NSA Surveillance Reform - Snowden’s Vindication.

snowden-quote_n.jpg

The US Senate has passed a bill to end the bulk collection of millions of Americans’ phone records, ushering in the country’s most significant surveillance reform since 1978 two years after NSA whistleblower Edward Snowden’s revelations to the Guardian newspaper. 

The White House recently refused to reconsider its legal pursuit of Edward Snowden on Monday, while it sought to take credit for outlawing the bulk telephone surveillance programme he revealed.

Daniel Ellsberg Credits Snowden

NSA whistleblower Edward Snowden should be thanked for sparking the debate that forced Congress to change US surveillance law, Daniel Ellsberg, the man who leaked the Pentagon Papers, said Monday.

Other prominent US whistleblowers also gave Snowden credit and argued that the curbs in the NSA’s surveillance powers by Congress – combined with a federal court ruling last month that bulk phone record collection is illegal – should open the way for him to be allowed to return to the US, although they conceded this was unlikely. Ellsberg, the former US military analyst who risked jail in 1971 by leaking Pentagon papers showing the White House lied about the Vietnam war, welcomed the concessions made by the Senate, limited as they are. Sweeping US surveillance powers used by the NSA expired at midnight after a dramatic showdown in the Senate. Some are likely to be replaced with those in new legislation, the USA Freedom Act.

Paradox
Here is the paradox. Edward Snowden sits in exile in Moscow, knowing that if he returned to the west, as he would like to, he’d almost certainly wind up in jail. Yet at the same time, no one disputes that Mr Snowden has sparked a global debate about privacy, which saw the US Senate rein in the National Security Agency’s powers, most notably to collect the telephone records of millions of Americans. 
Three provisions of the post-9/11 Patriot Act have expired, and while replacement legislation will soon enough be passed it is likely to embody certain post-Snowden reforms. The American outlaw, then, is remaking the American law.
Recently senators voted 67-32 to pass the USA Freedom Act, which overwhelmingly cleared the House of Representatives. Hours later, Barack Obama signed the legislation, after saying he would “work expeditiously to ensure our national security professionals again have the full set of vital tools they need to continue protecting the country”.
The passage of the USA Freedom Act paves the way for telecom companies to assume responsibility of the controversial phone records collection program, while also bringing to a close a short lapse in the broad NSA and FBI domestic spying authorities. 

The American Civil Liberties Union praised the passage of the USA Freedom Act as “a milestone” but pointed out that there were many more “intrusive and overbroad” surveillance powers yet untouched.

But the Law is only Part of the Story

Privacy advocates were, of course, cautious not to overstate the significance of the act’s suspension. But behind this caution, their successes are far more extensive than the symbolic demise of the Patriot Act. From the perspective of surveillance, the damage has already been done.

The ‘Snowden effect’, named after the whistleblower responsible for outing government surveillance in the US and UK, has brought more companies and technologists to the fight. Often their purpose is to provide privacy tools that are powerful, open-source and accessible to the masses and of course make them money. And of course as fears over our privacy continue to grow and the government talks about further extending surveillance capability, ordinary people are turning to these tools. What’s more, for the first time, they are beginning to be adopted on a massive scale.

Scale is a significant change, and a significant challenge to security services. Take Tor. Tor is a web browser-cum-network that scrambles your connections and makes your Internet browsing more difficult to track. Both Tor and other publicly available encryption tools always come with a caveat. Although frequently very powerful, especially in combination with one another, they are not perfect. With enough work and with the resources at the disposal of government organisations, a single user’s communications are at risk: the sheer firepower that the security services can use to break into secure channels means that a single suspect is up against it.

This is probably a good thing. If we believe our security services should have the resources to protect us from those who would plan acts of terrorism, for example, then they must be able to intercept the communications of suspects under investigation. Isis advise use of encryption to its supporters in order to protect their identities and whereabouts. Anders Breivik wrote a blog on it. If a suspect was under investigation we would rightly expect MI5 to use wiretaps and human surveillance, after all. Digital communications should be no different.

