Sunday, September 29, 2013

N.S.A. Gathers Data on Social Connections of U.S. Citizens


N.S.A. Gathers Data on Social Connections of U.S. Citizens

美国《纽约时报》28日报道,NSA获取私人信息的方式非常广泛,包括银行账号、保险信息、社交网站信息、乘客名单、选民选票、GPS定位等,当然也包括财产记录、税单等。NSA对信息的收集没有限制规定。
被分析过隐私资料的美国公民很多都没有做任何错事。而其中最无辜的,也许就是和NSA最亲近的人 – 过去十年,NSA部分雇员曾经利用秘密监控系统对他们的配偶或男女朋友进行监控。
据新加坡《联合早报》29日报道,自2003年以来,有超过12名NSA雇员用该局监控工具搜索情人、前任男女朋友、亲属等人的电子邮件,甚至窃听他们的电话。这些监控对象中包括美国公民和外国公民。2004年,曾有NSA女职员监听其丈夫电话,因为怀疑丈夫出轨。
目前被发现违规监听的12名NSA雇员中,已有6名被移送司法部门,但也有若干违规者在受惩之前就辞职或退休。
另据英国《卫报》网站27日报道,一名NSA雇员在未向上级请示情况下,私自利用该局设备监听9名外籍女性电话长达6年。
这些事件曝光后,美国立法部门再次向奥巴马呼吁,制定更加严格的政策保护美国公民隐私。目前NSA所有对国民隐私的调查都是秘密的,从未通过美国情报法院或其他公开辩论获得批准。■

WASHINGTON — Since 2010, the National Security Agency has been exploiting its huge collections of data to create sophisticated graphs of some Americans’ social connections that can identify their associates, their locations at certain times, their traveling companions and other personal information, according to newly disclosed documents and interviews with officials.
The spy agency began allowing the analysis of phone call and e-mail logs in November 2010 to examine Americans’ networks of associations for foreign intelligence purposes after N.S.A. officials lifted restrictions on the practice, according to documents provided by Edward J. Snowden, the former N.S.A. contractor.
The policy shift was intended to help the agency “discover and track” connections between intelligence targets overseas and people in the United States, according to an N.S.A. memorandum from January 2011. The agency was authorized to conduct “large-scale graph analysis on very large sets of communications metadata without having to check foreignness” of every e-mail address, phone number or other identifier, the document said. Because of concerns about infringing on the privacy of American citizens, the computer analysis of such data had previously been permitted only for foreigners.
The agency can augment the communications data with material from public, commercial and other sources, including bank codes, insurance information, Facebook profiles, passenger manifests, voter registration rolls and GPS location information, as well as property records and unspecified tax data, according to the documents. They do not indicate any restrictions on the use of such “enrichment” data, and several former senior Obama administration officials said the agency drew on it for both Americans and foreigners.
N.S.A. officials declined to say how many Americans have been caught up in the effort, including people involved in no wrongdoing. The documents do not describe what has resulted from the scrutiny, which links phone numbers and e-mails in a “contact chain” tied directly or indirectly to a person or organization overseas that is of foreign intelligence interest.
The new disclosures add to the growing body of knowledge in recent months about the N.S.A.’s access to and use of private information concerning Americans, prompting lawmakers in Washington to call for reining in the agency and President Obama to order an examination of its surveillance policies. Almost everything about the agency’s operations is hidden, and the decision to revise the limits concerning Americans was made in secret, without review by the nation’s intelligence court or any public debate. As far back as 2006, a Justice Department memo warned of the potential for the “misuse” of such information without adequate safeguards.
An agency spokeswoman, asked about the analyses of Americans’ data, said, “All data queries must include a foreign intelligence justification, period.”
“All of N.S.A.’s work has a foreign intelligence purpose,” the spokeswoman added. “Our activities are centered on counterterrorism, counterproliferation and cybersecurity.”
The legal underpinning of the policy change, she said, was a 1979 Supreme Court ruling that Americans could have no expectation of privacy about what numbers they had called. Based on that ruling, the Justice Department and the Pentagon decided that it was permissible to create contact chains using Americans’ “metadata,” which includes the timing, location and other details of calls and e-mails, but not their content. The agency is not required to seek warrants for the analyses from the Foreign Intelligence Surveillance Court.
N.S.A. officials declined to identify which phone and e-mail databases are used to create the social network diagrams, and the documents provided by Mr. Snowden do not specify them. The agency did say that the large database of Americans’ domestic phone call records, which was revealed by Mr. Snowden in June and caused bipartisan alarm in Washington, was excluded. (N.S.A. officials have previously acknowledged that the agency has done limited analysis in that database, collected under provisions of the Patriot Act, exclusively for people who might be linked to terrorism suspects.)
But the agency has multiple collection programs and databases, the former officials said, adding that the social networking analyses relied on both domestic and international metadata. They spoke only on the condition of anonymity because the information was classified.

