virus, then connect same laptops to the high security reality, and the virus hops in there. That’s how Stuxnet got into the Internet. Western Secret Agents hand delivered the virus to a high security Iran installation, which had users connected by laptop, which got infected. Later one of the laptops talked to the Internet, and now Stuxnet got into the wild. NEVER give out personal information over the telephone or online to someone you don’t know, even if they are allegedly with some organization that you do know. Microsoft does not call ordinary people to help them with some alleged problem on their computer, when those people never contacted Microsoft in the first place. Anyone calling you who claims to be with Microsoft is probably either a crook, or working for a crook. Because new scams viruses and hacker techniques are created daily, make sure your computer has up-to-date security software and/or hardware, which collectively includes anti-virus, anti-spam, firewall, detect compromised web sites, block unwanted downloads, block invasions of your privacy, from what can be protected against. Make regular backups of your settings, because some patches can mess you up.

Confidential Security (2013 June 17)
If you receive an email from someone you know who says they are in trouble, contact that person directly with the number or email address that you have for them or someone
26

http://www.scribd.com/doc/105029922/Drone-Terms-by-Al-Mac

15

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

16

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

in their family or business who may know more about their current situation. Use contact method OTHER than contact info which is in that e-mail. There are scams where a person’s e-mail is compromised, and now controlled by someone painting a horrible story, necessitating rapid delivery of money to get them out of some jam, which is a fabrication of the crook. The crook gets all the money, your friend gets nothing, and your friend may have no other problem than temporarily unable to access their account. NEVER click on links contained in emails you receive from someone you don’t know, even if the email looks real. Recognize which of your contacts may or may not be wise to these risks. Some people receive and forward dangerous links, without thinking. If you click on a link in an email message from a company be aware that many scam artists are making forgeries of company's sites that look like the real thing. Verify the legitimacy of a web address with the company directly before submitting your personal information. Don't trust email headers, which can be easily forged. Avoid filling out forms in email messages. You can't know with certainty where the data will be sent, and the information can make several stops on the way to the recipient. There are many ways to encrypt e-mail and Internet communications,27 but many are inconvenient to use.28 These are constantly being improved, so I suggest interested people use search engines to find out about the latest stuff. There are also other systems, not yet made illegal, such as TOR. Also educate yourself at EFF,29 and your favorite computer security sites. Here is such guidance from AVG.30 If you are working on confidential documents, do not be connected to the Internet at the same time. There is a version of Microsoft Office which detects document errors, so sends the whole document and context to Microsoft to help them improve the software. If some information is confidential, sending it via e-mail, unencrypted, is risking a breach. e-mail is convenient but not safe.

Financial Protection (2013 June 17)
People can contact you by e-mail, phone, snail mail, in person, other means, representing themselves as a representative of some place with which you do business, or of some government agency. Trust but first verify their credentials, before sharing info you would never share with a stranger or a crook. If they claim that you must cooperate because they are THE LAW, insist on guidance from a lawyer first. They may claim the matter is extremely urgent. Ok, then them getting you that lawyer is urgent.

27 28

http://reason.com/blog/2013/06/13/expect-nsa-snooping-revelations-to-make http://reason.com/archives/2013/06/14/how-to-keep-your-government-from-spying 29 https://ssd.eff.org/ 30 http://blogs.avg.com/public-policy/consumer-alert%E2%80%94special-wartime-edition/

16

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

17

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

If someone calls you, who claims to be with your bank or credit card account, even one of those recorded robo calls, contact your financial institution by a method OTHER than the info in the recorded call. Once upon a time, I started getting automated calls saying I was late in paying my TEXACO credit card. I do NOT have such a card, thought I was victim of Identity Theft, or that the robo calls were some kind of scam, but it turned out to be gross incompetence at a Credit Card Company. I have insurance against identity theft. I suggest you check with your insurance companies, to see what is offered. When you first start doing business on-line with some outfit with which you will be sharing personal identity info, which crooks can use to steal our financial identity, carefully note the correct url spelling of the place, so when some fraud sends us a wrong spelling, we are more likely to spot it, before inadvertently supplying that fraudulent place our identity and password to access our financial info. Before you transmit to an e-merchant any personal or financial information, look closely at the website address as displayed in your browser. Chances are, the address of the opening page will be preceded by “http://.” That’s fine. But when you click to the page that asks for your payment information, you should see “https://,” often accompanied by a locked padlock icon. This tells you that the business is using not just hypertext transfer protocol (http), but hypertext transfer protocol secure (https), which provides data encryption and secure identification of the server. It’s an elementary but absolutely essential layer of online security. Don’t disclose personal or financial information on web page lacking that final s. If you are engaged in Internet banking, I suggest using one computer or digital device used exclusively for that purpose, not also used for e-mail, Internet surfing, and other channels at risk of malware or hacking taking over your bank accounts. This advice is because nowadays, most of the crookedness, to steal from your bank account, comes through e-mail and hacking activities, when you access the Internet for other purposes. If your credit card has the latest embedded chip to support it being read from a distance, I suggest you put it in a tin foil envelope, when not in use, because there are cell phone aps for anyone to copy your financial info and steal you blind. Change your bank account to one which does not insist on having such a siphon away system for your money. If you have bank accounts for both personal and business, do not mix the funds at the same bank. This is because business funds do not have same protection as personal funds. In a personal funds breach, you can irretrievably lose all of your business funds, if they have been intermingled. If you have a deal with your bank to automatically add funds, deduct funds, based on electronic contact with customers vendors or the government, then have the bank agreements, and your internal business practices audited, by your lawyer, your accountant, insurance company, and/or other reputable advisor(s). This is because

17

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

18

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

thousands of companies have irretrievably lost $ millions in breaches, due to flawed contracts and flawed practices.

Snowden career path (2013 June 13)
If we are to believe traditional sources, this guy who is now in Hong Kong: • He was a high school drop out. • He got his GED. • He attended some college courses. • He joined the army in 2004, but got injured during training, had to leave. Any military background is a big aid for getting into government work. • He got a job as a security guard for NSA. • He got whatever training was needed to qualify for government IT work. • He got a job in IT security for the CIA. In 2007 the CIA sent him to do computer network security work in Geneva Switzerland. There he had top secret clearance. • There is stress associated with doing secret work, must tell family friends some cover story, may not have anyone to confide in about work-related disillusionment. • He oversees wide access to the government secrets. • He gets jobs with private contractors. In 2009 a contractor sends him to work for a NSA facility in Japan. When he left the USA May 2013, he had been working for a private contractor in Hawaii, as a systems administrator inside NSA. His employer says he left because he was fired for violations of his employer’s code of ethics. • At some point in his career, he works for Dell. • He is earning $100,000.00-200,0000.00 a year. • This seems like a meteoric career rise for a young man without any relevant training, or apparent credentials for the jobs. Is this the whole story? Was he like Aaron Swartz, a self-made genius, out of step with the establishment? When Congress asked administration authorities about this,31 the answer was that some people in IT have tremendous skills, and they will be investigating what went wrong. I agree that some people in IT have tremendous skills, but very few inherited them by intellectual magic. Most got them either through decades of hard work, and academia equivalents, or their career path took them some place, where their employer, such as the military, provided intensive training to rapidly get them certain key skills.. My whole career has been in IT, but I had been working as a low level operator and programmer for over 10 years, before my experience credentials got me access to cyber security training or systems administration, and even then it was introductory. Being a systems administrator, a data base administrator, or a cyber security specialist is not an
31

They asked at the Senate Appropriations Committee hearing June 6, 2913.

18

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

19

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

entry level position in the IT profession. In my opinion, this is like a high school drop out going straight to President of the USA, without going through an election. I have multiple connections in many walks of life, some of them may be known to the government surveillance programs, some not. For many of my sources, I am not in a position to check their claims. The US Post Office, as a government corporation, has lobbyists from competing transportation companies like UPS, Fed X, Truck Companies, whose interest is to weaken the Post Office, so it cannot compete on a level playing field, or so goes the accusation. One thing which appears standard to many government jobs is a pay scale … if you are rated at a particular place in the hierarchy, you get paid a certain salary. It does not matter if your job is in a part of the USA where the cost of living is astronomical, or very reasonable, that is not factored into your salary.32 Many government agencies hire based on ability and various background checks, etc., which is better than many private companies hiring based on college degrees, which can be faked, and may not reflect what the people really know. You don't have to go to college to learn networking, network administration, Unix, programming, web design/development, etc., etc. This can be learned from schools provided by the companies marketing hardware and software, books, on-line resources, access for people to work on the machines, and learn from them through hands on. Tests reveal whether you know your subject or not. Knowledge gained privately plus a military background is the path for many. If you're good at what you do and your skills are needed, as you gain trust you're training for higher and higher levels of clearances. You can move between Agencies and companies (depending on your skill set).

What computer professionals can see (2013 June 17)
My entire career has been working in IT, initially in operations and programming, in the punched card era of wiring boards, and handling hundreds of thousands of punched cards daily. As technology advanced, I got to do more and more sophisticated systems programming, and data base design. This was driven mainly by the needs of my employers. If they thought I had done a good job in one area, and they had a need for work in another area, they had the choice of hiring someone who knew that other area, or sending me to IBM school to learn that other area.

According to Best Places to Live in America, an atlas of the economics of living in different metropolises, home owners in New Jersey pay for their homes in property taxes once every 29 years, while those in Louisiana pay for them once every 209 years. This cost of real estate has a ripple cascade effect on the cost of living of apartment rents, and other uses for that real estate.
32

19

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

20

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

In the early days of my career, the computer manufacturers were known as Snow White and the Seven Dwarves, where Snow White was IBM, and the Seven Dwarves were IBM’s major competitors. This was before Microsoft or Apple were in the picture. I worked on IBM stuff, and two of the dwarves. I have seen maybe 50 different computer languages, but been good at maybe only 10 of them. All the Operating Systems I got good at were for IBM mid-range33 business34 platforms. There are many different potential paths for IT workers, depending on the job market, skills needed, affordability of training opportunities, technology evolution in needs of the market place. There are some very different worlds out there, where career experiences in one cannot give us a good picture of other realities. • Back Office Data Processing in the private sector; • Computer technology in the military; • Computer technology within federal government; • Networking different kinds of Operating Systems and Data Formats • Telecommunications for law enforcement; I frequently attended IBM schools in new technologies. There were occasions when there was training I was supposed to get in some new machine, but impatient managers accelerated delivery, so I missed out on the training, had to read manuals to figure out the machines. Consequently I figured out things that could be done with them, not taught in any of the classes. After about 10 years, my schooling included computer security, and other topics not normally associated with entry level workers. There are a lot of skills I do not have, but I believe other people have. Invariably the top representatives of an organization, do not have hands on the computer systems themselves, but other people bring them the reports and statistics they ask for. Asking them, how those people get the info for the reports, is a wasted effort, they do not know. It is like asking a politician how a light bulb works, and expecting something more from them than flipping a light switch, such as the filament heating up. ODNI denies that any one, analyst or IT, is authorized to do what Snowden claimed he could do.35 This only denies “authorized” not ability to do.

View all Data Legitimately (2013 June 17)
Distinctions should be made between: • Job responsibilities of different people who interact with the data. • Terminology when it comes to viewing data: a. able to see it, can see it; b. have permission to see it, may see it, authorized to see it;
33 34

Mid Range = bigger than a PC, smaller than a mainframe. Business = computer systems in support of business and industry, as opposed to systems for scientific applications, or government. 35 http://www.dni.gov/index.php/newsroom/press-releases/191-press-releases-2013/880-odni-statement-onthe-limits-of-surveillance-activities

20

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

21
• • • • •

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

What IT workers can see within computer data. What IT workers are authorized to see within the data. What IT bosses think we are seeing, and permitted to see. Whether there are any audits to identify discrepancies between the above. Training and Audits to verify relevant people are updated on changes in the law, and bosses expectations.

Computer workers do not normally look at private data because it is unethical, sometimes illegal, often violates employer policies, and because there is too much to look at. However, it is often necessary for our jobs, to be looking at all the data, associated with a particular part of our work. Perhaps there is a question about the veracity of some data. Some total is not what some boss is expecting to see. An IT person is asked to investigate. The investigator needs to understand the basis for the boss’s expectations, the theory of the data involved, all the software which touches the data; all the data. Perhaps something is happening in real life which is not getting into the data. Perhaps something is wrong with the data entry, data management. Perhaps there is more going on than the boss realizes. There are many possibilities, but an investigator needs to see everything, to get a good explanation. The same thing is true for auditors. Perhaps a program is not working perfectly. We need to look at all the data which is supposed to be processed by the program, and how it gets processed, to figure out what is going wrong. Sometimes we copy a selection of representative data, to test the program with extreme values. We need to look at the real data to find what types of values might be there. In a large corporation there may be a division of responsibilities where one person copies selected data, and others do testing, where no one person sees everything. Perhaps someone is having problems accessing data with some hardware. We need to look at all the data the hardware is supposed to access, and all the innards of the hardware, to figure out why anyone would be having any problems. Is it a malfunction, malware, user problem? There are data backups. We need to review what goes onto the backups, to make sure they are working correctly. I am now semi-retired, but I have almost 30 years experience with the data system used at my day job, and over 50 years total career experience.36 Most of the software they want from me nowadays are new ways of looking at our data. I invariably look at all the associated data, when developing the new software, to make sure the new software is getting everything it is supposed to get.

36

Many years experience is not necessarily good on a resume. It can mean variations of the same year repeated to infinity. It can include many years experience with technology which is now obsolete.

21

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

22

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

Thus, ethical computer people only look at data associated with doing our jobs. The systems don’t prevent us from viewing anything, unless there is some kind of security setup to limit access of different kinds of data to different kinds of computer workers. Thus there is risk of abuse by untrained and/or unethical computer people.

Sources of hack attacks (2013 June 12)
During the Senate Appropriations Committee meeting, June 12, 2013, one of the Senators said that he is being told by people working in the financial community, that they are under constant attack by hackers, and that they don’t get any cooperation from the authorities. He wanted to know if this system can help track where the hack attacks are coming from, and do something about them. The answer was that the FBI can trace domestic hack attacks, NSA can trace international hack attacks, DHS has identified 200,000 IP addresses responsible for hack attacks, and supplied them to all the banks and financial institutions, so they can block those attacks with their firewalls. The Senator was asked to confer with the authorities at the hearing, and with his banking complainants, because the story he is being told about no cooperation is baloney.

How massive data allegedly protects America (2013 June 13)
Here is the official story line, regarding how having massive data collection on most everyone in America does not violate their privacy, yet helps with national security. I have heard this story from multiple top officials in the administration, Congress, and unidentified spokespersons. I have many problems with this story, but here will try to share it the best I can, then describe my misgivings in a separate chapter. There are many TV shows where police seize private property without a warrant, without a subpoena, through coercion and subterfuge. These shows are fiction. Real police do not have the right to do what those police are doing. If it can be proven that real police have done any such thing, those police can be sent to prison for corruption.

4th amendment & exceptions to it (2013 Jun 13)
The 4th amendment to the US constitution protects us from the government raiding our homes and other property to seize private papers, without a warrant which is to be shown to us, then with legal help we can question the basis for the warrant, face our accusers. When it is a subpoena to produce some papers, we have a right to first show this to our lawyer to get guidance how to respond. Although we have certain constitutional rights, authorities armed with warrants of subpoenas do not have the obligation to advise us of those rights, like with Miranda warning when arrested. There are several exceptions to the 4th amendment.

22

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

23

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

The entire constitution only protects the people from actions of the government, not actions of other people, or companies. There is a gray area regarding contractors, working for the government. The constitution may or may not protect us from their actions, depending on court rulings. For many government agencies, a sizeable portion of the work is no longer done by government workers, but instead sub-contracted to private companies. The Patriot Act can authorize federal police to do exactly the stuff the cop shows on TV do, gaining information without the owner of the property being aware of it, or giving consent for their info to be divulged without showing the owner a warrant or subpoena. There are also secret laws, and secret court interpretations of laws, Presidential signing statements, and other government actions which can have implications not shared with the people. Courts have ruled that tangible materials, which we consider to be OUR property, such as the content of phone calls, what is on our cell phone, our personal computer, our e-mails, are not legally our property when they are in the possession of an organization we do business with, such as the phone company, Internet service provider, our bank, the public library, our video rental place, our doctor’s office, etc. and thus a court order to such a company to get a copy of all the stuff we are doing with that company, or transit through it, does not carry with it the 4th amendment constraint that we be told the government is seizing those records, unless there has been specific privacy laws passed to protect our privacy with respect to a particular kind of data about us, held by these other companies etc.

Secretly Collecting Digital Data about the People (2013 June 13)
There are court orders thru the FISA court, like the one the Guardian leaked on Verizon, in which some facts are presented to the court in secret, why the US needs this info, and the FISA court then, in secret, interprets the secret laws, and makes a secret decision, as to why it is Ok to grant the requests of the court, for this info to be collected in secret. This info from the phone companies, which is similar to our phone bills, itemizing all calls from whom to whom, at what locations, time duration, and serial #s of the phones involved, goes into a humongous data base. Another FISA warrant is needed to access that data. Similar story with info from the Internet companies, such as our e-mail, and how the snail mail data is captured. It all goes into humongous data bases, structured so that a later warrant can be used to extract everything there is to know, about selected individuals. By this means, people who are in no way connected to terrorism suspects, will have their privacy protected, the data on them never accessed.

23

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

24

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

Suspect Lists (2013 June 13)
Section 702 of the Patriot Act is used in support of foreign surveillance, legal under US law, to identify potential enemies of the USA, who have communicated with someone in the USA via phone, e-mail, snail mail, or other means. At this point there is the other FISA warrant to find out everyone else who has been communicating with the person in the USA with the foreign location suspect, and in turn who they were communicating with, going out as many who called whom which makes sense. The foreign suspect, makes a wrong # connection, to a phone #, which calls for pizza delivery, so everyone else who calls that pizza place may become a suspect, because a request for extra cheese or other food selections may be thought to be code phrases really meaning something about bomb components. Once a bunch of people are on the list to investigate, humans make reasonable inferences whether they are now looking into possible terrorists or innocent people. The process of getting at the lists of people who are somehow connected to the foreign suspect, is auditable, and has oversight by all 3 branches of government. NSA has got this list of people from the massive data base, thanks to the FISA court order authorizing looking at the connections, because of the foreign intelligence suspect lead. Now the list is given to the FBI to look for more info on those people, using more traditional judicial methods, such as court orders to look at the content of the connections. If the investigation fails to find anything bad about people on the list, they go into a terrorism watch list, coded “case closed”, as was done with someone who later became a Boston Bomber.37 This is how they found the guy from Colorado who planned to attack the NYC subway system. There have allegedly been dozens of other terrorist plots discovered and prevented, using the same system. The public cannot be told the details of these situations, because of secret classifications. However authorities, involved in using the system to catch these guys, will be briefing Congress, which will be working with the administration, to see how much of it can be declassified so that the American public can see the truthfulness of this story.

