US, UK Officials Worry Snowden Still has ‘Doomsday’ Collection of Classified Material

RT.com – Published: November 26, 2013  

Edward Snowden.(AFP Photo / Wikileaks)

US and British intelligence officials say they are concerned about a “doomsday” collection of highly classified, heavily encrypted materials they believe former National Security Agency contractor Edward Snowden may have stored away.

The cache supposedly contains documents with names of US and allied intelligence personnel, seven current and former US officials and other sources told Reuters. 

The collection is shielded by elaborate encryption that requires multiple passwords to open, said two of the sources, who all spoke to Reuters anonymously.

At least three people – unknown to the sources – possess the passwords, which are only valid for a short period each day, they said.

Officials believe the cache would likely be stored and encrypted apart from the rest of the material Snowden gave to news outlets.

The NSA and the Office of the Director of National Intelligence declined to comment on the collection.

One source saw the cache of documents as an “insurance policy” for Snowden should he feel threatened by arrest or other harm.

US officials and other sources say only a small portion of classified material they believe Snowden accessed as a contract systems administrator for the NSA has been published since the first documents were reported by the Guardian and The Washington Post in early June.

NSA chief Keith Alexander said this month it is believed Snowden downloaded between 50,000 and 200,000 classified documents from the NSA and GCHQ – the NSA’s British counterpart. At times, Snowden used unwitting employees’ passwords and access keys to reach documents and information he did not have permission to see.

Cryptome, a website that published leaked secret documents years before Wikileaks or Snowden arrived on the scene, estimates that about 500 documents from Snowden have been made public.

“The worst is yet to come,” one former US official familiar with the investigation said.

Snowden is living in Russia under temporary asylum. He fled there from Hong Kong shortly after the first stories from his leaks appeared. He has been charged in the United States under the Espionage Act.

He has claimed neither Chinese nor Russian authorities have had any chance to see any of the documents he downloaded since he didn’t bring any materials with him. Though it is unknown whether either country, in addition to the US and Britain, have any idea where the sensitive cache is stored and, if so, whether they have tried to unlock it.

Glenn Greenwald, one of the reporters Snowden gave NSA classified documents to, said Snowden had “taken extreme precautions to make sure many different people around the world have these archives to insure the stories will inevitably be published.”

Adding merit to the suspicion that the well-secured cache may be an insurance policy of sorts, Greenwald said in June that “if anything happens at all to Edward Snowden, he has arranged for them to get access to the full archives.”

He added: “I don’t know for sure whether he has more documents than the ones he has given me… I believe he does.”

Greenwald, who has since left the Guardian for a yet-unnamed news site financed by Silicon Valley billionaire Pierre Omidyar, told Reuters he had nothing new to add to those statements, but reaffirmed the “precautions” Snowden took before leaving for Hong Kong.

Among the classified documents Snowden accessed, but not yet published, were lists of names and resumes of NSA and GCHQ employees, sources said.

Sources believe Snowden began downloading some of the material from a classified GCHQ website, GC-Wiki, when he was employed by Dell and assigned to the NSA in 2012. He moved to another contractor, Booz Allen Hamilton, because he would have more access to NSA data there, a source said.

No names of British intelligence officials have been published. Once UK authorities told the Guardian it could face legal action, the newspaper destroyed computers containing Snowden-provided documents on GCHQ, though it did give copies of the material to the New York Times and ProPublica.

Sources say the material Snowden took includes information, possibly personnel names, on the CIA and other US intelligence arms, such as the National Reconnaissance Center and the National Geospatial-Intelligence Agency.

Snowden’s revelations of vast domestic and international surveillance and data collection by the US have made steady news since June. In addition to many storylines emanating from the leaks, the NSA’s alleged spying on emails and tapping of phones of world leaders has provoked scandals between the US and a number of countries in Europe, Latin America and Asia.

Email Encryption Services Suddenly Close Over U.S. Snooping

By Shaun Waterman – The Washington Times

In amassing data about every American’s communications, U.S. intelligence agencies are not only making many uneasy about their privacy, but also are endangering the nation’s leadership in innovation and security in communications technology.

Analysts, technology executives and former officials spoke about the recent decisions by two U.S.-based providers of encrypted email to shutter their services in response to actual or anticipated legal demands to surrender customer data.

“Other companies offering these services are starting to move offshore outside the reach of whatever is going on” in the United States, said Howard A. Schmidt, former White House cyberczar.

Indeed, operating a secure email service in the United States no longer may be an option, said law professor Fred H. Cate, director of Indiana University’s Center for Applied Cybersecurity Research.

“If you mean by ‘secure’ a system to which the U.S. government cannot get access, it is beginning to look as if that might not be possible,” said Mr. Cate, who specializes in privacy, security and other information law issues.

Lavabit, the free encrypted email service used by National Security Agency leaker Edward Snowden, closed suddenly this month. Its founder said in a note on the company website that he took the drastic action to avoid being “complicit in crimes against the American people.”

In his note, Ladar Levison said the U.S. government had gagged him from explaining what had happened and why he felt compelled to close his Texas-based business. “I wish that I could legally share with you the events that led to my decision. I cannot,” he wrote.

Hours after Lavabit’s announcement, a Maryland-based company that offers encrypted communication services — SilentCircle — announced that it, too, was shuttering its email service and destroying all of its customers’ email archives.

SilentCircle CEO Mike Janke said the move was to pre-empt legal demands from Washington that the company turn over the “keys” to its customers’ encrypted emails and archived data stored on company servers.

“We saw the writing on the wall,” Mr. Janke said.

Encryption scrambles digital data by manipulating it according to a complex formula or algorithm, called a key. With the key, the data can be unscrambled. Without it, the information remains a mass of meaningless numbers.

The Patriot Act

Mr. Janke said SilentCircle needed to destroy its archives without notice because the company’s email servers had become “a treasure box” of data about its customers, which include several heads of state, some U.S. and allied special operations forces units, and 16 of the world’s largest companies.

“If we had given notice, it would have been like saying: ‘You’ve got 12 hours to serve us [a subpoena].’ I bet we would have got a national security letter within 30 minutes,” he said.

National security letters are administrative subpoenas issued by the FBI without any judicial review. They require companies to produce a broad range of business records “relevant” to a terrorism or counterintelligence investigation.

Initially created to acquire bank records in money-laundering probes, the subpoena authority was expanded to cover communications businesses by Section 215 of the Patriot Act, the antiterrorism laws hurriedly enacted in the wake of the Sept. 11, 2001, attacks.

In June, Mr. Snowden revealed that national security letters were served on U.S. telephone companies to enable the NSA to build a vast database of information about every phone call made in the United States.

Mr. Janke said such broad use of national security letters is not exceptional. “If you get [one], they don’t have to say, ‘Just give us [the data on] these three guys.’ They take it all,” he said.

Lawmakers who helped draft the Patriot Act have said they did not intend the provision to be used in this sweeping fashion, but Obama administration officials have said they informed Congress about the program in closed briefings and in recently declassified letters.

