The U.S. National Security Agency accessed the internal communications of Venezuela’s state-owned oil company, Petroleos de Venezuela and acquired sensitive data it planned to exploit in order to spy on the company’s top officials, according to a highly classified NSA document that reveals the operation was carried out in concert with the U.S. embassy in Caracas.
The March 2011 document, labeled, “top secret,” and provided by former NSA contractor-turned-whistleblower Edward Snowden, is being reported on in an exclusive partnership between teleSUR and The Intercept.
Drafted by an NSA signals development analyst, the document explains that PDVSA’s network, already compromised by U.S. intelligence, was further infiltrated after an NSA review in late 2010 – during President Barack Obama’s first term, which would suggest he ordered or at least authorized the operation – “showed telltale signs that things were getting stagnant on the Venezuelan Energy target set.” Most intelligence “was coming from warranted collection,” which likely refers to communications that were intercepted as they passed across U.S. soil. According to the analyst, “what little was coming from other collectors,” or warrantless surveillance, “was pretty sparse.”
Beyond efforts to infiltrate Venezuela’s most important company, the leaked NSA document highlights the existence of a secretive joint operation between the NSA and the Central Intelligence Agency operating out of the U.S. embassy in Caracas. A fortress-like building just a few kilometers from PDVSA headquarters, the embassy sits on the top of a hill that gives those inside a commanding view of the Venezuelan capital.
Last year, Der Spiegel published top-secret documents detailing the state-of-the-art surveillance equipment that the NSA and CIA deploy to embassies around the world. That intelligence on PDVSA had grown “stagnant” was concerning to the U.S. intelligence community for a number of reasons, which its powerful surveillance capabilities could help address.
“Venezuela has some of the largest oil and natural gas reserves in the world,” the NSA document states, with revenue from oil and gas accounting “for roughly one third of GDP” and “more than half of all government revenues.”
“To understand PDVSA,” the NSA analyst explains, “is to understand the economic heart of Venezuela.”
Increasing surveillance on the leadership of PDVSA, the most important company in a South American nation seen as hostile to U.S. corporate interests, was a priority for the undisclosed NSA division to which the analyst reported. “Plainly speaking,” the analyst writes, they “wanted PDVSA information at the highest possible levels of the corporation – namely, the president and members of the Board of Directors.”
Given a task, the analyst got to work and, with the help of “sheer luck,” found his task easier than expected.
It began simply enough: with a visit to PDVSA’s website, “where I clicked on ‘Leadership’ and wrote down the names of the principals who would become my target list.” From there, the analyst “dumped the names” into PINWALE, the NSA’s primary database of previously intercepted digital communications, automatically culled using a dictionary of search terms called “selectors.” It was an almost immediate success.
In addition to email traffic, the analyst came across over 10,000 employee contact profiles full of email addresses, phone numbers, and other useful targeting information, including the usernames and passwords for over 900 PDVSA employees. One profile the analyst found was for Rafael Ramirez, PDVSA’s president from 2004 to 2014 and Venezuela’s current envoy to the United Nations. A similar entry turned up for Luis Vierma, the company’s former vice president of exploration and production.
“Now, even my old eyes could see that these things were a goldmine,” the analyst wrote. The entries were full of “work, home, and cell phones, email addresses, LOTS!” This type of information, referred to internally as “selectors,” can then be “tasked” across the NSA’s wide array of surveillance tools so that any relevant communications will be saved.
According to the analyst, the man to whom he reported “was thrilled!” But “it is what happened next that really made our day.”
“As I was analyzing the metadata,” the analyst explains, “I clicked on the ‘From IP’ and noticed something peculiar,” all of the employee profile, “over 10,000 of them, came from the same IP!!!” That, the analyst determined, meant “I had been looking at internal PDVSA comms all this time!!! I fired off a few emails to F6 here and in Caracas, and they confirmed it!”
“Metadata” is a broad term that can include the phone numbers a target has dialed, the duration of the call and from where it was placed, as well as the Wi-Fi networks used to access the Internet, the websites visited and the times accessed. That information can then be used to identify the user.
F6 is the NSA code name for a joint operation with the CIA known as the Special Collection Service, based in Beltsville, Maryland – and with agents posing as diplomats in dozens of U.S. embassies around the world, including Caracas, Bogota and Brasilia.
In 2013, Der Spiegel reported that it was this unit of the U.S. intelligence bureaucracy that had installed, within the U.S. embassy in Berlin, “sophisticated listening devices with which they can intercept virtually every popular method of communication: cellular signals, wireless networks and satellite communication.” The article suggested this is likely how the U.S. tapped into German Chancellor Angela Merkel’s cellphone.
SCS at the U.S. embassy in Caracas played an active role throughout the espionage activities described in the NSA document. “I have been coordinating with Caracas,” the NSA analyst states, “who have been surveying their environment and sticking the results into XKEYSCORE.”
XKEYSCORE, as reported by The Intercept, processes a continuous “flow of Internet traffic from fiber optic cables that make up the backbone of the world’s communication network,” storing the data for 72 hours on a “rolling buffer” and “sweep[ing] up countless people’s Internet searches, emails, documents, usernames and passwords.”
The NSA’s combined databases are, essentially, “a very ugly version of Google with half the world’s information in it,” explained Matthew Green, a professor at the Johns Hopkins Information Security Institute, in an email. “They’re capturing so much information from their cable taps, that even the NSA analysts don’t know what they’ve got,” he added, “an analyst has to occasionally step in and manually dig through the data” to see if the information they want has already been collected.
That is exactly what the NSA analyst did in the case of PDVSA, which turned up even more leads to expand their collection efforts.
“I have been lucky enough to find several juicy pdf documents in there,” the NSA analyst wrote, “one of which has just been made a report.”
That report, dated January 2011, suggests a familiarity with the finances of PDVSA beyond that which was public knowledge, noting a decline in the theft and loss of oil.