Claims denied (2013 June 16)
USG = US Government. How the PRISM program is depicted, seems to be totally at odds with official claims by USG.38 See US 702 and US Prism chapters.
37

For my notes with more info on this dimension, see: http://www.scribd.com/doc/136142293/Boston-Bombings-2013-April-by-Al-Mac This is also in my Google Docs Drive “Disaster Avoidance collection.” 38 http://www.lawfareblog.com/wp-content/uploads/2013/06/Backgrounder.pdf

24

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

25

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

Peter T King (R-NY), Chairman of House Homeland Security Committee,39 has been widely quoted in the news media, as stating that the Guardian’s Glenn Greenwald
is an enemy of the USA, and needs to be prosecuted as a conspirator with Edward Snowden, because, according to King, Greenwald has threatened to out CIA agents undercover around the world. Greenwald denies he said any such thing, or has such info.40 Yes, Snowden gave the Guardian massive volumes of data, compared to what the Guardian has actually published, selecting that which they believe the terrorists already know, but US public should also know. Also see chapter on the Guardian newspaper. Snowden has been quoted, claiming that when he was working as an NSA contractor, that he could tap into any phone call, or e-mail. NSA leadership was asked about this at the Senate Appropriations Committee hearing June 12, 2013 … True or False? The head of NSA said “False,” he did not know how that was possible. Since we don’t know how Prism is organized, there is no way for the rest of us to know for sure. See my chapter on what computer professionals can see. According to Privacy specialist Lauren Weinstein, 41 Government statements, later found to be misleading, looking like lies, feeds confusion, anger, conspiracy theories. Government programs, kept secret, no transparency, no oversight, means massive tax payer spending on programs which do not seem to be accomplishing, or capable of accomplishing, what they claim to be doing. I disagree that back doors are necessarily complex and difficult to install. They are like cyber security. If you design a system which has security and back doors from the beginning, they are easy to provide. If you try to add them later, after everything else exists, they can be next to impossible, like trying to put a padlock on the zipper of a boy scout tent, and expecting that it will stop someone with a knife opening a back door. The better the security, the more difficult to add the back doors. But data flows through so many systems, the weakest link may be one totally unknown to the people managing the data. Many in Congress are denying they had been in the know. 42 Hey, you pass a law saying that certain administration activities are only to be reported to certain people in Congress. That is not unintended consequences. That is intended consequences. You authorized this stuff, with the laws you passed. You have only yourselves to blame, not the President or the Courts, but feel free to continue to pass the blame around, which only undermines your own credibility.
39 40

http://homeland.house.gov/ This was in an interview I watched on MSNBC. 41 http://lauren.vortex.com/archive/001042.html http://lauren.vortex.com/archive/001043.html http://lauren.vortex.com/ 42 http://www.citizensforethics.org/blog/entry/less-domestic-spying-more-governmenttransparency-nsa

25

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

26

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

Newly elected politicians might not know what previous politicians did Presumably the dragnet pulled in records of the existence of phone calls from constituents to Members of Congress, clients to attorneys, whistleblowers to journalists, litigants to judges, and just about everyone else. Congress deliberately does not have oversight of this surveillance of the American People.43

US Declassified Surveillance Cases (2013 June 15)
B = billion M = Million Allegedly dozens of terrorism plots have been prevented, thanks to the secret surveillance of 350m+ Americans, 500m+ Europeans, and God knows how many other people around the world. That’s info on maybe 1b+ people, needed to stop dozens of plots. It seems to me that excess money is being spent capturing data, compared to the volume of data captured. I believe the failure to connect dots is much more political than technical, but because of the massive secrecy, none of us can be sure about this.44 Promises have been made, that we will get details on some of these plots.45

ATF armed Mexican Cartels (2013 June 15)
In my opinion, what ATF did with Fast & Furious46 was gross incompetence at many levels of government, acts of war against Mexico, and maybe even accidental treason. It is the sort of thing that accessories, to terrorist attacks, get sent to prison for many years for doing. If the secret surveillance program was working the way we are being told, for the purposes we are being told it is for, it would have detected people delivering army weapons to Mexican cartels, and back traced those people activities to ATF agents and Assistant US Attorneys who were accessories to the delivery system. The failure to send to prison whoever it was, who put untrained personnel in charge of this stupid program, is an example of selective prosecution. If it is wrong to help terrorists plan attacks which can lead to hundreds of people killed and maimed, then it is equally wrong to help supply drug cartels with Army weaponry. Thanks to one of these weapons killing a Border Patrol agent, conventional investigations ultimately identified all the perpetrators, so the secret surveillance program was not needed in this case, just competent oversight, such as fixing the broken Congressional committee hearing system, as described in the 9/11 commission recommendations.

43 44

http://reason.com/blog/2013/06/06/surveillance-program-backers-resisted-ba http://reason.com/blog/2013/06/13/how-many-terrorist-attacks-would-have-ha 45 http://www.cnn.com/2013/06/17/politics/nsa-up-to-speed/ 46 My detail notes on this, and related scandals, are in my Drone Terms doc. http://www.scribd.com/doc/105029922/Drone-Terms-by-Al-Mac

26

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

27

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

Boston Bombing (2013 June 16)
I have extensive notes elsewhere on what we have learned in the aftermath of the Boston 2013 Marathon.47 The NSA domestic surveillance did not stop this terrorist attack. However, the attack might have been prevented for the same reasons the 9/11 attack might have been prevented, were it not for government agencies failing to have an effective system of sharing information. Each dot by itself was fairly innocuous. If we were to lock people up based on only one of these dots, we would have to lock up the entire population of the USA. But in combination, a dozen different dots were perhaps reasonable suspicion. Here are dots known by government agencies, prior to the bombing: • Someone, at CIA, knew what the Russian FSB had told them about these people. • Someone, at DHS, got pinged when someone on some watch list traveled to and from somewhere in Russia. • Someone, at FBI, knew what the Russian FSB had told them about these people. • Someone, at FBI, knew the results of the FBI investigation. • Someone, in the Middle East nation,48 knew enough to warn the USA State Dept. • Someone, at the Russian FSB, knew enough to launch investigations. • The NSA has been tracking various cyber activities, which include some which may be more suspicious than others, such as uploading and downloading jihadist videos, engaging in jihadist rhetoric, promoting conspiracy theories. NSA budget might not be sufficient to pursue all leads. • Someone, at the State Dept, knew what the middle eastern country had told them about these people. • The University was required by law to report the friends who were no longer attending the University, but were in the US on a student visa. It is not clear to me to which government agency they reported, but that info was going straight into a circular file, because the capacity to do anything with such info, had been defunded, without revoking the law mandating colleges and universities to continue doing the reporting. Maybe data which must be reported to the government, where doing anything about it has been defunded, should also go into the NSA data base, so that when there are serious suspicions due to other scenarios, all the data is available. Since each dot was held by a different government agency, many someones in isolation from all other government agencies, except for input from foreign governments, each by themselves was so trivial as to have no significant meaning, but if the US government had been engaged in a data sharing system, which was decided after 9/11 was needed, then many of these dots could have been correlated. TWO different foreign governments were saying there was a problem. Maybe not enough to stop the bombing, but certainly enough dots that if there was such a thing as dot sharing across government agencies, it would have been evident that these guys were potential trouble.
47

http://www.scribd.com/doc/136142293/Boston-Bombings-2013-April-by-Al-Mac This is also in my Google Docs Drive “Disaster Avoidance collection.” 48 I think the Saudis, but I am not sure.

27

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

28

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

There were dots not known to the US government. • How often does a Mosque have to kick out a trouble maker? This guy got kicked out TWICE. Should they have told some government agency, and would anything have resulted? • College chums knew a month before the bombing that they were in the bomb making business, and they did not tell anyone. The excuse, that they did not want to get the bombers in trouble, makes them accessories to the crime. • A whole bunch of relatives and friends were concerned about the radicalization, which they were witnessing, and did not tell anyone.

Headley helped Mumbai attack (2013 June 17)
David C. Headley, is an American who scouted targets in Mumbai, India, in preparation for a deadly attack there, which killed 160 people. The secret surveillance system found him, but failed to prevent the attack.49 I read some reports from India, soon after that attack was investigated. Apparently the attackers were in phone contact with “handlers” or “coordinators” in Pakistan, and these phone calls were recorded by India’s surveillance system, which is similar to that of the USA. After the attackers were killed, their cell phones fell into the hands of investigators, who were able to back track their communications. What Headley got convicted of, however, was terrorism charges in a plot to bomb the Danish newspaper Jyllands-Posten, which published cartoons of the Prophet Mohammad that offended many Muslims.50

Zazi from Colorado to NYC subway (2013 June 17)
Najibullah Zazi, is an Afghan immigrant who pleaded guilty to plotting to set off backpacks full of explosives in the New York subway, along with some co-conspirators, who were also arrested. That attack was allegedly foiled thanks to the secret surveillance system, but others dispute that claim.51 There was an enemy suspect under surveillance in Pakistan,52 to whom Zazi sent an email, saying he was having trouble figuring out the right amount of yeast to put in the cake he was baking. This was discovered Sept 2009. • Code = Translation • Cake = Bomb • Yeast = some ingredients in the bomb Zazi also sent an e-mail saying a "wedding was ready."53 • Code = Translation • Wedding = Bomb Plot
49 50

http://thecaucus.blogs.nytimes.com/2013/06/09/lawmaker-calls-for-renewed-debate-over-patriot-act/ http://www.reuters.com/article/2013/06/13/us-usa-security-denmark-idUSBRE95C1DC20130613 51 http://www.buzzfeed.com/bensmith/public-documents-contradict-claim-email-spying-foiled-terror 52 http://www.lawfareblog.com/wp-content/uploads/2013/06/Backgrounder.pdf 53 http://www.reuters.com/article/2013/06/13/us-usa-security-denmark-idUSBRE95C1DC20130613

28

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

29

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

So the secret surveillance telephone metadata base was used to find out more info about this Zazi. By the time authorities raided his home, finding evidence that he had been in the bomb making business, and engaged in activities protected by the 2nd Amendment, he was already in transit to NYC, but authorities had his DMV picture, and description of his car. While Prism, may have played a role, documents in the court case indicate otherwise.54 One of the phone#s connected to Zazi was found to be a previously unknown (to the government) phone# for another suspect = Adis Medunjanin, who was sentenced to life in prison in Nov 2012. I do not understand why info on 350m+ Americans and 500m+ Europeans was needed to track down Zazi, why conventional law enforcement investigations would not have sufficed. I do recognize that due to tech companies being bombarded with hundreds of demands for info every day, from various law enforcement authorities, many of which seem inappropriate fishing expeditions, that this high priority request in that queue might not be processed in a timely manner.

Major Sources and Citations (2013 June 12)
Here I shall try to show both info I got from the sources, and links to those sources.

Government Official Sources (2013 June 12)
I am grouping same kinds of sources, then alphabetically within type of source.

EU Parliament June 2013 (2013 June 16)
EU = Europe M = millions I watched on C-Span, June-14 2013 evening. I do not know when the discussion actually took place. The topic was NSA data gathering programs, and the belief that the dragnet was also sucking up what 500m Europeans were doing, because most major Global Internet providers have their servers located in the USA. Elected politicians in the EU Parliament, in this discussion, were very much like elected politicians in the US Congress. There are viewpoints across a spectrum, and the chamber is almost empty, with more empty chairs than chairs occupied by participants … the largest constituency of politicians, are those who do not care about the issue, either way. In my estimation, EU opposition outnumbered NSA’s allies by a margin of maybe 2-1, while the uninterested outnumbered the interested by maybe 20-1.

54

http://www.buzzfeed.com/bensmith/public-documents-contradict-claim-email-spying-foiled-terror

29

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

30

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

Those in opposition to NSA data collection of EU citizens info, talked about: • The US constitution may protect US citizens residing in the USA, but it does not protect the intimate details of the private lives of EU citizens residing in EU. • There are EU data protection and privacy laws, treaties, and international law, which the NSA data collection appears to be in violation of. • Those companies, named and shamed in this scandal, have denied they are in violation of any laws, USA, or EU. • How can we tell Iran, Egypt, Syria, China, etc. that it is wrong to spy on your citizenship, when this is going on, and we can’t prevent it? • There are upcoming summits, and treaty negotiations, at which it will be essential for US representatives to clarify some of the nuances. o They need to explain their justification under international law & treaties to be spying on 500m+ EU citizens, and demonstrate whether or not they are obeying EU laws covering EU citizens. • President Obama says the priority is not to spy on Americans, but on foreigners, which is us in Europe. • This issue is about: o Data Protection Rules and Enforcement o The Rule of Law, instead of secret laws implemented by secret agents in secret courts, with no oversight, accountability, transparency, or right of redress of grievances. o Pre-Conditions for Democracy, and pre-conditions for converting a democracy into a police state.

Other nations with similar systems (2013 June 15)
The USA is not the only nation engaged in surveillance of its citizenry, or developing such a system. Others include: • Repressive nations world wide • Britain55 • India56 • Russia57

Russia (2013 June 15)
Russia is willing to offer asylum to Ed Snowden.58

55

http://www.thesun.co.uk/sol/homepage/news/politics/4953996/David-Camerons-call-for-toughinternet-spy-laws-for-police.html 56 http://thediplomat.com/the-pulse/2013/06/14/india-sets-up-domestic-prism-like-cyber-surveillance/ 57 http://reason.com/blog/2013/06/06/surveillance-of-telephone-and-internet-c 58 http://www.newsmax.com/Newsfront/snowden-justice-leaks-charges/2013/06/11/id/509215

30

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

31

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

UN Special Rapporteur (2013 June 14)
The UN Special Rapporteur on human rights and counter-terrorism has some remarks on balancing what is done for national security, to protect against terrorism, and avoid violating the civil liberties of people privacy and data protection in the process.59

US Gov Official Sources (2013 June 16)
I am grouping same kinds of sources, then alphabetically within type of source. This heading is to help with Table of Contents navigation.

US 215 (2013 June 19)
FAS = Federation of American Scientists. FISA = Foreign Intelligence Surveillance Act FISC = Foreign Intelligence Surveillance Court NSA = National Security Agency, or popular humor: No Such Agency. NSL = National Security Letter 215 = a section of the Patriot Act, which the FBI, NSA, and other government agencies can use, to get secret court orders demanding data, such as phone logs. Here from FAS is NSA Fact Sheet on Section 215 of the PATRIOT Act, June 18. "This program concerns the collection only of telephone metadata. Under this program, the government does not acquire the content of any communication, the identity of any party to the communication, or any cell-site locational information." 702 = a section of the FISA Amendments Act, which NSA and other government agencies can use, to get secret court orders demanding data, such as what goes through the Internet. There are important references to 215 in other chapters, including: • ACLU • Big Picture • Mega Phone Data • US Administration • US DoJ • US FBI • US IG According to June 17, 2013 testimony at the House Intelligence Committee: • When looking for a needle in a haystack, first we must get the haystack. According to a June-15, 2013 statement by the US Administration:60
59 60

http://www.ohchr.org/EN/NewsEvents/Pages/DisplayNews.aspx?NewsID=13439&LangID=E http://www.lawfareblog.com/wp-content/uploads/2013/06/Backgrounder.pdf I tried to copy-paste from this 3 page document, but that feature is blocked, so I downloaded a personal copy, naming it: USG Surveillance Background 215 702 June 2013. Then I found out the reason I could not individually copy paste some paragraph is because the entire thing is one scanned image. I need better tools to separate out pieces of the result. I have also just created a sub-folder called USG Surveillance Snowden, to help organize what I have on this growing topic, like I now have several

31

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

32

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

Section 215 of the Patriot Act is about metadata. It does not allow the government to listen to anyone’s phone calls. The info acquired does not contain the content of any communications, the identity of any party to the communications, or any cell phone location information. This contradicts what has been reported in a lot of the news media, but does not deny all the reported info. The government does not indiscriminately sift through this collected data. It is queried only when there is reasonable suspicion of a link to specific foreign terrorist organizations. See chapters on US Administration and US DoJ for more info. Only a tiny portion of this metadata is ever reviewed, because the vast majority is totally innocent. The system is subject to strict controls and oversight: • The meta data is segregated; • Queries against the data base are documented and audited; • Only a small number of specifically-trained officials may access the data; • The Foreign Intelligence Surveillance Court (FISC) reviews all this every 90 days; • Data must be destroyed within 5 years. Given that most of this is implemented by private contractors, and our state-of-art of computer networks require IT personnel to administer the security rules, an important sub-topic not being discussed here, is the role of computer security auditors. See in Q+A where I talk about scenarios where computer professionals can habitually view all the data.

US 702 (2013 June 19)
AG = Attorney General. DNI = Director of National Intelligence. DoJ = US Department of Justice. FAS = Federation of American Scientists. FISA = Foreign Intelligence Surveillance Act. FISC = Foreign Intelligence Surveillance Court. NSA = National Security Agency, or popular humor: No Such Agency. NSL = National Security Letter. ODNI = Office of Director of National Intelligence. USG = US Government. 215 = a section of the Patriot Act, which the FBI, NSA, and other government agencies can use, to get secret court orders demanding data, such as phone logs. 702 = a section of the FISA Amendments Act, which NSA and other government agencies can use, to get secret court orders demanding data, such as what goes through the Internet. Here, from FAS, is NSA Fact Sheet on Section 702 of the Foreign Intelligence Surveillance Act, June 18. "This authority allows only the targeting, for
sub-folders for different sources of info on the IRS scandals. Hey, there’s no copyright constraint on this document, so I may upload it to Scribd. Here is where I placed it: http://www.scribd.com/doc/148194460/USG-Surveillance-Background-215-702-June-2013

32

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

33

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

foreign intelligence purposes, of communications of foreign persons who are located abroad." There are important references to 702 in other chapters, including: • Big Picture • Suspect Lists • US Administration According to a June-15, 2013 statement by the US Administration:61 Section 702 of the Patriot Act only allows the USG to target the communications of foreigners, when those communications may have foreign intelligence value. Congress required the government to develop and implement judicial approval for “minimization” procedures to ensure protection for any info about US persons which may be incidentally acquired. The USG has done that, and the procedures have been approved by FISC. This effort is subject to strict controls and oversight. Targeting decisions,62 and what is done with the data,63 are regularly reviewed by DoJ and ODNI; there are semi-annual reports to Congress;64 and FISC must review the program each year upon certification by the AG and DNI. Within this regime of strict controls and oversight, the USG requires, or legally compels US technology companies to provide certain communications records. These companies have consistently done all they can to protect their worldwide customers privacy, safety, and security. How the PRISM program is depicted, seems to be totally at odds with official claims by USG.65 See US Prism chapter.

US Administration (2013 June 16)
USG = US Government. The US Administration, and info in this chapter, is referenced in other chapters, including: • US 215 • US DOJ • US White House

61 62

http://www.lawfareblog.com/wp-content/uploads/2013/06/Backgrounder.pdf Targeting here means targeting for information gathering. 63 What is done with the data includes thousands of innocent people assassinated by drones. 64 Some “reports to Congress” only go to leaders of key committees, maybe less than a dozen people, NOT all of Congress. 65 http://www.lawfareblog.com/wp-content/uploads/2013/06/Backgrounder.pdf

33

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

34

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

According to Lawfare, The administration issued this statement66 June-15 on NSA collection under Sections 702 and 215.67 I agree with Lawfare that we need to study the whole story, but the following excerpt clarifies some things:

US Court Cases and rulings (2013 June 16)
There have been some court cases and rulings regarding the legality of access to information stored various places on the Internet. Some of the following may or may not alter the appropriateness of US domestic surveillance, and rights of people who think they have legitimate access. What is protected by the Stored Communications Act?68 ACLU shares69 an interactive graphic examining a formerly secret FISA Court order revealed June-5 via Ed Snowden thru the Guardian newspaper, available here, with ACLU annotations.70 For more links, see ACLU chapter.

US CRS (2013 June 14)
CFR = Council on Foreign Affairs. CRS = Congressional Research Service, a think tank for politicians who don’t think. FAS = Federation of American Scientists, where I usually go to find links to CRS reports, and other similar news. GAO = General Accountability Office, an investigative service, to help Congress know what’s going on, throughout most of government and the private sector. IG = Inspector Generals, who investigate specific topics at specific government agencies, and report their findings to Congress, the President, and the top of the agencies involved. NSA = National Security Agency = No Such Agency. Spoiler warning:

66 67

http://www.lawfareblog.com/wp-content/uploads/2013/06/Backgrounder.pdf http://www.lawfareblog.com/2013/06/administration-statement-on-telephony-metadata/ 68 http://blog.zwillgen.com/2013/06/13/is-public-content-hosted-by-social-networks-and-other-ispsprotected-by-the-stored-communications-act/ 69 http://www.aclu.org/national-security/aclu-files-lawsuit-challenging-constitutionality-nsa-phone-spyingprogram 70 http://www.aclu.org/blog/national-security/nsa-surveillance-order-explained-aclu

34

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

35
• • • •

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

GAO reports are typically around 50 pages, with weird terminology on every page, but a glossary of main terms somewhere in the document, and a one page summary of their findings, downloadable independently. IG reports are typically 100-250 pages, with unfamiliar terms in every paragraph. CRS reports are typically 500-1,000 pages, with unexplained acronyms and concepts in every line of text. There are other types of government reports, such as those on “accidents” which have happened, and “accidents waiting to happen,” but I have not read enough of them yet, to describe a pattern fitting into the above perspective.

Thanks to a Backgrounder on the NSA domestic surveillance controversy, provided by CFR,71 we have links to a couple of relevant CRS reports. This report from the nonpartisan Congressional Research Service discusses the history of constitutional interpretations and legislative responses relevant to the collection of private information for criminal investigation, foreign intelligence gathering, and national security purposes. This report from the nonpartisan Congressional Research Service examines the December 2012 reauthorization of Title VII of FISA, which created new procedures for targeting non-U.S. persons and U.S. persons for surveillance.

