NSA Surveillance Reform - Snowden’s Vindication.

Uploaded on 2015-06-05 in NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW

snowden-quote_n.jpg

The US Senate has passed a bill to end the bulk collection of millions of Americans’ phone records, ushering in the country’s most significant surveillance reform since 1978 two years after NSA whistleblower Edward Snowden’s revelations to the Guardian newspaper. 

The White House recently refused to reconsider its legal pursuit of Edward Snowden on Monday, while it sought to take credit for outlawing the bulk telephone surveillance programme he revealed.

Daniel Ellsberg Credits Snowden

NSA whistleblower Edward Snowden should be thanked for sparking the debate that forced Congress to change US surveillance law, Daniel Ellsberg, the man who leaked the Pentagon Papers, said Monday.

Other prominent US whistleblowers also gave Snowden credit and argued that the curbs in the NSA’s surveillance powers by Congress – combined with a federal court ruling last month that bulk phone record collection is illegal – should open the way for him to be allowed to return to the US, although they conceded this was unlikely. Ellsberg, the former US military analyst who risked jail in 1971 by leaking Pentagon papers showing the White House lied about the Vietnam war, welcomed the concessions made by the Senate, limited as they are. Sweeping US surveillance powers used by the NSA expired at midnight after a dramatic showdown in the Senate. Some are likely to be replaced with those in new legislation, the USA Freedom Act.

Paradox
Here is the paradox. Edward Snowden sits in exile in Moscow, knowing that if he returned to the west, as he would like to, he’d almost certainly wind up in jail. Yet at the same time, no one disputes that Mr Snowden has sparked a global debate about privacy, which saw the US Senate rein in the National Security Agency’s powers, most notably to collect the telephone records of millions of Americans. 
Three provisions of the post-9/11 Patriot Act have expired, and while replacement legislation will soon enough be passed it is likely to embody certain post-Snowden reforms. The American outlaw, then, is remaking the American law.
Recently senators voted 67-32 to pass the USA Freedom Act, which overwhelmingly cleared the House of Representatives. Hours later, Barack Obama signed the legislation, after saying he would “work expeditiously to ensure our national security professionals again have the full set of vital tools they need to continue protecting the country”.
The passage of the USA Freedom Act paves the way for telecom companies to assume responsibility of the controversial phone records collection program, while also bringing to a close a short lapse in the broad NSA and FBI domestic spying authorities. 

The American Civil Liberties Union praised the passage of the USA Freedom Act as “a milestone” but pointed out that there were many more “intrusive and overbroad” surveillance powers yet untouched.

But the Law is only Part of the Story

Privacy advocates were, of course, cautious not to overstate the significance of the act’s suspension. But behind this caution, their successes are far more extensive than the symbolic demise of the Patriot Act. From the perspective of surveillance, the damage has already been done.

The ‘Snowden effect’, named after the whistleblower responsible for outing government surveillance in the US and UK, has brought more companies and technologists to the fight. Often their purpose is to provide privacy tools that are powerful, open-source and accessible to the masses and of course make them money. And of course as fears over our privacy continue to grow and the government talks about further extending surveillance capability, ordinary people are turning to these tools. What’s more, for the first time, they are beginning to be adopted on a massive scale.

Scale is a significant change, and a significant challenge to security services. Take Tor. Tor is a web browser-cum-network that scrambles your connections and makes your Internet browsing more difficult to track. Both Tor and other publicly available encryption tools always come with a caveat. Although frequently very powerful, especially in combination with one another, they are not perfect. With enough work and with the resources at the disposal of government organisations, a single user’s communications are at risk: the sheer firepower that the security services can use to break into secure channels means that a single suspect is up against it.

This is probably a good thing. If we believe our security services should have the resources to protect us from those who would plan acts of terrorism, for example, then they must be able to intercept the communications of suspects under investigation. Isis advise use of encryption to its supporters in order to protect their identities and whereabouts. Anders Breivik wrote a blog on it. If a suspect was under investigation we would rightly expect MI5 to use wiretaps and human surveillance, after all. Digital communications should be no different.

Bitcoin technology could stop the next Snowden

The NSA knows Edward Snowden disclosed many of its innermost secrets when he revealed how aggressive its surveillance tactics are. What it doesn’t know is just how much information the whistleblower took with him when he left. For all of its ability to track our telecommunications, the NSA seemingly had little clue exactly what documents, or even how many documents, Snowden gave to the media. Like most large organizations, the NSA had tools in place to track who accessed what data and when. But Snowden, a system administrator, apparently was able to cover his tracks by deleting or modifying the log files that tracked that access.