James Risen reported from Washington and New York. Laura Poitras, a freelance journalist, reported from Berlin.
The concerns in the United States since Mr. Snowden’s revelations have largely focused on the scope of the agency’s collection of the private data of Americans and the potential for abuse. But the new documents provide a rare window into what the N.S.A. actually does with the information it gathers.
A series of agency PowerPoint presentations and memos describe how the N.S.A. has been able to develop software and other tools — one document cited a new generation of programs that “revolutionize” data collection and analysis — to unlock as many secrets about individuals as possible.
The spy agency, led by Gen. Keith B. Alexander, an unabashed advocate for more weapons in the hunt for information about the nation’s adversaries, clearly views its collections of metadata as one of its most powerful resources. N.S.A. analysts can exploit that information to develop a portrait of an individual, one that is perhaps more complete and predictive of behavior than could be obtained by listening to phone conversations or reading e-mails, experts say.
Phone and e-mail logs, for example, allow analysts to identify people’s friends and associates, detect where they were at a certain time, acquire clues to religious or political affiliations, and pick up sensitive information like regular calls to a psychiatrist’s office, late-night messages to an extramarital partner or exchanges with a fellow plotter.
“Metadata can be very revealing,” said Orin S. Kerr, a law professor at George Washington University. “Knowing things like the number someone just dialed or the location of the person’s cellphone is going to allow them to assemble a picture of what someone is up to. It’s the digital equivalent of tailing a suspect.”
The N.S.A. had been pushing for more than a decade to obtain the rule change allowing the analysis of Americans’ phone and e-mail data. Intelligence officials had been frustrated that they had to stop when a contact chain hit a telephone number or e-mail address believed to be used by an American, even though it might yield valuable intelligence primarily concerning a foreigner who was overseas, according to documents previously disclosed by Mr. Snowden. N.S.A. officials also wanted to employ the agency’s advanced computer analysis tools to sift through its huge databases with much greater efficiency.
The agency had asked for the new power as early as 1999, the documents show, but had been initially rebuffed because it was not permitted under rules of the Foreign Intelligence Surveillance Court that were intended to protect the privacy of Americans.
A 2009 draft of an N.S.A. inspector general’s report suggests that contact chaining and analysis may have been done on Americans’ communications data under the Bush administration’s program of wiretapping without warrants, which began after the Sept. 11 attacks to detect terrorist activities and skirted the existing laws governing electronic surveillance.
In 2006, months after the wiretapping program was disclosed by The New York Times, the N.S.A.’s acting general counsel wrote a letter to a senior Justice Department official, which was also leaked by Mr. Snowden, formally asking for permission to perform the analysis on American phone and e-mail data. A Justice Department memo to the attorney general noted that the “misuse” of such information “could raise serious concerns,” and said the N.S.A. promised to impose safeguards, including regular audits, on the metadata program. In 2008, the Bush administration gave its approval.
A new policy that year, detailed in “Defense Supplemental Procedures Governing Communications Metadata Analysis,” authorized by Defense Secretary Robert M. Gates and Attorney General Michael B. Mukasey, said that since the Supreme Court had ruled that metadata was not constitutionally protected, N.S.A. analysts could use such information “without regard to the nationality or location of the communicants,” according to an internal N.S.A. description of the policy.