“In addition, I have discovered a string that carries user ID’s and their passwords, and have recovered over 900 unique user/password combinations” the analyst wrote, which he forwarded to the NSA’s elite hacking team, Targeted Access Operations, along with other useful information and a “targeting request to see if we can pwn this network and especially, the boxes of PDVSA’s leadership.”
“Pwn,” in this context, means to successfully hack and gain full access to a computer or network. “Pwning” a computer, or “box,” would allow the hacker to monitor a user’s every keystroke.
A History of US Interest in Venezuelan Affairs
PDVSA has long been a target of U.S. intelligence agencies and the subject of intense scrutiny from U.S. diplomats. A February 17, 2009, cable, sent from the U.S. ambassador in Caracas to Washington and obtained by WikiLeaks, shows that PDVSA employees, were probed during visa interviews about their company’s internal operations. The embassy was particularly interested in the PDVSA’s strategy concerning litigation over Venezuela’s 2007 nationalization of the Cerro Negro oil project – and billions of dollars in assets owned by U.S. oil giant ExxonMobil.
“According to a PDVSA employee interviewed following his visa renewal, PDVSA is aggressively preparing its international arbitration case against ExxonMobil,” the cable notes.
A year before, U.S. State Department spokesman Sean McCormack told reporters that the U.S. government “fully support the efforts of ExxonMobil to get a just and fair compensation package for their assets.” But, he added, “We are not involved in that dispute.”
ExxonMobil is also at the center of a border dispute between Guyana and Venezuela. In May 2015, the company announced it had made a “significant oil discovery” in an offshore location claimed by both countries. The U.S. ambassador to Guyana has offered support for that country’s claim.
More recently, the U.S. government has begun leaking information to media about allegations against top Venezuelan officials.
In October, The Wall Street Journal reported in a piece, “U.S. Investigates Venezuelan Oil Giant,” that “agents from the Department of Homeland Security, the Drug Enforcement Administration, the Federal Bureau of Investigation and other agencies” had recently met to discuss “various PDVSA-related probes.” The “wide-ranging investigations” reportedly have to do with whether former PDVSA President Rafael Ramirez and other executives accepted bribes.
Leaked news of the investigations came less than two months before Dec. 6 parliamentary elections in Venezuela. Ramirez, for his part, has rejected the accusations, which he claims are part of a “new campaign that wants to claim from us the recovery and revolutionary transformation of PDVSA.” Thanks to Chavez, he added, Venezuela’s oil belongs to “the people.”
In its piece on the accusations against him, The Wall Street Journal notes that during Ramirez’s time in office PDVSA became “an arm of the late President Hugo Chavez’s socialist revolution,” with money made from the sale of petroleum used “to pay for housing, appliances and food for the poor.”
The former PDVSA president is not the only Venezuelan official to be accused of corruption by the U.S. government. In May 2015, the U.S. Department of Justice accused Diosdado Cabello, president of the Venezuelan National Assembly, of being involved in cocaine trafficking and money laundering. Former Interior Minister Tarek El Aissami, the former director of military intelligence, Hugo Carvajal, and Nestor Reverol, head of the National Guard, have also faced similar accusations from the U.S. government.
None of these accusations against high-ranking Venezuelan officials has led to any indictments.
The timing of the charges, made in the court of public opinion rather than a courthouse, has led some to believe there’s another motive.
“These people despise us,” Venezuelan President Nicolas Maduro said in October. He and his supporters argue the goal of the U.S. government’s selective leaks is to undermine his party ahead of the upcoming elections, helping install a right-wing opposition seen as friendlier to U.S. interests. “They believe that we belong to them.”
Loose Standards for NSA Intelligence Sharing
Ulterior motives or not, by the NSA’s own admission the intelligence it gathers on foreign targets may be disseminated widely among U.S. officials who may have more than justice on their minds.
According to a guide issued by the NSA on January 12, 2015, the communications of non-U.S. persons may be captured in bulk and retained if they are said to contain information concerning a plot against the United States or evidence of, “Transnational criminal threats, including illicit finance and sanctions evasion.” Any intelligence that is gathered may then be passed on to other agencies, such as the DEA, if it “is related to a crime that has been, is being, or is about to be committed.”
Spying for the sole purpose of protecting the interests of a corporation is ostensibly not allowed, though there are exceptions that do allow for what might be termed economic espionage.
“The collection of foreign private commercial information or trade secrets is authorized only to protect nation the national security of the United States or its partners and allies,” the agency states. It is not supposed to collect such information “to afford a competitive advantage to U.S. companies and U.S. business sectors commercially.” However, “Certain economic purposes, such as identifying trade or sanctions violations or government influence or direction, shall not constitute competitive advantage.”
In May 2011, two months after the leaked document was published in NSA’s internal newsletter, the U.S. State Department announced it was imposing sanctions on PDVSA – a state-owned enterprise, or one that could be said to be subject to “government influence or direction” – for business it conducted with the Islamic Republic of Iran between December 2010 and March 2011. The department did not say how it obtained information about the transactions, allegedly worth US$50 million.
Intelligence gathered with one stated purpose can also serve another, and the NSA’s already liberal rules on the sharing of what it gathers can also be bent in times of perceived emergency.
“If, due to unanticipated or extraordinary circumstances, NSA determines that it must take action in apparent departure from these procedures to protect the national security of the United States, such action may be taken” – after either consulting other branches of the intelligence bureaucracy. “If there is insufficient time for approval,” however, it may unilaterally take action.
Beyond the obvious importance of oil, leaked diplomatic cables show PDVSA was also on the U.S. radar because of its importance to Venezuela’s left-wing government. In 2009, another diplomatic cable obtained by WikiLeaks shows the U.S. embassy in Caracas viewed PDVSA as crucial to the political operations of long-time foe and former President Hugo Chavez. In April 2002, Chavez was briefly overthrown in a coup that, according to The New York Times, as many as 200 officials in the George W. Bush administration – briefed by the CIA – knew about days before it was carried out.
