We Have No Privacy, We Are Always Being Watched.

In my estimation, there has not been in American history a more important leak than Edward Snowden's release of NSA material – and that definitely includes the Pentagon Papers 40 years ago. Snowden's whistleblowing gives us the possibility to roll back a key part of what has amounted to an "executive coup" against the US constitution.

Since 9/11, there has been, at first secretly but increasingly openly, a revocation of the bill of rights for which this country fought over 200 years ago. In particular, the fourth and fifth amendments of the US constitution, which safeguard citizens from unwarranted intrusion by the government into their private lives, have been virtually suspended.

The government claims it has a court warrant under Fisa – but that unconstitutionally sweeping warrant is from a secret court, shielded from effective oversight, almost totally deferential to executive requests. As Russell Tice, a former National Security Agency analyst, put it: "It is a kangaroo court with a rubber stamp."

For the president then to say that there is judicial oversight is nonsense – as is the alleged oversight function of the intelligence committees in Congress. Not for the first time – as with issues of torture, kidnapping, detention, assassination by drones and death squads –they have shown themselves to be thoroughly co-opted by the agencies they supposedly monitor. They are also black holes for information that the public needs to know.

The fact that congressional leaders were "briefed" on this and went along with it, without any open debate, hearings, staff analysis, or any real chance for effective dissent, only shows how broken the system of checks and balances is in this country.

Obviously, the United States is not now a police state. But given the extent of this invasion of people's privacy, we do have the full electronic and legislative infrastructure of such a state. If, for instance, there was now a war that led to a large-scale anti-war movement – like the one we had against the war in Vietnam – or, more likely, if we suffered one more attack on the scale of 9/11, I fear for our democracy. These powers are extremely dangerous.

There are legitimate reasons for secrecy, and specifically for secrecy about communications intelligence. That's why Bradley Mannning and I – both of whom had access to such intelligence with clearances higher than top-secret – chose not to disclose any information with that classification. And it is why Edward Snowden has committed himself to withhold publication of most of what he might have revealed.

But what is not legitimate is to use a secrecy system to hide programs that are blatantly unconstitutional in their breadth and potential abuse. Neither the president nor Congress as a whole may by themselves revoke the fourth amendment – and that's why what Snowden has revealed so far was secret from the American people.

In 1975, Senator Frank Church spoke of the National Security Agency in these terms:

"I know the capacity that is there to make tyranny total in America, and we must see to it that this agency and all agencies that possess this technology operate within the law and under proper supervision, so that we never cross over that abyss. That is the abyss from which there is no return."

The dangerous prospect of which he warned was that America's intelligence gathering capability – which is today beyond any comparison with what existed in his pre-digital era – "at any time could be turned around on the American people and no American would have any privacy left."

That has now happened. That is what Snowden has exposed, with official, secret documents. The NSA, FBI and CIA have, with the new digital technology, surveillance powers over our own citizens that the Stasi – the secret police in the former "democratic republic" of East Germany – could scarcely have dreamed of. Snowden reveals that the so-called intelligence community has become the United Stasi of America.

So we have fallen into Senator Church's abyss. The questions now are whether he was right or wrong that there is no return from it, and whether that means that effective democracy will become impossible. A week ago, I would have found it hard to argue with pessimistic answers to those conclusions.

But with Edward Snowden having put his life on the line to get this information out, quite possibly inspiring others with similar knowledge, conscience and patriotism to show comparable civil courage – in the public, in Congress, in the executive branch itself – I see the unexpected possibility of a way up and out of the abyss.

Pressure by an informed public on Congress to form a select committee to investigate the revelations by Snowden and, I hope, others to come might lead us to bring NSA and the rest of the intelligence community under real supervision and restraint and restore the protections of the bill of rights.

Snowden did what he did because he recognised the NSA's surveillance programs for what they are: dangerous, unconstitutional activity. This wholesale invasion of Americans' and foreign citizens' privacy does not contribute to our security; it puts in danger the very liberties we're trying to protect.

So you would be unaware if a device was inserted into your computer until you were traveled. So you are very susceptible to what you just claimed you weren't.

If we should experience an attack similar to or worse than 9/11 or the frequency and distribution of Boston Marathon type attacks expands, just watch how we all will demand that the government take away liberties.

