As the Snowden Leaks Began… There Was "fear and panic" in The US Government. There Still Is.

Uploaded on 2016-05-06 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Law

Snowden's leaks include information on the PRISM Global surveillance program.

US Lawmakers are demanding that the Obama administration comes clean on how many Americans have been caught up in its domestic surveillance programs.

Without that information, a bipartisan group of leading lawmakers aren't able to fully determine what changes need to be made to US surveillance laws, some of which will expire by the end of 2017.

Those surveillance programs include the controversial PRISM program, which reportedly tapped data from nine tech titans including Apple, Facebook, Google, Microsoft and others.

These programs were authorized under Section 702 of the Foreign Intelligence Surveillance Act, a statute that allowed the government to secretly collect any data on foreign citizens, but also collect data on Americans who are incidentally collected as part of that effort.

Critics argue that this is a "backdoor search" on Americans that doesn't require a warrant, contravening Fourth Amendment protections against unwarranted domestic surveillance.

Let’s go back…

It was late evening on June 5 two years ago in a muggy Washington DC, when almost every phone belonging to a member of Congress began to ring.

News broke in The Guardian that the elusive National Security Agency was forcing Verizon, one of the nation's largest phone companies, to hand over on a rolling basis the phone records of its entire customer base.

Dozens of US lawmakers were finding out for the first time of this potentially massive domestic surveillance program, as were the American people who were reportedly ensnared by it.

But a handful of privy lawmakers in Congress were not surprised at all. One of those was Sen. Ron Wyden (D-OR), who along with his colleagues on the Senate Intelligence Committee had been secretly briefed on the program years prior to the program's leaking.

About fifteen minutes after the story broke, Wyden received another call on his cell phone.

"I can't tell you what you want me to tell you!," he told the caller. It was Wyden's former communications director Jennifer Hoelzer, who had spent more than half a decade by the senator's side. It wasn't news to her that her former boss had known about the secret program, but she was surprised that he was still barred from confirming or denying its existence.

By the end of the first hour -- approaching midnight -- press officers for the members on the Senate Intelligence Committee were unable to comment to journalists on the record about a program that they, as non-clearance holding staffers, weren't even aware of themselves.

"There was an incredible amount of fear and panic, because nobody knew what else was coming," said a senior congressional official with direct knowledge of the events on that and subsequent days, who declined to be named for this story.

"Nobody knew how sensitive these leaks were, and whether or not this was the sort of thing that would put individuals at risk," the person said. There was a strong suspicion that the leaker was someone within the intelligence community, perhaps someone high up in the chain of command with access to internal intelligence documents. There was a scramble among those with security clearance to find out what had been leaked, and who might have leaked it.

Sens. Dianne Feinstein (D-CA) and Saxby Chambliss (R-GA) released a joint statement first thing the next morning on June 6 as the American people were reading the news over their morning coffee. The statement said that members of Congress had been "briefed extensively" on the program. Except, that wasn't entirely true.

Some members of the Senate Intelligence Committee later admitted they weren't even aware of the full scope of the program. Sens. Angus King (I-ME) and Susan Collins (R-ME), who joined the committee months before the Snowden disclosures, told one local newspaper a day after news of the leaks broke that they had not known "specifics" of certain surveillance programs, including the phone records program.

Wyden became one of the few committee members (with the exception of Sen. Martin Heinrich (D-NM) and his then-colleague Mark Udall (D-CO), who are both allies of Wyden) to comment publicly.

In his statement, Wyden doled out his critical rhetoric, saying that he had been "concerned" for years about the program. He also said the program's effectiveness was "unclear."

Wyden's former chief of staff Josh Kardon, who served for more than a decade between 1996 and 2010, explained that prior to the leaks the senator was clued up because he wouldn't just rely on what the intelligence officials were telling him.

Kardon said the senator would "develop his own sources" within the intelligence community instead of relying on the White House to give him straight answer.

By law, the intelligence agencies have to keep the committee (and other key leadership-holding members of Congress) informed of their activities, but they would instead drip feed information and hope nobody asked too many follow-up questions. Things were so bad, said a former staffer close to Wyden who did not want to be named for the story, that the senator could have asked the simplest of questions, like "if anybody had the time," to which an intelligence agent would respond with, simply, "yes."

A day after the first leak, a second surveillance program, known as PRISM, was revealed.

The secret program was met with instant backlash from Silicon Valley after it was shown to allow the collection of almost every shred of user information held by nine named technology giants. Inside the walls of Congress, that panic had turned to anger at the inability to speak out.

It was clear by now that the first leak was not an isolated incident. It would be a guessing game as to what would come next, even to those who thought they were in the know.
ZD Net: http://bit.ly/1SZ4EGI  and  http://zd.net/1GVBJiB

« Implementing EU Privacy Laws Requires 28,000 New Data Professionals
Insurers Are Getting Smarter About Cyber Insurance »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Kualitatem

Kualitatem

Kualitatem Inc. is an independent software testing and information systems auditing company

Kent Interdisciplinary Research Centre in Cyber Security (KirCCS) - University of Kent

Kent Interdisciplinary Research Centre in Cyber Security (KirCCS) - University of Kent

KirCCS harnesses expertise across Kent University to address current and potential cyber security challenges.

Hack in the Box Security Conference (HitBSecConf)

Hack in the Box Security Conference (HitBSecConf)

HITBSecConf is a platform for the discussion and dissemination of next generation computer security issues. Our events feature two days of training and a two-day multi-track conference

Cyber Data-Risk Managers

Cyber Data-Risk Managers

Cyber Data-Risk Managers Pty Ltd is an insurance broker based in Melbourne, Australia specializing in Cyber insurance / Data breach insurance.

Uniken

Uniken

Uniken REL-ID is a safe, simple, and scalable security platform that tightly integrates your identity, authentication, and channel security.

OSSEC

OSSEC

OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS).

SCADAfence

SCADAfence

SCADAfence offers cutting edge cybersecurity solutions designed to ensure the operational continuity of industrial (ICS/SCADA) networks.

Cyjax

Cyjax

Cyjax monitors the Internet to identify the digital risks to your organisation, including cyber threats, reputational risks and the Darknet.

Portuguese Institute for Accreditation (IPAC)

Portuguese Institute for Accreditation (IPAC)

IPAC is the national accreditation body for Portugal. The directory of members provides details of organisations offering certification services for ISO 27001.

Bellvista Capital

Bellvista Capital

Bellvista Capital connects entrepreneurs with capital and unmatched business expertise in the technology areas of Cloud Computing, Cyber Security and Data Analytics.

IT Acceleration

IT Acceleration

IT Acceleration is a full-service IT management and support, IT compliance and Digital Forensics company.

Anxinsec

Anxinsec

Anxinsec Technology is a security solution and service provider with a focus on new technology and innovations in cybersecurity.

Trovent Security

Trovent Security

Trovent was founded with a clear goal: to support medium-sized companies in significantly increasing their IT security level.

Computer Futures

Computer Futures

Computer Futures are a global specialist IT recruitment partner, matching candidates with roles across niche IT markets and core technologies.

PowerDMARC

PowerDMARC

PowerDMARC is a domain security and email authentication SaaS platform that helps organizations protect their domain name, brand, and emails against unauthorized use.

S4E (Security for Everyone)

S4E (Security for Everyone)

At S4E.io, our mission is to democratize digital security, making it accessible, simple, and effective for individuals and businesses of all sizes.