US DHS (2013 June 16)
Here is a 2011 reference list of web sites regularly monitored by DHS. Unfortunately, the urls are not direct links.72

US DNI (2013 June 15)
DNI = US Director of National Intelligence IC = Intelligence Community ODNI = Office of the Director of National Intelligence US Director of National Intelligence (DNI) responds to major recent LEAKS, with a non-denial. 73 • The story about VERIZON exploding to many other phone companies mega data.

• • • •

The story about this not just phone records, but also a spectrum of INTERNET activities Combined with other previous surveillance stories. He says there are many inaccuracies in the stories, but he does not clarify what’s true and what’s not. He tries to explain non-secret current provisions of the laws protect innocent Americans, but we have seen with administration saying one thing on drones, doing another, then excusing the other under the guise of that being secret. Then there is the whole IRS thing. I disagree with those conservative viewpoints, but that does not justify turning their financial lives upside down, sending in the ATF OSHA etc. to do bogus inspections of

71 72

http://www.cfr.org/intelligence/us-domestic-surveillance/p9763 http://cryptome.org/2012/01/0001.pdf 73 https://cyberlaw.stanford.edu/blog/2013/06/dnis-non-denial-mass-surveillance-americans http://blog.zwillgen.com/2013/06/07/dni-confirms-use-of-directives-under-702-what-does-this-mean/

35

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

36

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

their facilities. We all know there are laws, and there are authorities with the power to abuse their authority. DNI corrects what he calls mis-statements, but when so much is secret, how can reporting be precise? He talks about how these LEAKS jeopardize national security. 74 What the DNI can tell the public, about:75 • Data Mining

• • •

Gitmo Intelligence Community Security Clearances

DNI recent testimony to Congress.76 DNI recent press releases.77 DNI recent reports and publications.78 Intelligence Community (IC) FAQ.79

US DOJ (2013 June 16)
ACLU = American Civil Liberties Union DOJ = US Department of Justice FBI = US Federal Bureau of Investigation FISA = Foreign Intelligence Surveillance Act FISC = Foreign Intelligence Surveillance Court NSL = National Security Letter 215 = a section of the Patriot Act, which the FBI, NSA, and other government agencies can use, to get secret court orders demanding data, such as phone logs. 702 = a section of the FISA Amendments Act, which NSA and other government agencies can use, to get secret court orders demanding data, such as what goes through the Internet. Other chapters have some important info about US DoJ, including: • US 215 • US Administration The Dept of Justice is preparing charges against Ed Snowden.80
74

http://www.dni.gov/index.php/newsroom/press-releases/191-press-releases-2013/869-dnistatement-on-activities-authorized-under-section-702-of-fisa http://reason.com/blog/2013/06/06/director-of-national-intelligence-respon 75 http://www.dni.gov/index.php/newsroom/reports-and-publications http://www.dni.gov/index.php/newsroom/press-releases/191-press-releases-2013/872-dni-statement-on-thecollection-of-intelligence-pursuant-to-section-702-of-the-foreign-intelligence-surveillance-act 76 http://www.dni.gov/index.php/newsroom/testimonies 77 http://www.dni.gov/index.php/newsroom/press-releases 78 http://www.dni.gov/index.php/newsroom/reports-and-publications 79 http://www.dni.gov/index.php/about/faq?start=2 80 http://www.nationalterroralert.com/2013/06/11/justice-department-prepares-charges-against-nsa-leakersnowden/ http://www.newsmax.com/Newsfront/snowden-justice-leaks-charges/2013/06/11/id/509215 http://firstamendmentcoalition.org/2013/06/leaker-wants-public-to-know-about-secret-domestic-spying/

36

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

37

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

The ACLU points out that according to the Department of Justice's annual report, FISA applications to the secretive Foreign Intelligence Surveillance Court (FISC) in 2012 revealed a continued increase in the FBI's surveillance of Americans. The report covers the Bureau's requests for electronic and physical surveillance, secret court orders under Section 215 of the Patriot Act, and National Security Letters (NSLs). Over the last four years, the government's requests for electronic and physical surveillance have steadily increased after a brief decline in 2008 and 2009, with a total of 1,856 applications in 2012. However, the truly shocking number is how many times it applied for Section 215 orders, also known as business records requests, which as far as we know give the government extremely broad authority to access "any tangible thing," including sensitive information such as financial records, medical records, and even library records. In 2012, the government made 212 applications to the FISC under Section 215, over 94 percent of which the court found it necessary to modify – 200 to be exact. This is up from 205 in 2011, which may not seem like a huge difference, but consider that in 2009 the FBI made only 21 requests and the FISC modified just 9. This dramatic increase in both number of requests and the number of FISC modifications to the requests really makes you wonder what exactly the FBI is asking for. The ACLU filed a FOIA request to try to find out, but the court denied it on the grounds that because it is secret, none of the people being spied upon, know they are being spied upon, so they have no standing to dispute the stuff in court, a modern day Catch-22. Also compare 212 applications reported above, to 300 accesses to the phone mega data, cited in the US Administration section, for 2012. By my math, this means the government accessed the data in 88 instances in 2012, without going thru FISC permission. Since I have not studied all the links referred to, I might not be interpreting these summaries correctly.

US FBI (2013 June 14)
DOJ = US Department of Justice. FBI = US Federal Bureau of Investigation. NSL = National Security Letter, has no judicial oversight. OLC = Office of Legal Counsel. 215 = a section of the Patriot Act, which the FBI, NSA, and other government agencies can use, to get secret court orders demanding data, such as phone logs. 702 = a section of the FISA Amendments Act, which NSA and other government agencies can use, to get secret court orders demanding data, such as what goes through the Internet. According to the CATO Institute,81 the DOJ Office of Legal Counsel’s November 2008 opinion concluded that the FBI had seriously misinterpreted the scope of its authority
81

http://www.cato.org/blog/how-much-bulk-records-snooping-bypasses-judges

37

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

38

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

under the National Security Letter statute permitting access to telecommunications records without court approval. Congress, the OLC pointed out, had not given the FBI a blank check to demand any kind of “transactional records,” but only “toll billing records” or whatever their equivalent in the Internet context might be. That opinion was only made public several months later, and while the gap between the ruling and the switch to §215 suggests that the FBI was in no hurry to inform providers that they were turning over too much information, it looks as though attorneys at the companies eventually got wind of the problem and began demanding more robust process.

US FISA and FISC (2013 June 16)
FISA = Foreign Intelligence Surveillance Act FISC = Foreign Intelligence Surveillance Court NSL = National Security Letter 215 = a section of the Patriot Act, which the FBI, NSA, and other government agencies can use, to get secret court orders demanding data, such as phone logs. 702 = a section of the FISA Amendments Act, which NSA and other government agencies can use, to get secret court orders demanding data, such as what goes through the Internet. FISA and FISC are mentioned in other chapters. See: • ACLU • Big Picture • CRS • EFF • EPIC • FAS • NSA • Secretly Collecting Digital Data • Suspect Lists • US 215 • US Court • US DOJ • Washington Post • Wikipedia

US Founding Fathers Constitution (2013 June 15)
For a review of amendments in the Bill of Rights and Constitution, with relevance to US anti-terrorism national security actions, take a look near the beginning of my Drone Terms,82 where I define numerical things before alphabetical things. I go beyond specific privacy rights to how the courts have ruled on conflicts between the letter of the constitution and evolving needs of national security, and police use of new technologies.

82

http://www.scribd.com/doc/105029922/Drone-Terms-by-Al-Mac

38

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

39

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

Also specifically look up Privacy, since I also define different kinds of Privacy rights and challenges, in our digital age of growing surveillance. Papers of the Founding Fathers of the US Constitution are now on-line.83 The Founders Online is a new website at the National Archives which will allow people to search this archive of the Founding Era, and read just what the Founders wrote and discussed during the first draft of American democracy. If there’s any validity in “The Politically Incorrect Guide to the US Constitution”, a book I have been reading, the difference between the start and today will be like two alien planets.

US GAO (2013 June 21)
GAO = General Accountability Office
Personnel Security Clearances: Further Actions Needed to Improve the Process and Realize Efficiencies, GAO-13-728T, June 20 Testimony http://www.gao.gov/products/GAO-13-728T

US House Intelligence 2013-06-17 hearing (2013 Jun 19)
Abbreviations in this chapter: • • • • • • • • • • AlQ = Al Qaeda DoJ = Dept of Justice FBI = Federal Bureau of Investigation FISC = Foreign Intelligence Surveillance Court IC = Intelligence Community IG = Inspector General IT = Information Technology NSA = National Security Agency ODNI = Office of the Director of National Intelligence WMD = Weapons of Mass Destruction

83

http://afgeneralcounsel.dodlive.mil/2013/06/15/papers-of-the-founding-fathers-now-online/ http://www.whitehouse.gov/blog/2013/06/13/papers-founding-founders-are-now-online

39

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

40

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

The House Select Committee on Intelligence held an open hearing on NSA data collection programs,84 June 17, 2013, which I watched on C-Span. There were five witnesses: • • • • • General Keith Alexander, Director of NSA (National Security Agency) James Cole, Deputy Attorney General John Chris Inglis, Deputy Director of NSA Sean Joyce, Deputy Director of FBI (Federal Bureau of Investigation) Robert Litt, General Counsel, ODNI (Office of the Director of National Intelligence)

Here is the opening statement of Rep. Mike Rogers (R-Michigan), Chairman of the Committee.85 At one point in the hearing, we were told that FISC decisions have legal opinions intertwined with classified facts. If the secret facts are removed, the resulting legal opinions are Swiss cheese with no meaning. Similarly this hearing was like Swiss cheese, because we were being told pieces of info, without a full contextual understanding. We can view the hearing at the committee web site, but • Where is the testimony of the witnesses, for us to read? • Where are the facts on the four incidents being made public? • Where is that report which came out in May 2013 which compared transparency of US surveillance to that of other nations, which concluded that the US was more transparent? Previous news stories had claimed that the phone info captured included: • Phone #s of all participants (2 if normal call, more if conference call); • Brand Model Serial # of phone, which indicates what its capabilities are; • Locations of participants, while participating in the call; • Duration of call; At this hearing we were told, that under 215, they do NOT capture: • Identities of participants to whom the phone#s have been issued; • Locations of participants; • Content of calls.

84

https://intelligence.house.gov/press-release/nsa-director-keith-alexander-testify-open-house-intelligencecommittee-hearing https://intelligence.house.gov/hearing/how-disclosed-nsa-programs-protect-americans-and-why-disclosureaids-our-adversaries 85 https://intelligence.house.gov/sites/intelligence.house.gov/files/documents/ChairOpening06182013.pdf

40

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

41

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

We were reminded that the 4th amendment does not apply here, because courts have ruled that info about phone calls, held by the phone companies, are the property of the phone companies, not the property of the people making the calls. There was no discussion about allegations that: • Brand Model Serial # of phone might be included; • Many people are listed in phone books, such that an internet search for a given phone # often connects us to their phone directory listing; • Patterns of same phone # being used to call doctor’s office, medical insurance company, other related places, might reveal private personal details, without needing to see the content of the calls. In summary,86 • There is an executive order 12333 which governs how the Intelligence Community (IC) works with the surveillance data.87 Systems to capture the data must be renewed every 90 days with FISC (Foreign Intelligence Surveillance Court). This includes permission ahead of time for all actions, how the data is to be stored, who may access it, their training. All queries against the data have audit trails, which are reviewed by the IG and DoJ. • 702 gives legal authority to listen in on communications of foreign persons on foreign soil, who are suspected of being enemy aliens. This includes content of email, phone calls, Internet usage.88 The enemies are defined areas, such as remnants of the Cold War, threat of WMD, and modern AlQ affiliates. • 702 prohibits monitoring US persons in the USA or abroad. For example, a person with a US green card in Europe, is not legal to be monitored, under 702. 702 also prohibits monitoring a foreigner who is in Cleveland. It is only foreign persons outside the USA, who are suspected of working with AlQ or other defined enemies. • The people, who may not be monitored under 702, can be monitored under some OTHER authority, which typically requires going to FISC seeking permission, where facts must be presented to show how come they are a suspect. • When one of those foreign suspects, being monitored under 702 authority, or some other authority, makes contact with some person in the USA, NSA notifies the FBI, which then makes an application to FISC, for permission to look at the 215 data on that USA person.

For more info, see the chapters: US 215; US 702; US FISA; US NSA. Some Executive Orders can be viewed at the White House web site. http://www.whitehouse.gov/briefing-room/presidential-actions/executive-orders I searched, did not expect to find it, did not find it, but I did find some others which referenced it. http://www.whitehouse.gov/the-press-office/executive-order-classified-national-security-information http://www.whitehouse.gov/the-press-office/2010/08/18/executive-order-classified-national-securityinformation-programs-statehttp://www.whitehouse.gov/sites/default/files/omb/memoranda/2011/m11-08.pdf http://www.whitehouse.gov/sites/default/files/omb/assets/omb/inforeg/comments_rab/cre.pdf 88 See US 702 chapter for more info.
86 87

41

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

42

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

• •

• •

• •

The FISC order regarding Verizon which was leaked, is the smaller of two orders which go hand in hand. The order not leaked, is what NSA may do with the data from Verizon, or whatever phone company. This includes needing a second FISC authorization to actually look at anyone’s phone data. There is rigorous oversight, to make sure the data is used properly. This oversight has never caught anyone deliberately doing anything wrong, like Bradley Manning or Ed Snowden. All errors so far, caught by the oversight, have been technical, like a transcription error, or a keying error. Every time there is an error, it is reported to the FISC court, along with explanation what is being done to mitigate risk of that kind of mistake in the future. The info also goes to Intelligence and Judiciary committees of Congress. In some cases they get statistical data, as opposed to all details. When the mistake was the capture of info under 702, which is prohibited by 702, then it must be deleted. All captured data is flagged with the authority under which it was captured, the date it was captured, and how long info may be stored as per that authority, such as 5 years. This facilitates automatic purging of data captured under 215 which may only be stored 5 years. In 2012, there were less than 300 cases where phone data captured under 215 needed to be queried. There are 50+ terrorist attacks in 20+ nations, which have been thwarted by this system.

Some of the claims at this hearing, I am incorporating in other chapters on the topics discussed. I was also inspired by the hearing to write letters to two representatives who asked what I considered to be meaningful questions getting at the heart of government understanding of vulnerability to many more leaks, of the same kind that Ed Snowden did. I subscribe to C-Span heads up (arrives around 4-5 pm my time) with schedule of hearings to be shown that evening, and the next morning. So I set my alarm to watch The House Intelligence Hearing, early June-17, 2013 morning, on NSA data collection, which lasted just over 2 hours. Only two politicians asked what I thought were relevant questions about how Ed Snowden was able to do what our administrative leadership claim is impossible, and how many other System Administrators the Intelligence Community (IC) has (about 1,000). This led me to draft a letter, to those two politicians, suggesting additional hearings, to improve clarification, if they wish to continue that line of questions. Later, I intend to upload these “Hearing Suggestions” to my Google “Disaster Avoidance” collection.89 In summary, I proposed hearings and witnesses desirable to address a huge disparity between public perception, and US government claims:
See Other Topics.

89

42

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

43

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

• • • • • •

System Administrators and other Information Technology (IT) workers could be on a panel of witnesses, because, in my experience, the head of an organization seldom knows what the rank & file can really get into. Congress hearings have been plagued by “I don’t know” answers from witnesses. I believe some of this is thanks to asking wrong witnesses. Computer Infrastructure providers, because what people can get into is often limited more by the infrastructure, than any person’s rules. Cyber Security standards which exist, and how pervasive they are. Cyber Security standards which apply to Intelligence Community (IC) contractors, and how they are enforced. During WW II there was the “Loose Lips Sink Ships” slogan because of what Nazi spies could do with the info. Today we need something similar because of AlQ spies on the Internet. I cited examples of people afraid to report abuses, people who leaked to extremes, and suggest a route to a better middle ground. Popular TV and Movies paint a misleading picture of normal government work, which many people believe, which undermines trust in government. We can do something to mitigate this gap.

I tried to explain that we in IT are hired to do a job, which is not well understood by people outside of IT. There is technical language to describe it, which can be translated into words acceptable to top managers, but in the process, a lot is lost in translation. It is like to running a foreign human language statement through Google translate, compared to using a professional human translator. The machine translation makes the foreign speaker sound stupid. In the same way, when the geek language of what an IT worker does, has been translated into what is heard by people outside the profession, the description sounds stupid, and superficial, compared to what we really do. In my experience, • There are contracts with promises and guarantees, signed as a condition of the work, but the contents are never enforced, so the contractor is free to violate any contracts. This can include sub-contracting. • Within companies there are often cyber standards. We IT workers are ordered to give the contractors anything they ask for. We then see them violating our cyber standards. • In the software application marketplace today, it is rare that any person or institution has any idea all of which their software is doing. We buy the computer “appliances” to perform tasks we need done, and are oblivious to anything else the software might be doing, such as surveillance upon us and our organization. • In his recent National Security speech, Obama painted a story of only doing drone strikes against well defined known enemies. I wondered, at the time, if this meant an end to signature strikes, which are based on profiling people engaged in suspicious activity, like shooting guns in the air

43

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

44

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

at a wedding party, having a public funeral, waiting at a bus stop, attending a speech given by someone in an election, etc. Within 2 weeks we had more signature strikes, so I can only conclude that if something is secret, politicians feel free to deny that is happening.

US House Judiciary 2011 hearing (2013 Jun 14)
There was testimony during the re-authorization of the Patriot Act which warned of the possibility of the consequences we are seeing today.90

US IG (2013 June 17)
IG = Inspector General. IG is mentioned in other chapters. Also see: • FAS; According to the CATO Institute,91 you can read between the (heavily redacted) lines of a March 2008 Inspector General report on the use of §215 in 2006 and see intimations that “unlike in previous years,” the authority was being used in some programmatic way that would not be included in the IG’s discussion or metrics.

US NSA (2013 June 17)
NSA = National Security Agency, or popular humor: No Such Agency. Here are slides explaining NSA’s Prism program, leaked to the Washington Post.92 Prism involves NSA, and British Intelligence, access to our Internet activities: • Browsing Internet web sites • Chat • Data • E-mail • File transfers • Logins – the passwords we keyed • Photos • Search criteria • Social Media • Videos • Voice over Internet NSA explains why it is legal for them to listen in on private phone conversations, without a warrant.93
90 91

http://www.cato.org/blog/i-told-you-so-files-nsa-bulk-collection-edition http://www.cato.org/blog/how-much-bulk-records-snooping-bypasses-judges 92 http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/ 93 http://reason.com/blog/2013/06/15/yes-actually-the-nsa-says-they-can-eaves http://reason.com/24-7/2013/06/15/nsa-admits-it-can-listen-to-domestic-cal

44

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

45

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

For more info on NSA and Prism, see links articles in major source sections of: The Atlantic; CDT; Cyptome; EFF; FAS; Guardian of Britain; Washington Post; and Wikipedia. It is unclear from the multiple sources I have looked at so far, what is going on between the extreme claims of: • A lot of data goes into a data base, for which a FISA warrant is needed to access, only that which is for people who are “connected” to a terrorism suspect. • The NSA is getting data on most everyone in America, and there are personnel, like Ed Snowden, until he left his employer, who may look at any of it.

US NSL (2013 June 16)
NSL = National Security Letter This topic is mentioned in other chapters. See: • Tech Companies • US DOJ • US FBI

US PCLOB (2013 June 21)
PCLOB = Privacy and Civil Liberties Board. PCLOB held a closed door meeting to review classified information about the vast and controversial Internet and phone monitoring programs.94

US Postal Service (2013 June 10)
U.S. Postal service photographs all mail they process, just the front with address to and allegedly from.95 Anyone can put something in the snail mail with a phony return address, so this only catches the stupid crooks, along with all the innocent users of snail mail. We found out about this because of RICIN in snail mail.