I'm still considering what I think.

I think you might be missing another aspect of this event Hawkeye as if a low level person such as Edward Snowden have the ability to exposed such a program how likely is it that others with access to this data base on everyone in the nation could not end up selling it out the back door to the highest bidders.

If the NSA Trusted Edward Snowden With Our Data, Why Should We Trust the NSA?
.
.
.
Let’s note what Snowden is not: He isn’t a seasoned FBI or CIA investigator. He isn’t a State Department analyst. He’s not an attorney with a specialty in national security or privacy law.

Instead, he’s the IT guy, and not a very accomplished, experienced one at that.

No, I think you're missing the point, Brandon. Like you, I am totally opposed to the government hacking into my computer, listening in on my phone calls, reading my mail or any other similar type of invasion of my privacy. That's not my point at all. I was merely amused by BillRM's actually weighing his notebook to detect whether some security person might have installed a tracking device. Seems a bit paranoid to me. In fact, a lot of what he says smacks of latent paranoia.

No, I think you're missing the point, Brandon. Like you, I am totally opposed to the government hacking into my computer, listening in on my phone calls, reading my mail or any other similar type of invasion of my privacy. That's not my point at all. I was merely amused by BillRM's actually weighing his notebook to detect whether some security person might have installed a tracking device. Seems a bit paranoid to me. In fact, a lot of what he says smacks of latent paranoia.

I was merely amused by BillRM's actually weighing his notebook to detect whether some security person might have installed a tracking device. Seems a bit paranoid to me. In fact, a lot of what he says smacks of latent paranoia.

https://www.eff.org/press/mentions/2008/6/26

Laptop Seizures at Customs Raise Outcry

Bill Hogan was returning home to the U.S. from Germany in February when a customs agent at Dulles International Airport pulled him aside. He could reenter the country, she told him. But his laptop couldn't.

U.S. Customs and Border Protection agents said he had been chosen for "random inspection of electronic media," and kept his computer for about two weeks, recalled Hogan, 55, a freelance journalist from Falls Church, Va.

Fortunately, it was a spare computer that had little important information. But Hogan felt violated.

...

Said Lee Tien, senior staff attorney for the Electronic Frontier Foundation, "People keep their lives on these devices: diaries, personal mail, financial records, family photos. . . . The government should not be able to read this information."

Jim Puzzanghera
Thursday, June 26, 2008
Article Link

EFF's Guide to Protecting Electronic Devices and Data at the U.S. Border

Amid recent reports that security researchers have experienced difficulties at the United States border after traveling abroad, we realized that it's been awhile since we last discussed how to safeguard electronic devices and digital information during border searches. So just in time for holiday travel and the 27th Chaos Communication Congress in Berlin, here's EFF's guide for protecting your devices and sensitive data at the United States border.

The Government Has Broad Legal Authority to Search Laptops, Phones, Cameras, and Other Devices at the U.S. Border.

The Fourth Amendment to the United States Constitution prohibits unreasonable government searches and seizures. This generally means that the government has to get a warrant to search a location or item in which you have a reasonable expectation of privacy. Searches at places where people enter or leave the country are considered "reasonable" simply because they happen at the border or its functional equivalent, such as an international airport.

While the Supreme Court has not yet decided the issue, several courts have considered whether the government needs even a reasonable suspicion of criminal activity to search a traveler's laptop at the border, and have regrettably decided that the answer is no. E.g., United States v. Arnold, 533 F.3d 1003, 1008 (9th Cir. 2008); United States v. Romm, 455 F.3d 990, 997 (9th Cir. 2006); United States v. McAuley, 563 F. Supp. 2d 672, 979 (W.D. Tex. 2008).

The unfortunate upshot of these decisions is that a border agent has the legal authority to search your electronic devices at the border, even if he has no reason to think that you've done anything wrong. Several bills have been introduced in Congress over the past few years to protect travelers from these suspicionless border searches, but none of them has passed.

