NSA Surveillance Reform - Snowden’s Vindication.

Uploaded on 2015-06-05 in NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW

snowden-quote_n.jpg

The US Senate has passed a bill to end the bulk collection of millions of Americans’ phone records, ushering in the country’s most significant surveillance reform since 1978 two years after NSA whistleblower Edward Snowden’s revelations to the Guardian newspaper. 

The White House recently refused to reconsider its legal pursuit of Edward Snowden on Monday, while it sought to take credit for outlawing the bulk telephone surveillance programme he revealed.

Daniel Ellsberg Credits Snowden

NSA whistleblower Edward Snowden should be thanked for sparking the debate that forced Congress to change US surveillance law, Daniel Ellsberg, the man who leaked the Pentagon Papers, said Monday.

Other prominent US whistleblowers also gave Snowden credit and argued that the curbs in the NSA’s surveillance powers by Congress – combined with a federal court ruling last month that bulk phone record collection is illegal – should open the way for him to be allowed to return to the US, although they conceded this was unlikely. Ellsberg, the former US military analyst who risked jail in 1971 by leaking Pentagon papers showing the White House lied about the Vietnam war, welcomed the concessions made by the Senate, limited as they are. Sweeping US surveillance powers used by the NSA expired at midnight after a dramatic showdown in the Senate. Some are likely to be replaced with those in new legislation, the USA Freedom Act.

Paradox
Here is the paradox. Edward Snowden sits in exile in Moscow, knowing that if he returned to the west, as he would like to, he’d almost certainly wind up in jail. Yet at the same time, no one disputes that Mr Snowden has sparked a global debate about privacy, which saw the US Senate rein in the National Security Agency’s powers, most notably to collect the telephone records of millions of Americans. 
Three provisions of the post-9/11 Patriot Act have expired, and while replacement legislation will soon enough be passed it is likely to embody certain post-Snowden reforms. The American outlaw, then, is remaking the American law.
Recently senators voted 67-32 to pass the USA Freedom Act, which overwhelmingly cleared the House of Representatives. Hours later, Barack Obama signed the legislation, after saying he would “work expeditiously to ensure our national security professionals again have the full set of vital tools they need to continue protecting the country”.
The passage of the USA Freedom Act paves the way for telecom companies to assume responsibility of the controversial phone records collection program, while also bringing to a close a short lapse in the broad NSA and FBI domestic spying authorities. 

The American Civil Liberties Union praised the passage of the USA Freedom Act as “a milestone” but pointed out that there were many more “intrusive and overbroad” surveillance powers yet untouched.

But the Law is only Part of the Story

Privacy advocates were, of course, cautious not to overstate the significance of the act’s suspension. But behind this caution, their successes are far more extensive than the symbolic demise of the Patriot Act. From the perspective of surveillance, the damage has already been done.

The ‘Snowden effect’, named after the whistleblower responsible for outing government surveillance in the US and UK, has brought more companies and technologists to the fight. Often their purpose is to provide privacy tools that are powerful, open-source and accessible to the masses and of course make them money. And of course as fears over our privacy continue to grow and the government talks about further extending surveillance capability, ordinary people are turning to these tools. What’s more, for the first time, they are beginning to be adopted on a massive scale.

Scale is a significant change, and a significant challenge to security services. Take Tor. Tor is a web browser-cum-network that scrambles your connections and makes your Internet browsing more difficult to track. Both Tor and other publicly available encryption tools always come with a caveat. Although frequently very powerful, especially in combination with one another, they are not perfect. With enough work and with the resources at the disposal of government organisations, a single user’s communications are at risk: the sheer firepower that the security services can use to break into secure channels means that a single suspect is up against it.

This is probably a good thing. If we believe our security services should have the resources to protect us from those who would plan acts of terrorism, for example, then they must be able to intercept the communications of suspects under investigation. Isis advise use of encryption to its supporters in order to protect their identities and whereabouts. Anders Breivik wrote a blog on it. If a suspect was under investigation we would rightly expect MI5 to use wiretaps and human surveillance, after all. Digital communications should be no different.