US Prism (2013 June 16)
USG = US Government.
http://news.cnet.com/8301-13578_3-57589495-38/nsa-admits-listening-to-u.s-phone-calls-withoutwarrants/ 94 http://www.reuters.com/article/2013/06/20/us-usa-security-oversight-idUSBRE95J01220130620 95 http://www.thesmokinggun.com/documents/woman-arrested-for-obama-bloomberg-ricinletters-687435 http://news.gnom.es/news/the-fbi-is-spying-on-you-too-snail-mailers-so-maybe-dont-mail-ricin

45

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

46

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

This secret US government Internet surveillance program is mentioned, and explained, with links to more info, in several chapters. See: • Apple • AOL • BBC • Big Picture • Claims Denied • Cryptome • EFF • Facebook • Firefox • Google • Guardian • Independent • Microsoft • NSA • Pal Talk • Risks • Skype • Washington Post • Wikipedia • Yahoo • You Tube How the PRISM program is depicted, seems to be totally at odds with official claims by USG.96 See US 702 chapter.

US Representative Rogers (2013 June 15)
US House intelligence committee chairman Mike Rogers told reporters collecting Americans' phone records was legal, authorized by Congress and had not been abused by the Obama administration.97 It is good to get confirmation from top Washington DC officials, so we are not totally dependent on a few news media stories, to know what may be going on.

US Senate Appropriations 2013-06-12 hearing (2013 Jun 16)
An important source of info on Snowden gate was on C-Span June 12, 2013 afternoon, when I watched live, an unclassified hearing of the Senate Appropriations Committee98 on President Obama’s 2014 fiscal budget request for Security and Government
96 97

http://www.lawfareblog.com/wp-content/uploads/2013/06/Backgrounder.pdf http://www.bbc.co.uk/news/world-us-canada-22793851 98 http://www.appropriations.senate.gov/

46

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

47

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

Surveillance.99 Although the hearing had originally intended to focus mainly on cyber threats, there were an enormous volume of Q+A on what has come out in recent days, thanks to that young man, who is now in Hong Kong.100 WITNESSES: General Keith B. Alexander, Commander-U.S. Cyber Command, Director-National Security Agency (NSA), Chief-Central Security Service Summary of his testimony, regarding the Snowden Leaks, in the Guardian newspaper of Britain.101 The Honorable Rand Beers, Acting Deputy Secretary-Homeland Security (DHS) The Honorable Patrick Gallagher, Director-National Institute of Standards and Technology (NIST) Richard McFeely, Executive Assistant Director of Criminal, Cyber, Response, and Services Branch-Federal Bureau of Investigation (FBI) This was one of the better hearings I have seen on C-Span in that they were not doing certain kinds of stuff which has annoyed me with other hearings. • Some politicians travel from hearing to hearing, state their 2 cents question, then leave again, so we have the phenomena of the identical questions asked and answered a million times, and never get to the substance of the hearing. • Some politicians use these hearings for a soap box to say inappropriate things so some news media will show them out of context. • Some politicians are incapable of operating Q+A. They ask a question, the witness starts to answer, the politician interrupts to ask the same question, and this repeats for 10 minutes. We never get the answer, because the politician never listens. The politician is framing something that does not connect to the witness reality, is not satisfied until get a perjury statement. • There was none of the above at that hearing. I expect C-Span102 will be repeating this important hearing for my connections103 who share my interest in this important topic. However, there is at least one of the hearings I
99

http://www.appropriations.senate.gov/news.cfm?method=news.view&id=4deccbdd-144a-432b-9d4dfafbdbc76516 100 https://en.wikipedia.org/wiki/Edward_Snowden 101 http://www.guardian.co.uk/world/2013/jun/12/edward-snowden-hong-kong-live#block51b8e05ae4b0bf6d0fdbdbc0 102 http://www.c-spanvideo.org/videoLibrary/organization.php?id=60976 103 Connections = people with whom I share info by e-mail, phone, Internet social media, etc. and which according to latest leaks in the news, are accessible to national security to know who are my connections, if for any reason one of us becomes suspected of some wrong doing. They SAY this is only wrong doing of a terrorist nature, but we have seen with airport security, than mission creep has now placed dead beat dads on the no fly list. Most any security system, which is kept secret, is vulnerable to mission creep.

47

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

48

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

saw on C-Span TV about the IRS scandals,104 which did not make it into the C-Span online video library. I had heard some, but not all of this material before, from other sources, but it was good to hear from the horse’s mouths of people in charge of US security, and the protection of constitutional liberties, that they are fully aware of many problems which they are fixing. However, it is clear that for some problems they have been fixing them since 9/11, and did not know about some of them until the elephant, in the Hong Kong room, opened his big mouth. This here above is my overall initial summary, of the importance of other people viewing the hearing. I plan to go thru my 8 pages of scribbles jotted down in this hearing, and organize them here coherently, along with notes I have from other sources. Lawfare identifies some news coverage of this hearing: Ellen Nakashima and Jerry Markon report in the Washington Post, a trio at the New York Times also have a story, as does The Hill.105

US Senate Intelligence Committee (2013 June 17)
Here is web site of the Senate Intelligence Committee.106 They hold some hearings open to the general public, thru C-Span etc. while they also hold many closed classified hearings. Some stuff on their web site of possible interest regarding the topics of these notes: • • Current and Projected National Security Threats to the United States. Feinstein, Chambliss Statement on NSA Phone Records Program

US Senator Feinstein (2013 June 17)
Senator Dianne Feinstein107 is Chair Person of the Senate Intelligence Committee.108 She has arranged briefings for 100% of Congress on what is known about US domestic surveillance. Some of that info is classified, not allowed to be shared with the general public. She has confirmed that NSA is getting the phone data, which the Guardian leak revealed, using the Verizon court order.109 This was a 3 month renewal of an order which has been issued regularly for many years. It is good that we receive confirmations of reality from such a person, so we are not totally dependent on a few allegations by a few sources, outside of government.

See my notes, specifically on the IRS Scandals: http://www.scribd.com/doc/142707892/IRS-NGO-Al-Mac 105 http://www.lawfareblog.com/2013/06/todays-headlines-and-commentary-445/ 106 http://www.intelligence.senate.gov/ 107 http://www.feinstein.senate.gov/public/ 108 http://www.intelligence.senate.gov/ 109 http://www.bbc.co.uk/news/world-us-canada-22793851
104

48

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

49

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

Her committee holds periodic hearings on domestic and other surveillance.110

US TSA (2013 June 10)
Doesn’t the FAA ATC etc. have digital records of the planes which come & go at various airports? Don’t airports have surveillance cameras to observe any approaching threats? Don’t US spy satellites over top of USA see movements which could be threatening movements? Apparently not.111

US White House (2013 June 16)
White House spokesman Josh Earnest described the phone surveillance as a "critical tool" enabling US authorities to monitor suspected terrorists.112 It is good that official Washington DC sources confirm what some news media have said, so we have a clear picture of the official story. Yes this is happening, but we have many unanswered questions. President Obama defends the domestic surveillance.113

Media & Privacy sources International (2013 June 16)
Here are efforts not limited to one nation or region of the world.

Stop Watching Us (2013 June 16)
Stop Watching Us is a global petition calling for the US to end secrecy and enact transparency in surveillance for national security, stopping the portions of it which are illegal.114

Media & Privacy sources Australia (2013 June 17)
I am grouping same kinds of sources, then alphabetically within type of source. I split non-US from USA, to try to improve navigation of organizations.

News Com Australia (2013 June 21)
Turkey leadership summons British diplomats to explain themselves, after Ed Snowden in the Guardian leaks info about the UK spying on diplomats at a summit.115 Snowden leaked files show UK tapping into the world's network of fibre optic cables to deliver the "biggest internet access" of any member of the Five Eyes - the name given to
110 111

http://thecaucus.blogs.nytimes.com/2013/06/09/lawmaker-calls-for-renewed-debate-over-patriot-act/ http://www.cnn.com/2013/06/04/travel/plane-spotters-versus-terrorists/index.html 112 http://www.bbc.co.uk/news/world-us-canada-22793851 113 http://www.bbc.co.uk/news/world-us-canada-22820711 http://www.legitgov.org/President-Obamas-Dragnet 114 https://optin.stopwatching.us/ 115 http://www.news.com.au/breaking-news/world/turkey-summons-uk-over-spy-reports/story-e6frfkui1226665340424

49

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

50

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

the espionage alliance composed of the United States, Britain, Canada, Australia, and New Zealand.116

Media & Privacy sources Britain (2013 June 15)
UK = Britain. I am grouping same kinds of sources, then alphabetically within type of source. Here I include News Media and major organizations which I consider to be good sources of news analysis. I have split USA and UK, because different nations tend to have different sets of concerns. For example, US constitutional rights do not protect UK citizens residing in UK.

BBC in Britain (2013 June 15)
BBC = British Broadcasting Corporation … they are like US PBS, only better.

Prism vs. Privacy Protection explained by the BBC.117
Daily Mail (2013 June 16)
See Lawfare, for this and other publications covering the story, worth me pursuing.

Economist (2013 June 16)
See Lawfare, for this and other publications covering the story, worth me pursuing.

Guardian Newspaper in Britain (2013 June 17)
NSA = US National Security Agency. USG = US Government. See Lawfare, for this and other publications covering the story, worth me pursuing. The Guardian118 has published several stories119 about NSA info they received from Snowden,120 and on reaction about it in the USA and the world.121 USG denies some of the info published by the Guardian and other news media.122 See US 702 chapter. The Guardian Newspaper is referenced in other chapters. See: • ABC • Claims Denied • NSA
116

http://www.news.com.au/breaking-news/world/snowden-files-show-massive-uk-spying-op/storye6frfkui-1226667923388 117 http://www.bbc.co.uk/news/technology-22839609 118 http://www.guardiannews.com/ 119 http://www.guardian.co.uk/world/the-nsa-files 120 http://www.guardian.co.uk/world/2013/jun/11/edward-snowden-nsa-whistleblower-profile http://www.guardian.co.uk/world/2013/jun/09/edward-snowden-nsa-whistleblower-surveillance 121 http://www.guardian.co.uk/world/2013/jun/12/edward-snowden-hong-kong-live 122 http://www.lawfareblog.com/wp-content/uploads/2013/06/Backgrounder.pdf

50

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

51
• • • • • •

Snowden Leaks about USG Surveillance Secretly Collecting Digital Data Snowden Leaks Introduction US Court US Senate Appropriations 2013-06-12 Hearing US Senator Feinstein Washington Post

6/22/2013 16:06:16 a6/p6

According to an interview I watched on MSNBC, with Glenn Greenwald of the Guardian, the story they published about PRISM, was significantly different than that in the Washington Post, because of discrepancies between what NSA & the Tech companies have had to say, regarding how NSA is getting info from the Tech companies. Greenwald claims that before publishing their story, they talked to NSA & the Tech companies, and included the discrepancies in their story, while The Washington Post did not do as good a job, and thus had to retract some of what was said in their original story.

Boundless Informant is an NSA system of organizing the metadata it intercepts
from the internet, and other sources.123 Phone records are collected on millions of Americans.124 Guardian guide to metadata.125

Prism is an NSA system for recording activity on the Internet: our e-mails, where we
go with our browser, what we upload or download, our search history, and other methods of intercommunication.126 Different actors have different stories about what is really happening, partly because they all have gags in their mouths imposed by government secrecy. June-14, the Guardian reported that the UK's electronic surveillance agency, GCHQ, had been able to see user communications data from the American internet companies, because it had access to Prism, since June 2010.127 Hong Kong why that nation? Snowden thinks their judicial system is good enough that there can be an extradition hearing, where he will be able to make his case that he did nothing wrong.128
123

http://www.guardian.co.uk/world/2013/jun/08/nsa-boundless-informant-global-datamining http://www.guardian.co.uk/world/interactive/2013/jun/08/nsa-boundless-informant-data-mining-slides http://www.guardian.co.uk/world/interactive/2013/jun/08/boundless-informant-nsa-full-text 124 http://www.guardian.co.uk/world/2013/jun/06/nsa-phone-records-verizon-court-order 125 http://www.guardian.co.uk/technology/interactive/2013/jun/12/what-is-metadata-nsasurveillance#meta=0000000 126 http://www.guardian.co.uk/world/2013/jun/06/us-tech-giants-nsa-data 127 http://www.bbc.co.uk/news/world-us-canada-22820711 128 http://www.guardian.co.uk/world/2013/jun/12/edward-snowden-us-extradition-fight

51

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

52

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

I think this is a leak.129

Independent in Britain (2013 June 16)
USG denies some of the info published by the Independent and other news media.130 See US 702 chapter.

Prism explained, with some details I had not previously seen elsewhere.131 But there’s
also details at the Guardian and Washington Post links, which are not here. Some members of Parliament are claiming that the info sharing agreement between the US and UK were not shared with them. I don’t know if it was, and kept secret under a gag order, like with the US Congress, or if they are being truthful. As the primary sites of all the world’s major internet companies are in the United States, it means every communication by a UK national can in theory be read by NSA agents. Ditto for many other nations.

Reuters (2013 June 17)
See Lawfare, for this and other publications covering the story, worth me pursuing. Articles on Reuters of relevance to Snowden Leaks:132 • China asks USA to explain Internet Spying.133 • Snowden cannot get a fair trial in the USA.134 • Europe’s Internet competitors get advantage from NSA Leaks.135

Media & Privacy sources Pakistan (2013 June 20)
When I am able to figure out in which nation something is published, I group that way, because I believe that can color the focus and spin of how the stories are presented, and which sub-topics are of greatest interest by nation.

129
130

http://www.guardian.co.uk/world/2013/jun/07/obama-china-targets-cyber-overseas http://www.lawfareblog.com/wp-content/uploads/2013/06/Backgrounder.pdf 131 http://www.independent.co.uk/news/world/americas/qa-what-is-prism-what-does-it-do-is-it-legal-andwhat-data-can-it-obtain-8650239.html http://www.independent.co.uk/news/uk/politics/prism-scandal-agency-to-reveal-us-links-shortly-afterclaims-that-thousands-of-britons-may-have-been-spied-on-by-gchq-8650001.html http://www.independent.co.uk/news/world/americas/prism-and-the-us-internet-giants-the-relationship-thenumbers-and-the-language-8650233.html 132 http://www.reuters.com/ 133 http://www.reuters.com/article/2013/06/17/us-usa-security-china-idUSBRE95G06R20130617 134 http://www.reuters.com/article/2013/06/17/us-snowden-forum-trial-idUSBRE95G0NQ20130617 135 http://www.reuters.com/article/2013/06/17/us-cloud-europe-spying-analysisidUSBRE95G0FK20130617

52

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

53

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

Express Tribune (2013 June 20)
Tribune.com.pk is the online presence of The Express Tribune of Pakistan.136 They published a story on how the EU chief justice official wrote the US Attorney General, seeking clarification about NSA spying.137

Media & Privacy sources in USA (2013 June 15)
I am grouping same kinds of sources, then alphabetically within type of source. Here I include News Media and major organizations which I consider to be good sources of news analysis. I am splitting USA and other nations, because different nations tend to have different sets of concerns.

ABC News (2013 June 17)
Articles here of relevant interest: Snowden accuses Britain of spying on G20 diplomats.138 This story, which broke first on The Guardian of Britain, involves Britain’s intelligence agency, GCHQ allegedly setting up computers for diplomats to use, pre-supplied with key logging malware, and took other actions to capture all transmissions by the diplomats. In previous notes by me, on other topics, I have noted that computers, made available for people at hotels and motels, are a playground for hackers, because the lodging staff are not checking the systems regularly, and there can be hundreds of people using the same systems. New Jersey lawmakers seek to demand that any surveillance in their state, by police etc. based in a different state, keep NJ in the loop regarding their activities.139 This came about thanks to an AP story about the NYPD spying on Muslims in NJ.

ACLU (2013 June 17)
ACLU = American Civil Liberties Union. FISA = Foreign Intelligence Surveillance Act. FOIA = Freedom of Information Act. NSA = National Security Agency. The ACLU is referenced in other chapters. See: • The Atlantic; • MSNBC; • Politico; • US Court; • US DOJ;
136 137

http://tribune.com.pk/about/ http://tribune.com.pk/story/562713/eu-justice-chief-seeks-answers-on-us-data-spying/ 138 http://abcnews.go.com/Blotter/snowden-strikes-brits-accused-spying-20/story?id=19419537 139 http://abcnews.go.com/US/wireStory/nj-notice-agencies-surveillance-19420901

53

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

54

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

The American Civil Liberties Union (ACLU), the ACLU of the Nation's Capital, and Yale Law School's Media Freedom and Information Access Clinic filed a motion June-10 with the secret FISA court which oversees government surveillance in national security cases, requesting that it publish its opinions on the meaning, scope, and constitutionality of Section 215 of the Patriot Act.140 The motion is available here. Info on the ACLU's FOIA lawsuit is available here. ACLU is a Verizon customer.141 The American Civil Liberties Union (ACLU) and the New York Civil Liberties Union June-11 filed a constitutional challenge to a surveillance program under which the National Security Agency (NSA) vacuums up information about every phone call placed within, from, or to the USA. The lawsuit argues that the program violates the First Amendment rights of free speech and association as well as the right of privacy protected by the Fourth Amendment. The complaint also charges that the dragnet program exceeds the authority that Congress provided through the Patriot Act.142 An interactive graphic examining the secret FISA Court order revealed in the previous week is available here. June-11 complaint is at: aclu.org/national-security/aclu-v-clapper-complaint

AP (2013 June 16)
See Lawfare, for this and other publications covering the story, worth me pursuing.

Atlantic (2013 June 17)
See Lawfare, for this and other publications covering the story, worth me pursuing. Articles in The Atlantic, of relevance to Snowden Leaks: The Security-Industrial Complex.143 Q&A on ACLU Lawsuit over NSA Surveillance.144 NSA Leaks vs. the Pentagon Papers – What’s the Difference?145 I think one major difference is that the NSA Leaks are about on-going intelligence operations, while The
140

http://www.aclu.org/national-security/aclu-asks-spy-court-release-secret-opinions-patriot-actsurveillance-powers 141 http://www.aclu.org/national-security/aclu-files-lawsuit-challenging-constitutionality-nsa-phone-spyingprogram 142 http://www.aclu.org/national-security/aclu-files-lawsuit-challenging-constitutionality-nsa-phone-spyingprogram 143 http://www.theatlantic.com/politics/archive/2013/06/the-security-industrial-complex/276906/ 144 http://www.theatlantic.com/national/archive/2013/06/a-q-a-with-the-aclu-on-its-lawsuit-over-nsasurveillance/276875/ 145 http://www.theatlantic.com/politics/archive/2013/06/the-nsa-leaks-and-the-pentagon-papers-whats-thedifference-between-edward-snowden-and-daniel-ellsberg/276741/

54

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

55

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

Pentagon Papers were about USG failures, contributing to needless deaths in Vietnam. But The Atlantic article has a lot of other differences.

Bloomberg (2013 June 16)
See Lawfare, for this and other publications covering the story, worth me pursuing.

Brookings (2013 June 16)
See Lawfare, for this and other publications covering the story, worth me pursuing.

CATO Institute (2013 June 16)
CATO = ???? – I don’t know if initials “stand for something”, or this is someone name. CATO = a public policy research organization — a think tank CATO is also referenced in other chapters. See: • US FBI CATO raises many questions.146 CATO asks how much bulk snooping bypasses review or approval by judges.147 CATO discusses how snooping matters for people who may have nothing to hide.148 The info can stick around indefinitely, while the rules only stick around until someone decides to change them.