James Risen reported from Washington and New York. Laura Poitras, a freelance journalist, reported from Berlin.
After that decision, which was previously reported by The Guardian, the N.S.A. performed the social network graphing in a pilot project for 1 ½ years “to great benefit,” according to the 2011 memo. It was put in place in November 2010 in “Sigint Management Directive 424” (sigint refers to signals intelligence).
In the 2011 memo explaining the shift, N.S.A. analysts were told that they could trace the contacts of Americans as long as they cited a foreign intelligence justification. That could include anything from ties to terrorism, weapons proliferation or international drug smuggling to spying on conversations of foreign politicians, business figures or activists.
Analysts were warned to follow existing “minimization rules,” which prohibit the N.S.A. from sharing with other agencies names and other details of Americans whose communications are collected, unless they are necessary to understand foreign intelligence reports or there is evidence of a crime. The agency is required to obtain a warrant from the intelligence court to target a “U.S. person” — a citizen or legal resident — for actual eavesdropping.
The N.S.A. documents show that one of the main tools used for chaining phone numbers and e-mail addresses has the code name Mainway. It is a repository into which vast amounts of data flow daily from the agency’s fiber-optic cables, corporate partners and foreign computer networks that have been hacked.
The documents show that significant amounts of information from the United States go into Mainway. An internal N.S.A. bulletin, for example, noted that in 2011 Mainway was taking in 700 million phone records per day. In August 2011, it began receiving an additional 1.1 billion cellphone records daily from an unnamed American service provider under Section 702 of the 2008 FISA Amendments Act, which allows for the collection of the data of Americans if at least one end of the communication is believed to be foreign.
The overall volume of metadata collected by the N.S.A. is reflected in the agency’s secret 2013 budget request to Congress. The budget document, disclosed by Mr. Snowden, shows that the agency is pouring money and manpower into creating a metadata repository capable of taking in 20 billion “record events” daily and making them available to N.S.A. analysts within 60 minutes.
The spending includes support for the “Enterprise Knowledge System,” which has a $394 million multiyear budget and is designed to “rapidly discover and correlate complex relationships and patterns across diverse data sources on a massive scale,” according to a 2008 document. The data is automatically computed to speed queries and discover new targets for surveillance.
A top-secret document titled “Better Person Centric Analysis” describes how the agency looks for 94 “entity types,” including phone numbers, e-mail addresses and IP addresses. In addition, the N.S.A. correlates 164 “relationship types” to build social networks and what the agency calls “community of interest” profiles, using queries like “travelsWith, hasFather, sentForumMessage, employs.”
A 2009 PowerPoint presentation provided more examples of data sources available in the “enrichment” process, including location-based services like GPS and TomTom, online social networks, billing records and bank codes for transactions in the United States and overseas.
At a Senate Intelligence Committee hearing on Thursday, General Alexander was asked if the agency ever collected or planned to collect bulk records about Americans’ locations based on cellphone tower data. He replied that it was not doing so as part of the call log program authorized by the Patriot Act, but said a fuller response would be classified.
If the N.S.A. does not immediately use the phone and e-mail logging data of an American, it can be stored for later use, at least under certain circumstances, according to several documents.
One 2011 memo, for example, said that after a court ruling narrowed the scope of the agency’s collection, the data in question was “being buffered for possible ingest” later. A year earlier, an internal briefing paper from the N.S.A. Office of Legal Counsel showed that the agency was allowed to collect and retain raw traffic, which includes both metadata and content, about “U.S. persons” for up to five years online and for an additional 10 years offline for “historical searches.”

James Risen reported from Washington and New York. Laura Poitras, a freelance journalist, reported from Berlin.