Bitcoin technology could stop the next Snowden

The NSA knows Edward Snowden disclosed many of its innermost secrets when he revealed how aggressive its surveillance tactics are. What it doesn’t know is just how much information the whistleblower took with him when he left. For all of its ability to track our telecommunications, the NSA seemingly had little clue exactly what documents, or even how many documents, Snowden gave to the media. Like most large organizations, the NSA had tools in place to track who accessed what data and when. But Snowden, a system administrator, apparently was able to cover his tracks by deleting or modifying the log files that tracked that access.

An Estonian company called Guardtime says it has a solution to that: using the same ideas that underpin the digital currency Bitcoin, the company says it can ensure no one can alter digital files, not even an organization’s most senior executives or IT managers. The idea is to stop the next Snowden in his tracks by making it impossible to tamper with data, such as the NSA log files, in secret.

Had the NSA been using Black Lantern, the agency would have been able to detect Snowden’s activities early on, or at least would have much better idea of what Snowden took, says Guardtime CTO Matt Johnson, a former agent with the Air Force Office of Special Investigations agent and defense contractor.

Using Guardtime, a government could, in theory, give all citizens a copy of a blockchain that records changes to email log files. It wouldn’t stop a political leader from deleting important email, and it wouldn’t place the contents of the email, or even the metadata, in the ledger. But it would alert auditors and investigators to changes.

Wired:  http://wrd.cm/1I9B3dR
Spectator:  http://bit.ly/1FtLJ0O
Guardian:  http://bit.ly/1IarPep    http://bit.ly/1Jrq2oi    http://bit.ly/1M5U27n   http://bit.ly/1SSCPTB

« Mass surveillance is Being Undermined by the ‘Snowden Effect’
Sophos to Raise £100m From Stock Market Float »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

ForeScout Technologies

ForeScout Technologies

ForeScout delivers pervasive network security by allowing organisations to continuously monitor & mitigate security exposures & cyberattacks.

FIRST Conference

FIRST Conference

Annual conference organised by the Forum of Incident Response and Security Teams (FIRST), a recognized global leader in computer incident response.

Entreda

Entreda

Entreda offers a unified platform to automate cybersecurity and compliance policy enforcement for your devices, users, networks, applications.

Sapien Cyber

Sapien Cyber

Sapien Cyber is an Australian company bringing leading-edge cyber security and threat intelligence solutions.

Applied Science and Technology Research Institute Company Limited (ASTRI)

Applied Science and Technology Research Institute Company Limited (ASTRI)

ASTRI's mission is to enhance Hong Kong’s competitiveness in technology-based industries through applied research in areas including Security & Data Sciences which encompasses cybersecurity.

Salt Security

Salt Security

Salt Security protects the APIs that are the core of every SaaS, web, mobile, microservices and IoT application.

DestructData

DestructData

DestructData is a leading independent provider of End of Life data destruction/security solutions.

Infosec Partners

Infosec Partners

Whether you’re looking for complete managed security or an on-call expert advisor, we offer a range of managed security services to complement your internal team or primary outsource partner.

CyVolve

CyVolve

Cyvolve is the next great leap forward in data security, ensuring constant encryption and pervasive control over all your data.

Penten

Penten

Penten is an Australian-based cyber security company focused on innovation in secure mobility and applied AI (artificial intelligence).

SDG Corp

SDG Corp

SDG is a global cybersecurity, identity governance, risk consulting and advisory firm, addressing complex security, compliance and technology needs.

Nardello & Co

Nardello & Co

Nardello & Co. is a global investigations firm with experienced professionals handling a broad range of issues including Digital Investigations & Cybersecurity.

Kontron

Kontron

Kontron offers a combined portfolio of secure hardware, middleware and services for Internet of Things (IoT) and Industry 4.0 applications.

senhasegura

senhasegura

senhasegura is a global Privileged Access Management vendor. Our mission is to eliminate privilege abuse in organizations around the globe and build digital sovereignty.

Liminal

Liminal

Liminal is a boutique strategy advisory firm serving digital identity, fintech, and cybersecurity clients, and the private equity / venture capital community.

Digital Intelligence

Digital Intelligence

Digital Intelligence offer a full array of products, forensic and e-discovery consulting services and training.