CDT (2013 June 16)
CDT = Center for Democracy and Technology.149 This organization promotes Internet freedom and innovation.150 See their education on relevant issues: • Free Expression • Consumer Privacy • Health Privacy • Security & Surveillance • Digital Copyright • Internet Openness & Standards • NSA Collection of Phone Records • NSA Surveillance151 • Open Government • Their Blog

146 147

http://www.cato.org/publications/commentary/3-questions-about-nsa-surveillance http://www.cato.org/blog/how-much-bulk-records-snooping-bypasses-judges 148 http://www.cato.org/publications/commentary/nsa-snooping-matters-even-you-have-nothing-hide 149 https://www.cdt.org/ 150 https://www.cdt.org/about 151 https://www.cdt.org/content/nsa-surveillance

55

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

56

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

CIS (2013 June 16)
CIS = Center for Internet and Society.152 CIS is a public interest technology law and policy program at Stanford Law School and a part of Law, Science and Technology Program at Stanford Law School.153 They have lots of references, to help people understand dimensions of this topic, such as: • DNI’s non-denial154 • What the NSA leaks teach us about technology and politics155 • Are these leaks whistle blowing or serious crime?156 • Privacy issues157 • Copyright and Fair Use158 • Drones159

CNN (2013 June 17)
CNN = Cable News Network CNN has some articles about the Snowden Leaks: • How NSA spying scares the world.160 • • Opinion: Massive spying on Americans is outrageous.161 Opinion: Why we need government surveillance.162

Council on Foreign Relations (2013 June 14)
CFR = Council on Foreign Relations. They have a backgrounder FAQ of sorts on this controversy.163 Here’s what you will see when you go there: • Introduction • What was the domestic surveillance controversy under Bush? • What is the domestic surveillance controversy under Obama?
152 153

https://cyberlaw.stanford.edu/ https://cyberlaw.stanford.edu/about-us 154 https://cyberlaw.stanford.edu/blog/2013/06/dnis-non-denial-mass-surveillance-americans 155 https://cyberlaw.stanford.edu/blog/2013/06/what-last-weeks-nsa-leaks-can-teach-us-about-technologyand-politics 156 https://cyberlaw.stanford.edu/blog/2013/06/whistleblowing-about-government-surveillance-politicaloffense-or-serious-crime 157 https://cyberlaw.stanford.edu/focus-areas/privacy 158 https://cyberlaw.stanford.edu/focus-areas/copyright-and-fair-use 159 https://cyberlaw.stanford.edu/our-work/topics/drones 160 http://www.cnn.com/2013/06/12/opinion/deibert-nsa-surveillance/index.html 161 http://www.cnn.com/2013/06/11/opinion/rowley-nsa-surveillance/index.html 162 http://www.cnn.com/2013/06/10/opinion/sulmasy-nsa-snowden/index.html 163 http://www.cfr.org/intelligence/us-domestic-surveillance/p9763

56

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

57
• • •

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

Why did this become an issue in mid-2013? What are the challenges to domestic surveillance policy? Additional resources

There is a significant opportunity to build a more comprehensive framework embedded in statute to address the civil liberties challenges posed by the use of commercial data for counterterrorism purposes, says this CFR working paper by Daniel B. Prieto.

CREW (2013 June 16)
CREW = Citizens for Responsibility and Ethics in Washington.164 CREW uses high-impact legal actions to target government officials who sacrifice the common good to special interests.165 They have some articles of relevance to issues of these notes, such as: • •
• • • •

Less Domestic Spying, More Government Transparency Domestic Surveillance Scandal underscores need for more Transparency166
OLC Memoranda: Does U.S. Secret Law Threaten Our Democracy? CREW Signs Amicus Brief Against OLC Secret Law. Learn more about CREW's work towards an open government. US Supreme Court is out of touch with Transparency

Daily Caller (2013 June 14)
Nancy Pelosi, senior Democrat in US House of Representatives, says Ed Snowden needs to be prosecuted.167

EFF (2013 June 16)
EFF = Electronic Freedom Foundation168 This organization promotes privacy for Internet users.169 Here are some of their important write-ups: • Copyright Education170 • Privacy Issues171
164 165

http://www.citizensforethics.org/ http://www.citizensforethics.org/pages/about 166 http://www.citizensforethics.org/blog/entry/domestic-surveillance-scandal-underscores-need-fortransparency 167 http://dailycaller.com/2013/06/13/pelosi-snowden-should-be-prosecuted-video/ 168 https://www.eff.org/ 169 https://www.eff.org/about 170 http://www.teachingcopyright.org/ 171 https://www.eff.org/issues/privacy

57

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

58
• • • • •

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

Surveillance Self-Defense FAQ.172 An International Perspective on FISA: No Protections, Little Oversight What We Need to Know About PRISM 86 Civil Liberties Groups and Internet Companies Demand an End to NSA Spying173 In Response to the NSA, We Need A New Church Committee and We Need It Now

I am using their HTTPS EVERYWHERE add-on protection with my browser.174

EPIC (2013 June 16)
EPIC = Electronic Privacy Information Center175 This organization promotes privacy for Internet users.176 See their resources on such topics as: • Domestic Surveillance • Drones and UAVs • FISA • Fusion Center • iPhone Privacy • Medical Record Privacy • National ID • News

FAS Secrecy News (2013 June 17)
FAS = Federation of American Scientists FAS Secrecy Project = info about what the US government is doing, but is not being very forthcoming about it, ie. Where transparency is a joke. The US government takes a dim view of US government employees accessing materials which may have been leaked by Ed Snowden, or through Wikileaks. Such employees could be fired.177

172 173

https://ssd.eff.org/ https://www.eff.org/deeplinks/2013/06/86-civil-liberties-groups-and-internet-companies-demand-endnsa-spying 174 https://www.eff.org/https-everywhere 175 https://epic.org/ 176 https://epic.org/epic/about.html 177 http://blogs.fas.org/secrecy/2013/06/dod-classified/ http://reason.com/blog/2013/06/14/pay-no-attention-to-the-surveillance-sec http://reason.com/24-7/2013/06/14/senate-staffers-ordered-to-ignore-nsa-do http://www.forbes.com/sites/kashmirhill/2013/06/14/senate-staffers-told-to-pretend-top-secret-documentsare-not-widely-available-on-web/

58

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

59

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

FISA Court tells Senate Intelligence Committee that summarizing their decisions, or declassification and public disclosure, is impractical.178 Inspectors General Assess Agency Classification Activity, Secrecy News, June 3, 2013. IC Backgrounder on Two NSA Programs, June 16. "Both of these programs were authorized by Congress on a bipartisan basis, are approved by the Foreign Intelligence Surveillance Court (FISC), and are [sllegedly] rigorously and regularly reviewed by the Department of Justice (DoJ)1 and Office of the Director of National Intelligence (ODNI)." December 1974, there was a similar uproar about secret government surveillance, but the solution there would not solve the current mess, because for our current reality, all 3 branches of US government are involved, and all 3 have behaved badly for several years.179 Principles on National Security and the Right to Know were generated by an international group of scholars, government officials, activists and others convened by the Open Society Justice Initiative in an attempt to define a global consensus on national security secrecy and to aid legislators and citizens around the world who may be new to the subject.180

Forbes (2013 June 16)
See Lawfare, for this and other publications covering the story, worth me pursuing.

Hill (2013 June 16)
See Lawfare, for this and other publications covering the story, worth me pursuing.

Huffington Post (2013 June 16)
See Lawfare, for this and other publications covering the story, worth me pursuing.

Lawfare (2013 June 16)
Lawfare has lots of coverage which impinges on the controversy over Snowden Leaks, and trying to wrap our mind around what exactly are the facts. Some of these entries, I mention within other chapters, such as: • US Administration • Washington Post Lawfare has both their own articles on the topic, and summaries of what other publications have posted. In the interests of Fair Use, I try to further summarize what Lawfare says, including links to their sources, except where I have already written about
178 179

http://blogs.fas.org/secrecy/2013/06/fisc-summaries/ http://blogs.fas.org/secrecy/2013/06/surveillance-legitimacy/ 180 http://blogs.fas.org/secrecy/2013/06/secrecy-rtk/ http://afgeneralcounsel.dodlive.mil/2013/06/17/determining-the-secrecytransparency-balance/

59

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

60

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

this elsewhere in my notes. I have read only a fraction of what is at the many links, first trying to map out worthwhile links, then cherry picking which I want to read. I highly suggest that people put Lawfare in their RSS reads. Lawfare is a blog about hard choices with national security.181

Lawfare June-15 week ending (2013 June 16) Lawfare info, on Snowden Leak stories, in week ending Sat Jun-15, 2013:182
• • • • Ashley wrote about different ways by which the USA might procure Snowden’s return. Ben and Bobby co-authored a New Republic piece about the differences between the two leaks.183 Joel Brenner guest posted on oversight of intelligence collection. Bill Galston, Senior Fellow at Brookings, authored a guest post discussing Alexander Hamilton’s arguments in Federalist No. 8 on the intersection of national security and civil liberties. Joel Brenner commented on Senator Rand Paul’s calling Ed Snowden’s actions “civil disobedience.184 Paul responded to Ben’s query from a week ago about what would be required to receive an order under Section 215. He also shared a memo from Secretary of Defense Chuck Hagel entitled “Cultivating the Future Cyberspace Operations Workforce,” and noted inaccuracies in the Washington Post’s story on the NSA PRISM program.

• •

Lawfare June-14 daily info (2013 June 16)
Lawfare info, on Snowden Leak stories, Friday June-14, 2013:185 • Keith Bradsher writes in New York Times on Chinese media’s reaction to Snowden’s comments about U.S. surveillance in China. What if the leaker has other classified documents, is the focus of Greg Miller and Sari Horwitz’s Washington Post story. According to Danny Yadron and Evan Perez of the Wall Street Journal, T-Mobile USA and Verizon Wireless do not—yet—fork over data to the NSA pursuant to


181 182

http://www.lawfareblog.com/ http://www.lawfareblog.com/2013/06/the-week-that-was-all-of-lawfare-in-one-post-11/ 183 The first two leaks. 184 http://www.lawfareblog.com/2013/06/is-rand-paul-right-about-edward-snowdens-civil-disobedience/ 185 http://www.lawfareblog.com/2013/06/todays-headlines-and-commentary-446/

60

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

61

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

court order. They say the two companies are foreign-owned, unlike Verizon Business Network Services, the subject of the recently-leaked FISC order, a U.S. subsidiary separate from Verizon’s wireless network. • • • • • Richard Lempert wrote this piece, on Brookings, about the PRISM program and privacy. Times’s Claire Cain Miller describes Yahoo’s 2008 failed challenge to the FISC order, which resulted in its joining the PRISM program. “Five Myths” feature in Post’s Outlook section, penned by GWU law’s Daniel Solove, goes to the heart of the battle between privacy and national security. Britain has asked airlines around the world to not allow Edward Snowden on their planes. Reuters and the Daily Mail has the details. The director of Hong Kong Human Rights Monitor Law Yuk-kai authored this op-ed in the Times explaining why that place might not be the best locale for Snowden. Two Siobhans (Hughes and Gorman) at the Wall Street Journal report on remarks by the Chair and Ranking Member of the House Intelligence Committee, following a 3-hour, classified hearing with NSA director Gen. Keith Alexander. Michael Gerson dedicates his Washington Post column today to critique hard core conservatives criticism of the NSA: Bloomberg’s editorial speaks in favor of Senator Jeff Merkley’s proposal to declassify some opinions of FISA courts. Senator Merkley queried General Keith Alexander on the wisdom of the idea. Alexander seemingly surprised the Oregon Senator, when he spoke in favor of it. There’s video over at the Huffington Post. Carlo Munoz at The Hill. writes about Senator Dianne Feinstein work on a legislative proposal to limit access that federal contractors have to highly classified information. Mike Lillis at The Hill writes about House Minority Leader Nancy Pelosi wanting Snowden to be prosecuted, and her preparation of a fact sheet outlining the differences between surveillance under the Bush and Obama administrations

• • •

61

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

62

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

Lawfare June-13 daily info (2013 June 16)
Lawfare info, on Snowden Leak stories, Thursday June-13, 2013.186 • • • • • • • • Edward Snowden will fight an extradition order, should it come to that, writes Keith Bradsher in the Times. Ashley had a post on options available to the US in its efforts to collect Snowden. NPR has assembled this guide to key terms in the story. Wall Street Journal story discusses technological advances which made PRISM possible. CoinDesk analyzes impact of PRISM disclosure, and subsequent details on the value of Bitcoin. Dick Morris opines in The Hill on how he’d like to reform the NSA. Brian Fung of National Journal shares aggregate FISA requests and NSLs since 2001. Snowden’s info about US cyberattacks on China caught that country’s officials’ attention, as Jia Lynn Yang explains in the Post. Times Gerry Mullany and Didi Kirsten Tatlow report on China state-run media speculation on impact on two governments’ relations. Tech companies are trying to share what exactly they’ve handed over to U.S. authorities: Google explained it used rather un-techy methods, including FTP transfers and in-person delivery. Here’s Claire Cain Miller in the Times and Michael Auslen in USA Today. DoJ is reviewing Google’s request that it provide aggregate data on the number of FISA warrants to the public, as Main Justice’s Jennifer Koons writes. The Washington Post editorial board has something to say about that request:

Lawfare June-12 daily info (2013 June 16)
Lawfare info, on Snowden Leak stories, Wednesday June-12, 2013.187 • ACLU filed a lawsuit against NSA challenging constitutionality of the program that collects phone metadata. The Washington Post, Politico, New York Times, and the Associated Press all have details on the suit.

186 187

http://www.lawfareblog.com/2013/06/todays-headlines-and-commentary-445/ http://www.lawfareblog.com/2013/06/todays-headlines-and-commentary-444/

62

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

63

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

NYU Law’s Brennan Center for Justice released a fact sheet about the surveillance programs: “Are They Allowed to Do that? A Breakdown of Selected Government Surveillance Programs.” Elizabeth Goitein of the Brennan Center argues in Time that our classification laws are insufficient to deal with the reality—and that “we need fundamental reform of the classification system, so that leaks are no longer the only way to provide the public with information it has a right to know.” The Economist distills the “real problem” behind the leak controversy: not that the government is spying on us, but that the government is asking Google to turn over what it knows about us. Paul R. Pillar put things in perspective in the National Interest, recalling that when he was involved in a 1997 DoD data collection study, everyone was excited about it: Snowden may have overstated the authority he—and the NSA—had to wiretap individuals, according to experts interviewed on National Public Radio’s Morning Edition. Greg Miller describes parallels between Snowden and Bradley Manning in the Post. The AP has the latest on concerns from lawmakers on Capitol Hill about surveillance programs. Members of the House received a full briefing on the programs from NSA, Department of Justice, and FBI officials this morning—and are saying they remain unsatisfied with the information they received. The Hill reports.

• •

Lawfare June-11 daily info (2013 June 16)
Lawfare info, about Snowden Leak stories, Tuesday June-11, 2013.188 • • Keith Bradsher in New York Times reports Hong Kong is likely to extradite Edward Snowden if asked to by the U.S. government. Russia called Snowden a “human rights activist” and has said it would consider an asylum request from him. Julian Assange says: “I would strongly advise him to go to Latin America.” CNN has more. The Post tells us a full-scale investigation has begun into how Snowden was able to gain access to the info he leaked. The Times also reports how and why

188

http://www.lawfareblog.com/2013/06/todays-headlines-and-commentary-443/

63

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

64

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

Snowden gave his media contacts the info he did. And Kim Zetter of Wired magazine explains why what Snowden did was the “ultimate insider attack.” • The Los Angeles Times reports Snowden’s claims that “at any time [he could] target anyone, any selector, anywhere” are a huge overstatement of what the NSA can legally do. Politico ten things about Edward Snowden, next time you’re playing Trivial Pursuit. The Times thinks the highly classified nature of these programs and lack of political pressure from Congress may change anything. The Post also discusses the reluctance of the courts to stand up to the USG in the face of national security concerns. Glenn Kessler gives President Obama “one Pinnochio” in the Post for Obama’s claim that “every member of Congress has been briefed on this program.”189 Anjali Dalal explains in Balkinization why the secrecy surrounding surveillance “threatens both the deliberative process and public accountability.” Editorials abound: o The Times, on questions our leaders could answer about these surveillance programs. o Wall Street Journal argues the only real scandal here is that Snowden leaked highly classified material. o The Post, argues where the scandal is. • Carlo Munoz of the Hill reports that a bipartisan group of 8 senators introduced legislation requiring the Attorney General to declassify significant FISA court opinions. Beyond the Beltway, a Washington Post-Pew Research Center poll reveals that most Americans aren’t fussed about this scandal:

• •

• • •

Lawfare June-10 daily info (2013 June 16)
Lawfare info, about Snowden Leak stories, Monday June-10, 2013.190
189

Briefing about a dozen leaders of Congress, and forbidding them to share the info with anyone, including the rest of Congress, is not the same as briefing 535 politicians in Congress. 190 http://www.lawfareblog.com/2013/06/todays-headlines-and-commentary-442/

64

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

65

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

o The source of the NSA leaks explains his motives in this interview with the Guardian. o He also spoke with the Washington Post, and the New York Times reports too. o The Associated Press has five things to know about the whole fiasco. o Ben and Bobby have many thoughts in this New Republic article. o Robert O’Harrow Jr. deliberates in the Post on pros and cons of outsourcing intelligence analysis to security contractors, such as Booz Allen Hamilton, where Snowden was last employed. o The Times also covers the growth of private security firms post-9/11, and the close links between the companies and the U.S. government. o Senate Intelligence Committee Chairwoman Dianne Feinstein told ABC News yesterday that she was open to holding public hearings about the programs Snowden disclosed, according to the Times. She also said that the intelligence programs in question helped to thwart at least two gentlemen—David Headley and Najibullah Zazi—from perpetrating terrorist attacks, reports the Post. And the AP discusses whether, and to what extent, the program indeed contributed to the Zazi investigation. o Steven Aftergood, of Secrecy News, argues that all branches of government “performed badly, by misrepresenting the scope of official surveillance, misgauging public concern and evading public accountability.” o Shane Harris of Washingtonian magazine (though apparently not for long!) explains why the metadata of phone records is much “more invasive and a bigger threat to privacy and civil liberties” than the NSA’s PRISM system: o David Rhode in the Atlantic describes the responses from all corners—the media, lawmakers, the administration, and the president himself—to the leaks about the surveillance programs, and concludes: “The president is trying to have it both ways. Two weeks ago, Obama called for a scaling back of the ‘war on terror.’ On Friday, he defended the vast post-9/11 state surveillance system whose only justification is to wage it.” o Eric Posner of the University of Chicago and Jameel Jaffer of ACLU duel it out in the New York Times’s Room for Debate. o Transparency means different things to different members of Congress. Josh Gerstein of Politico informs us that the Obama administration provided 13 briefings to lawmakers on the Hill about these surveillance programs.

65

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

66

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

Lawfare June-8 week ending (2013 June 16)
Lawfare info, on Snowden Leak stories, in week ending Sat Jun-8, 2013.191 o Here are Steve’s post, written when the Guardian first published its piece on the court order; and a pair of posts by Ben (first and second) wondering about the order’s factual predicate. o Wells shared the Washington Post piece on PRISM. o Bobby wrote about PRISM and FISA Court order revelations, and reflected on a 2008 post from David Kris about FISA minimization procedures. o Carrie Cordero authored a guest post explaining why national security leaks of this nature are detrimental to the national defense. o Here are your government talking points produced in the immediate aftermath; Senate Intelligence Committee members’ nonchalant response to the court order; White House Deputy Principal Press Secretary’s remarks; DNI Clapper’s statement on Verizon; DNI Clapper’s subsequent statement on NSA PRISM; reactions from Capitol Hill; Congressman James Sensenbrenner’s letter to Eric Holder; and President Obama’s remarks. (Watch video here). o Don’t miss Paul’s pointing out of another top secret document published by the Guardian: the Administration’s cyber operations policy.

