A federal appeals court’s August ruling in which it said the federal government may spy on Americans’ communications without warrants and without fear of being sued won’t be appealed to the Supreme Court, attorneys in the case said Thursday.
LAS VEGAS — A former NSA official has accused the NSA’s director of deception during a speech he gave at the DefCon hacker conference on Friday when he asserted that the agency does not collect files on Americans.
William Binney, a former technical director at the NSA, said during a panel discussion that NSA Director Gen. Keith Alexander was playing a “word game” and that the NSA was indeed collecting e-mails, Twitter writings, internet searches and other data belonging to Americans and indexing it.
“Unfortunately, once the software takes in data, it will build profiles on everyone in that data,” he said. “You can simply call it up by the attributes of anyone you want and it’s in place for people to look at.”
He said the NSA began building its data collection system to spy on Americans prior to 9/11, and then used the terrorist attacks that occurred that year as the excuse to launch the data collection project.
“It started in February 2001 when they started asking telecoms for data,” Binney said. “That to me tells me that the real plan was to spy on Americans from the beginning.”
Binney is referring to assertions that former Qwest CEO James Nacchio made in court documents in 2007 that the NSA had asked Qwest, AT&T, Verizon and Bellsouth in early 2001 for customer calling records and that all of the other companies complied with the request, but Nacchio declined to participate until served with a proper legal order.
“The reason I left the NSA was because they started spying on everybody in the country. That’s the reason I left,” said Binney, who resigned from the agency in late 2001.
Binney was contradicting statements made on Friday by Alexander, who told the crowd of hackers and security professionals that his agency “absolutely” does not maintain files on Americans.
“And anybody who would tell you that we’re keeping files or dossiers on the American people,” Alexander continued, “knows that’s not true.”
Alexander also told the audience that the NSA targets only foreign entities and that if it “incidentally” picked up the data of Americans in the process, the agency was required to “minimize” the data, “which means nobody else can see it unless there’s a crime that’s been committed.” Minimization refers to legal restrictions under the United states Signals Intelligence Directive 18 on how data pertaining to U.S. citizens can be handled, distributed or retained.
Following the panel discussion, a former attorney for the NSA elaborated on this to Threat Level.
“You’re looking at a data stream that originates in a foreign country. It just happens to be transiting the United States,” said Richard Marshall, former associate general counsel for information assurance at the NSA. “You’re authorized by law to collect that data and to analyze that data. Even though it was captured on U.S. soil, it’s against a foreign target. Now in the process of doing that, yes, there is a possibility, more than a possibility I guess, that there will be some U.S. person who is involved in a conversation with a foreign entity, a foreign person. So what? If you’re not collecting data against that U.S. person, what’s the harm?”
But ACLU staff attorney Alex Abdo, who was also on the panel, noted that a gaping loophole in the laws governing the NSA allows the agency to do dragnet surveillance of non-Americans and, in the process sweep up the data of Americans they may be communicating with, and hold onto that data even though the Americans aren’t the target. The NSA can then “target [the Americans] after-the-fact.” If, for example, new information came to light involving an American whose information is in the database, the NSA can sift through the “minimized” data and at that point “get the info that they couldn’t target from the outset.”
Earlier this month, the Office of the Director of National Intelligence admitted in a letter sent to Senator Ron Wyden that on at least one occasion the NSA had violated the Constitutional prohibitions on unlawful search and seizure.
According to the letter, the Foreign Intelligence Surveillance Court found that “minimization procedures” used by the government while it was collecting intelligence were “unreasonable under the Fourth Amendment.”
Author James Bamford, speaking with Abdo and Binney, said that the NSA could also get around the law against targeting Americans by targeting a call center for a U.S. company that is based overseas, perhaps in India. When Americans then called the center to obtain information about their bank account or some other transaction, the NSA would be able to pick up that communication.
Finally, Binney contradicted Alexander’s earlier claims that the agency could not violate the law even if it wanted to do so because the NSA is monitored by Congress, both intel committees and their congressional members and their staffs. “So everything we do is auditable by them, by the FISA court … and by the administration. And everything we do is accountable to them…. We are overseen by everybody,” Alexander had said.
But these assertions are disingenuous since, Binney said, “all the oversight is totally dependent on what the NSA tells them. They have no way of knowing what [the NSA is] really doing unless they’re told.”
The National Security Agency is partnering with select universities to train students in cyber operations for intelligence, military and law enforcement jobs, work that will remain secret to all but a select group of students and faculty who pass clearance requirements, according to Reuters.
The cyber-operations curriculum is part of the Obama administration’s national initiative to improve cybersecurity through education, and is designed to prepare students for jobs with the U.S. Cyber Command, the NSA’s signals intelligence operations, the Federal Bureau of Investigation and other law enforcement agencies that investigate cyber crimes.
