NSA Surveillance Reform - Snowden’s Vindication.

Uploaded on 2015-06-05 in NEWS-News Analysis, INTELLIGENCE--International, FREE TO VIEW

snowden-quote_n.jpg

The US Senate has passed a bill to end the bulk collection of millions of Americans’ phone records, ushering in the country’s most significant surveillance reform since 1978 two years after NSA whistleblower Edward Snowden’s revelations to the Guardian newspaper. 

The White House recently refused to reconsider its legal pursuit of Edward Snowden on Monday, while it sought to take credit for outlawing the bulk telephone surveillance programme he revealed.

Daniel Ellsberg Credits Snowden

NSA whistleblower Edward Snowden should be thanked for sparking the debate that forced Congress to change US surveillance law, Daniel Ellsberg, the man who leaked the Pentagon Papers, said Monday.

Other prominent US whistleblowers also gave Snowden credit and argued that the curbs in the NSA’s surveillance powers by Congress – combined with a federal court ruling last month that bulk phone record collection is illegal – should open the way for him to be allowed to return to the US, although they conceded this was unlikely. Ellsberg, the former US military analyst who risked jail in 1971 by leaking Pentagon papers showing the White House lied about the Vietnam war, welcomed the concessions made by the Senate, limited as they are. Sweeping US surveillance powers used by the NSA expired at midnight after a dramatic showdown in the Senate. Some are likely to be replaced with those in new legislation, the USA Freedom Act.

Paradox
Here is the paradox. Edward Snowden sits in exile in Moscow, knowing that if he returned to the west, as he would like to, he’d almost certainly wind up in jail. Yet at the same time, no one disputes that Mr Snowden has sparked a global debate about privacy, which saw the US Senate rein in the National Security Agency’s powers, most notably to collect the telephone records of millions of Americans. 
Three provisions of the post-9/11 Patriot Act have expired, and while replacement legislation will soon enough be passed it is likely to embody certain post-Snowden reforms. The American outlaw, then, is remaking the American law.
Recently senators voted 67-32 to pass the USA Freedom Act, which overwhelmingly cleared the House of Representatives. Hours later, Barack Obama signed the legislation, after saying he would “work expeditiously to ensure our national security professionals again have the full set of vital tools they need to continue protecting the country”.
The passage of the USA Freedom Act paves the way for telecom companies to assume responsibility of the controversial phone records collection program, while also bringing to a close a short lapse in the broad NSA and FBI domestic spying authorities. 

The American Civil Liberties Union praised the passage of the USA Freedom Act as “a milestone” but pointed out that there were many more “intrusive and overbroad” surveillance powers yet untouched.

But the Law is only Part of the Story

Privacy advocates were, of course, cautious not to overstate the significance of the act’s suspension. But behind this caution, their successes are far more extensive than the symbolic demise of the Patriot Act. From the perspective of surveillance, the damage has already been done.

The ‘Snowden effect’, named after the whistleblower responsible for outing government surveillance in the US and UK, has brought more companies and technologists to the fight. Often their purpose is to provide privacy tools that are powerful, open-source and accessible to the masses and of course make them money. And of course as fears over our privacy continue to grow and the government talks about further extending surveillance capability, ordinary people are turning to these tools. What’s more, for the first time, they are beginning to be adopted on a massive scale.

Scale is a significant change, and a significant challenge to security services. Take Tor. Tor is a web browser-cum-network that scrambles your connections and makes your Internet browsing more difficult to track. Both Tor and other publicly available encryption tools always come with a caveat. Although frequently very powerful, especially in combination with one another, they are not perfect. With enough work and with the resources at the disposal of government organisations, a single user’s communications are at risk: the sheer firepower that the security services can use to break into secure channels means that a single suspect is up against it.

This is probably a good thing. If we believe our security services should have the resources to protect us from those who would plan acts of terrorism, for example, then they must be able to intercept the communications of suspects under investigation. Isis advise use of encryption to its supporters in order to protect their identities and whereabouts. Anders Breivik wrote a blog on it. If a suspect was under investigation we would rightly expect MI5 to use wiretaps and human surveillance, after all. Digital communications should be no different.