Lawfare June-7 daily info (2013 June 16)
Lawfare info, on Snowden Leak stories, Friday June-7, 2013.192 o President Obama spoke for 15 minutes about the FISA Court order leak and disclosure of the NSA’s data mining efforts. He defended those programs, and reiterated that NSA is not listening to telephone calls (under those particular programs). Here are a New York Times foursome (Charlie Savage, Edward Wyatt, Peter Baker, and Michael Shear) discussing his remarks, and Politico’s Josh Gerstein and Jennifer Epstein as well. There’s also this video from C-SPAN; President Obama’s remarks start around 12:10. o FISA Court Chief Judge Reggie Walton went on the record with the Guardian: o Read Stewart Baker’s post at Volokh Conspiracy in response to DNI Clapper’s statement, and Orin Kerr’s post at the same blog focusing on the legal standard Clapper invoked in his statement—the Terry v. Ohio standard for temporary stops and questioning under the Fourth Amendment.
191 192

http://www.lawfareblog.com/2013/06/the-week-that-was-all-of-lawfare-in-one-post-10/ http://www.lawfareblog.com/2013/06/todays-headlines-and-commentary-441/

66

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

67

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

o Britain’s GCHG—essentially its NSA—makes use of info from PRISM, which harvests technology company data, revealed yesterday in press accounts. The scoop comes from the Washington Post, which got it from the Guardian. o The New York Times story about PRISM has been updated, and here’s the latest The Hill story by Carlo Munoz about the goings-on. Peter Baker has this Times article reviewing the administration’s and certain Congressional leaders’ embrace of these controversial counterterrorism tools. Here’s The Economist on the discoveries, too. o Internet companies deny that they provided direct access to USG, according to Brendan Sasso’s report in The Hill. The we’re-not-giving-info-to-the-government list include Apple, Google, Facebook, and Yahoo!—all of which, in one way or another, disclaim knowledge of PRISM. o Carrie Johnson of NPR obtained a 2011 letter from DoJ to Senators Ron Wyden and Mark Udall, explaining how it collects info using PATRIOT Act’s Section 215. o During his March testimony before the Senate Intelligence Community, DNI James Clapper responded “No” to Senator Wyden’s question regarding NSA’s data collection efforts on “millions or hundreds of millions of Americans.” Carlos Munoz reminds us of this exchange at The Hill, while Jonathan Weisman refers to last December’s largely uncontroversial re-up of the FISA Amendments, save for Senator Ron Wyden’s impassioned remarks on the floor. o Senator Al Franken wants FISA court opinions to be declassified as often as possible. Here’s his statement in Politics USA. o Congressman Mike Rogers said that NSA’s phone records collection has thwarted a terrorist attack in the “last few years.” Brendan Sasso quotes that in The Hill. o Congressman Jim Sensenbrenner, author of the PATRIOT Act, expressed his concern about the FISA Court order, saying that “I am extremely troubled by the FBI’s interpretation of this legislation.” Justin Sink reports in The Hill. o Karl Rove said to Greta Van Susteren on her FOX TV show that such efforts are essential to the war on terror. o The Wall Street Journal’s editorial page supports the NSA’s data mining effort. o A Washington Post editorial says the government needs to go public about its reasoning for collecting phone record data.

67

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

68

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

o Eugene Robinson wonders in his Washington Post column whether the Verizon FISA order signals an end to privacy. o Brendan Sasso of The Hill tells us that during his days as senator, President Obama co-sponsored a bill that would have increased the burden of proof on the government in order to acquire a foreign person’s phone records. And Senator Rand Paul authored a Guardian op-ed on this very issue, saying that “Senator Obama was right.” o This Reuters story demonstrates constructive results from public-private cooperation: Microsoft and Europol worked together to defeat a computer virus that is believed to have helped steal over $500M from bank accounts in the last year and a half. Microsoft helped the U.S. government in this effort, collecting forensic evidence from internet providers located in the U.S. o The Times’s Noam Cohen and Leslie Kaufman authored this piece on the journalist who published the FISA Court order: Glenn Greenwald. o Popular Mechanics author Glenn Derene explains NSA reasoning with big data. Tom Simonite of Technology Review explains what data miners can do with Verizon’s records.

Lawfare June-6 daily info (2013 June 16)
Lawfare info, on Snowden Leak stories, Thursday June-6, 2013.193 o Everyone did a huge double take when they came across: the NSA’s collection of Verizon customers’ phone records for a three month period. Ben, Steve and Wells offer their thoughts on the whopper of a story that Glenn Greenwald of the Guardian broke. Check out the New York Times, Washington Post, CNN, The Hill, and the Wall Street Journal for detailed coverage. o Raffaela posted the government’s official talking points on the story, and The Hill reports on one administration official’s defense of the seizure of phone records: “It allows counter terrorism personnel to discover whether known or suspected terrorists have been in contact with other persons who may be engaged in terrorist activities, particularly people located inside the United States.”

Lawfare more stories (2013 June 16) Other relevant Lawfare blog posts, relevant to Snowden Leak controversies:
o Our enemies reviewed, why we need to have SOME kind of surveillance.194
193 194

http://www.lawfareblog.com/2013/06/todays-headlines-and-commentary-440/ http://www.lawfareblog.com/2013/06/annals-of-associated-forces-aq-aqi-and-al-nusrah/

68

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

69

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

o The powers of data mining,195 network analytics, and IT know-how Ed Snowden may be lacking.196 o Section 215 analysis.197 o NSA controversies.198 o Prism info.199 o Intelligence Oversight in a Democracy.200 o Economic Espionage by NSA201 means that foreign nations may feel compelled to level the playing field by ramping up their espionage of the USA. o Info about Manchurian Chips,202 which I have written about from time to time. o Why the US government Outsources:203 One effect of downsizing government employees, transferring a lot of the work to higher paid private contractors, is to increase the federal budget for the same work. Another issue is that the experience, needed to wisely manage the data, is now in the hands of employees of these contractors, perpetuating the need to employ them. o The only people prohibited from reading Ed Snowden leaks are the very people with security clearances for the data.204 o Safe Havens for Ed Snowden.205 o Ed Snowden’s girlfriend reacts, in her blog. This CNN story explains it all.

Los Angeles Times (2013 June 16)
See Lawfare, for this and other publications covering the story, worth me pursuing.

MSNBC-TV (2013 June 17)
In the interest of fairness, I should mention that MSNBC is one of my favorite TV news channels, along with CNN, C-Span 1 2 3, National Geographic, and this month I have been checking in regularly with HLN because of their coverage of the trial of George Zimmerman accused of 2nd degree murder of Trayvon Martin. MSNBC is mentioned in other chapters. See:
195

http://www.lawfareblog.com/2013/06/president-obama-comments-on-data-mining/ http://www.lawfareblog.com/2013/06/congress-on-the-fisa-order-and-data-mining-stories/ 196 http://www.lawfareblog.com/2013/06/data-mining-and-edward-snowden/ 197 http://www.lawfareblog.com/2013/06/sensenbrenner-on-doj-testimony-regarding-section-215/ http://www.lawfareblog.com/2013/06/answering-the-section-215-relevance-question-and-tracking-paulrevere/ 198 http://www.lawfareblog.com/2013/06/the-nsa-revelations/ http://www.lawfareblog.com/2013/06/william-galston-on-the-nsa-controversies/ http://www.lawfareblog.com/2013/06/a-tale-of-two-nsa-leaks/ 199 http://www.lawfareblog.com/2013/06/the-washington-post-on-prism/ 200 http://www.lawfareblog.com/2013/06/power-secrecy-and-intelligence-oversight/ 201 http://www.forbes.com/sites/johnvillasenor/2013/06/11/why-the-nsa-leaks-will-lead-to-more-economicespionage-against-american-companies/ http://www.lawfareblog.com/2013/06/john-villasenor-on-the-nsa-and-economic-espionage/ 202 http://www.lawfareblog.com/2013/06/hardware-vulnerabilties-and-military-chips/ 203 http://www.lawfareblog.com/2013/06/why-the-government-outsources-in-3-figures/ 204 http://www.lawfareblog.com/2013/06/really/ 205 http://www.lawfareblog.com/2013/06/safe-havens-for-snowden/

69

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

70

Snowden Leaks about USG Surveillance Guardian

6/22/2013 16:06:16 a6/p6

MSNBC-TV published an article written by ACLU.206 The usually invisible National Security Agency has become ostentatiously visible and many Americans do not like what they see. Several members of Congress claim that what has been happening was news to them. Due to the secret nature of the whole thing, and politicians love for bashing each other, we have no way of knowing if they are being truthful this time. Judicial review has amounted to a secret court, upholding a secret program, by secretly re-interpreting a federal law. Oversight seems impossible. We have seen with PUBLIC stuff, that Congress is unable to do a competent job, like with the IRS non-profit status, and ATF gun smuggling to Mexico drug cartels. We have seen that people from Congress go over to CIA to be briefed on Drone strikes, but they still can’t explain how thousands of innocent people are getting killed. How can they do oversight of this?

National Journal (2013 June 16)
See Lawfare, for this and other publications covering the story, worth me pursuing.

New York Times (2013 June 16)
See Lawfare, for this and other publications covering the story, worth me pursuing. Edward Joseph Snowden explains why he leaked classified info about US domestic surveillance.207 Stickers on Ed Snowden’s laptop.208

New Republic (2013 June 16)
See Lawfare, for this and other publications covering the story, worth me pursuing.

NPR (2013 June 16)
See Lawfare, for this and other publications covering the story, worth me pursuing.

Politico (2013 June 16)
See Lawfare, for this and other publications covering the story, worth me pursuing. Politico published an article written by ACLU.209
206 207

http://www.aclu.org/blog/national-security/checks-balances-and-national-security-agency http://thelede.blogs.nytimes.com/2013/06/10/n-s-a-whistle-blower-revealed-in-video/ 208 http://thelede.blogs.nytimes.com/2013/06/10/the-stickers-on-edward-snowdens-laptop/ 209 http://www.aclu.org/blog/technology-and-liberty-national-security/aclu-politico-roll-back-surveillancestate http://www.politico.com/story/2013/06/roll-back-the-surveillance-state-92550.html

70

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

71

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

There's no more debate about whether the government, and the military, is spying on the American people: only whether Congress is going to stop them.

Reason (2013 June 21)
According to Reason Magazine (Libertarian political perspective): • Snowden articles.210 • The US gov charged Snowden with Espionage.211 The extradition treaty, with Hong Kong, has an exception for political offenses, and espionage has traditionally been treated as a political offense. • USIS company, which did 2011 background investigation into Edward Snowden, is itself under investigation.212 • Icelandic Businessman has a private plane ready for Snowden.213

Schneier on Security (2013 June 17)
Bruce Schneier regularly writes on Security topics, and has some relevant columns.214 The comments are often quite useful and interesting. • Government Secrets and the need for Whistle Blowers.215 • Trusting what is built by IT.216 • "The Internet Is a Surveillance State ," 2013. • The importance of government transparency and accountability, 2013. • The dangers of a government/corporate eavesdropping partnership, 2013. • "Why Data Mining Won't Stop Terror," 2006. • "The Eternal Value of Privacy," 2006. • The dangers of our "data shadow," 2008. • The politics of security and fear, 2013. • The death of ephemeral conversation, 2006. • The dangers of NSA eavesdropping, 2008.

USA Today (2013 June 17)
See Lawfare, for this and other publications covering the story, worth me pursuing. One of the areas of contention has been Ed Snowden saying that NSA had direct access to the servers of the Tech Companies, with both USG and the companies saying no, what happens is that there are specific requests for data on specific people, and we send only the data on only those people, the USG never has direct access to our systems. While it is
210 211

http://reason.com/tags/edward-snowden http://reason.com/blog/2013/06/21/feds-charge-edward-snowden-with-espionag 212 http://reason.com/24-7/2013/06/20/sen-mccaskill-company-that-provided-snow http://www.reuters.com/article/2013/06/20/us-usa-security-usis-idUSBRE95J13120130620 213 http://reason.com/24-7/2013/06/21/icelandic-businessman-says-his-private-p 214 https://www.schneier.com/blog/archives/2013/06/essays_related.html 215 https://www.schneier.com/blog/archives/2013/06/government_secr.html 216 https://www.schneier.com/blog/archives/2013/06/trusting_in_it.html http://www.theregister.co.uk/2013/06/03/trust_nobody_with_your_personal_data_ever/

71

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

72

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

theoretically possible that the USG gets in via hacking or Manchurian Chips, there is also the problem of top-down top management might not know everything which IT workers are able to do, which I address in a chapter on how in my career, it has not been unusual for me, as an IT worker, having access to 100% of my employer’s computer data, but I worked in the business world, not government world – different environment, different expectations. Related to this, there is an issue of poor training. Sometimes a worker CAN access some data, due to an error is security setup, and they falsely conclude that because they CAN access the data, this translates to them also having permission to do so. USA Today reports that Ed Snowden is not backing down on his claim of authorized access directly to the Tech Company servers, he plans to share proof of this.217 3 former NSA whistle blowers say “We told you so,” and you did not believe us. Ed Snowden has succeeded, where we failed. They say Snowden’s revelations only hint at the surveillance programs' reach. They think Snowden did the right thing, because they spent seven years going through internal channels, and could not get Congress, Inspectors General, Dept of Justice, etc. to do the right thing.218

Wall Street Journal (2013 June 16)
See Lawfare, for this and other publications covering the story, worth me pursuing.

Washington Post (2013 June 16)
USG = US Government. See Lawfare, for this and other publications covering the story, worth me pursuing. I am summarizing headlines of stories there, where footnote citation takes us to all the details. USG denies some of the info published by Washington Post and other news media.219 See US 702 chapter.

BLARNEY, explained by Washington Post, gathers up “metadata” — technical
information about communications traffic and network devices — as it streams past choke points along the backbone of the Internet.220

NSA programs, a history in general.221
217 218

http://www.usatoday.com/story/news/nation/2013/06/17/nsa-leaker-edward-snowden-online/2430451/ http://www.usatoday.com/story/news/politics/2013/06/16/snowden-whistleblower-nsa-officialsroundtable/2428809/ 219 http://www.lawfareblog.com/wp-content/uploads/2013/06/Backgrounder.pdf 220 http://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internetcompanies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story_2.html 221 http://www.washingtonpost.com/investigations/us-surveillance-architecture-includes-collection-ofrevealing-internet-phone-metadata/2013/06/15/e9bf004a-d511-11e2-b05f-3ea3f0e7bb5a_story.html? hpid=z1 http://www.lawfareblog.com/2013/06/washington-post-on-the-history-of-the-nsa-programs/

72

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

73

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

Prism program is explained by the Washington Post.222 Prism involves NSA, and
British Intelligence, access to our Internet activities: • E-mail • Chat logs • Internet browsing • Search criteria • Social Media The DNI has admitted that Prism exists,223 tech companies have denied that they have granted NSA the scope that Ed Snowden implies, but also say they are prohibited by government mandates, from revealing the whole truth. There are conflicting news stories regarding how much of our overall data is captured by NSA.224 This is to be expected, when so much of the operations are secret, and different actors have different motivations, such as to quiet their customers’ fears, where it is more important to keep lots of customers, than to be truthful to them. Sen. Ron Wyden (D-Ore.) repeatedly asked NSA for an estimate of how many Americans were having their information captured by the NSA. NSA’s director, Lt. Gen. Keith B. Alexander, insisted there was no way to find out. Eventually Inspector General I. Charles McCullough III wrote Wyden a letter explaining that it would violate the privacy of Americans, in NSA data banks, to try to estimate their number of Americans whose privacy was being violated.225 This sounds like a Catch-22 to me. The Director of the FBI says that Ed Snowden’s leaks have caused significant harm.226 Nancy Pelosi, senior Democrat in US House of Representatives, says Ed Snowden needs to be prosecuted.227 Britain has told airlines that NSA leaker Ed Snowden is not to be allowed on any flights to Britain.228
222

http://www.washingtonpost.com/blogs/wonkblog/wp/2013/06/12/heres-everything-we-know-aboutprism-to-date/ http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/ http://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internetcompanies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story_2.html 223 DNI = Director of National Intelligence. See DNI links within Government sources section. 224 http://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internetcompanies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story_3.html 225 http://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internetcompanies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story_2.html 226 http://www.washingtonpost.com/politics/fbi-director-nsa-leak-caused-significantharm/2013/06/13/a8fd067c-d44b-11e2-a73e-826d299ff459_video.html?tid=video_carousel_3 227 http://www.washingtonpost.com/pelosi-nsa-leaker-snowden-should-be-prosecuted/2013/06/13/f17f2a70d44a-11e2-b3a2-3bf5eb37b9d0_video.html?tid=video_carousel_3 228 http://www.washingtonpost.com/world/europe/britain-tells-airlines-nsa-leaker-snowden-not-welcomeshould-not-be-allowed-on-flights-to-uk/2013/06/14/6f3e6162-d4bc-11e2-b3a2-3bf5eb37b9d0_story.html?

73

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

74

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

We know from the Guardian, and other news media, that Ed Snowden has shared with them more documents, than they have shared with the public to date. The US government is worried about that.229 Contractors have been doing national security work for at least 14 years, but in the light of the Snowden Leaks, Joe Davidson, a columnist with the Washington Post, questions the wisdom of this.230 David Ignatius, a columnist with the Washington Post, explains why he is skeptical about some of what Ed Snowden has said about his motivations.
231

Lawsuits have been filed against the federal government, claiming the NSA surveillance violates people’s reasonable expectation of privacy.232 Sales of the book “1984” spiked233 right after these revelations stemming from Ed Snowdon Leaks. Time Line from Washington Post:234 I have inserted some stuff into this time line. • 1978: Congress passes Foreign Intelligence Surveillance Act, which starts FISA Court. • 2001: In wake of 9/11. President asks for, and gets from Congress, the Patriot Act. Also there is a reorganization of many government agencies into the new Dept of Homeland Security (DHS). The 9/11 commission makes recommendations, some of which have been ignored by Congress. • December 2005: The New York Times reports NSA is secretly eavesdropping on telephone calls and emails of Americans communicating with people outside USA, without seeking warrants from FISA court. • March 2006: Congress re-authorizes the Patriot Act. • May 2006: USA Today reports NSA is secretly collecting phone records of millions of Americans in a giant database. • August 2006: A federal judge in Detroit rules that NSA’s warrantless surveillance program is unconstitutional because it infringes on free speech, privacy and separation of powers. The program continues as the case is appealed.

tid=pm_world_pop 229 http://www.washingtonpost.com/world/national-security/mueller-defends-surveillance-says-leakscaused-significant-harm/2013/06/13/f6b68fb6-d430-11e2-b05f-3ea3f0e7bb5a_story.html 230 http://www.washingtonpost.com/politics/should-contractors-do-national-securitywork/2013/06/11/c7b5ad9a-d1f7-11e2-8cbe-1bcbee06f8f8_story.html 231 http://www.washingtonpost.com/opinions/david-ignatius-snowden-exposed-policies-approved-bycongress-courts/2013/06/12/815c8aa4-d2d7-11e2-a73e-826d299ff459_story.html?hpid=z3 232 http://www.washingtonpost.com/blogs/federal-eye/wp/2013/06/13/former-justice-prosecutor-seeks-23billion-in-damages-for-nsa-surveillance-programs/ 233 http://www.washingtonpost.com/blogs/federal-eye/wp/2013/06/12/sales-of-orwells-1984-spike-afternsa-surveillance-revelations/ 234 http://www.washingtonpost.com/business/timeline-of-revelations-about-surveillance-that-sweeps-upamericans-phone-calls-data/2013/06/10/0daf8844-d184-11e2-9577-df9f1c3348f5_story.html

74

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

75
• • • • •

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

January 2007: Bush administration announces it will seek approval from FISA court when eavesdropping on telephone calls between US and other countries in pursuit of terrorists. August 2007: Congress approves NSA warrantless wiretapping. May 2011: Congress approves a 4 year extension of many Patriot Act provisions. January 2013: Congress renews NSA warrantless wiretapping.235 June 2013: The Guardian, and Washington Post, share what was learned from Snowden Leaks. This leads to responses from many political and corporate leaders.

Missing from this Time Line is what we should have learned from the Church Commission, Hoover violations of Civil Rights Movement, and Fusion Center abuses.

Wikipedia USA (2013 June 16)
There are versions of Wikipedia based in many nations. I imagine that many of the others have articles on how US surveillance impacts their people. Here are some articles in Wikipedia USA about this topic: • • • • • • FISA: 1978 Foreign Intelligence Surveillance Act; and 2008 Amendments.236 NSA Boundless Informant.237 NSA phone call data base.238 NSA Warrantless Surveillance Controversy.239 Prism, US Internet surveillance program.240 Snowden, Edward Joseph, who leaked info about US surveillance.241 Some people call him a whistle blower, others call him a traitor.

Wired (2013 June 16)
See Lawfare, for this and other publications covering the story, worth me pursuing.

Tech info sources (2013 June 12)
I am grouping same kinds of sources, then alphabetically within type of source.

Anonymous (2013 Jun 10)
Here is a collection of leaks.242

235 236

http://www.aclu.org/blog/national-security/warrantless-wiretapping-wins-again https://en.wikipedia.org/wiki/FISA_Amendments_Act_of_2008 237 https://en.wikipedia.org/wiki/Boundless_Informant 238 https://en.wikipedia.org/wiki/NSA_call_database 239 https://en.wikipedia.org/wiki/NSA_warrantless_surveillance_controversy 240 https://en.wikipedia.org/wiki/PRISM_%28surveillance_program%29 241 https://en.wikipedia.org/wiki/Edward_Snowden 242 http://gizmodo.com/anonymous-just-leaked-a-trove-of-nsa-documents-511854773

75

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

76

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

Apple (2013 June 16)
500m users info allegedly started being collected by Prism in Oct 2012.243 In theory, any data collected by Apple, could also be collected by Prism.244 USG denies Prism even exists.245 See US 702 chapter. USG claims this kind of data is NOT collected on everyone, like the phone metadata, but rather ONLY on suspects connected to foreign intelligence clues about possible terrorism plots. Users signing up for Apple ID's - required for services such as iTunes , or to register products - must submit personal data including name, address, email address and phone number. The company also collects information about the people who Apple users share content with, including their names and and email addresses.