Bitcoin technology could stop the next Snowden

The NSA knows Edward Snowden disclosed many of its innermost secrets when he revealed how aggressive its surveillance tactics are. What it doesn’t know is just how much information the whistleblower took with him when he left. For all of its ability to track our telecommunications, the NSA seemingly had little clue exactly what documents, or even how many documents, Snowden gave to the media. Like most large organizations, the NSA had tools in place to track who accessed what data and when. But Snowden, a system administrator, apparently was able to cover his tracks by deleting or modifying the log files that tracked that access.

An Estonian company called Guardtime says it has a solution to that: using the same ideas that underpin the digital currency Bitcoin, the company says it can ensure no one can alter digital files, not even an organization’s most senior executives or IT managers. The idea is to stop the next Snowden in his tracks by making it impossible to tamper with data, such as the NSA log files, in secret.

Had the NSA been using Black Lantern, the agency would have been able to detect Snowden’s activities early on, or at least would have much better idea of what Snowden took, says Guardtime CTO Matt Johnson, a former agent with the Air Force Office of Special Investigations agent and defense contractor.

Using Guardtime, a government could, in theory, give all citizens a copy of a blockchain that records changes to email log files. It wouldn’t stop a political leader from deleting important email, and it wouldn’t place the contents of the email, or even the metadata, in the ledger. But it would alert auditors and investigators to changes.

Wired:  http://wrd.cm/1I9B3dR
Spectator:  http://bit.ly/1FtLJ0O
Guardian:  http://bit.ly/1IarPep    http://bit.ly/1Jrq2oi    http://bit.ly/1M5U27n   http://bit.ly/1SSCPTB

« Mass surveillance is Being Undermined by the ‘Snowden Effect’
Sophos to Raise £100m From Stock Market Float »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

International Organization for Standardization (ISO)

International Organization for Standardization (ISO)

ISO is an independent, non-governmental international standards organization. The ISO/IEC 27001 is the standard for information security management systems.

Australian Signals Directorate (ASD)

Australian Signals Directorate (ASD)

The Australian Signals Directorate is an intelligence agency in the Australian Government Department of Defence.

BioCatch

BioCatch

BioCatch uses behavioral biometrics for fraud prevention and detection. Continuous authentication for web and mobile applications to prevent new account fraud.

TCDI

TCDI

TCDI specializes in computer forensics, eDiscovery and cybersecurity services.

Navixia

Navixia

As a leading Swiss IT security specialist, Navixia offers a global and pragmatic approach to information security.

Newtec Services

Newtec Services

IT should be responsive, adaptive, and smart. Now more than ever, you need a business that runs efficiently and can adapt to today's challenges. We can help with custom IT solutions.

ITTAS

ITTAS

ITTAS is a multidisciplinary company specializing in information security and software and hardware protection software.

Jamf

Jamf

Jamf is the only Apple Enterprise Management solution of scale that remotely connects, manages and protects Apple users, devices and services.

Lupovis

Lupovis

Lupovis is an AI-based deception solution that deploys active decoys turning your network from a flock of sheep to a pack of wolves where the hunter becomes the hunted.

MyKRIS Asia

MyKRIS Asia

MyKRIS specialise in providing and managing Internet network services and cyber security services to enterprises.

Somerville

Somerville

Somerville are a full service IT partner with over 40 years experience delivering exceptional service and value to our customers.

PRE Security

PRE Security

PRE Security is leading the transition into the next era of AI cybersecurity with a new model: Predict & Prevent.

BlazeGuard

BlazeGuard

At BlazeGuard, we understand that navigating the complex world of cybersecurity can be challenging. That’s why we make it our mission to simplify the process for you.

Cyberlocke

Cyberlocke

Cyberlocke is dedicated to finding inventive solutions to meet the distinct IT obstacles of each organization we support.

Twilio

Twilio

Twilio are the customer layer for the internet, powering the most engaging interactions companies build for their customers. We provide simple tools that solve hard problems.

CarbonHelix

CarbonHelix

CarbonHelix provides cybersecurity services from US-based security operations centers that meet the highest compliance requirements.