The U.S. Cyber Command’s job is, in part, to support the military in offensive cyber operations against enemy networks, suggesting the students would be trained in the methods of hackers.
“We’re trying to create more of these, and yes they have to know some of the things that hackers know, they have to know a lot of other things too, which is why you really want a good university to create these people for you,” Neal Ziring, technical director at the NSA’s Information Assurance Directorate, told Reuters.
But another NSA official was quick to add that the NSA wasn’t looking to teach students illegal hacking techniques.
“We are not asking them to teach kids how to break into systems, we’re not asking them to teach that. And a lot of them have said they wouldn’t teach that,” said Steven LaFountain, a senior NSA official who guides academic programs told Reuters. “We’re just asking them to teach the hardcore fundamental science that we need students to have when they come to work here.”
Although 20 universities applied to participate in the program, only four were selected so far: Dakota State University, Naval Postgraduate School, Northeastern University and University of Tulsa.
Schools applying for the program had to meet 10 criteria, among them was a requirement that they teach courses in reverse engineering.
Once the students have the basic knowledge needed, they will be eligible to receive training to work in classified jobs with the NSA.
“In our operational developmental organization, we would spend up to 12 months to give them the secret sauce, the tradecraft, the really deep technical training so that they could make themselves useful in doing what we need them to do, and that’s with that technical underpinning,” Captain Jill Newton, who leads NSA’s cyber training and education programs, told Reuters.
A bomb threat at the NSA’s spanking new massive data center in Utah has led authorities to evacuate workers, according to the Associated Press.
Bomb-sniffing dogs have reportedly been brought in to search for anything suspicious. Workers were evacuated around 11:30 Monday morning.
The facility, being built at Utah’s Camp Williams, was the focus of an extensive recent Wired article written by NSA expert James Bamford.
Under construction by U.S. Army Corps of Engineers contractors with top-secret clearances since January, the controversial, heavily fortified $2 billion Utah Data Center is slated to be up and running by September 2013. Its purpose will be “to intercept, decipher, analyze, and store vast swaths of the world’s communications as they zap down from satellites and zip through the underground and undersea cables of international, foreign, and domestic networks,” according to Bamford.
Flowing through its servers and routers and stored in near-bottomless databases will be all forms of communication, including the complete contents of private emails, cell phone calls, and Google searches, as well as all sorts of personal data trails—parking receipts, travel itineraries, bookstore purchases, and other digital “pocket litter.” It is, in some measure, the realization of the “total information awareness” program created during the first term of the Bush administration—an effort that was killed by Congress in 2003 after it caused an outcry over its potential for invading Americans’ privacy.
A federal appeals court on Friday upheld the National Security Agency’s decision to withhold from the public documents confirming or denying any relationship it has with Google concerning encryption and cybersecurity.
That’s despite the fact that Google itself admitted it turned to “U.S. authorities,” which obviously includes the NSA, after the search giant’s Chinese operation was deeply hacked. Former NSA chief Mike McConnell told the Washington Post that collaboration between the NSA and private companies like Google was “inevitable.”
The Electronic Privacy Information Center, invoking the Freedom of Information Act, had sought such documents following the January 2010 cyberattack on Google that targeted the Gmail accounts of Chinese human rights activists. The attack was among the considerations that prompted Google to consider abandoning China, and Google announced that it was “working with the relevant U.S. authorities.”
The Wall Street Journal and the Washington Post followed up, saying Google had contacted the NSA following the attack.
EPIC sought documents seeking to know what type of collaboration there was between Google and the NSA and, among other things, records of communication between the NSA and Google concerning Google’s e-mail service Gmail.
In response, the NSA invoked a so-called “Glomar” response, in which the agency neither confirmed nor denied the existence of records on the topic at all. EPIC sued and lost in the lower courts.
On appeal, the U.S. Circuit Court of Appeals for the District of Columbia Circuit sided with the NSA’s conclusion that admitting the existence of relevant documents would harm national security (.pdf).
Judge Janice Rogers Brown, in a 3-0 opinion, sided with the government’s contention that acknowledging any records “might reveal whether the NSA investigated the threat,” or “deemed the threat a concern to the security of the U.S. government.”
If we removed all the legalese, the appellate court upheld the government’s often-said contention that, “if we told you, we’d have to kill you.”
A top British codebreaker whose naked body was found in a sports bag in his bathtub in 2010 was likely killed by suffocation or poisoning in a “premeditated criminal act,” according to a coroner who delivered her verdict at the end of a seven-day inquest.