The Venezuelan government was not informed of the plot.
“Since the December 2002-February 2003 oil sector strike, PDVSA has put itself at the service of President Chavez’s Bolivarian revolution, funding everything from domestic programs to Chavez’s geopolitical endeavors,” the 2009 cable states.
Why might that be a problem, from the U.S. government’s perspective? Another missive from the U.S. embassy in Caracas, this one sent in 2010, sheds some light: Chavez “appears determined to shape the hemisphere according to his vision of ‘socialism in the 21st century,’” it states, “a vision that is almost the mirror image of what the United States seeks.”
There was a time when not so long ago when the U.S. had an ally in Venezuela, one that shared its vision for the hemisphere – and invited a U.S. firm run by former U.S. intelligence officials to directly administer its information technology operations.
Amid a push for privatization under former Venezuelan President Rafael Caldera, in January 1997 PDVSA decided to outsource its IT system to a joint a company called Information, Business and Technology, or INTESA – the product of a joint venture between the oil company, which owned a 40 percent share of the new corporation, and the major U.S.-based defense contractor Science Applications International Corporation, or SAIC, which controlled 60 percent.
SAIC has close, long-standing ties to the U.S. intelligence community. At the time of its dealings with Venezuela, the company’s director was retired Admiral Bobby Inman. Before coming to SAIC, Inman served as the U.S. Director of Naval Intelligence and Vice Director of the U.S. Defense Intelligence Agency. Inman also served as deputy director of the CIA and, from 1977 to 1981, as director of the NSA.
In his book, “Changing Venezuela by Taking Power: The History and Policies of the Chavez Government,” author Gregory Wilpert notes that Inman was far from the only former intelligence official working for SAIC in a leadership role. Joining him were two former U.S. Secretaries of Defense, William Perry and Melvin Laird, a former director of the CIA, John Deutsch, and a former head of both the CIA and the Defense Department, Robert Gates. The company that those men controlled, INTESA, was given the job of managing “all of PDVSA’s data processing needs.”
In 2002, Venezuela, now led by a government seeking to roll back the privatizations of its predecessor, chose not to renew SAIC’s contract for another five years, a decision the company protested to the U.S. Overseas Private Investment Corporation, which insures the overseas investments of U.S. corporations. In 2004, the U.S. agency ruled that by canceling its contract with SAIC the Venezuelan government had “expropriated” the company’s investment.
However, before that ruling, and before its operations were reincorporated by PDVSA, the company that SAIC controlled, INTESA, played a key role in an opposition-led strike aimed at shutting down the Venezuelan oil industry. In December 2002, eight months after the failed coup attempt and the same month its contract was set to expire, INTESA, the Venezuelan Ministry of Communication and Information alleges, “exercised its ability to control our computers by paralyzing the charge, discharge, and storage of crude at different terminals within the national grid.” The government alleges INTESA, which possessed the codes needed to access those terminals, refused to allow non-striking PDVSA employees access to the company’s control systems.
“The result,” Wilpert noted, “was that PDVSA could not transfer its data processing to new systems, nor could it process its orders for invoices for oil shipments. PDVSA ended up having to process such things manually because passwords and the general computing infrastructure were unavailable, causing the strike to be much more damaging to the company than it would have been if the data processing had been in PDVSA’s hands.”
PDVSA’s IT operations would become a strictly internal affair soon thereafter, though one never truly free from the prying eyes of hostile outsiders.
A federal district court yesterday dismissed Wikimedia v. NSA, a lawsuit brought by the ACLU on behalf of a broad group of educational, legal, human rights, and media organizations whose communications are swept up by the NSA’s unprecedented Internet dragnet.
Our lawsuit concerns the NSA’s “upstream” surveillance, which involves the mass interception and searching of Americans’ international Internet communications. The court held that our clients lacked “standing” to bring suit, because they had not plausibly alleged that their communications were being monitored by the NSA. That’s just plain wrong.
The court’s opinion relies heavily on the Supreme Court’s decision in a previous ACLU lawsuit, Amnesty v. Clapper, a challenge to warrantless surveillance under the FISA Amendments Act of 2008. In February 2013, the Supreme Court dismissed that case on the grounds that the plaintiffs could not prove that they had communicated with the NSA’s targets.
But as we explained in court, our current challenge to the NSA’s warrantless spying is very different than the last one. Among other reasons, Clapper was decided prior to the Snowden revelations and extensive government disclosures about upstream surveillance. These revelations fundamentally changed the equation. Since Clapper, the public has learned that the NSA is not surveilling only its targets — it is instead surveilling virtually everyone, looking for information about those targets.
Some early takeaways from the district court’s opinion:
1.The court misunderstands how upstream surveillance is fundamentally different from and much more intrusive than the surveillance considered by the Supreme Court in Clapper.
Upstream surveillance is accomplished through the installation of devices directly on the Internet “backbone” — the network of high-capacity cables, switches, and routers across which Internet traffic travels. One particularly disturbing feature of upstream spying is known as “about” surveillance. Through this surveillance, the NSA is not simply plucking the communications to or from terrorists, spies, or other targets. Instead, it’s copying and searching through the contents of nearly everyone’s international communications, looking for information about its many targets. When the Supreme Court considered warrantless surveillance in Clapper, it was focused on whether the plaintiffs communicated with targets. At that time, the public had no idea that the NSA was essentially opening everyone’s international emails. Indeed, contrary to the district court’s understanding, “about” surveillance is in no way targeted:
2. The court ignores how Internet communications are structured — and why that requires the government to intercept at least some of our clients’ trillion-plus international communications.
Collectively, our clients engage in more than one trillion international Internet communications each year, with individuals in virtually every country on Earth. As we explained in our complaint, given the structure of the Internet, it is virtually impossible for the NSA to conduct upstream surveillance without intercepting at least some of plaintiffs’ communications. Yet the court dismissed these allegations, characterizing them as having “no basis in fact.”