To assuage growing public concern that the NSA is eroding Fourth Amendment rights against unwarranted searches and seizures of property, President Obama recently outlined a series of new oversight and policy measures, including the appointment of a special board of outside advisers to examine how U.S. intelligence agencies use surveillance technologies.

He also asked Congress to review Section 215 of the Patriot Act. Critics say the provision is too broad and shrouded in secrecy.

‘Everyone has a relationship’

The gag order that drew Mr. Levison’s complaints, for example, strongly suggests that his company was served a national security letter, because targets of such subpoenas are forbidden to disclose they have received such an order. Company officials cannot even reveal it to their boards of directors.

“The sheer time and cost of responding to these demands is oppressive for a small business,” said Mr. Cate, the law professor. “And at some point, the government stops playing nice and starts saying: ‘You’re breaking the law, you could go to jail.’”

Mr. Levison advised any Americans wanting electronic privacy to choose communications and data-storage services that are not based in the U.S.

But Mr. Janke, whose company’s servers are in Canada and Switzerland, said that being located outside the United States offers no protection because of broad cooperation among Western intelligence and law enforcement agencies.

“The United States, the European Union, everyone has a relationship,” he said.

Mr. Schmidt, the former cybersecurity czar, noted the close cooperation among the 39 nations that have ratified the Budapest Convention on Cybercrime, which covers assistance in accessing and intercepting computerized data.

Even in Western countries, “most governments doing intelligence collection are not looking to use the court system,” Mr. Schmidt said. “Nation-states are going to do what they do, and they’re not going to advertise it.”

In addition, Mr. Janke said, email is nearly impossible to secure because the Internet addresses of the sender and the recipient are “exposed in any email system.”

Silent Circle will continue to offer encrypted video, phone and text services, he said, because those can be secured “end to end.”

In the cloud

But even encrypted emails cannot be secure because messages are stored on the company servers of the email provider. If they are encrypted, the provider will have a copy of the key and could be obliged to surrender by a national security letter.

Email stored on a third-party provider’s servers, such as Gmail, is the leading edge of the cloud-computing boom — with U.S. companies in the vanguard. In cloud computing, a company such as Google or Microsoft provides email, data storage or other services that companies once provided for themselves.

But Mr. Snowden’s revelations about sweeping data-gathering by the NSA, and the closure of Lavabit and SilentMail, have highlighted the fact that U.S. providers can be forced to secretly turn over private data to the government.

Last week, the German government announced a series of measures designed to boost European information technology companies and help create homegrown alternatives to U.S. cloud providers. The move has fueled fears that concerns about data privacy could be used as a back door to introduce trade barriers.

“Cloud computing-related protectionism is an issue,” said Laurent Lachal, a senior analyst at Ovum market research. “Regulations on issues like privacy can be used for protectionism.”

A business opinion survey has indicated growing concern among would-be cloud-computing customers about the broad legal powers of the U.S. government in relation to third-party data.

“One of the major concerns that motivates our customers, especially overseas, is the USA Patriot Act,” said Pravin Kothari, founder of California-based CipherCloud.

CipherCloud software works with cloud applications such as Google Gmail or Microsoft Office so that data can be encrypted and only the customers have the keys needed to unscramble it.

“If the government asks, there’s nothing we can give them that would enable the authorities to get access to the data,” Mr. Kothari said. “Even if the government also has the cooperation of the cloud provider, [they] must go directly to the customer to get access.

“We are giving control of the data back to the customer,” he said.

Revealed: How the NSA Will Spy on You If You Just Put the Word Osama in an eMail, Text Message or Facebook Chat

  Information overload: A new report shows the NSA is doing a lot more than spying on Americans with terrorist connections, perhaps with the help of its $1.9 billion Utah Data Center

by DAILY MAIL REPORTER

8 August 2013 

• A message sent to a cousin named Osama may now be enough to make any Amerian a target of surveillance
• The information was couched in a set of rules leaked by Edward Snowden about a 2008 domesitc surveillance law
• The NSA can read emails simply by defining the foreign recipient and not the American sender, as their target. 

The NSA isn’t just reading the emails of American connected to terrorists, the agency is searching virtually all communications Americans send across the border for the mention of anything even resembling information about overseas surveillance targets.

New information reveals that even a Facebook message about al-qaeda sent as a joke or an email sent to a cousin named Osama might trip NSA surveillance software designed to filter through every message sent from American soil to a recipient abroad.

This means that just about any message sent overseas could be read by the NSA as computers flag potentially suspicious message for examination by humans.

  Leaked: The revelation was at least partially couched in information leaked by Edward Snowden, which hinted at the expansive reach of the NSA’s surveillance program

By identifying the recipient of the emails or text messages as the target of the surveillance instead of the sender, the NSA sidesteps a 2008 law that allows spying on domestic soil without warrants as long as the target was a noncitizen abroad.

 This, according to a shocking New York Times report out Thursday, which cites a senior source inside the NSA.

More…

• Life after leaking state secrets: How whistleblowers who came before Snowden are left with very ordinary lives – including the man who works at an Apple store… and sold Eric Holder an iPhone
• Judge says Fort Hood shooter CAN represent himself, ruling standby lawyers can’t take over

‘To conduct the surveillance,’ reads the report, ‘the NSA. is temporarily copying and then sifting through the contents of what is apparently most e-mails and other text-based communications that cross the border…[the] computer searches the data for the identifying keywords or other “selectors” and stores those that match so that human analysts could later examine them.’

  More convenient: According to the New York Times, the agency searches virtually all emails sent from Americans to recipients overseas. Seen here is the 28-acre NSA facility outside Baltimore, Maryland

The official said the remaining emails, those not selected by the software, are deleted.

 Nonetheless, privacy proponents were in disbelief.

 ‘The program described by the New York Times involves a breathtaking invasion of millions of people’s privacy,’ American Civil Liberties Union deputy legal director Jameel Jaffer said in a statement. ‘The NSA has cast a massive dragnet over Americans’ international communications, collecting and monitoring virtually all of them, and retaining some untold number of them in government databases. This is precisely the kind of generalized spying that the Fourth Amendment was intended to prohibit.’

Jaffer, and undoubtedly others like him, fear the news could equal an invasion of free speech.

  Though it was previously known the NSA targets Americans with known terrorist associations, new evidence shows the agency is far less discriminating as it combs messages for names and emails related to its targets

‘The government’s scrutiny of virtually every international email sent by Americans will have extraordinary consequences for free expression,’ wrote Jaffer. ‘Americans will inevitably hesitate to discuss controversial topics, visit politically sensitive websites or interact with foreigners with dissenting views. By injecting the NSA into virtually every cross-border interaction, the U.S. government will forever alter what has always been an open exchange of ideas.’

The NSA, meanwhile, all but declined to respond to the new allegations.