Customs and Border Protection (CBP) and Immigration and Customs Enforcement (ICE) have published their policies on searching electronic devices at the border, and the ACLU is challenging their constitutionality in court. According to CBP's policy, your computer or copies of your data can be kept for a "brief, reasonable" amount of time to be searched on- or off-site, ordinarily not more than five days. ICE's policy says that searches of devices and copies of data will typically be completed within 30 days. Anecdotal reports suggest that travelers' devices are sometimes detained for significantly longer periods of time.

Searches of devices that are conducted at a time and/or place removed from the initial border stop can become extended border searches that require reasonable suspicion of wrongdoing, or even regular searches that require a probable cause warrant. See, e.g., United States v. Cotterman, No. CR 07-1207-TUC-RCC, 2009 U.S. Dist. LEXIS 14300 (D. Az. Feb. 24, 2009) (reasonable suspicion required to search laptop detained for two days and moved 170 miles from the border), appeal docketed, No. 09-10139 (9th Cir. April 7, 2009); United States v. Hanson, No. CR 09-00946 JSW, 2010 U.S. Dist. LEXIS 61204 (N.D. Cal. June 2, 2010) (reasonable suspicion required to search laptop about two weeks after it was detained at the border and sent away for forensic analysis, and probable cause required to search laptop about four months after initial detention at border).

If you've had your devices detained by border agents for an extended period of time, please contact EFF.

There Are Several (Imperfect) Ways That You Can Make Your Data Less Vulnerable at the Border.

What can you do to keep the government from arbitrarily rummaging through your sensitive or confidential information during your international travels? There are several ways that you can protect your data at the border, though none is 100% gauranteed to keep the government's hands off your devices or your travels stress-free. Different approaches might be better for different travelers, devices, and data, but all of these precautions will help to keep your information significantly more secure during border crossings:

Carry as little data as possible over the border.
Keep a backup of your data elsewhere.
Encrypt the data on your device.
Store the information you need somewhere else, then download it when you reach your destination.
Protect the data on your devices with passwords.
Carry as little data as possible over the border. Travel with a clean device that contains only the information you need for a particular trip, and then securely delete those files before returning to the United States.

Remember that merely deleting files from a device doesn't mean that they're unrecoverable. Deleted files can be trivially undeleted, in whole or in part, by forensic software. You must overwrite the file contents to securely delete them.

Consider taking an inexpensive "travel" laptop with you instead of a machine that you use every day. Or if your laptop allows you to remove the hard drive easily — for instance, by sliding it out a side bay — you might use a totally different hard drive for international travel and leaving your regular drive safely at home.

Keep a backup of your data elsewhere. Government agents could seize your laptop, phone, or other devices for no reason at all. You should be prepared for the possibility that you could be deprived of access your data for some time, and store copies somewhere else that you can easily access if your devices are detained at the border.

Encrypt the data on your device. Encrypt your hard drive with a strong crypto protocol. Choose a strong passphrase that can resist brute force attacks. Even if border agents seek assistance from other agencies to attempt to decrypt your data — as provided by CBP and ICE's policies — they are unlikely to be able to access your information without either getting your help or investing far more time and effort into reviewing your data than they may want to spend.

What if a border agent asks you to turn over your encryption keys? As a legal matter, border agents can't force you to decrypt your data, divulge passphrases, or answer questions — only a judge can, and only if the Fifth Amendment privilege against self-incrimination does not apply. This privilege protects people from being forced to make statements that could lead the government to prosecute them for a crime. The right does not shield the actual data on a laptop or phone from disclosure. But two federal courts have held that even a judge can't make a person divulge his passphrase to the government when the act of revealing the passphrase would show that he has control over potentially incriminating files. In re Boucher, No. 2:06-mj-91, 2007 U.S. Dist. LEXIS 87951, at *13 (D. Vt. Nov. 27, 2007), reversed on other grounds, 2009 U.S. Dist. LEXIS 13006 (D. Vt. Feb. 29, 2009); United States v. Kirschner, Misc No. 09-MC-50872, 2010 U.S. Dist. LEXIS 30603, at **10-11 (E.D. Mich. March 30, 2010). If you're facing a situation in which the government is trying to force you to reveal encryption keys, let us know.

Be aware that if you fail to provide a passphrase or decrypt information upon request, there are a number of possible consequences. A border agent may seize your device and allow you to continue on your trip. The agent may detain you at the border. Or the agent may just shrug and and let you pass. It's hard to predict what will happen, but you should be prepared for any of these possibilities, and consider how you would deal with each of them.