3. Given how much is in the public record about upstream surveillance, our clients’ allegations are not “speculative” or “hypothetical.”
As the court acknowledged, at this early stage of the litigation, plaintiffs have to satisfy only a very low threshold: plausibility. Especially considering what’s publicly known about how upstream surveillance works, and the volume and distribution of our clients’ communications, their allegations are more than plausible.
4. The court’s opinion would insulate government surveillance from any legal challenge, except in cases where the government has already admitted its reliance on a particular program.
Although the court recognized that “no government surveillance program should be immunized from judicial scrutiny,” its analysis would do precisely that in the overwhelming majority of cases. If the court’s reasoning were correct, then the only people who could challenge NSA surveillance would be those told by the government they were spied on — a result at odds with well-established precedent and our system of checks and balances:
Our clients’ standing doesn’t depend on a supposition. There’s no question that the NSA is capturing and searching through their communications. That’s something the court — and everyone else — should find extremely disconcerting.
After a delay, cybersecurity legislation dreaded by privacy advocates and relentlessly pursued by national security officials, known as CISA, will get a vote on the Senate floor “in a couple of days,” a top sponsoring senator anticipates.
The Cybersecurity Information Sharing Act of 2015, also known as CISA, is as polarizing as it is close to a vote. It finally hit the Senate floor for debate on Tuesday, with top sponsor Senator Richard Burr (R-North Carolina) highlighting its necessity because “actors around the world continue to attack US systems, and in many cases penetrate it.”
Under the bill, private companies would have increased liability protection with respect to collecting American’s personal data that could potentially be related to security threats. It would also make it easier for them to share such data with the government, including departments like the National Security Agency.
Prominent CISA opponent and privacy advocate, Senator Ron Wyden (D-Oregon), challenged Burr, who chairs the Select Committee on Intelligence, on one argument in particular.
“He said that the most important feature of the legislation is that it’s voluntary. The fact is, it is voluntary for companies. It will be mandatory for their customers,” Wyden said, “and the fact is the companies can participate without the knowledge and consent of their customers, and they are immune from customer oversight and lawsuits if they do so.”
In many cases, customers have been able to nudge companies from a pro to a con position on CISA. In one instance last month, the Business Software Alliance (BSA) sent a letter to legislators, in part calling for “cyber threat information sharing legislation” granting them immunity so that they could “more easily share that information voluntarily.” However, after Fight for the Future, an internet freedom advocacy group, set up YouBetrayedUs.org to criticize the organizations, the BSA changed its tune.
The BSA, which includes Apple, IBM, and Microsoft, now opposes CISA, as does the Computer and Communications Industry Association, which includes Google, Facebook, and Amazon. Reddit, Wikimedia, Twitter, and Yelp have also released anti-CISA statements.
“Leading security experts argue that CISA actually won’t do much, if anything, to prevent future large-scale data breaches such as the federal government has already suffered, but many worry it could make things worse, by creating incentives for private companies and the government to widely share huge amounts of Americans’ personally identifiable information that will itself then be vulnerable to sophisticated hacking attacks,” added the American Library Association in a press release.
The discussion on CISA comes after a stall in the Senate’s schedule before its August recess. Lawmakers agreed to delay a vote on the bill when it became clear that senators had many amendments to submit, some of which included so-called “riders,” or unrelated issues, such as Senator Rand Paul’s (R-Kentucky) amendments to audit the Federal Reserve and defund “sanctuary cities.” At least 22 amendments will be given a chance to be added to CISA before a final passage vote.
Burr optimistically told The Hill that “a couple of days” was all that was needed to get to a final vote on CISA. He may have overshot, however, because there could be a scrimmage over amendments despite his efforts. Burr, with support of other Senate leaders, has managed to combine eight amendments into a legislative package he shares with CISA co-sponsor Senator Dianne Feinstein (D-California), but the grouping includes only one of Wyden’s two amendments.
Wyden told reporters that the one he feels “most strongly about” hadn’t been included. It would have provided a review system for deleting private info before data gets passed on to the government. The Wyden amendment that was included in the bill only requires that people be notified when their data is inappropriately shared.
Although no vote has been scheduled yet, Senate Majority Leader Mitch McConnell (R-Kentucky) is trying to end debate by Thursday. Beyond CISA, the Senate has an ambitious to-do list. It will decide whether to extend government spending beyond September 30, address the Iran nuclear deal, and fund highways and transportation systems in a comprehensive bill.
Trade unionists are demanding a full inquiry into ‘very troubling allegations’ of police spying on activists and blacklisted workers.
Home Secretary Theresa May has already set up an inquiry headed by Lord Justice Pitchford into allegations of police surveillance operations against activists, but its full remit is not yet known.
The inquiry has come about in response to allegations by police whistleblower Peter Francis, formerly of the Special Demonstration Squad, that during his four years working as an infiltrator of political groups he spied on member of five unions, including the Fire Brigades Union (FBU).
“Trade unions are the largest democratic, mass-membership organizations in the UK,” FBU General Secretary Matt Wrack told the Guardian.
“Trade unionists have legitimate concerns about police operations that may have undermined our decisions, interfered with industrial relations and led to the victimization of our elected officials.”
Wrack said an inquiry into allegations of police spying on causes such as environmentalism, the Stephen Lawrence murder case and trade unionism was “long overdue.”
Another group affected are those blacklisted by employers. Blacklist Support Group (BSG) secretary Dave Smith made an official submission to Pitchford last week regarding allegations of “collusion” between police and businesses.
“Trade unions are a perfectly legal part of civil society,” he told the Guardian.
“Why are we being infiltrated by undercover police units and why is the state sharing intelligence with big business?
“It is only because we were prepared to kick up a stink that the evidence about police collusion has slowly come to light.”
In March it was reported police spying had also been extended to Labour MPs. Francis revealed 10 Labour MPs were tailed and spied upon by British police. Those affected demanded the release of secret files kept on them.
The surveillance was carried out as recently as the 1990s when the politicians had been democratically elected to parliament.