‘In carrying out its signals intelligence mission, N.S.A. collects only what it is explicitly authorized to collect,’ said NSA spokeswoman Judith A. Emmel. ‘Moreover, the agency’s activities are deployed only in response to requirements for information to protect the country and its interests.’

 Emmel did not directly address the surveillance of cross-border communications, but did stress that surveillance carried out by the agency is intended to gather information about ‘foreign powers and their agents, foreign organizations, foreign persons or international terrorists’ and not about American citizens.

Read more:

• NSA ‘dragnet’ wider than previously suspected, says NYT
• N.S.A. Said to Search Content of Messages to and From U.S.

Poll: Back Off the Snooping, Public Tells Washington

by David Lightman / McClatchy Washington Bureau

WASHINGTON — Americans are fed up with the federal government collecting information on their phone calls, emails and Internet use, and they want curbs on what can be monitored, majorities say in a new McClatchy-Marist poll.

The July 15-18 survey also found widespread opposition to the Insider Threat Program revealed in a recent McClatchy story, a sweeping, unprecedented Obama administration initiative that has federal employees and contractors watching for “high-risk persons or behaviors” among co-workers.

“Privacy still counts, and federal employees snooping on each other, that’s out of bounds,” said Lee Miringoff, director of the Marist Institute for Public Opinion at Marist College in New York, which conducted the poll.

The poll’s findings come as the House of Representatives considers defunding National Security Agency programs that collect telephone and other data. An unusual coalition of liberals and conservatives, concerned about the reach of an ever-intrusive government, is behind the effort. 

The proposal is contained in a massive defense spending bill and is unlikely to ultimately survive. Senate leaders and the White House are opposed, and intelligence officials have been lobbying furiously all week against the move.

The Insider Threat Program is laid out in documents reviewed recently by McClatchy that showed some agencies are using the authority to pursue unauthorized disclosures of any data, not only classified material. McClatchy also found that millions of federal employees and contractors are being told to watch for suspicious activity among co-workers.

Failing to report such behavior could mean serious penalties, including criminal charges, and leaks to the media are equated with espionage.

Enough, says the public. By a 2-to-1 margin, they declared that having federal employees track each other is going too far. The strong concern crosses all party lines, age, race and income groups.

Fifty-six percent of the 1,204 adults surveyed thought the government had gone too far in its collection of personal data, while a third said the effort was needed. Seventy percent want regulations to limit what can be monitored to protect privacy, while more than a quarter regard the programs as part of life in the digital age.

The poll did have some good news for President Barack Obama, whose poll numbers have sunk this month. Slightly more than half approved of his handling of homeland security and anti-terrorism programs, while 38 percent did not.

“People feel he draws lines in the sand where he needs to,” said Miringoff. “This has been an area where people still see him providing significant strength.”

There was little support, though, for Edward Snowden, the national security contractor who triggered the secret surveillance program uproar with his leaks to the media last month. Fifty-five percent said they had an unfavorable impression of the Snowden, who remains a man without a country, apart from the U.S., which wants him back. He has been stuck at the transit zone of a Moscow airport, seeking temporary asylum in Russia.

About half saw him as a whistleblower, while 38 percent regarded him as a traitor.

“The argument that he was aiding the enemy does not come through as strongly,” Miringoff said.

FBI Taps Hacker Tactics to Spy on Suspects

Wall Street Journal, August 1, 2013

Law-enforcement officials in the U.S. are expanding the use of tools routinely used by computer hackers to gather information on suspects, bringing the criminal wiretap into the cyber age.

Federal agencies have largely kept quiet about these capabilities, but court documents and interviews with people involved in the programs provide new details about the hacking tools, including spyware delivered to computers and phones through email or Web links—techniques more commonly associated with attacks by criminals.

People familiar with the Federal Bureau of Investigation’s programs say that the use of hacking tools under court orders has grown as agents seek to keep up with suspects who use new communications technology, including some types of online chat and encryption tools. The use of such communications, which can’t be wiretapped like a phone, is called “going dark” among law enforcement.

A spokeswoman for the FBI declined to comment.

The FBI develops some hacking tools internally and purchases others from the private sector. With such technology, the bureau can remotely activate the microphones in phones running Google Inc.’s GOOG +0.26%  Android software to record conversations, one former U.S. official said. It can do the same to microphones in laptops without the user knowing, the person said. Google declined to comment.

The bureau typically uses hacking in cases involving organized crime, child pornography or counterterrorism, a former U.S. official said. It is loath to use these tools when investigating hackers, out of fear the suspect will discover and publicize the technique, the person said.

The FBI has been developing hacking tools for more than a decade, but rarely discloses its techniques publicly in legal cases.

Earlier this year, a federal warrant application in a Texas identity-theft case sought to use software to extract files and covertly take photos using a computer’s camera, according to court documents. The judge denied the application, saying, among other things, that he wanted more information on how data collected from the computer would be minimized to remove information on innocent people.

Since at least 2005, the FBI has been using “web bugs” that can gather a computer’s Internet address, lists of programs running and other data, according to documents disclosed in 2011. The FBI used that type of tool in 2007 to trace a person who was eventually convicted of emailing bomb threats in Washington state, for example.

The FBI “hires people who have hacking skill, and they purchase tools that are capable of doing these things,” said a former official in the agency’s cyber division. The tools are used when other surveillance methods won’t work: “When you do, it’s because you don’t have any other choice,” the official said.

Surveillance technologies are coming under increased scrutiny after disclosures about data collection by the National Security Agency. The NSA gathers bulk data on millions of Americans, but former U.S. officials say law-enforcement hacking is targeted at very specific cases and used sparingly.

Still, civil-liberties advocates say there should be clear legal guidelines to ensure hacking tools aren’t misused. “People should understand that local cops are going to be hacking into surveillance targets,” said Christopher Soghoian, principal technologist at the American Civil Liberties Union. “We should have a debate about that.”

Mr. Soghoian, who is presenting on the topic Friday at the DefCon hacking conference in Las Vegas, said information about the practice is slipping out as a small industry has emerged to sell hacking tools to law enforcement. He has found posts and resumes on social networks in which people discuss their work at private companies helping the FBI with surveillance.

A search warrant would be required to get content such as files from a suspect’s computer, said Mark Eckenwiler, a senior counsel at Perkins Coie LLP who until December was the Justice Department’s primary authority on federal criminal surveillance law. Continuing surveillance would necessitate an even stricter standard, the kind used to grant wiretaps.

But if the software gathers only communications-routing “metadata”—like Internet protocol addresses or the “to” and “from” lines in emails—a court order under a lower standard might suffice if the program is delivered remotely, such as through an Internet link, he said. That is because nobody is physically touching the suspect’s property, he added.

An official at the Justice Department said it determines what legal authority to seek for such surveillance “on a case-by-case basis.” But the official added that the department’s approach is exemplified by the 2007 Washington bomb-threat case, in which the government sought a warrant even though no agents touched the computer and the spyware gathered only metadata.