Coroner Fiona Wilcox said that Gareth Williams’ death will likely never be fully explained, but that murder by an intelligence agency or intelligence colleague could not be ruled out. She said that there was no evidence to support claims that Williams’ death was linked to his interest in bondage and speculated that such assertions might be an attempt by some to influence and manipulate the investigation.
Wilcox also criticized the police and MI6 for their handling of the death and investigation, noting that MI6 was late in submitting evidence to police and prevented them from speaking with Williams’ colleagues directly.
Testimony presented at the inquest showed that MI6, the spy agency with which Williams was contracted at the time of his death, failed to adequately check up on him despite his failure to show up for work for several days, and that by the time Williams was finally reported missing after seven days, his body had badly decomposed, thwarting efforts to determine a cause of death. Testimony also revealed that it was only this week that the spy agencies gave investigators nine thumb drives that had been found at Williams’ workplace.
Wilcox told the court that the testimony of Williams’ MI6 manager about why Williams’ absence from work raised little concern stretched the “bounds of credibility.” She also said that while it appeared unlikely that British spy agencies played a role in the coder’s death, it was still a “legitimate line of inquiry” for the investigation.
Family and friends testified that Williams was unhappy with his work environment at MI6 and felt he didn’t fit in with his colleagues. He was on contract with MI6 for three years, but had requested to be released from it after a year to return to Government Communications Headquarters (GCHQ).
During the inquest, testimony revealed that the coder had conducted unauthorized searches on an MI6 database that could have put him at risk if he was discovered. Investigators said, however, that MI6, Britain’s top spy agency, was unaware that Williams had conducted the searches.
Williams, who was 31 at the time he died, was found inside a North Face nylon sports bag in the bathtub of his apartment in August 2010. His nude body was in the fetal position with his arms folded across his chest. The bag was closed with a padlock, and two keys to the padlock were found underneath Williams’ body inside the bag.
Investigating the possibility that Williams had placed himself in the bag, an expert witness testified that he attempted 300 times to lock himself inside a similar sports bag in a bathtub, and was unable to do so.
“I couldn’t say it’s impossible, but I think even Houdini would have struggled with this one,” expert Peter Faulding told the court.
It’s believed that Williams was alive, and likely unconscious, when he was placed in the bag or was placed in it shortly after death before rigor mortis had set in. His mobile phone and a number of SIM cards were laid out on a table near the body, according to news reports. The phone had been restored to its factory settings. There were no signs of forced entry to the apartment and no signs of a struggle.
The coroner said she was sure that a third party had moved the bag containing Williams’ body into the bathtub, noting that it was “significant” that no hand or footprints were found in the bathroom.
Williams was described by those who knew him as a “math genius” and worked for GCHQ in the United Kingdom, helping to break coded Taliban communications, among other things. He was just completing a year-long stint with MI6, Britain’s secret intelligence service, and was looking forward to returning to GCHQ when his body was found.
Williams had worked with the NSA and British intelligence to intercept e-mail messages that helped convict would-be bombers in the U.K. He had made repeated visits to the U.S. to meet with the National Security Agency and worked closely with British and U.S. spy agencies to intercept and examine communications that passed between an al Qaeda official in Pakistan and three men who were convicted in 2009 of plotting to bomb transcontinental flights, according to British news reports.
Williams flew up to four times a year to the U.S. to the NSA’s headquarters at Fort Meade HQ. His uncle, Michael Hughes, told the British paper the Mirror that Williams would mysteriously disappear for three or four weeks.
“The trips were very hush-hush,” Hughes said. “They were so secret that I only recently found out about them – and we’re a very close family. It had become part of his job in the past few years. His last trip out there was a few weeks ago, but he was regularly back and forth.”
He is believed to have returned from a trip abroad on August 11, 2010. He was last seen alive on August 15, eight days before his body was found.
Investigators, however, said they have ruled out that Williams’ death was related to his work, although they have not revealed how they arrived at this conclusion.
There were rumors leaked to the press that the coder’s death had to do with sexual play. The browser history on Williams’ computer and one of his phones showed that he had visited bondage sites, and former landlords testified that they once found the coder tied to his bed wearing only boxing shorts. He told them he had just been “messing around” and had tied the bindings too tightly. Investigators also found more than $30,000 worth of women’s designer clothes and accessories in his apartment, as well as a woman’s brightly colored orange wig.
But the coroner said it was “highly unlikely” that sadomasochism or other sexual play had a role in Williams’ death, and investigators said there was no indication that he had anything more than a passing interest in bondage. Friends also said that the women’s clothes found in his apartment were likely gifts for a fashion designer friend and others, although they were in sizes that would have fit Williams. There was also indication that the wig and some of the clothes may have been for a costume party.