Among the MPs targeted were prominent left-wingers and serving ministers Jeremy Corbyn, Diane Abbott and Dennis Skinner. The late Tony Benn, a lifelong socialist and anti-war campaigner, was also tailed by British police.
The highest-ranking MP to have been surveilled was Labour’s deputy leader Harriet Harman. Speaking to Penning, she said: “I would like you to assure me that you, the government, will let me see a full copy of my file.
“I was campaigning for the rights of women, for the rights of workers and the right to demonstrate — none of that was against the law, none of that was undermining our democracy.”
What does an 86-year-old art photographer have in common with a young man with a video game habit?
Not just a proclivity for perfectly innocuous hobbies, unfortunately. These days, engaging in either activity can get the FBI on your case.
Today, the ACLU and our partners at Advancing Justice–Asian Law Caucus and Bingham McCutchen are taking the federal government to court over a surveillance program that targets people even if they are engaging in entirely innocent and constitutionally protected activity, and encourages religious profiling. As if that weren’t enough, the Suspicious Activity Reporting (SAR) program also violates the government’s own rules for the collection of criminal intelligence.
James Prigoff is one of our clients. He is 86 years old, and a renowned photographer of public art. He has lectured at universities and had his work exhibited at museums around the world. In 2004, he was stopped by security guards in Boston while attempting to take photos of a famous piece of public art called the Rainbow Swash, which is painted on a natural gas storage tank. Several months later, the FBI tracked him down at his house in Sacramento to question him about his activities in Boston.
Tariq Razak, a young scientist and Pakistani-American, is another plaintiff in our case. He became the subject of a SAR after a visit to a train depot in Santa Ana, California, where he had an appointment with the county employment resource center. He walked around the depot looking for the resource center, and his mother, who was wearing a hijab, accompanied him. He later discovered that this conduct led to a SAR describing him as “a male of Middle Eastern descent” who was suspicious because he was “constantly surveying all areas of the facility” and because he met up with a “female in a white burka head dress.”
Our other clients were also unfairly targeted, falling under government scrutiny for activities ranging from buying computers to playing video games. Several of them were profiled due to their perceived religious beliefs.
These “suspicious activities” may be absurd, but there’s nothing funny about the program. The Department of Justice (DOJ) and the Information Sharing Environment, a post-9/11 agency tasked with coordinating national security intelligence-sharing, have adopted lax standards for what constitutes “suspicious activity.” These standards violate a DOJ regulation from 1978 that prohibits law enforcement from sharing “intelligence” about individuals unless the information is supported by reasonable suspicion of criminal activity. The 1978 regulation was adopted in the wake of prior domestic surveillance abuses.
Predictably, eschewing those protections has turned back the clock. The government is ignoring sensible limits on criminal intelligence collection and actively encouraging not just law enforcement, but also private security guards, shopkeepers, hotel owners, and even neighbors, to collect and share information about innocent conduct.
- Hotels are advised to be on the lookout for guests who “request specific room assignments or locations” or use “payphones for outgoing calls.”
- Rental car companies are instructed that “providing multiple names” on rental paperwork is to be “considered suspicious.”
- Hobby shops should be wary of customers with an “unusual interest” in remote-controlled aircraft and those who pay in cash.
- The general public is cautioned to report “unusual activity,” including “people acting suspiciously” and “people in places where they do not belong.”
If “acting suspiciously” or being somewhere someone thinks you don’t “belong” is enough to put people into federal counter-terrorism databases, it’s no wonder the databases are full of irrelevant information and reports targeting Muslims, South Asians, and Arab Americans. As you may remember from last year, actual SARs we obtained through Public Records Act requests include reports with subjects like “Suspicious ME [Middle Eastern] Males Buy Several Large Pallets of Water.” It’s also no wonder law enforcement experts criticize the SAR program for “flooding” law enforcement with “white noise.”
Today our clients are challenging a program through which innocuous and even constitutionally protected activity is being reported as “suspicious” and leading to federal law enforcement scrutiny. This program not only violates federal privacy protections for “intelligence” sharing. It encourages a culture of fear and distrust, undermining our freedom with no known benefit to our safety.
The cameras, built by Persistent Surveillance Systems, can spot people up to 25 miles away, The Washington Post reports.
The cameras, mounted on a fixed wing aircraft, can track every vehicle and person, enabling police, businesses and even private individuals to identify people and track their movements, the report says.
Ross McNutt, the president of Persistent Surveillance Systems, said the cameras have already been flown above major public events such as the Ohio political rally where Sen. John McCain (R-Ariz.) named Sarah Palin as his running mate in 2008.
He said they have also been flown above Baltimore; Philadelphia; Compton, Calif.; and Dayton in demonstrations for police.
McNutt, a former Air Force officer who helped design a similar surveillance system for use in wartime Iraq, said he hopes to deploy the systems around the country to help solve and deter crime.
However, the use of cameras in US cities is raising civil liberties concerns, though courts have put stricter limits on technology that can see things not visible to the naked eye, ruling that they can amount to unconstitutional searches when conducted without a warrant.
“If you turn your country into a totalitarian surveillance state, there’s always some wrongdoing you can prevent,” said Jay Stanley, a privacy expert with the American Civil Liberties Union. “The balance struck in our Constitution tilts toward liberty, and I think we should keep that value.”