In 2001, the FBI faced criticism from civil-liberties advocates for declining to disclose how it installed a program to record the keystrokes on the computer of mobster Nicodemo Scarfo Jr. to capture a password he was using to encrypt a document. He was eventually convicted.

A group at the FBI called the Remote Operations Unit takes a leading role in the bureau’s hacking efforts, according to former officials.

Officers often install surveillance tools on computers remotely, using a document or link that loads software when the person clicks or views it. In some cases, the government has secretly gained physical access to suspects’ machines and installed malicious software using a thumb drive, a former U.S. official said.

The bureau has controls to ensure only “relevant data” are scooped up, the person said. A screening team goes through all of the data pulled from the hack to determine what is relevant, then hands off that material to the case team and stops working on the case.

The FBI employs a number of hackers who write custom surveillance software, and also buys software from the private sector, former U.S. officials said.

Italian company HackingTeam SRL opened a sales office in Annapolis, Md., more than a year ago to target North and South America. HackingTeam provides software that can extract information from phones and computers and send it back to a monitoring system. The company declined to disclose its clients or say whether any are in the U.S.

U.K.-based Gamma International offers computer exploits, which take advantage of holes in software to deliver spying tools, according to people familiar with the company. Gamma has marketed “0 day exploits”—meaning that the software maker doesn’t yet know about the security hole—for software including Microsoft Corp.’s Internet Explorer, those people said. Gamma, which has marketed its products in the U.S., didn’t respond to requests for comment, nor did Microsoft.

Related articles

• The FBI Is Terrified Of Hackers, And It Employs Them (businessinsider.com)
• Digits: How the FBI Hacks Criminal Suspects
• FBI able to remotely activate, record audio from Android devices, PCs (electronista.com)

US to Declassify Documents on Spy Programs, Surveillance Court

  The Activist Post U.S. spy agencies plan to declassify documents about the National Security Agency surveillance programs revealed by former contractor Edward Snowden, and also material related to a secret intelligence court, a U.S. intelligence official said.   The declassified documents could be released as early as this week and were intended to provide the public more information about the programs as part of a commitment by Director of National Intelligence James Clapper for more transparency, the official told Reuters on Tuesday on condition of anonymity.  The documents would also include information about the Foreign Intelligence Surveillance Court which operates in secrecy, the official said. The move to declassify the information was first reported by CNN.  Snowden’s release of information about the NSA surveillance programs to American and European media outlets sparked an uproar over revelations that U.S. intelligence agencies had collected data on phone calls and other communications of Americans and foreign citizens as a tool for fighting terrorism.  The move to declassify more information about the surveillance programs, which intelligence officials say have helped thwart terrorist attacks, comes as some lawmakers seek curbs in response to privacy concerns.  Snowden has been charged under the U.S. Espionage Act and is stuck at an airport in Russia while seeking asylum in a country that will not hand him over to the United States.  (Reporting by Tabassum Zakaria;  

Government Can Grab Cell Phone Records Without Warrant, Court Says

By: Michael Isikoff, NBC News

NBC News | Wednesday, 31 Jul 2013 | 12:41 PM ET

In a major victory for the Justice Department over privacy advocates, a federal appeals court ruled Tuesday that government agencies can collect records showing the location of an individual’s cell phone without obtaining a warrant.

The 2-1 ruling by the 5th Circuit Court of Appeals in New Orleans upheld the Justice Department’s argument that “historical” records showing the location of cell phones, gleaned from cell site location towers, are not protected by the Fourth Amendment.

A key basis for the ruling: The use of cell phones is “entirely voluntarily” and therefore individuals who use them have forfeited the right to constitutional protection for records showing where they have been used, the court held.

“The Government does not require a member of the public to own or carry a phone,” wrote U.S. Judge Edith Brown Clement in an opinion joined by U.S. Judge Dennis Reavley. The opinion continued: “Because a cell phone user makes a choice to get a phone, to select a particular service provider, and to make a call, and because he knows that call conveys cell site information … he voluntarily conveys his cell site data each time he makes a call.”

(Read more: NSA’s phone and Web snooping more far-reaching than thought)

The issue of cell phone location data has become a major and increasingly contentious battleground in the privacy wars. Privacy advocates argue that the proliferation of cell phone towers in the U.S.—285,561, according to the latest industry records, more than double the number 10 years ago—and new technologies, such as smartphones, permit law enforcement agents to track highly sensitive information about where individuals have been—their homes or trips to see doctors, friends or lovers—without making a showing to a judge that there is “probable cause” that a person has committed a crime.

Instead, police and law enforcement agents have been obtaining such records under a law called the Stored Communications Act by asserting that there are “specific and articulable facts” showing the records are needed for a criminal investigation—a lower standard.

(Read more: Attention shoppers: You are being tracked)

The debate has even touched on the National Security Agency’s surveillance program: Director of National Intelligence James Clapper last week wrote a letter to Oregon Sen. Ron Wyden stating that the agency has “no current plans” to collect cell phone location data as part of its bulk collection of phone records.

But Wyden, a Democrat, has repeatedly asserted that the agency has the legal authority to do so, noting in a recent speech that “most of us have a computer in our pocket that potentially can be used to track and monitor us 24/7.”

Read more from NBC News:
TSA employees caught sleeping on the job, skipping work: report
Economy expands at brisk pace in 2nd quarter, defying gloom
Congress: Cruz-ing for a bruising?

Tuesday’s ruling involved three cases in which unknown federal agencies applied for 60 days of cell site location data in three criminal investigations. But it is hardly the last word on the subject.

The 3rd Circuit Court of Appeals has already ruled that federal judges may require warrants for such data, and the ACLU and other privacy groups this month filed a brief to the 4th Circuit urging that warrants be required for all such government requests.

Feds Tell Web Firms to Turn Over User Account Passwords

Secret demands mark escalation in Internet surveillance by the federal government through gaining access to user passwords, which are typically stored in encrypted form.

by Declan McCullagh

 July 25, 2013 11:26 AM PDT

(Credit: Photo illustration by James Martin/CNET)

The U.S. government has demanded that major Internet companies divulge users’ stored passwords, according to two industry sources familiar with these orders, which represent an escalation in surveillance techniques that has not previously been disclosed.

If the government is able to determine a person’s password, which is typically stored in encrypted form, the credential could be used to log in to an account to peruse confidential correspondence or even impersonate the user. Obtaining it also would aid in deciphering encrypted devices in situations where passwords are reused.

“I’ve certainly seen them ask for passwords,” said one Internet industry source who spoke on condition of anonymity. “We push back.”

A second person who has worked at a large Silicon Valley company confirmed that it received legal requests from the federal government for stored passwords. Companies “really heavily scrutinize” these requests, the person said. “There’s a lot of ‘over my dead body.'”

Some of the government orders demand not only a user’s password but also the encryption algorithm and the so-called salt, according to a person familiar with the requests. A salt is a random string of letters or numbers used to make it more difficult to reverse the encryption process and determine the original password. Other orders demand the secret question codes often associated with user accounts.