Sent from my iPad

Sunday, September 22, 2013

他们怎样在我开车途中惊吓我


9/14/2013是星期六,晚上有教会活动。CCIC- Gilroy 在 Halen 家, 947 Martiri Ct, Gilroy CA 95020, 有 Potluck party. 我和李放(Sam Li) 负责接送住在 First Street 附近的老人公寓的几位老年人。

下午6:05 左右, 我从 Lions Creek Dr 向南开,来到和 Mantelli Dr 相交的丁字路口,准备左转到 Mantelli 上去。 左转前我向左右看了又看,确定两边都没有车过来。可是在左转过程中,突然从 Mantelli 路边窜出一部车,快速向我的 Honda CR-V 拦腰撞来。开车的是一个30岁左右的男子,因为我的 CR-V 底盘较高,两车的运行方向成90度,我可以清楚看到他的脸。简直是魂飞魄散!慌乱之中只得踩油门加速,期望迅速完成左转动作。这部车显然有b而来,也迅速右转,绕过我车的尾部,继续沿 Mantelli 向西快速开走。

Tuesday, September 17, 2013

中央党校教授蔡霞: 公权与私域——警惕公权力滥权侵害公民


近日媒体网络上关于@大V薜蛮子 嫖娼被抓事件议论纷纭。我也谈几点看法:

第一、当年美国克林顿总统的绯闻沸沸扬扬,但美国国民对克林顿的支持率反而上升,因为克林顿并没有用总统权力为莱温斯基谋钱财,国民不会因克的私生活不检点而收回他的总统权力。因为总统权力是处理公共事务,决不允许公权进入私域去满足个人私欲。正因为克林顿没有公权私用,所以美国公众让他继续当总统。这是第一层,公域私域必须严格分开。相反,在中国,公域私域基本不分,但凡官员私生活奢靡荒淫,十有八九用公权力贪污受贿。同时,若官员想要整谁,手中权力肆意妄为,可以直接侵入纯属公民私人空间的住所去抓人。薛蛮子不是在特定嫖娼场所被抓,而是在他的住所被抓。在仅有两人在场的住所里,公安和举报人是如何作到抓薛之前就断定薛嫖娼的?(请注意,薛是在被抓后承认嫖娼的。)除非是24小时监控薛,或在薛住所安装监视探头和窃听器。薛嫖娼若是这样抓出来的,那么,对所有公民来说,就非常可怕了。因为,只要他们认为需要,就可以对任何公民都24小时监控,就可以随时进入民宅抓人,公民在自己家里这个纯属私人空间里都没有安全感,人人都将笼罩在恐惧阴影里。

第二,私域是个人空间,性权利是个人权利,只要他没有因性行为危害社会公众利益,就是个人道德水平高下的问题,而不是公共权力干涉的范围。所以,印度的轮奸女记者是严重罪行,要法律制裁,而嫖客与妓女的关系是私人买卖行为,不属于法律制裁范围。但从道德角度看,公众人物应该有较高的道德水平,应该在维护社会道德方面起到表率作用。作为公众人物,薛蛮子任由性欲支配行为,确实很不体面。因为从人的社会性角度说,性本能行为是动物的反应,人的文明素养应该可以控制性本能,使性行为合乎人的文明规范,从而有利于身心健康。就此,充分尊重人的权利,基于感情基础上两情相悦的性行为无可指责,只要它不伤害到别的利益相关人的物质和精神利益。而性交易则是对人性和感情的亵渎。薛蛮子因嫖而被抓,一时间官方媒体从网站到报纸到电视,纷纷高调报道,居然使一个嫖客成了官方新闻热点人物,岂非怪哉?!社会和媒体如果集注于性行为的绯闻,要么是性压抑的变态反应,要么社会本身由低级趣味主宰。