By Richard Hugus | Aletho News | December 31, 2013
Drone aircraft, which we first heard of as weapons of war used by the United States in foreign lands, are now poised for a full-scale invasion of the skies above the US itself. On December 30, 2013 the US Federal Aviation Administration announced its choices for drone testing in six states around the country — Alaska, Nevada, New York, North Dakota, Texas and Virginia. These six states may in turn do their testing in more than one location, For example, according to the Anchorage Daily News, drone testing centered in Alaska at the University of Alaska in Fairbanks will be called “the ‘Pan-Pacific Unmanned Aircraft Systems Test Range Complex.’ It includes six flight ranges in Alaska, four in Hawaii and three in Oregon.” According to the Honolulu Star Advertiser “the Pohakuloa Training Area on Hawaii island, the Pacific Missile Range Facility on Kauai and even the island of Niihau have been included in discussions of places where the testing could occur.” According to the East Oregonian, drone testing is likely to involve a former military base in Pendleton, Port of Tillamook, and Warm Springs. Likewise, the New York operation will be run from the former Griffiss Air Force base in Rome, NY and, according to the Cape Cod Times, will also include the former Otis Air Base on Cape Cod, Massachusetts. The Times reports that “the Cape site had the support of the state’s congressional delegation, a statewide military asset commission and business leaders” and that “among the institutions involved in the bid are Massachusetts Institute of Technology and Rochester Institute of Technology.”
What this story reveals is the creation of a huge web of DOD-connected Universities, businesses, corporations, defense contractors, and former and current Pentagon facilities spread all over the country. Included in this web are the many and various chambers of commerce, their boosters in the press, and numerous comprador “officials” anxious to bring federal money into their districts, at the expense of all the other people who live in them. Almost no news coverage has appeared that would imply the FAA decision was anything but a boon for the economy and the advent of a wonderful and inevitable new technology.
There is little news about the down side to hosting drones in all these areas of the country, each with a populace that has simply not been consulted. Drones first came to our attention at the beginning of “the war on terror.” We learned of them first as weapons for highly illegal, cowardly, and indiscriminate “targeted killings” in foreign lands. These weapons have murdered countless innocent people in Afghanistan, Iraq, Pakistan, Yemen, and Somalia pursuant to “kill lists” drawn up every week by the CIA and Pentagon, and approved by the White House. These weapons fulfill the US Air Force’s fantasy of “death from above,” carried out by pilots working in the security and comfort of US bases who, acting as judge, jury, and executioner, destroy supposed enemies from computer consoles as if it were a video game. The cowardliness of wars of aggression being conducted against innocent people in dirt-poor lands by unseen “UAV pilots” in air-conditioned offices thousands of miles away cannot be over-emphasized. This is what unmanned aircraft have brought so far to the reputation of the United States – a new low in the entire universe of human ethics; murder abroad is but the advance of capitalism at home. Wedding parties in Afghanistan have been decimated so that Amazon can deliver CDs and smart phones to our door by drone.
Nor is there news about the introduction of drones domestically as yet another assault on privacy and the human right to be free from surveillance. Domestic law enforcement agencies are just as anxious to spy on the US population and target people they call criminals as the Pentagon and CIA have been to spy on the rest of the world and kill people they call terrorists. It isn’t enough that our phones and computers have been turned by the NSA into astounding instruments of surveillance, that everything we say and do on these instruments is being harvested and stored, and that surveillance cameras are mounted at almost every business and public space. Now the national security state wants to have remote-controlled cameras videotaping us full-time from the sky. The police hope to have drones able to fire “non-lethal weapons” at people they deem to be involved in criminal activity so that they too can play God. Without question, non-lethal weapons will soon become lethal weapons and the US will be trying and executing citizens at home as it has done elsewhere without even a hint of due process.
The domestic military bases which are being revived by this brave new technology originally went out of business because there was nothing for them to do in the fulfillment of their original purpose – defending the country. Otis Air Base, now called “Joint Base Cape Cod”, is a case in point. It used to patrol the skies for Russian aircraft along the northeast coast and ended up being a disaster for the community in which it was situated because it polluted the local groundwater and sole-source drinking water aquifer with untold gallons of dumped jet fuel and cleaning solvents. It sent fighter jets to intercept the two planes hijacked to New York on September 11, 2001, but ended up being part of a ploy to let those planes actually reach the twin towers before they got there. This base and many others have been parasites on the communities around them. They will continue in that role in their new incarnation as hosts to drone spying and drone warfare. The war has come home. The people orchestrating this war – the global elite — have no particular allegiance to the United States. From their point of view, its land and its people must also be brought under control, just like everywhere else. How sad it is to see the scramble to welcome them.
- Drone research funds to fly into Bay State (bostonherald.com)
- Drone Testing Starts Toward Bezos Vision as States See Jobs Gold – Businessweek (businessweek.com)
By Fiona de Londras, Durham University | November 6, 2013
Next month the advocate general of the Court of Justice of the EU (CJEU), Yves Bot, will publish an opinion on the extent to which the Data Retention Directive, one of the most controversial security measures introduced by the EU in the past decade, is compatible with human rights law. Although not a binding judgement (this will come later), the CJEU’s opinion is a significant intervention in the ongoing debate over how to balance human rights with states’ perceived surveillance needs.
The security-related retention of communications by telecoms firms was on the European agenda well before 9/11, but privacy concerns had led to a limited approach. Telecoms companies in the EU were obliged to delete communications data as soon as all business needs had been met; the data could not be retained for security or criminal investigation purposes. Some states had attempted to adjust this and introduce a retention system in 2000, but this failed – again, largely because of privacy concerns. All this changed, however, after 9/11.
As early as May 2002, a “data retention amendment” had been made to existing EU privacy laws to allow for security-related data retention, and drafts of a provision that would require retention began to circulate. Those proposals attracted so much rights-based criticism that they were apparently abandoned; however, they quickly reappeared in the wake of the London and Madrid bombings, and in 2006, the Data Retention Directive was adopted.
It obliges all member states to introduce national data retention regimes, even where -— as in the UK —- there had already been significant resistance to such regimes when they were previously proposed at national level. The directive requires telecommunications providers to retain data on the source, destination, time, date, duration and type of all communications by fixed and mobile telephone, fax and internet, and on the location and type of equipment used.
The data is to be retained for between six month and two years, with national law deciding on the duration, and can be accessed by state agencies investigating “serious crime” —- a term that has different definitions across the member states.