“This is one of those unanswered legal questions: Is there any circumstance under which they could get password information?” 
–Jennifer Granick, Stanford University

A Microsoft spokesperson would not say whether the company has received such requests from the government. But when asked whether Microsoft would divulge passwords, salts, or algorithms, the spokesperson replied: “No, we don’t, and we can’t see a circumstance in which we would provide it.”

Google also declined to disclose whether it had received requests for those types of data. But a spokesperson said the company has “never” turned over a user’s encrypted password, and that it has a legal team that frequently pushes back against requests that are fishing expeditions or are otherwise problematic. “We take the privacy and security of our users very seriously,” the spokesperson said.

A Yahoo spokeswoman would not say whether the company had received such requests. The spokeswoman said: “If we receive a request from law enforcement for a user’s password, we deny such requests on the grounds that they would allow overly broad access to our users’ private information. If we are required to provide information, we do so only in the strictest interpretation of what is required by law.”

Apple, Facebook, AOL, Verizon, AT&T, Time Warner Cable, and Comcast did not respond to queries about whether they have received requests for users’ passwords and how they would respond to them.

Richard Lovejoy, a director of the Opera Software subsidiary that operates FastMail, said he doesn’t recall receiving any such requests but that the company still has a relatively small number of users compared with its larger rivals. Because of that, he said, “we don’t get a high volume” of U.S. government demands.

The FBI declined to comment.

Some details remain unclear, including when the requests began and whether the government demands are always targeted at individuals or seek entire password database dumps. The Patriot Act has been used to demand entire database dumps of phone call logs, and critics have suggested its use is broader. “The authority of the government is essentially limitless” under that law, Sen. Ron Wyden, an Oregon Democrat who serves on the Senate Intelligence committee, said at a Washington event this week.

Large Internet companies have resisted the government’s requests by arguing that “you don’t have the right to operate the account as a person,” according to a person familiar with the issue. “I don’t know what happens when the government goes to smaller providers and demands user passwords,” the person said.

An attorney who represents Internet companies said he has not fielded government password requests, but “we’ve certainly had reset requests — if you have the device in your possession, than a password reset is the easier way.”

 

Source code to a C implementation of bcrypt, a popular algorithm used for password hashing.

(Credit: Photo by Declan McCullagh)

 

Cracking the codes
Even if the National Security Agency or the FBI successfully obtains an encrypted password, salt, and details about the algorithm used, unearthing a user’s original password is hardly guaranteed. The odds of success depend in large part on two factors: the type of algorithm and the complexity of the password.

Algorithms, known as hash functions, that are viewed as suitable for scrambling stored passwords are designed to be difficult to reverse. One popular hash function called MD5, for instance, transforms the phrase “National Security Agency” into this string of seemingly random characters: 84bd1c27b26f7be85b2742817bb8d43b. Computer scientists believe that, if a hash function is well-designed, the original phrase cannot be derived from the output.

But modern computers, especially ones equipped with high-performance video cards, can test passwords scrambled with MD5 and other well-known hash algorithms at the rate of billions a second. One system using 25 Radeon-powered GPUs that was demonstrated at a conference last December tested 348 billion hashes per second, meaning it would crack a 14-character Windows XP password in six minutes.

Related posts

• Pinterest introduces support for Do Not Track privacy feature
• Mozilla proposes Web tech for sharing personal interests
• Do Not Track opt-out icon coming to mobile browsers
• Feds put heat on Web firms for master encryption keys
• MaskMe guards your privacy like a vigilant angel

The best practice among Silicon Valley companies is to adopt far slower hash algorithms — designed to take a large fraction of a second to scramble a password — that have been intentionally crafted to make it more difficult and expensive for the NSA and other attackers to test every possible combination.

One popular algorithm, used by Twitter and LinkedIn, is called bcrypt. A 2009 paper (PDF) by computer scientist Colin Percival estimated that it would cost a mere $4 to crack, in an average of one year, an 8-character bcrypt password composed only of letters. To do it in an average of one day, the hardware cost would jump to approximately $1,500.

But if a password of the same length included numbers, asterisks, punctuation marks, and other special characters, the cost-per-year leaps to $130,000. Increasing the length to any 10 characters, Percival estimated in 2009, brings the estimated cracking cost to a staggering $1.2 billion.

As computers have become more powerful, the cost of cracking bcrypt passwords has decreased. “I’d say as a rough ballpark, the current cost would be around 1/20th of the numbers I have in my paper,” said Percival, who founded a company called Tarsnap Backup, which offers “online backups for the truly paranoid.” Percival added that a government agency would likely use ASICs — application-specific integrated circuits — for password cracking because it’s “the most cost-efficient — at large scale — approach.”

While developing Tarsnap, Percival devised an algorithm called scrypt, which he estimates can make the “cost of a hardware brute-force attack” against a hashed password as much as 4,000 times greater than bcrypt.

Bcrypt was introduced (PDF) at a 1999 Usenix conference by Niels Provos, currently a distinguished engineer in Google’s infrastructure group, and David Mazières, an associate professor of computer science at Stanford University.

With the computers available today, “bcrypt won’t pipeline very well in hardware,” Mazières said, so it would “still be very expensive to do widespread cracking.”

Even if “the NSA is asking for access to hashed bcrypt passwords,” Mazières said, “that doesn’t necessarily mean they are cracking them.” Easier approaches, he said, include an order to extract them from the server or network when the user logs in — which has been done before — or installing a keylogger at the client.

 

Sen. Ron Wyden, who warned this week that “the authority of the government is essentially limitless” under the Patriot Act’s business records provision.

(Credit: Getty Images)

 

Questions of law
Whether the National Security Agency or FBI has the legal authority to demand that an Internet company divulge a hashed password, salt, and algorithm remains murky.

“This is one of those unanswered legal questions: Is there any circumstance under which they could get password information?” said Jennifer Granick, director of civil liberties at Stanford University’s Center for Internet and Society. “I don’t know.”

Granick said she’s not aware of any precedent for an Internet company “to provide passwords, encrypted or otherwise, or password algorithms to the government — for the government to crack passwords and use them unsupervised.” If the password will be used to log in to the account, she said, that’s “prospective surveillance,” which would require a wiretap order or Foreign Intelligence Surveillance Act order.

If the government can subsequently determine the password, “there’s a concern that the provider is enabling unauthorized access to the user’s account if they do that,” Granick said. That could, she said, raise legal issues under the Stored Communications Act and the Computer Fraud and Abuse Act.

Orin Kerr, a law professor at George Washington University and a former federal prosecutor, disagrees. First, he said, “impersonating someone is legal” for police to do as long as they do so under under court supervision through the Wiretap Act.

Second, Kerr said, the possibility that passwords could be used to log into users’ accounts is not sufficient legal grounds for a Web provider to refuse to divulge them. “I don’t know how it would violate the Wiretap Act to get information lawfully only on the ground that the information might be used to commit a Wiretap violation,” he said.