If you choose to answer government officials' questions, always be honest about the contents of your computers and whether you're carrying other data storage devices over the border. The consequences of lying to the government could be much more severe than the consequences of declining to answer questions or provide assistance.

Remember to shut down your device completely before going through customs so that the cold boot attack investigated by EFF, Princeton University and other researchers can't be used to retrieve your encryption keys.

Store the information you need somewhere else, then download it when you reach your destination. Store your confidential data on your employer's servers or with a third party. Then take a clean device on your trip, download the information you need when you've reached your destination, and securely delete the files from your device before you return home.

This approach doesn't offer absolute protection for the data you've stored elsewhere. The FISA Amendments Act of 2008 loosened the requirements for government surveillance of people reasonably believed to be located outside the United States, so international communications can now be monitored without a warrant. Furthermore, law enforcement officers can access communications stored by third-party providers through the Electronic Communications Privacy Act as long as they have appropriate legal process, which might not be more than a subpoena in certain circumstances.

If your goal is to keep border agents from perusing vacation photos on your camera, storing your files with a third-party service and then deleting them from your device might be fine. (Note, however, that deleted images on a camera, if not actively overwritten, can be easily undeleted, just like other kinds of computer files.) But if you're concerned about government access to confidential business email, encrypting your data is a more effective solution. Also use an encrypted VPN, and/or SSH or HTTPS, to send and receive communications and other data while abroad.

Protect the data on your devices with passwords. Many devices such as laptops and phones give you the option to set a password, numeric PIN, pattern or other authentication method to control access to your data. Take advantage of this security feature to give your data a little more protection.

As with encryption keys, border agents can't force you to turn over passwords. However, researchers have demonstrated flaws that make it easy to get around iPhone passcodes, and Android patterns are often not hard to identify. And, as we discuss below, user-account passwords, if not combined with encryption, can always be bypassed by simply removing the hard drive and putting it in another machine.

You might also consider creating separate password-protected user accounts on your laptop for your personal data and work data. Then you can allow a border agent to examine your own account, while storing client data or trade secrets in a separate account controlled by your employer. Your employer might disclose the password for this account to you only after you reach your destination.

Under certain circumstances, a border agent might be satisfied to take a look at your personal data. But simply storing confidential information in a separate password-protected account will not absolutely shield that data from government scrutiny. Many forensic search tools can access and search unencrypted data in every account on a machine, even if you yourself don't know the passwords to log in to those accounts or don't have administrative privileges on the machine. An agent can use these tools, for instance, by taking the hard drive out of your machine and putting it in their investigative machine. This allows reading the data right off the disk, regardless of the file and account permissions in your operating system. Don't rely on passwords to be your only form of security — encryption is still critically important to protect the information stored on a device.

For more thoughts on protecting data at the border, see Wired's wiki on how to protect data during border searches, Declan McCullagh's Security Guide to Customs-Proofing Your Laptop, and Chris Soghoian's Guide to Safe International Data Transport.

The New York Times
June 10, 2013
U.S. Preparing Charges Against Leaker of Data

By MICHAEL S. SCHMIDT, ERIC SCHMITT and KEITH BRADSHER

WASHINGTON — As Justice Department officials began the process Monday to charge Edward J. Snowden, a 29-year-old former C.I.A. computer technician, with disclosing classified information, he checked out of a hotel in Hong Kong where he had been holed up for several weeks, according to two American officials. It was not clear where he went.

Whether Mr. Snowden remained in Hong Kong or fled to another country — like Iceland, where he has said he may seek asylum — the charges would strengthen the Justice Department’s hand if it tries to extradite him to the United States. One government typically must charge a suspect before another government will turn him over.

The department’s investigation of Mr. Snowden will be overseen by the F.B.I.’s Washington field office, which has considerable experience prosecuting such cases, according to one of the officials. Agents are trying to learn as much as they can about him and have tried to interview his family members. The Justice investigation into Mr. Snowden was one of at least two government inquiries. The National Security Agency began trying to identify and locate the leaker when The Guardian published its first revelations last Wednesday.