An Estonian company called Guardtime says it has a solution to that: using the same ideas that underpin the digital currency Bitcoin, the company says it can ensure no one can alter digital files, not even an organization’s most senior executives or IT managers. The idea is to stop the next Snowden in his tracks by making it impossible to tamper with data, such as the NSA log files, in secret.

Had the NSA been using Black Lantern, the agency would have been able to detect Snowden’s activities early on, or at least would have much better idea of what Snowden took, says Guardtime CTO Matt Johnson, a former agent with the Air Force Office of Special Investigations agent and defense contractor.

Using Guardtime, a government could, in theory, give all citizens a copy of a blockchain that records changes to email log files. It wouldn’t stop a political leader from deleting important email, and it wouldn’t place the contents of the email, or even the metadata, in the ledger. But it would alert auditors and investigators to changes.

Wired:  http://wrd.cm/1I9B3dR
Spectator:  http://bit.ly/1FtLJ0O
Guardian:  http://bit.ly/1IarPep    http://bit.ly/1Jrq2oi    http://bit.ly/1M5U27n   http://bit.ly/1SSCPTB

« Mass surveillance is Being Undermined by the ‘Snowden Effect’
Sophos to Raise £100m From Stock Market Float »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

RSA Security

RSA Security

RSA provide cybersecurity products for Threat Detection and Response, Identity and Access Management, Governance, Risk and Compliance, and Fraud Prevention.

Qualitèsoft Technology

Qualitèsoft Technology

Qualitèsoft Technology is a leading Software Development and Quality Assurance organization. We specialize in Custom Development, Mobile Application, Software Testing and Quality Assurance.

Cyber Together

Cyber Together

Cyber Together is dedicated to advancing the cyber security industry by giving businesses access to Israel’s leaders, innovators and great minds in the field of cyber security.

Cybersecurity Philippines CERT (CSP-CERT)

Cybersecurity Philippines CERT (CSP-CERT)

Cybersecurity Philippines CERT is the national Computer Emergency Response Team for the Philippines.

Clavister

Clavister

Clavister is a network security vendor delivering a full range of network security solutions for both physical and virtualized environments.

Introspective Networks

Introspective Networks

Introspective Networks (IN) is a Cybersecurity company focusing on securing data in the network and automating knowledge work to decrease vulnerability points to critical infrastructure.

TCPWave

TCPWave

TCPWave IPAM is the world’s first acclaimed DNS/DHCP management software to pass the most stringent Information security tests.

SenseOn

SenseOn

SenseOn’s multiple threat-detection senses work together to detect malicious activity across an organisation’s entire digital estate, covering the gaps that single point solutions create.

Innovation Cybersecurity Ecosystem at BLOCK71 (ICE71)

Innovation Cybersecurity Ecosystem at BLOCK71 (ICE71)

Innovation Cybersecurity Ecosystem at BLOCK71 (ICE71) is Singapore's first cybersecurity entrepreneur hub.

ShorePoint

ShorePoint

ShorePoint helps customers focus on visibility, analytics and context to make timely and informed risk-based decisions to protect their infrastructure.

Global Cyber Security Capacity Centre (GCSCC) - Oxford University

Global Cyber Security Capacity Centre (GCSCC) - Oxford University

GCSCC's work is focused on developing a framework for understanding what works, what doesn’t work and why – across all areas of cybersecurity capacity.

Field Effect Software

Field Effect Software

Field Effect Software build sophisticated and integrated IT security, threat surface reduction, training and simulation capabilities for enterprises and small businesses.

Symmetry Systems

Symmetry Systems

Symmetry Systems is a provider of data store and object-level security (DSOS) solutions that give organizations visibility into, and unified access control of, their most valuable data assets.

Swiss Cyber Forum (SCF)

Swiss Cyber Forum (SCF)

The Swiss Cyber Forum (SCF) builds competences and helps its members to mitigate the cyber risks associated with digitalisation.

Security Discovery

Security Discovery

Stay ahead of cyber threats with Security Discovery. We offer expert consulting, comprehensive services, and a powerful vulnerability monitoring SaaS platform.

Wired Assurance

Wired Assurance

Wired Assurance is a testing and assurance company, specialized in software applications and blockchain smart contracts.