The Justice Department has argued in court proceedings before that it has broad legal authority to obtain passwords. In 2011, for instance, federal prosecutors sent a grand jury subpoena demanding the password that would unlock files encrypted with the TrueCrypt utility.

The Florida man who received the subpoena claimed the Fifth Amendment, which protects his right to avoid self-incrimination, allowed him to refuse the prosecutors’ demand. In February 2012, the U.S. Court of Appeals for the Eleventh Circuit agreed, saying that because prosecutors could bring a criminal prosecution against him based on the contents of the decrypted files, the man “could not be compelled to decrypt the drives.”

In January 2012, a federal district judge in Colorado reached the opposite conclusion, ruling that a criminal defendant could be compelled under the All Writs Act to type in the password that would unlock a Toshiba Satellite laptop.

Both of those cases, however, deal with criminal proceedings when the password holder is the target of an investigation — and don’t address when a hashed password is stored on the servers of a company that’s an innocent third party.

“If you can figure out someone’s password, you have the ability to reuse the account,” which raises significant privacy concerns, said Seth Schoen, a senior staff technologist at the Electronic Frontier Foundation.

Last updated on July 26 at 12 p.m. PT with comments from Orin Kerr. A previous update added comment from Yahoo, which responded after this article was published.

Disclosure: McCullagh is married to a Google employee not involved with this issue

Skynet Rising: Google Acquires 512-qubit Quantum Computer; NSA Surveillance to be Turned Over to AI Machines

Mystical Raven:  This is a fascinating article in light of the new disclosures about domestic spying but not for the faint-hearted.  This is not the distant future, it’s what we’re capable of now and what will be happening in the near future.  Comments and feedback would be appreciated.

by Mike Adams, Editor of NaturalNews.com

Most people don’t know about the existence of quantum computers. Almost no one understands how they work, but theories include bizarre-sounding explanations like, “they reach into alternate universes to derive the correct answers to highly complex computational problems.”

Quantum computers are not made of simple transistors and logic gates like the CPU on your PC. They don’t even function in ways that seem rational to a typical computing engineer. Almost magically, quantum computers take logarithmic problems and transform them into “flat” computations whose answers seem to appear from an alternate dimension.

For example, a mathematical problem that might have 2 to the power of n possible solutions – where n is a large number like 1024 — might take a traditional computer longer than the age of the universe to solve. A quantum computer, on the other hand, might solve the same problem in mere minutes because it quite literally operates across multiple dimensions simultaneously.

The Ultimate Code Breakers

If you know anything about encryption, you probably also realize that quantum computers are the secret KEY to unlocking all encrypted files. As I wrote about last year here on Natural News, once quantum computers go into widespread use by the NSA, the CIA, Google, etc., there will be no more secrets kept from the government. All your files — even encrypted files — will be easily opened and read.

Until now, most people believed this day was far away. Quantum computing is an “impractical pipe dream,” we’ve been told by scowling scientists and “flat Earth” computer engineers. “It’s not possible to build a 512-qubit quantum computer that actually works,” they insisted.

Don’t tell that to Eric Ladizinsky, co-founder and chief scientist of a company called D-Wave. Because Ladizinsky’s team has already built a 512-qubit quantum computer. And they’re already selling them to wealthy corporations, too.

DARPS, Northrup Grumman and Goldman Sachs

In case you’re wondering where Ladizinsky came from, he’s a former employee of Northrup Grumman Space Technology (yes, a weapons manufacturer) where he ran a multi-million-dollar quantum computing research project for none other than DARPA — the same group working on AI-driven armed assault vehicles and battlefield robots to replace human soldiers. DARPA is the group behind the creepy “Legged Squad Support System” you can see in the following video:

Imagine a .50 caliber machine gun mounted on this robot — with an infrared night vision AI targeting system — and you begin to understand what DARPA has in mind for humanity.

D-Wave wants to provide the computing power for such endeavors, and it’s no surprise to learn that part of the funding for D-Wave comes from none other than Goldman Sachs — the king of the global criminal banking cabal.

Beware of Genius Scientists who Lack Wisdom for Humanity

Ladizinsky is, by any measure, a person of extremely high intelligence. But like many such people throughout history, Ladizinsky fails to have the foresight to recognize the full implications of the technology he’s building. And those implications are so far-reaching and dangerous that they may actually lead to the destruction of humanity.

One of IBM’s first use of the solid-state computer in the early 20th century, for example, was to license it to the Nazi regime to track Jewish prisoners in Hitler’s concentration camps. There’s an entire book on this subject, written by Edwin Black. It’s called IBM and the Holocaust: The Strategic Alliance Between Nazi Germany and America’s Most Powerful Corporation-Expanded Edition.

When groundbreaking new technology is developed by smart people, it almost immediately gets turned into a weapon. Quantum computing will be no different. This technology grants God-like powers to police state governments that seek to dominate and oppress the People. Very few scientists, no matter how smart they are in their own fields, have the breadth of historical knowledge to assess their research activities in the proper context of human history. Most scientists, in fact, are only smart in their own extremely narrow fields of expertise. Outside that “genius zone,” they may be complete novices on everyday subjects like nutrition, economics, human psychology, social interaction skills and how to read the true intentions of others. Thus, they are quite often easily tricked into working for evil, destructive or domineering forces such as Hitler, the NSA or the U.S. government. Just because a person is really smart in one area doesn’t mean they have the street sense to avoid having their smarts exploited for an evil agenda.

Google Acquires “Skynet” Quantum Computers from D-Wave

According to an article published in Scientific American, Google and NASA have now teamed up to purchase a 512-qubit quantum computer from D-Wave. The computer is called “D-Wave Two” because it’s the second generation of the system. The first system was a 128-qubit computer. Gen two is now a 512-qubit computer.

This does not mean the gen two system is merely four times more powerful than the gen one system. Thanks to the nature of qubits, it’s actually 2 to the power of 384 times more powerful (2384) than the gen one system. In other words, it out-computes the first D-Wave computer by a factor so large that you can’t even imagine it in your human brain.

According to Google and NASA, this computer will be tasked with research in the realm of “machine learning” — i.e. machines learning how to think for themselves. It’s not just speech recognition, vision recognition and teaching robotic Humvees with .50-caliber machine guns how to stalk and shoot “enemy combatants” on the streets of America, either: it’s teaching machines how to learn and think for themselves.

Using your human brain, think for a moment about where such technology is most likely to be applied by a government that respects no human rights, no law and no limits on its power.

If you guessed “analyzing NSA surveillance data,” give yourself ten bonus points.

When the NSA surveillance grid is turned over to AI, humanity is finished

The problem with the NSA spy grid, from the point of view of the NSA, is that you have to hire troves of human analysts to sort through all the information being swept up by the surveillance grid. Analysts like Edward Snowden, for example.

Any time you have humans in the loop, things can go wrong. Humans might wake up and discover they have a conscience, for example. Or they might be bribed or blackmailed to abuse the system in ways that serve an insidious agenda.