The volume and extent of information retained under the directive is stunning; in effect, it has introduced a system of blanket surveillance across the entire EU. Although access to the information is regulated by law, state agencies can nonetheless access an enormous amount of information about our communications patterns and activities. This naturally raises serious human rights concerns, especially about privacy.
Security services insist that data retention is an indispensable tool for investigating serious crimes, such as terrorism and the production and distribution of child pornography. Yet different states make use of the Directive to wildly varying extents: in 2012, for example, Cyprus made 22 requests for access to data, while the UK made 725,467.
The question for the advocate general, the CJEU and the EU more broadly is whether or not the approach taken by the directive privileges perceived security needs over human rights. Data retention unquestionably constitutes a prima facie infringement on privacy; the real issue is whether this infringement is justified because it is necessary, effective, and limited. This question is at the core of all debates about “balance” in the security context: how far are we prepared to allow state power into our individual, family, social and democratic lives in order to “secure” us?
Answering this question requires us to decide on what we think “effectiveness” means in the context of security. If the directive helps to resolve a handful of serious crimes per year, or to prevent one terrorist attack, is it effective? Could a more limited approach -— such as requiring telecoms companies to collect data related to certain investigations but not to retain all data -— achieve the same security objectives while better protecting rights?
These are difficult questions, but they are ones we must resolve if we are to have a balanced security system. The advocate general’s opinion will be an important contribution to the debate, but it will not be the final word. Achieving a balanced approach to security requires critical scrutiny at practical, political, social and legal levels. This is all the more true given that, as the Data Retention Directive illustrates, security measures operate upon and have implications for the rights of all of us, all of the time.
Fiona de Londras is the Project Co-Ordinator of SECILE (Securing Europe through Counter-Terrorism: Impact, Legitimacy and Effectiveness), a project that has received funding from the European Union Seventh Framework Programme (FP7/2007-2013) under grant agreement n° 313195.
- Are YOU content for the EU & UK politicos to be party to every detail of your life? (ironiestoo.blogspot.com)
- Corporate interests dominate group working on EU data law (computerworld.co.nz)
- Dutch Telcos Used Customer Metadata, Retained To Fight Terrorism, For Everyday Marketing Purposes (techdirt.com)
- How to choose a VPN that actually protects your privacy – Abine (uwnthesis.wordpress.com)
Ed Snowden has briefly stepped up to the mic to rebut Dianne Feinstein’s claims that the NSA’s bulk phone records collections are “not surveillance.” While he didn’t specifically name Feinstein, it’s pretty clear who his comments are directed towards, what with the senator putting in overtime over the past few weeks defending the agency’s cherished but useless Section 215 collections haystacks that are definitely not collections (according to the Intelligence Dictionary.)
“Today, no telephone in America makes a call without leaving a record with the NSA. Today, no Internet transaction enters or leaves America without passing through the NSA’s hands,” Snowden said in a statement Thursday.
“Our representatives in Congress tell us this is not surveillance. They’re wrong.”
Her op-ed for the USA Today stated the following:
The call-records program is not surveillance.
Why is it not surveillance? Feinstein claimed, in direct contradiction to someone who’s seen most of the inner workings of the agency’s programs, that because it doesn’t sweep up communications or names, it isn’t surveillance. Also, she pointed out that surveillance or not, it’s legal. So there.
Maybe Feinstein considers the term “surveillance” to mean something closer to the old school interpretation — shadowy figures in unmarked vans wearing headphones and peering through binoculars.
Of course, this kind of surveillance contained many elements completely eliminated by the combination of the PATRIOT Act, the FISA Amendments Act, and a very charitable reading of the Third Party Doctrine. You know, the sort of stuff those shadowy men used to utilize: warrants, targeted investigations, reasonable suspicion, a grudging working relationship with the Fourth Amendment…
That’s all gone now. The courts have declared that sweeping up business records on millions of Americans is no more a violation of the Fourth Amendment than gathering metadata on a single person. The NSA has warped the definition of “surveillance” just as surely as they’ve warped the definition of “relevant.” The wholesale, untargeted gathering of millions of “transactions” from internet and phone activity doesn’t seem to resemble what anyone might historically think of as “surveillance,” but it’s surveillance nonetheless.
Sure, the NSA may not look at everything it gathers, but it has the capability to do so and it shows no interest in letting any of its dragnets be taken out of commission. The NSA’s defenders downplay the agency’s many intrusions by first playing the “legal” and “oversight” cards and, when those fail to impress, belittle their critics by trotting out condescending statements like, “The NSA isn’t interested in Grandma’s birthday phone call or the cat videos you email to your friends.”
Well, no shit. We’re hardly interested in that, either. We’re not worried about the NSA looking through tons of inane interactions. We know it doesn’t have the time or inclination to do so. We’re more concerned it’s looking at the stuff it finds interesting and amassing databases full of “suspicious” persons by relying on algorithms and keywords — a fallible process that robs everything of context and turns slightly pointed hay into the needles it so desperately needs to justify its existence.
What makes this even more frightening is that the agency then hands this unfiltered, untargeted, massive collection of data off to other agencies, not only in the US but in other countries, subjecting innocent Americans’ data to new algorithms, keywords and mentalities, increasing the possibility of false positives.
But what we’re mainly concerned about is the fact that an agency that claims its doing this to combat terrorism can’t seem to come up with much evidence that its programs are working. The NSA has deprived us of civil liberties while delivering next to nothing in terms of security. Americans have been sold out to a data-hungry beast, and even if it’s not officially “surveillance,” it’s still completely unacceptable.
The former top lawyer at the FBI deeply implicated in surveillance abuses revealed before and by Edward Snowden’s leaks was confirmed as a federal judge in a top court for terrorism cases this week.
The US Senate voted 73-24 on Monday in approving Valerie Caproni, Federal Bureau of Investigation general counsel from 2003 to 2011, to the Southern District of New York, one of the country’s most important federal courts for terrorism cases.