AOL (2013 June 16)
300m users info allegedly started being collected by Prism in March 2011.246 In theory, any data collected by AOL, could also be collected by Prism.247 USG denies Prism even exists.248 See US 702 chapter. USG claims this kind of data is NOT collected on everyone, like the phone metadata, but rather ONLY on suspects connected to foreign intelligence clues about possible terrorism plots. AOL collects personal information for users signing up or registering for its products and services, but its privacy policy states that users who do not make themselves known to the company by these methods are "generally anonymous." However, many AOL users are students using their school IP, or people on a company IP, where the IP for any given connection is from a range assigned to the institution, so even though AOL has not recorded precisely WHO this person is, the IP used points at the institution, which NSA could do a separate warrantless wire-tapping of, to get from the general IP to the specific user, whose PC is the one which has been talking to that AOL product or service.

Cryptome (2013 June 21)
Cryptome shares many documents and links about National Security topics, without comment or analysis.249 They are like the C-Span of the Internet.250 It can take anyone a
243

http://www.independent.co.uk/news/world/americas/prism-and-the-us-internet-giants-the-relationshipthe-numbers-and-the-language-8650233.html http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/ 244 http://www.bbc.co.uk/news/technology-22839609 245 http://www.lawfareblog.com/wp-content/uploads/2013/06/Backgrounder.pdf 246 http://www.independent.co.uk/news/world/americas/prism-and-the-us-internet-giants-the-relationshipthe-numbers-and-the-language-8650233.html http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/ 247 http://www.bbc.co.uk/news/technology-22839609 248 http://www.lawfareblog.com/wp-content/uploads/2013/06/Backgrounder.pdf 249 http://cryptome.org/ For secure connection use: https://secure.netsolhost.com/cryptome.org/index.html 250 C-Span is a TV and Internet service where we can watch exactly happens in Washington DC in Congress; Supreme Court; Think Tanks; etc. as an alternative to seeing News Media and Social Media

76

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

77

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

while to read them all, so initially I am just sharing what might be worth reviewing, before picking and choosing some of these to explore further. Here are some Cryptome links to documents relevant to the Snowden Leaks:
2013-0681.pdf 2013-0671.pdf 2013-0670.pdf 2013-0679.pdf 2013-00388 2013-00386 2013-00385 2013-00384 2013-0662.htm 2013-0660.pdf 2013-0659.htm 2013-00382 2013-0658.htm 2013-0657.htm 2013-00378 2013-00376 2013-00375 2013-0643.htm 2013-0642.htm 2013-0630.htm 2013-0629.htm 2013-00374 2013-0626.htm 2013-0625.htm 2013-0624.pdf 2013-0623.pdf 2013-0619.htm 2013-0617.htm 2013-00366 2013-0612.htm 2013-0608.pdf 2013-0606.pdf 2013-0605.pdf 2013-00363 USA v. Edward Snowden Complaint Snowden: NSA FISA Surveillance Certification Snowden: NSA FISA Surveillance Minimization Snowden: NSA FISA Surveillance Targeting June 21, 2013 June 21, 2013 (1.5MB) June 20, 2013 June 20, 2013

Tarpley: Edward Snowden, a CIA limited hangout? June 18, 2013 3 NSA Whistleblowers Roundtable Edward Snowden June 17, 2013 Using Metadata To Find Paul Revere June 17, 2013 Guardian Still OSA-Cravenly Censoring Snowden June 17, 2013 Privacy/Civil Liberties Board Secret keeps PRISM June 17, 2013 Military-Spy-Industry-Media War Dunce 2013 June 16, 2013 (2.2MB) Outsourcing NSA, Stifling Press - 2005 Repost June 16, 2013 Inside the NSA: Peeling Back the Curtain June 15, 2013 2006: NSA Massive Database of US Phone Records June 15, 2013 First Report on NSA Electronic Espionage (1972) June 15, 2013 Cryptome and Boiling Frogs Muse NSA/Snowden June 14, 2013 University of Michigan Data Mining Aids Spying June 14, 2013 1000s of US Firms Secretly Aid Spying June 14, 2013 NSA-Affiliated IP Resources 15 - 2007 Repost 1 June 14, 2013 NSA-Affiliated IP Resources 14 - 2007 Repost 1 June 14, 2013 Edward Snowden's NSA Hawaii Base 2008 Repost June 13, 2013 NSA Architecture of Oppression June 13, 2013 PRISM an NSA Deception Operation? June 13, 2013 NSA Bot 2 1999 Repost NSA Bot 1 1999 Repost June 13, 2013 June 13, 2013

US Mail Spying 1 2010 Repost June 12, 2013 US Mail Spying 2 2010 Repost June 12, 2013 NSA Office of Tailored Access Operations June 12, 2013 NSA and Fourth Amendment Rights 1999 Repost June 11, 2013 Inside NSA's Ultra-Secret China Hacking Group June 11, 2013 Snowden Censored by Craven Media June 10, 2013

US Secret Service PRISM-ID June 8, 2013 Obama's Data Harvesting Program and PRISM June 8, 2013 Cellphone Search Warrant June 8, 2013 Deny You or Your Org Aid NSA PRISM June 8, 2012

interpretations and spin about what is happening.

77

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

78

Snowden Leaks about USG Surveillance
DHS PRISM 2004

6/22/2013 16:06:16 a6/p6
June 8, 2013 (3.1MB)

2013-0600.pdf 2013-0598.pdf 2013-0597.htm 2013-0592.htm 2013-00360 2013-00359 2013-00358

TPM: Does Palantir Make NSA's PRISM? (No?) June 7, 2013 PRISM and Other Spy Tools June 7, 2013 NSA Documents on Cryptome 1996-2006 - Repost June 7, 2013 Palantir Denies Its Prism is NSA's PRISM June 7, 2013 NSA Utah Data Center Report and Photos 2 June 7, 2013 NSA Utah Data Center Report and Photos 1 June 7, 2013

Facebook (2013 June 17)
B = Billion USG = US Government Friday June-14, Facebook and Microsoft got USG permission to share statistics on USG demands for info on their customers.251 Facebook receives approx 1,500 government data requests a month.252 Facebook received between 9,000 and 10,000 USG requests for user data in the second half of 2012, covering 18,000 to 19,000 of its users' accounts. 1.1b users worldwide info allegedly started being collected by Prism in June 2009.253 Facebook denied that.254 In theory, any data collected by Facebook, could also be collected by Prism.255 USG denies Prism even exists.256 See US 702 chapter. USG claims this kind of data is NOT collected on everyone, like the phone metadata, but rather ONLY on suspects connected to foreign intelligence clues about possible terrorism plots. Facebook info could include e-mail address, password, phone#, your picture, date-ofbirth, gender, all sorts of personal info, status updates, stuff you have posted, including in chats, stuff other people have posted, text video pictures, special interests you have joined, applications you are using. Similar info on “friends.” Tagging information about users from friends is recorded, and GPS or other location information is also stored. I have “friends” who cannot get the message from me, that YES we are both interested in subject X, but NO I do not share your philosophy on Y, so please do not tag me on it any more, but they tag me anyway, so now I am guilty by association.

251 252

http://www.reuters.com/article/2013/06/15/usa-security-internet-idUSL2N0ER00R20130615 http://www.bbc.co.uk/news/world-22916329 http://www.cnn.com/2013/06/14/politics/facebook-data-release/ http://www.legitgov.org/Facebook-reveals-details-US-requests-user-data http://www.reuters.com/article/2013/06/15/usa-security-internet-idUSL2N0ER00R20130615 253 http://www.independent.co.uk/news/world/americas/prism-and-the-us-internet-giants-the-relationshipthe-numbers-and-the-language-8650233.html http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/ 254 http://www.bbc.co.uk/news/world-us-canada-22820711 255 http://www.bbc.co.uk/news/technology-22839609 256 http://www.lawfareblog.com/wp-content/uploads/2013/06/Backgrounder.pdf

78

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

79

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

Firefox (2013 June 15)
In the interests of integrity, I should mention that my favorite browsers are: 1. Mozilla Firefox 2. Google Chrome 3. Microsoft Infernal Exploder I have tried Apple Safari, but no longer use it. I also used Netscape a long time ago. I recently moved from Google Reader to Feedly. These sorts of preferences should not compromise my honesty, but I did choose these products because I liked them more than alternatives, and in the case of Feedly it was dozens of alternatives. I share the above bias, before passing along a news item from RT, which is Russian News in English, which seems to me to delight in sharing stories that put the USA in a bad light, and while I am interested in news from around the world, there are some sources I like to find confirmation on, before I give them a lot of credence. Justin Blinder released a plugin for the Web browser Firefox this week, and he’s already seeing a positive response in the press if not just based off of the idea alone. His “The Dark Side of the Prism” browser extension alerts Web surfers of possible surveillance by starting up a different song from Pink Floyd’s 1973 classic “The Dark Side of the Moon” each time a questionable site is crossed.257 In my opinion, the possible threat is not just real time surveillance by the US government, advertisers, and other interests, it is also evaluation of the footprints we leave behind, by posting to social media, using e-mail, etc. Thus, I believe a browser plugin may be able to warn us of real time surveillance, but I don’t see how it can help with foot prints.

Google (2013 June 17)
B = Billion USG = US Government 1b users info allegedly started being collected by Prism in Jan 2009.258 USG denies Prism even exists.259 See US 702 chapter. USG claims this kind of data is NOT collected on everyone, like the phone metadata, but rather ONLY on suspects connected to foreign intelligence clues about possible terrorism plots. In theory, any data collected by Google, could also be collected by Prism.260

257

http://projects.justinblinder.com/Dark-side-of-the-Prism http://rt.com/usa/prism-floyd-nsa-surveillance-723/ 258 http://www.independent.co.uk/news/world/americas/prism-and-the-us-internet-giants-the-relationshipthe-numbers-and-the-language-8650233.html http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/ 259 http://www.lawfareblog.com/wp-content/uploads/2013/06/Backgrounder.pdf 260 http://www.bbc.co.uk/news/technology-22839609

79

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

80

Snowden Leaks about USG Surveillance

6/22/2013 16:06:16 a6/p6

That could include: passwords; e-mail address; applications you use & your favorite stuff with each one; real name, phone number. What links are in your profile? What docs do you share via Google drive? Gmail - stores email contacts and email threads for each account, which have a 10 GB capacity. Search queries, IP addresses, telephone log info and cookies which uniquely identify each account. Chat conversations are also collected unless a user selects 'off the record' option. If you are on Chrome & accept automatic updates, the government could slip one in there. When Google has to deliver info to the government, this is usually done via secure FTP.261 FTP is a simple File Transfer Protocol supporting the transfer of data from just about any kind of computer, to any other kind of computer, or network. In my IT career, I have used FTP to transfer data chunks between computers in different cities, over an encrypted communication tunnel, and to receive software uploads and patches. While people at either end can launch the FTP exchange, the firewall needs to authorize the other end to connect, and there is also security on accessing whatever the data or software is. Unfortunately FTP security is very simplistic, so it needs to be run in an environment where there are other security controls.

Humor (2013 Jun 10)
Found on social media:

Bulletin: An NSA spokesman announced this evening that over 93% of the call data records purloined by the agency turned out to relate to solicitation robocalls, but that the agency is dedicated not to disturb this important aspect of American commerce. "If you or any of your NSA force are caught or killed, the Secretary will disavow any knowledge of your actions. This email will self-destruct in 10 seconds. Good luck!"

Microsoft (2013 June 17)
M = million USG = US Government Friday June-14, Facebook and Microsoft got USG permission to share statistics on USG demands for info on their customers.262 Microsoft said it had received requests of all types for information on about 31,000 consumer accounts in the second half of 2012. In a "transparency report" Microsoft published earlier this year without including national security matters, it said it had received criminal requests involving 24,565 accounts for all of 2012.
261

http://bits.blogs.nytimes.com/2013/06/12/google-offers-some-detail-about-how-it-transfers-data-to-thegovernment/ 262 http://www.reuters.com/article/2013/06/15/usa-security-internet-idUSL2N0ER00R20130615

80

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

81

Snowden Leaks about USG Surveillance

6/22/2013 16:06:17 a6/p6

Combining these numbers gives us an estimate of the scale of secret court requests. 400m users info allegedly started being collected by Prism in Sept 2007.263 USG denies Prism even exists.264 See US 702 chapter. USG claims this kind of data is NOT collected on everyone, like the phone metadata, but rather ONLY on suspects connected to foreign intelligence clues about possible terrorism plots. In theory, any data collected by Microsoft, could also be collected by Prism.265 That could include: passwords; email address, name, home or work address, telephone numbers; PC settings; IP address, sites visited when; and whatever is on Microsoft approved cookies. Think about your automatic patch process for software operating system upgrades, and security fixes. There could be something in there from the government.

Pal Talk (2013 June 16)
15,000 users info allegedly started being collected by Prism in Dec 2009.266 In theory, any data collected by Pal Talk, could also be collected by Prism.267 USG denies Prism even exists.268 See US 702 chapter. USG claims this kind of data is NOT collected on everyone, like the phone metadata, but rather ONLY on suspects connected to foreign intelligence clues about possible terrorism plots. Pal talk is an instant chat, voice and video messaging service. Users must provide contact information including email address. The company employs cookies to track user behavior, with the aim of delivering targeted advertising.

RISKS (2013 Jun 12)
RISKS is an e-mail forum for risks to the general public thru stupidity in the use of technology.269 It has received several posts regarding this topic. Here, for example. QUOTE:
Subject: On PRISM and admins The aftermath of this seems to be causing an enormous amount of media coverage, much of which is not relevant here. However, I am struck by the dichotomy between two particular positions:
263

http://www.independent.co.uk/news/world/americas/prism-and-the-us-internet-giants-the-relationshipthe-numbers-and-the-language-8650233.html http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/ 264 http://www.lawfareblog.com/wp-content/uploads/2013/06/Backgrounder.pdf 265 http://www.bbc.co.uk/news/technology-22839609 266 http://www.independent.co.uk/news/world/americas/prism-and-the-us-internet-giants-the-relationshipthe-numbers-and-the-language-8650233.html http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/ 267 http://www.bbc.co.uk/news/technology-22839609 268 http://www.lawfareblog.com/wp-content/uploads/2013/06/Backgrounder.pdf 269 This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/27.34.html> The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt>

81

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

82

Snowden Leaks about USG Surveillance

6/22/2013 16:06:17 a6/p6

On one hand, Edward Snowden (again on NPR this morning) adamantly insists that he had authorized access to every call. (As usual, we can quibble over what "authorized" means, especially when in some cases no authorization is required!) On the other hand, many government people and some others state that Snowden's claim is impossible, implying that he must be lying, bloviating, over endowing his abilities, or whatever. It seems to me that in most systems in use today (typically with many inherent security design flaws and exploitable software bugs, operational misconfigurations, subvertible audit trails, and enormous opportunities for insider misuse -- partly because of inadequate access controls), system administrators often have direct or indirect access to essentially everything, and perhaps even worse, they might have supervisors who do not have a good grasp of the risks. On the *other* other hand, because of secrecy, inadequate monitoring, and other factors, it is often difficult to know what is really going on. The Trusted Xenix system might have been a rare potential approach to blocking overly powerful admins (with something like 17 different admin-relevant privileges and mandatory access controls), but then it was only a B2 system under the old Orange Book evaluation criteria and still had many potential vulnerabilities. Incidentally, reminiscing on George Orwell's novel *1984* (NPR noted this morning that sales of the book increased by 6000 percent in the past week), I noted that in the ubiquitous *1984* banner, Big Brother might now be replaced with Big Data: Big Data Is Watching You! -----------------------------Subject: New Xbox by NSA partner Microsoft will watch you 24/7 (William Green) FYI -- Perhaps the new Tivo box can notice when I fall asleep, so that it can pause the playback so I won't miss anything! http://dailycaller.com/2013/06/07/new-xbox-by-nsa-partner-microsoftwill-watch-you-247/ William Green, *Daily Caller*, 7 Jun 2013

Possible privacy violations by Microsoft's upcoming Xbox One have come under new scrutiny since it was revealed Thursday that the tech giant was a crucial partner in an expansive Internet surveillance program conducted by the National Security Agency and involving Silicon Valley's biggest players. One of the console's key features is the full integration of the Kinect, a motion sensing camera that allows users to play games, scroll through menus, and generally operate the Xbox just using hand gestures.

82

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

83

Snowden Leaks about USG Surveillance

6/22/2013 16:06:17 a6/p6

Microsoft has touted the camera as the hallmark of a new era of interactivity in gaming. What Microsoft has not promoted, however, is the fact that *you will not be able to power on the console without first enabling the Kinect*, designed to detect both heartbeats and eye movement. and positioning yourself in front of it. Disturbingly, a recently published Microsoft patent reveals the *Kinect has the capability to determine exactly when users are viewing ads* broadcast by the Xbox through its eye movement tracking. Consistent ad viewers would be granted rewards, according to the patent. Perhaps the feature most worrisome to privacy advocates is the *requirement that the Xbox connect to the Internet at least once every 24 hours.* Many critics have asserted that Microsoft will follow the lead of other Silicon Valley companies and use their console to gather data about its users, particularly through the Kinect, and collect it through the online connection users can't avoid. Microsoft has promised that customers will be able to `pause' the camera's function, but have put off questions on the precise specifics of their privacy policies.

UNQUOTE

Skype (2013 June 16)
66.3m users info allegedly started being collected by Prism in Feb 2011.270 In theory, any data collected by Skype, could also be collected by Prism.271 USG denies Prism even exists.272 See US 702 chapter. USG claims this kind of data is NOT collected on everyone, like the phone metadata, but rather ONLY on suspects connected to foreign intelligence clues about possible terrorism plots. Skype is part of Microsoft, and its instant messaging service replaced Microsoft's Messenger in 2013. Users submit personal data including name, username, address when signing up. Further profile information such as age, gender and preferred language are also recorded as options. Contacts lists are stored, as is location information from mobile devices. Instant messages, voicemail and video messages are generally stored by Skype for between 30 and 90 days, though users can opt to preserve their instant messaging history for longer. No matter how long users opt to preserve their data, NSA may legally save it for 5 years, and we have no oversight to know if they are saving for longer than the legal limit.

270

http://www.independent.co.uk/news/world/americas/prism-and-the-us-internet-giants-the-relationshipthe-numbers-and-the-language-8650233.html http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/ 271 http://www.bbc.co.uk/news/technology-22839609 272 http://www.lawfareblog.com/wp-content/uploads/2013/06/Backgrounder.pdf

83

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

84

Snowden Leaks about USG Surveillance

6/22/2013 16:06:17 a6/p6

Tech Companies (2013 Jun 15)
Big name leaders, of the community of Internet companies, have asked the government for permission to go public with details of the kinds of demands the government has made for their data.273 Apparently the transparency reports may not include statistics on National Security Letters.

Yahoo (2013 June 16)
200m users info allegedly started being collected by Prism in Dec 2008.274 In theory, any data collected by Yahoo, could also be collected by Prism.275 USG denies Prism even exists.276 See US 702 chapter. USG claims this kind of data is NOT collected on everyone, like the phone metadata, but rather ONLY on suspects connected to foreign intelligence clues about possible terrorism plots. That could include: passwords; e-mail address; discussion groups you are in; favorite news sources; what you upload download; name, address, birth date, post code and occupation. Info from users' computers, including IP addresses. Yahoo did protest some of the government demands, but the secret court ruled against Yahoo, in 2008.277

You Tube (2013 June 16)
1b users info allegedly started being collected by Prism in Sep 2010.278 In theory, any data collected by You Tube, could also be collected by Prism.279 USG denies Prism even exists.280 See US 702 chapter. USG claims this kind of data is NOT collected on everyone, like the phone metadata, but rather ONLY on suspects connected to foreign intelligence clues about possible terrorism plots. YouTube is owned by Google and the company applies the same data collection methods. Users logged in via their Google accounts will have their YouTube searches, playlists and subscriptions to other users' accounts recorded.