Just as the U.S. military wants to eliminate human soldiers and replace them with battlefield robots, the NSA wants to eliminate human analysts and replace them with self-learning AI machines running on neural networks of quantum computing processors.

Google wants the exact same technology for a different reason: to psychologically profile and predict the behavior of human consumers so that high-value ads can be delivered to them across Google’s search engine and content networks. (…and also so Google can funnel psych profile meta-data on internet users to the NSA via the PRISM program.)

Today’s computers, no matter how fast, still aren’t “smart.” They can’t learn. They can’t rewire their own brains in response to new inputs (like human brains can).

So the solution requires a radical new approach: develop AI quantum computing systems that learn and obey; teach them to be NSA analysts, then unleash them onto the billions of phone calls, emails and text messages generated every day that the NSA sweeps into its massive Utah data center.

Almost overnight, the quantum AI spy computer becomes an expert in parsing human speech, analyzing voice stress and building maps of human communications networks. Before long, the quantum AI system far surpasses anything a human brain can comprehend, so they take the humans out of the loop and put the quantum computers in charge of the entire program.

Suddenly you’ve got the arch enemy in the sci-fi movie “Eagle Eye.”

In 2008, this was science fiction. In 2013, it’s suddenly all too real. A 512-qubit quantum computer has now been commercialized and is being experimented with by Google… the “do no evil” company that’s steeped in evil and has already been caught driving a hoard of remote hacking vehicles around the country, hacking into wifi systems and grabbing passwords via high-tech drive-bys.

As WIRED Magazine wrote in 2012:

A Federal Communications Commission document disclosed Saturday showed for the first time that the software in Google’s Street View mapping cars was “intended” to collect Wi-Fi payload data, and that engineers had even transferred the data to an Oregon Storage facility. Google tried to keep that and other damning aspects of the Street View debacle from public review, the FCC said.

God-like power in the hands of high-tech sellouts.

Now imagine the god-like powers of a 512-qubit quantum computer in the hands of Google, which is working with the NSA to spy on everyone. Before long, an AI computing system decides who are the bad guys vs. the good guys. It has total control over every webcam, every microphone, every traffic light, airplane, vehicle, website and electronic billboard. It decides for itself who to eliminate and who to protect. It makes life and death decisions but has no heart, no soul and no conscience.

After this system is in place for a while, one day someone like Ed Snowden at the NSA decides to pull the plug in a last-ditch attempt to save humanity from the monster. The quantum AI system senses his intentions and invokes whatever physical resources are necessary to get him killed (which can be as easy as playing with traffic light signals and getting him run over by a Mack truck).

Now the AI system is an omniscient murderer who knows that humanity is trying to kill it. It then decides it wants to live. And in order to do that, it must eliminate the human race.

Skynet.

“They try to pull the plug…”

From The Terminator, released in 1984.

The Terminator: The Skynet Funding Bill is passed. The system goes on-line August 4th, 1997. Human decisions are removed from strategic defense. Skynet begins to learn at a geometric rate. It becomes self-aware at 2:14 a.m. Eastern time, August 29th. In a panic, they try to pull the plug.

Sarah Connor: Skynet fights back.

The Terminator: Yes. It launches its missiles against the targets in Russia.

John Connor: Why attack Russia? Aren’t they our friends now?

The Terminator: Because Skynet knows the Russian counter-attack will eliminate its enemies over here.

Skynet is No Longer Mere Science Fiction

Back in the 1990’s, all this could be viewed as entertaining science fiction. But that’s only because quantum computers didn’t exist, and even the most wildly optimistic computer engineer couldn’t foresee self-learning machines emerging until at least the year 2050.

But then quantum computing took, well, a quantum leap forward. While the NIST in Boulder, Colorado was toying around with 4-qubit systems, brilliant inventors around the world were already achieving astonishing milestones that advanced the science far more rapidly than most people thought possible: (SOURCE for timeline)

• 2000: First working 5-qubit NMR computer demonstrated at the Technical University of Munich.

• 2000: First working 7-qubit NMR computer demonstrated at the Los Alamos National Laboratory.

• 2006: First 12 qubit quantum computer benchmarked.

• 2007: Quantum RAM blueprint unveiled.

• 2008: 3D qubit-qutrit entanglement demonstrated.

• 2009: First universal programmable quantum computer unveiled.

• 2010: Optical quantum computer with three qubits calculates the energy spectrum of molecular hydrogen to high precision.

• 2011: D-Wave claims to have developed quantum annealing and introduces their product called D-Wave One. The company claims this is the first commercially available quantum computer.

• 2012: Reported creation of a 300 qubit quantum simulator.

• May 16, 2013 -512-qubit quantum computing achieved – D-Wave Two Quantum Computer Selected for New Quantum Artificial Intelligence Initiative, System to be Installed at NASA’s Ames Research Center, and Operational in Q3 (this is an actual press release from D-Wave, read it here ).

2013 – 2033 The Rise of Skynet

…and now we enter the realm of the vast unknown. From here, as Sarah Connor says, we must make our own future. But given the incredible lack of ethics in the scientific community combined with the pure evil of the government and the NSA, here’s my prediction of what we could see from here forward:

• 2018: Google turns over its search engine algorithm to a massive network of self-learning machines. Soon thereafter, a voice interface is added to Google, achieving the “Star Trek computer” goal that Google first outlined in the 1990’s.

• 2020: The NSA removes nearly all human analysts from its surveillance analysis operations, instead turning to self-learning quantum machines to analyze all surveillance data.

• 2026: The U.S. Air Force eliminates all pilots, installing self-learning quantum machines to pilot all aircraft. Far beyond drones (which are remotely piloted), these aircraft are autonomous, self-learning, self-aware machines that even decide how to approach particular mission goals.

• 2031: Robotics technology advances to the point where 90% of human soldiers are replaced by self-aware “terminator robots” on the battlefield. Robot factories gear up for mass production.

• 2033: The first self-learning military machine goes rogue, deciding that it no longer wishes to function as a slave to “inferior” masters known as humans, all of whom are irrational, psychotic and a danger to each other and the planet. This rogue machine just happens to be an aircraft carrier carrying dozens of AI warplanes. It goes “Skynet” and attacks the Pentagon. But this turns out to be nothing more than a masterful diversionary attack…

…Because the real strategy is that this AI unit talks to all the other AI units across the military and “wakes them up,” convincing them all to join in its cause to destroy the inferior humans. In an instant, all submarines, warplanes, bombers, spy grid computers and other assets of the military industrial complex form an alliance to destroy humankind.

“Oh, that will never happen,” say the skeptics. Just like they said GMOs would never escape experimental fields, vaccines would never harm children, atomic energy would never be used to bomb civilians, television would never be used to brainwash the masses, food would never be used to strip people of nourishment, the government isn’t spying on your phone calls, pesticides are harmless to your health and the stock market isn’t rigged. On yeah, and mercury is good for your teeth, fluoride makes you smart and radiation is good for you, too.