Bitcoin technology could stop the next Snowden

The NSA knows Edward Snowden disclosed many of its innermost secrets when he revealed how aggressive its surveillance tactics are. What it doesn’t know is just how much information the whistleblower took with him when he left. For all of its ability to track our telecommunications, the NSA seemingly had little clue exactly what documents, or even how many documents, Snowden gave to the media. Like most large organizations, the NSA had tools in place to track who accessed what data and when. But Snowden, a system administrator, apparently was able to cover his tracks by deleting or modifying the log files that tracked that access.

An Estonian company called Guardtime says it has a solution to that: using the same ideas that underpin the digital currency Bitcoin, the company says it can ensure no one can alter digital files, not even an organization’s most senior executives or IT managers. The idea is to stop the next Snowden in his tracks by making it impossible to tamper with data, such as the NSA log files, in secret.

Had the NSA been using Black Lantern, the agency would have been able to detect Snowden’s activities early on, or at least would have much better idea of what Snowden took, says Guardtime CTO Matt Johnson, a former agent with the Air Force Office of Special Investigations agent and defense contractor.

Using Guardtime, a government could, in theory, give all citizens a copy of a blockchain that records changes to email log files. It wouldn’t stop a political leader from deleting important email, and it wouldn’t place the contents of the email, or even the metadata, in the ledger. But it would alert auditors and investigators to changes.

Wired:  http://wrd.cm/1I9B3dR
Spectator:  http://bit.ly/1FtLJ0O
Guardian:  http://bit.ly/1IarPep    http://bit.ly/1Jrq2oi    http://bit.ly/1M5U27n   http://bit.ly/1SSCPTB

« Mass surveillance is Being Undermined by the ‘Snowden Effect’
Sophos to Raise £100m From Stock Market Float »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

NUS-Singtel Cyber Security R&D Lab

NUS-Singtel Cyber Security R&D Lab

NUS-Singtel Cyber Security R&D Lab conducts research into predictive security analytics.

SecuriThings

SecuriThings

SecuriThings is a User and Entity Behavioral Analytics (UEBA) solution for IoT security.

CyberDefcon

CyberDefcon

CyberDefcon is an independent organization dedicated to the pursuit of making the internet a safer place.

ClearDATA

ClearDATA

The ClearDATA Managed Cloud protects sensitive healthcare data using purpose-built DevOps automation, compliance and security safeguards, and healthcare expertise.

Magal Security Systems (Magal S3)

Magal Security Systems (Magal S3)

Magal Security Systems is a leading international provider of integrated solutions and products for physical and cyber security, safety and site management.

Intrasoft International

Intrasoft International

Intrasoft International is a leading European IT Solutions and Services Group offering a full range of IT services including Information Security.

SaferVPN

SaferVPN

SaferVPN is a Virtual Private Network services provider offering secure encrypted access to the internet.

Certis

Certis

Certis is a leading advanced integrated security organisation that develops and delivers multi-disciplinary security and integrated services.

Nubeva Technologies

Nubeva Technologies

Nubeva provide a breakthrough TLS Decrypt solution with Symmetric Key Intercept to gain the visibility needed to monitor and secure network traffic.

Riskaware

Riskaware

CyberAware, by Riskaware, provides business-critical cyber attack analysis and impact assessments using NIST standards aligned with NCSC guidance.

Audea

Audea

Audea is a consultancy firm specialising in cybersecurity, risk and compliance. We provide professional services addressing all areas of Cybersecurity and GRC.

xorlab

xorlab

xorlab is a Swiss cybersecurity company providing specialized, machine-intelligent defense against highly engineered, sophisticated and targeted email attacks.

Shield Capital

Shield Capital

Shield Capital helps founders build frontier solutions in cybersecurity, artificial intelligence, space & autonomy for commercial and government enterprises.

Obrela Security Industries

Obrela Security Industries

Obrela Security manage cyber exposure, risks and compliance. We identify, predict and prevent cyber threats in real time. As a service, personalised, on demand.

CyberXposure

CyberXposure

CyberXposure has been built by a team comprising of Cyber Security Professionals and SAAS experts in data backup, disaster recovery and cyber-security.

Qevlar AI

Qevlar AI

Qevlar AI empowers SOC teams, to eliminate redundant tasks and refocus on what truly matters - making the most of every employee within the SecOps team.