273

http://www.guardian.co.uk/world/2013/jun/12/microsoft-twitter-rivals-nsa-requests http://bits.blogs.nytimes.com/2013/06/12/google-offers-some-detail-about-how-it-transfers-data-to-thegovernment/ 274 http://www.independent.co.uk/news/world/americas/prism-and-the-us-internet-giants-the-relationshipthe-numbers-and-the-language-8650233.html http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/ 275 http://www.bbc.co.uk/news/technology-22839609 276 http://www.lawfareblog.com/wp-content/uploads/2013/06/Backgrounder.pdf 277 https://www.nytimes.com/2013/06/14/technology/secret-court-ruling-put-tech-companies-in-databind.html http://www.legitgov.org/Secret-Court-Ruling-Put-Tech-Companies-Data-Bind 278 http://www.independent.co.uk/news/world/americas/prism-and-the-us-internet-giants-the-relationshipthe-numbers-and-the-language-8650233.html http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/ 279 http://www.bbc.co.uk/news/technology-22839609 280 http://www.lawfareblog.com/wp-content/uploads/2013/06/Backgrounder.pdf

84

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

85

Snowden Leaks about USG Surveillance

6/22/2013 16:06:17 a6/p6

Other Topics (2013 Jun 14)
There is a great deal of overlap with different stories of alleged abuse, inadequate response to disasters and crises. I have notes on much of this on Scribd and Google Drive docs, where I periodically upload revised editions of my notes. I used to have additional places, until they got wiped out by periodic “improvements” which really undermined the quality of the service, like Linked In. The reason I want multiple places to share my docs is that many people tell me they have hassles accessing docs on various sites, copy-pasting urls, etc. I suspect this may have to do with what versions of document software we use, and how the share sites treat different kinds of visitors. If someone desires a copy of one of my docs, can’t get from the links provided, I can also e-mail my latest version as an attachment. Also I expect that some day some upload sites I am using, may be improved so much as to make them no longer usable, so I want to be practicing redundancy before that happens. • AP Gate (barely started) o Why the US government found it necessary to spy on so many phone calls with AP, with surveillance someone less intrusive than we now know about thanks to these Snowden Leaks. What are some of the implications? o It has been uploaded to my Disaster Avoidance collection on Google Drive Documents.281 • Boston Bombing282 o What I know so far, about the end of 2013 Boston Marathon. • Collection-Critical Infrastructure on Scribd283 20+ docs = what’s at risk, and state-of-art of coping with the threats. • Collection-Child Protection on Scribd284 = 4 docs • Collection-Disasters on Google 30+ docs = what has gone wrong, and just maybe what can be done to better mitigate risk of history repeating. • Collection-Drone Info on Scribd285 = 142+ docs, maybe 10% by me, most of them shared by other people, then my collection linked to relevant docs. • Collection-Drones on Google 39+ docs = various dimensions of drone controversies. Those with version #s are my notes. When I have from other sources, I put name of publisher, source, or author in front. • Collection-Haiti on Scribd286 12+ docs • Collection-Haiti & other disasters = http://www.haiti.prizm.org/
281

https://drive.google.com/folderview?id=0B9euafJH4bZMTA0YTM0YzktNTI0YS00NjVhLTg5NTItY2RiZjhiM2MzODkw&usp=sharing 282 http://www.scribd.com/doc/136142293/Boston-Bombings-2013-April-by-Al-Mac This is also in my Google Docs Drive “Disaster Avoidance collection.” 283 http://www.scribd.com/collections/4108500/Critical-Infrastructure 284 http://www.scribd.com/collections/4108504/Child-Protection 285 http://www.scribd.com/collections/3807680/Drone-Info 286 http://www.scribd.com/collections/4108508/Haiti

85

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

86

Snowden Leaks about USG Surveillance

6/22/2013 16:06:17 a6/p6

Collection-Japan Nuclear Tsunami on Scribd287 4 docs

Drones+ (2013 June 14)
Drone Dates Time Line288 o Calendar sequence history of drones. • Drone Education Controversies289 o Drone Controversies rapid introduction;. • Drone Iran290 o List of 18+ drone incidents between Iran and other nations (mainly USA), from 2006 onwards. • Drone Issues291 o Directory of Controversies to be investigated . • Drone Nations292 Count = 89+ nations operate drones by its government and people, mainly for spying. •

111+ nations & regions have drones, if we include those operated by
foreigners.

11+ nations used deadly drone attacks, into 19+ nations. 21+ nations host drone manufacturing.
• • •
287

Drone Notes Miscellaneous293 o Original start, minus what got moved to specialized specific topics . Drone Reports directory of primary research sources294 o Over 200 citations on Drones and other National Security topics . Drone Robots295 o Implications of weapons without humans in the loop .

http://www.scribd.com/collections/4108520/Japan-Nuclear-Tsunami http://www.scribd.com/doc/127218088/Drone-Dates-Al-Mac This is also in my Google Docs Drive “Drone Info collection.” 289 http://www.scribd.com/doc/134406078/Drone-Ed-Al-Mac This is also in my Google Docs Drive “Drone Info collection.” 290 http://www.scribd.com/doc/131186603/Drone-Iran-Al-Mac This is also in my Google Docs Drive “Drone Info collection.” 291 http://www.scribd.com/doc/108448622/Drone-Issues-Al-Mac This is also in my Google Docs Drive “Drone Info collection.” 292 http://www.scribd.com/doc/105613448/Drone-Nations-Al-Mac This is also in my Google Docs Drive “Drone Info collection.” 293 http://www.scribd.com/doc/109543829/Drone-Notes-Al-Mac This is also in my Google Docs Drive “Drone Info collection.” 294 http://www.scribd.com/doc/109546760/Drone-Reports-Al-Mac This is also in my Google Docs Drive “Drone Info collection.” 295 http://www.scribd.com/doc/115182066/Drone-Robots-Al-Mac This is also in my Google Docs Drive “Drone Info collection.”
288

86

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

87
• • •

Snowden Leaks about USG Surveillance

6/22/2013 16:06:17 a6/p6

Drone Scribd296 o Other doc synopses, only international law so far . Drone Terms297 o Over 1,000 Drone & National Security concepts explained; Gas Boom298 o Nationwide pandemic of explosions and oil spills as our ½ century old pipeline infrastructure falls apart.

IRS scandals+ (2013 June 14)
• • IRS NGO299 o IRS time line regarding: tax-exempt organizations; “educational” conference in Anaheim; generous bonuses; and other scandals. Leaving USA o There are large numbers of people all across the USA, who want their state to leave the union. In some states there are more than one group who want this, but have differing opinions on where they want that state to go. I was also surprised to learn that the USA does NOT have 50 states. o It has been uploaded to my Disaster Avoidance collection on Google Drive Documents.300 Mass Shoot o There are occasional explosions of mass shootings in the USA which grab the public attention, with desire to know exactly what happened. Unfortunately we do not have a consensus on what should be done about the high risk of history repeating. o It has been uploaded to my Disaster Avoidance collection on Google Drive Documents.301 Petraeus Gate o There were some scandals whirling around General Petraeus, which led to his resignation, and troubles for some of his friends. One of the questions at the time was “If the director of the CIA cannot have Internet privacy, what hope is there for the rest of us?” Well, with these Snowden Leaks, we now know the answer.

296

http://www.scribd.com/doc/105152906/Drone-Scribd-Info-by-Al-Mac This is also in my Google Docs Drive “Drone Info collection.” 297 http://www.scribd.com/doc/105029922/Drone-Terms-by-Al-Mac This is also in my Google Docs Drive “Drone Info collection.” 298 http://www.scribd.com/doc/114094060/Indy-Boom This is also in my Google Docs Drive “Disaster Avoidance collection.” 299 http://www.scribd.com/doc/142707892/IRS-NGO-Al-Mac 300 https://drive.google.com/folderview?id=0B9euafJH4bZMTA0YTM0YzktNTI0YS00NjVhLTg5NTItY2RiZjhiM2MzODkw&usp=sharing 301 https://drive.google.com/folderview?id=0B9euafJH4bZMTA0YTM0YzktNTI0YS00NjVhLTg5NTItY2RiZjhiM2MzODkw&usp=sharing

87

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

88

Snowden Leaks about USG Surveillance

6/22/2013 16:06:17 a6/p6

o It has been uploaded to my Disaster Avoidance collection on Google Drive Documents.302 Response Chaos o In the aftermath of any disaster or crisis making it into the news, there seems to be an enormous volume of wild speculations, reported as fact, then later it is revealed that most, of what the news media had told us, was in fact false. How come? o It has been uploaded to my Disaster Avoidance collection on Google Drive Documents.303 Santa Monica Shootings o An attempt to make sense of a story which was extremely confusing, when it first showed up in the news media. o It has been uploaded to my Disaster Avoidance collection on Google Drive Documents.304 School Scandal Abductions o We have an apparent epidemic of children being snatched in transit between home and school, with a broken Amber system. o It has been uploaded to my Disaster Avoidance collection on Google Drive Documents.305 Solution Ideas = a collection of miscellaneous ideas306 which don’t seem to me to fit into one of the larger research focus areas, or where a statement, of the problems, does not seem to me to be controversial, but what is missing is serious debate over potential solutions. So I throw out some ideas for how major problems might be mitigated.

Revision History (2013 June 14)
Here I plan to share growth in content, summaries of major additions one installment to the next. So far, I have uploaded my notes on the Snowden Leaks to Scribd Critical Infrastructure collection,307 and Google Disaster Avoidance collection.308 Note that Scribd changed their Terms of Service, June 4, 2013.309 They have separated their terms into three documents:
302

https://drive.google.com/folderview?id=0B9euafJH4bZMTA0YTM0YzktNTI0YS00NjVhLTg5NTItY2RiZjhiM2MzODkw&usp=sharing 303 https://drive.google.com/folderview?id=0B9euafJH4bZMTA0YTM0YzktNTI0YS00NjVhLTg5NTItY2RiZjhiM2MzODkw&usp=sharing 304 https://drive.google.com/folderview?id=0B9euafJH4bZMTA0YTM0YzktNTI0YS00NjVhLTg5NTItY2RiZjhiM2MzODkw&usp=sharing 305 https://drive.google.com/folderview?id=0B9euafJH4bZMTA0YTM0YzktNTI0YS00NjVhLTg5NTItY2RiZjhiM2MzODkw&usp=sharing 306 http://www.scribd.com/doc/119857289/Solution-Ideas 307 http://www.scribd.com/collections/4108500/Critical-Infrastructure 308 https://drive.google.com/folderview?id=0B9euafJH4bZMTA0YTM0YzktNTI0YS00NjVhLTg5NTItY2RiZjhiM2MzODkw&usp=sharing 309 http://support.scribd.com/entries/24063617-Announcing-updates-to-our-terms-of-service

88

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

89
• •

Snowden Leaks about USG Surveillance

6/22/2013 16:06:17 a6/p6

The Scribd Terms of Use, which applies to all users The Scribd Uploader Agreement, applies to anyone publishing on the Scribd platform. o This agreement was updated May 30, and in general asks that a person be posting content that is theirs, or they have permission to upload. Most of what I have uploaded is either written by me, where I believe I have been behaving in accordance with the fair use doctrine, or I have found a document which has no copyright restrictions, which is the case for many government documents. o There is more to any agreement of course, so it is worth reviewing from time to time, to make sure we still have a good idea about what is there. The Scribd Paid Access End User License Agreement, which applies to anyone purchasing something on Scribd, including subscriptions to Scribd's Premium Reader service.

Version 0.1 (2013 June 14)
This was first uploaded, June 13, 2013 evening, to Scribd.310 Then I included it in my Critical Infrastructure collection.311 Pieces of the content had earlier been shared in e-mail and social networks. I had been following this, and other stories for a few days, then while watching the Senate Appropriations Hearing, June 12, 2013 afternoon, decided to organize my thoughts on this, since a lot of people are making statements, which I don’t buy, but because of the massive secrecy, we don’t really know if we are getting anything close to truth. When I first shared my notes, they were approx: • 21 pages overall • 55 footnote clusters with urls and citations, with some urls in body of notes • Table of Contents = 1 page • Many chapters just stubs where I intend more info later. • 239k Doc • 145k PDF Major Sections so far: • Introductory – 4 sub-topics • Q+A details – 9 sub-topics • Major sources (4-5 pages) – 4 government, 1 media, 3 technical • Revision summaries – 2 sub-topics Summary statement to social media,312 regarding V 0.1:

310 311

http://www.scribd.com/doc/147719428/Snowden-Leaks-by-Al-Mac http://www.scribd.com/collections/4108500/Critical-Infrastructure 312 https://plus.google.com/u/0/108007903544513887227/posts/8Dc5bn8CR69

89

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

90

Snowden Leaks about USG Surveillance

6/22/2013 16:06:17 a6/p6

I shared my notes, so far, on what we know about US domestic surveillance of America, thanks to leaks from Mr. Ed Snowden, who is currently in Hong Kong. I include a number of implications and nuances, where I have some concerns regarding what we are being told, especially in the area of denials.

Version 0.2 (2013 June 15)
Since I shared Version 0.1, the most significant upgrades, to these notes, have been, general growth in source citations, summary links to fascinating info. June 14 evening, while there are many loose ends I still wish to pursue, plus I have a big growth in stub sections with a little info, but more needed, my research notes have increased approx 50% in size since prior sharing, so I shared V 0.2 that nite, at approx 6 pm, to Scribd and Google Drive docs. The overall contents had become: • 33 pages overall • 111 footnote clusters with urls and citations, with some urls in body of notes • Table of Contents = almost 2 pages • Many areas I wish to expand beyond initial stubs. • 420k Doc • 209k PDF • 86 Scribd reads (maybe 5 me) • 1 Scribd download & 3 likes Major Sections so far: • Introductory – 4 sub-topics • Terminology barely begun – 5 sub-topics • Q+A details – 10 sub-topics • Major sources (14-15 pages) – 12 government, 6 media, 13 technical • Revision summaries – 6 sub-topics Summary statement to social media,313 regarding v 0.2: In 1 day, I have tripled the volume of major source citations, links to critical info about NSA domestic US surveillance, increased overall content by 50%, so I am sharing this revised edition. I continue to have lots of info I still need to check out & add to my notes. June 14, afternoon, after it had been there 20 hours, Scribd shows 82 reads of my notes, so I decided to try to improve the visibility, by mentioning some of the more nasty subtopics. Visability score was 3/5 when I originally uploaded it. It got to 4/5 without me doing anything. Tonite my minor adj, to description, took it to 5/5 visibility. By the time I was done uploading version 0.2 and linking it to Google Plus, I saw I was back down to
313

https://plus.google.com/u/0/108007903544513887227/posts/7KbpfgJ9bQX

90

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

91

Snowden Leaks about USG Surveillance

6/22/2013 16:06:17 a6/p6

4/5 visibility, up to 86 reads, however I also see there has been 1 download and 3 likes. June 14 morning, approx ½ day after I had uploaded version 0.1, Scribd statistics showed 78 reads (3 by me, when originally loading the doc, then checking these statistics)..

Version 0.3 (2013 June 16)
Since I shared Version 0.2, the most significant & informative upgrades and additions, to these notes, have been, see: • In Q+A see o a few Digital Hiding tips. o Declassified Surveillance cases started … more are expected next week, but a couple have previously been declassified • In sources and citations section: o ACLU o FAS • I have doubled Media sources, split them into British vs. USA, also added additional links for some of the media. • For the tech sites allegedly having their data sucked into Prism, I added what personal info is probably there. • While I continue to add chapters which so far do not have much there, I have also been adding a lot to such chapters previously created. Early afternoon June-15 I plan to share this edition, before turning my attention to some day job duties, which I connect to via an encrypted tunnel, and a confidential OS no longer available to any market place. These notes are now up to: • 46 pages • 166 footnotes • TOC just over 2 pages • 572k Doc • 276k PDF • 120 Scribd reads (maybe 8 me) • 1 Scribd download & 4 likes Major Sections so far: • Introductory – 5 sub-topics • Terminology barely begun – 5 sub-topics • Q+A details – 15 sub-topics • Major sources (22-23 pages) – 18 government, 3 media in Britain, 9 in USA, 14 technical • Revision summaries – 7 sub-topics Wee hours of June-14-15 I am about to hit the sack. These notes have grown to:

91

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

92
• • •

Snowden Leaks about USG Surveillance 42 pages 145 footnotes TOC is now 2 pages

6/22/2013 16:06:17 a6/p6

So I tentatively plan to do another sharing Saturday June-15 afternoon. Let’s check TAGS on Scribd. They ought to include: • FISA • Government Secrecy • Hong Kong • National Security • NSA • Patriot Act • Privacy • Snowden • Surveillance • Warrantless Wire Tapping It was visibility 5/5 before I tripled # of tags.

Version 0.4 (2013 June 17)
Since I shared Version 0.3, the most significant & informative upgrades and additions, to these notes, have been, see: • Conclusions chapter begun after Revisions Summary and Other Topics, then I moved them up to Big Picture. • Cross-Indexing Navigation = where a major topic is mentioned in different chapters, I now have a chapter, just for that topic, which lists other places where it is referenced. • Cryptome relevant links • EU Parliament discussion of NSA spying on EU citizens • Lawfare – unless I dream up major restructuring of my notes, it may be time to go to heading level FOUR. • Links to a mountain of articles have been inserted, but so far I have only read a fraction of them. I seek to aggregate what’s available, then pursue as time permits. I am seeing multiple references to some articles, trying to avoid duplication, but that may be unavoidable. • Privacy Activist groups: links to articles about this topic. • Security Illusions expanded • Wikipedia relevant links • I rearranged stuff at end, to make it easier to measure document scope, at times of various new edition shares.

92

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

93

Snowden Leaks about USG Surveillance

6/22/2013 16:06:17 a6/p6

I planned to upload another edition of these notes Sunday nite. About 3 pm my Central time, I uploaded USG statement about the situation here,314 and noted that at that time, my Snowden Leaks document on Scribd was up to 154 reads (maybe 9 me). Sunday June-16 evening, I get to another good break point, for sharing my notes so far. They are now up to: • 76 pages • 262 footnotes • TOC just over 3 pages • 1 Meg Doc • 462k PDF • 156 Scribd reads (maybe 11 me) • 1 Scribd download & 5 likes Major Sections so far: • Introductory (4 pages dominated by Big Picture) – 6 sub-topics • Terminology barely begun (4 pages) – 6 sub-topics • Q+A details (13 pages) – 16 sub-topics • Major sources (44 pages) – 6 gov B4 US, 21 US gov, 1 media global, 6 media Britain, 30 media USA some still stubs, not counting 11 Lawfare, 15 technical • Revision summaries – related stuff has been moved

Version 0.5 (2013 June 23)
Saturday morning June-22 I decided to re-share so far. As usual, news has been pouring in on this recently breaking story, where I have not yet included all the stuff I would like to have in these notes. They are now up to: • 91 pages • 314 footnotes • TOC just under 4 3 pages • 1.2 Meg Doc • 533k PDF • 234 Scribd reads (maybe 11 me)315 • 1 Scribd download & 5 likes Since I shared Version 0.4, the most significant & informative upgrades and additions, to these notes, have been, see: • Some excessively long chapters have been broken down into sub-topic breaks. • 39 chapters have been added or updated. (Dates more recent than June-16.) • Hack Back is new content here. Major Sections so far:
314 315

http://www.scribd.com/doc/148194460/USG-Surveillance-Background-215-702-June-2013 Grand Total 65,677 total reads of 66 docs I have uploaded so far to Scribd = an average of 1,000 each.

93

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

94
• • • •

Snowden Leaks about USG Surveillance

6/22/2013 16:06:17 a6/p6

Introductory (4 pages dominated by Big Picture) (no change since prior share) – 6 sub-topics Terminology barely begun (6 pages) – 7 sub-topics Q+A details (15 pages) – 19 sub-topics Major sources (53 pages), summarizing what each have to say, some still stubs -o 4 gov B4 US, o 26 US gov, o 1 media global, o 1 media Australia, o 6 media Britain, o 1 media Pakistan, o 34 media USA, not counting 10 Lawfare sub-topics o 15 technical Revision summaries

Version 0.6 (2013 June 23)
Since I shared Version 0.5, the most significant & informative upgrades and additions, to these notes, have been, see:

94

Folder: Studies / Nat’l Security / USG Surveillance / Doc: Snowden Leaks

Sign up to vote on this title
UsefulNot useful