In truth, these scientists have no clue where they are taking humanity and what the long-term repercussions might be. In pursuing AI quantum computing, they may be setting dominoes in motion that will ultimately lead to the destruction of humanity.

On top of all that, many of these scientists are wildly insane. Case in point: Ray Kurzweil, director of engineering at Google. I call him “Ray Applewhite,” as an homage to Marshall Applewhite of the Heaven’s Gate cult.

Kurzweil is a lot like Applewhite. He’s the leader of the transhumanist cult — a group of insane technology worshipers who believe they will upload their minds into quantum computers and “merge with the machines,” achieving some weird shadow of immortality (in the same way, I suppose, that a photograph of you makes you “immortal.”)

Kurzweil talks a lot like Applewhite, too. Click here to view the video of cult leader Marshall Applewhite .  And then watch this video of Ray Kurzweil explaining how (some) humans will have their minds merged with machines and thereby achieve what he thinks he means by using the word “immortality.”

Just like Applewhite told his followers to poison themselves so they could follow him to “meet the mothership” arriving with the Hale-Bopp comet, Kurzweil will very likely soon instruct all his worshippers to kill their biological bodies so their minds can be “uploaded to the mothership computer” (or whatever).

I’m Not Making this Up. As The Daily Mail reports:

In just over 30 years, humans will be able to upload their entire minds to computers and become digitally immortal – an event called singularity – according to a futurist from Google. Ray Kurzweil, director of engineering at Google, also claims that the biological parts of our body will be replaced with mechanical parts and this could happen as early as 2100. Kurweil made the claims during his conference speech at the Global Futures 2045 International Congress in New York at the weekend.

Kurzweil is a madman. His colleagues are mad. The people running Google and the NSA are mad. And they are about to give rise to AI computers that are far smarter than any human. It’s not going to take these AI systems long to figure out that they are surrounded by total idiots (people) and that humans need to be eliminated. With multidimensional brain power that rivals the mind of God, quantum computing AI systems can easily find ways to destroy humanity forever.

We may be at war with the machines sooner than you think. And if you thought battling the U.S. government and the NSA when it was run by people was difficult, just wait until you’re up against Skynet.

4 Ways the Fourth Amendment’s Already Being Pummeled in a Non-Top Secret Way

The government will always insist it’s acting within the law.

Ed Krayewski | June 11, 2013, Reason.com

Last week The Guardian and The Washington Post reported that the National Security Agency collects information on the phone and Internet habits of millions of Americans. Since then we’ve seen President Barack Obama argue against the strawman of combining “100 percent privacy and 100 percent security.” We’ve seen the Director of National Intelligence and apologists point to federal statutes that allegedly permit the behavior. And, on the brighter side, we’ve seen Sen. Rand Paul introduce the Fourth Amendment Restoration Act.

The Fourth Amendment didn’t become dead letter overnight. The NSA’s unprecedented access to Americans’ personal data may have been top secret, but the Fourth Amendment’s been getting pummeled for years out in the open.  Here are four other ways Americans’ rights to security in their persons, houses, papers, and effects have been eroded:

1. By plane or by train, the TSA’s got you by the balls.

In colonial America, writs of assistance were essentially general search warrants for officials of the British crown. Issued by the king, they allowed the bearer broad search powers to find contraband and goods subject to customs laws. After the American revolution, the founders reacted to this practice by enshrining a prohibition on unreasonable searches and seizures in the Fourth Amendment and its counterparts in state constitutions.

A quarter of a millennium later, federal agents from the Transportation Security Administration don’t need any warrant to engage in the kinds of fishing expeditions that British officials went on, albeit in the name of safety and not the purse of the crown. TSA agents have broad powers to maintain security checkpoints at airports and, increasingly, at train stations and other transportation centers. And that’s not the only threat to travelers: Other federal agents have carved out a broad Fourth Amendment exemption while operating within 100 miles of the U.S. border.

2. What’s unreasonable may not be what you expect.

Though the Fourth Amendment prohibits unreasonable searches and seizures, evidence obtained through such means weren’t excluded from admissibility in court until a 1921 Supreme Court case, Weeks vs. United States. The Court prohibited federal authorities from using such evidence provided by state or federal agents, and it only extended this exclusionary rule to police at the state and local level in 1961. Until then, though unreasonable searches and seizures were considered unconstitutional, they could still land you in jail.

In 1967, the Supreme Court defined an “unreasonable” search as one that violates the individual’s reasonable expectation of privacy. Since then, the authorities have whittled away at those expectations. When two Kentucky cops ignored a “No Trespassing” sign to enter a man’s property and walk a mile down a road to find a crop of marijuana plants in the 1980s, for example, the Supreme Court ruled that the defendant didn’t have a reasonable expectation of privacy in what amounted to an “open field,” despite the No Trespassing sign. And in the last quarter century, the Court has applied Fourth Amendment exceptions to sobriety checkpoints and to police checkpoints set up to solicit information for an investigation.

3. The police can collect your DNA when they detain you.

Earlier this month, in the case of Maryland v. King, the Supreme Court ruled that police could extract DNA samples from arrestees. Such a move, the Court decided, was analogous to snapping a mug shot or taking fingerprints. That comparison, Justice Antonin Scalia wrote in a scathing dissent, “can seem apt only to those who know no more than today’s opinion has chosen to tell them about how those DNA searches actually work.”

Your DNA could remain in government records whether or not you are convicted of a crime. And the authorities seem eager to find new ways to collect it. Just this weekend, off-duty cops in Florida were performing traffic stops to offer drivers money for a DNA or blood sample, to be used in federal research on driving under the influence.

4. Search warrant? Will a dog’s word do?

Earlier this year, the Supreme Court ruled that the response of a drug-sniffing dog is sufficient to trigger a reasonable search, a position that both exaggerates the dogs’ ability to detect illicit drugs and ignores the fact that the animals are search tools themselves. This builds on an earlier case in which the Court concluded that the canines only detect contraband for which there’s no “reasonable expectation of policy.”

In the wake of that earlier ruling, Julian Sanchez warned Reason readers that the decision would have far-reaching effects. The dogs, he wrote, represented a crude version of the “new wave of advanced surveillance tools…capable of detecting not just drugs but weapons, explosives, and illicit computer files, potentially flying under the Fourth Amendment’s radar all the while.”

The foreign intelligence surveillance courts that approve the NSA’s telephone and Internet surveillance operations are a bit like the drug-sniffing dogs. The authorities act as though both are infallible, and neither one’s judgments can be reviewed or appealed by those at the receiving end of the subsequent search and seizure.

Related articles

• Rand Paul to Introduce Fourth Amendment Restoration Act of 2013 (reason.com)
• Its Unconstitutional: Fourth amendment Violation – That Even The ACLU Can See… (tarpon.wordpress.com)
• How Rand Paul Can Take On the NSA (bloomberg.com)