The N.S.A.’s investigation is examining what information Mr. Snowden had access to and may have also taken from agency.

“There’s no hesitation” about charging Mr. Snowden, one of the American officials said, explaining that law enforcement officials had not been deterred by the debate inside and outside the administration about its leak investigations. The brazenness of the disclosures about some of the National Security Agency’s surveillance programs and Mr. Snowden’s admission in the newspaper The Guardian on Sunday left little doubt among law enforcement officials, the official said.

Officials at the White House, the Justice Department and intelligence agencies declined to comment on Monday on the investigation and on Mr. Snowden.

Senator Dianne Feinstein, a California Democrat who is the chairwoman of the Intelligence Committee and has praised the programs’ effectiveness, said the panel would hold a closed briefing for all senators on Thursday to hear from N.S.A., F.B.I. and Justice Department officials. A similar closed hearing is scheduled for Tuesday in the House.

In Hong Kong, legal experts said the government was likely to turn over Mr. Snowden if it found him and the United States asked, although he could delay extradition, potentially for months, with court challenges, but probably could not block the process. The Hong Kong authorities have worked closely with United States law enforcement agencies for years and have usually accepted extradition requests under longstanding agreements, according to Regina Ip, a former secretary of security who serves in the territory’s legislature.

“He won’t find Hong Kong a safe harbor,” Ms. Ip said.

The Mira Hotel said Mr. Snowden had stayed at the hotel but checked out on Monday.

According to Kerri Jo Heim, a real estate agent who is handling the sale of a Hawaii home that Mr. Snowden had been renting, the police came by the house Wednesday morning, perhaps even before The Guardian published its story. The police asked Ms. Heim if they knew Mr. Snowden’s whereabouts. Mr. Snowden moved last spring to the house on Oahu, 15 miles northwest of Honolulu, in a neighborhood populated by military families tied to the nearby Schofield Barracks, an Army base.

The N.S.A. investigation is also examining the damage that the revelations may have on the effectiveness of programs. James R. Clapper Jr., the director of national intelligence, said over the weekend on NBC News that he was concerned about “the huge, grave damage it does to our intelligence capabilities.” He did not cite specific examples of the damage caused by the disclosures.

Members of Congress criticized Mr. Snowden on Monday. He “has damaged national security, our ability to track down terrorists, or those with nefarious intent, and his disclosure has not made America safer,” said Representative Jim Langevin, a Rhode Island Democrat on the House Intelligence Committee.

The string of articles describing the surveillance programs will probably prompt a broad review within government agencies on granting federal workers and private contractors access to classified data.

Three years ago, the State Department significantly tightened access to its classified data, in reaction to the release of department cables to WikiLeaks by a low-level intelligence analyst, Pfc. Bradley Manning.

In Mr. Snowden’s case, similar questions are emerging: Why would a relatively low-level employee of a large government contractor, Booz Allen Hamilton, posted in Hawaii for only three months, have access to classified presidential directives or a copy of an order from the Foreign Intelligence Surveillance Court, and how could he download them without detection?

At a White House briefing Monday, Jay Carney, the press secretary, went out of his way not to discuss Mr. Snowden, referring to him as “the individual.” Mr. Carney declined to say whether President Obama had watched a video in which Mr. Snowden explained his motivations and argued that the United States government conducted too much surveillance of its citizens.

American officials cited the continuing inquiry as the reason for the low-key approach. By keeping silent on Mr. Snowden and his case, the Obama administration also avoids elevating his status, even as whistle-blower advocacy groups championed him and his disclosures.

In a separate case, a federal appeals court ruled Monday against a civil-liberties advocacy group that challenged the constitutionality of the N.S.A.’s warrantless wiretapping program. The Court of Appeals for the Ninth Circuit, based in San Francisco, refused to overturn a lower-court ruling dismissing the lawsuit, brought by the Center for Constitutional Rights.

The suit initially sought to end the Bush-era wiretapping program, and later challenged the constitutionality of new legislation passed by Congress after the original program was disclosed by The New York Times in December 2005.
http://www.nytimes.com/2013/06/11/us/snowden-facing-charges-leaves-hong-kong-hotel.html?hp

We Have No Privacy, We Are Always Being Watched

The Internet to me is like a public space.

Why not?