Caproni has received bipartisan criticism for allowing and defending surveillance abuses both found to be overbroad during her tenure and those not disclosed when she was counsel but later revealed to be inappropriate or illegal. For example, the Snowden leaks showed Caproni mischaracterized the limits of the Patriot Act during her term.
A 2010 report by the Department of Justice revealed the FBI inappropriately used non-judicial subpoenas called “exigent letters” to gather phone numbers of over 5,550 Americans until 2006.
“The FBI broke the law on telephone records privacy and the general counsel’s office, headed by Valerie Caproni, sanctioned it and must face consequences,” said John Conyers in April 2010 as chairman of the House Judiciary Committee.
Conyers called for Caproni’s firing at the time over the use of the non-judicial subpoenas, according to the Guardian.
“It’s not in the Patriot Act. It never has been. And its use, perhaps coincidentally, began in the same month that Ms Valerie Caproni began her work as general counsel,” Conyers said in 2010.
Caproni told House lawmakers in 2008 if phone numbers — acquired from telephone companies by the FBI via the non-judicial subpoenas evidently sanctioned in the Patriot Act — were not related to a “currently open investigation, and there was no emergency at the time we received the records, the records are removed from our files and destroyed.”
Yet revelations found in documents supplied by Snowden outlined how the National Security Agency stores phone records on all Americans for up five years no matter if they are associated with an open investigation or not. In addition, it’s been found that the NSA has the capability to feed the FBI phone records if there is a “reasonable articulable suspicion” they are related to terrorism.
“Caproni knew that the Bush administration could use or was using the Section 215 provision in the Patriot Act to obtain Americans’ phone records on a broad scale, an issue that has recently been documented by the whistleblower material first printed in the Guardian,” Lisa Graves, a former deputy assistant attorney general who dealt with Caproni while working on national security issues for the ACLU, told the Guardian.
In 2007, DOJ’s Inspector General Glenn Fine found the FBI was serially abusing National Security Letters — a demand regarding national security independent of legal subpoenas– to obtain business records, including “unauthorized collection of telephone or internet email transactional records.” While the larger collection of phone records was still not exposed at the time, Caproni called the inappropriate collection a “colossal failure on our part.”
“Government officials that secretly approved of overbroad surveillance programs the public is only seeing now because of leaks, and whose testimony on the issue obscured rather than revealed these abuses, should be held to account for their actions in a public forum,” former FBI agent Mike German told the Guardian.
Caproni’s nomination to the federal bench had some bipartisan opposition, but not enough to block her appointment.
“She is a woman with impeccable credentials,” Sen. Kirsten Gillibrand (D-N.Y.) said on the Senate floor Monday. “This country needs more women like her.”
We’ve discussed a few times how the pervasive surveillance efforts of the NSA and others have tremendous chilling effects on how people communicate and how they act. We’ve discussed how this is a “cost” to the program that not many, especially those who are backing these programs, seem interested in measuring or even thinking about. Of course, implicit in our assumption is that these “costs” are things that are negatives of the program. Others would point out that for those in power, that’s not so much a cost as a benefit. It’s not a bug or an unintended consequence, but a feature. Chilling speech and clamping down on communications? Why that’s a good thing for those in power.
Josh Levy, from Free Press, has a great guest post over at Boing Boing where he discusses how the NSA’s surveillance regime is a huge attack on free speech, and how this is both inevitable, and for some, the intent of the program:
The chilling of free speech isn’t just a consequence of surveillance. It’s also a motive. We adopt the art of self-censorship, closing down blogs, watching what we say on Facebook, forgoing “private” email for fear that any errant word may come back to haunt us in one, five or fifteen 15 years. “The mind’s tendency to still feel observed when alone… can be inhibiting,” writes Janna Malamud Smith. Indeed.
Peggy Noonan, describing a conversation with longtime civil liberties advocate Nat Hentoff, writes that “the inevitable end of surveillance is self-censorship.”
Hentoff stressed that privacy invasions of this magnitude are “attempts to try to change who we are as Americans.” In fact, they are attempts to define who we are as human beings.
Meanwhile, over at the Atlantic, Bruce Schneier has a post discussing the detainment of David Miranda, where he comes to similar conclusions, that these authoritarian police states clearly have no practical benefit, except to enable a powerful government to show off its power to invade your lives:
This leaves one last possible explanation — those in power were angry and impulsively acted on that anger. They’re lashing out: sending a message and demonstrating that they’re not to be messed with — that the normal rules of polite conduct don’t apply to people who screw with them. That’s probably the scariest explanation of all. Both the U.S. and U.K. intelligence apparatuses have enormous money and power, and they have already demonstrated that they are willing to ignore their own laws. Once they start wielding that power unthinkingly, it could get really bad for everyone.
Of course, Schneier sees some upside to this in the long run — which is that such blatantly ridiculous activity seems to only embolden others to push back on this trampling of our rights. Hopefully, that pushback works, because the alternative is horrifying to those who believe in a free and open society.
- Nat Hentoff on the NSA and Privacy (cato.org)
Congressional Oversight? Dianne Feinstein Says She’s ‘Not A High-Tech Techie’ But Knows NSA Can’t Abuse Surveillance
As the NSA and defenders of NSA surveillance are trying to minimize the damage from the latest leak, which revealed the details of the XKeyscore program, they’re bending over backwards to insist that this program is both limited and immune from abuse. We’ve already mentioned that the claims that it can’t be abused are laughable since there’s already a well-documented history of abuse. However, even more bizarre is the following quote from Senate Intelligence Committee boss, Senator Dianne Feinstein (a staunch defender of the surveillance programs):
Feinstein said, “I am not a high-tech techie, but I have been told that is not possible.”
Note that among Feinstein’s jobs is oversight of this program. Yet, what kind of “oversight” is it when she admits that she’s not qualified to understand the technology but “has been told” that such abuses are not possible? That doesn’t seem like oversight. That seems like asking the NSA “can this system be abused?” and the NSA saying “oh, no no no, not at all.” That’s not exactly oversight, now is it?