第三,论嫖客,真是什么人都有,其中不乏官员的身影。而当一些官员用公款召妓,进行强奸幼女等犯罪活动后,有一些官家媒体则千方百计进行遮掩诡辩,甚至编造种种雷人说词,比如夜宿幼女或过夜无行为等等,这些官媒极无耻。抓薛,不在于他嫖娼,而在于他是大V。央视等媒体在报道时,高调突出薛的大V身份,这恰好暴露了抓薛的真正用意。把抓薛的动机和一些官媒为官员的罪行诡辩放在一起看,暴露的是公权力已经变质成为庇护少数人违法,迫害社会大众权利的私器。

第四,如果有谣言传谣危害社会,首先是谣言受害人运用法律保护自己,而不是公安局自己给别人按上罪名去抓人。说谣言郭美美,谣言红十字会,谣言张海迪,郭美美,红十字会,张海迪完全可以去法院告他们,倒蹊跷的是郭美美,红十字会,张海迪都不出来,而是公安局和央视出头。这是公权力侵害公民,搞有罪推定,以执法之名行压制社会言论之实。公权力肆无忌惮地压制公众言论,势必激起反弹,是要把公众逼到搞街头政治。现在公权力的恣意妄为正在把温和派逼成激进派,把网络政治逼成街头政治,这是在给习挖坑。

第五,这次抓薛蛮子,居然央视都播报,下三烂的做法使央视堕落到市井烂报的水准,而不是国家新闻机构。是央视自己贬损自己。新闻播报时不说公民薛嫖娼而是说大V薛,实质是要杀鸡给猴看,警告所有在网络上说话的人,即大V我都抓,你们都小心点管住自己的嘴。这是以抓嫖为名行封口之实,司马昭之心路人皆知。说穿了是压制言论。真正依法办事,则应是言论权利行使中的问题,用正当行使言论权利去解决,而不是用公权力绑架公民的身体权利去解决。之所以这样做,可见他们自知目的见不得阳光,只好以不正当的手段实现企图。现代法治的一个基本原则是,对公权力而言,法无明文都不得行,而对公民来说,法无禁止都可以做。但在一些握权者眼里,法是他们意志的玩物,他们想怎么解释就怎么解释,想怎么用权就怎么用权,由此,违法的是他们而非大V们。

第六,今年以来,官方每挑起一个事件,都实际上成为了激励社会觉醒思考,树立公民权利意识和公民文化意识的机会。反宪政和挺宪政的争论话题促成全社会普及谈论宪政知识的热议;曾成杰被秘密处死,最终变成全社会关心程序正义与实体正义关系的讨论;抓薛蛮子促使公众明确区分私人空间与公权行使范围,逼得大家要搞明白公共权力为什么不应侵入私人空间,以正确理解法律、明白自身权利,努力求助法律来保护自己的公民权利。

实践表明, 现代公民素质不可能只靠书本来培育,最为重要的是在经历各类公共事件中来真正知晓和认识宪法与法律。从这角度看,非常有必要就反宪政与挺宪政之争话题,就曾成杰被秘密处死案,就公安局以抓嫖为名抓捕网络大V和网络谣言黑手等,进行深入讨论,以搞明白在宪法法治前提下,公权力必须做什么和不可以做什么,警惕和抵制公权力法外滥权,制造社会恐怖。

□ 中华论坛
http://liliqin1128.blog.sohu.com/275248690.html



Sunday, September 08, 2013

N.S.A. Foils Much Internet Encryption




N.S.A. Foils Much Internet Encryption

The National Security Agency is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age, according to newly disclosed documents.
The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show.
  • 查看大图 This undated photo released by the United States government shows the National Security Agency campus in Fort Meade, Md.
    Associated Press
    This undated photo released by the United States government shows the National Security Agency campus in Fort Meade, Md.
  • 查看大图 
Many users assume — or have been assured by Internet companies — that their data is safe from prying eyes, including those of the government, and the N.S.A. wants to keep it that way. The agency treats its recent successes in deciphering protected information as among its most closely guarded secrets, restricted to those cleared for a highly classified program code-named Bullrun, according to the documents, provided by Edward J. Snowden, the former N.S.A. contractor.
Beginning in 2000, as encryption tools were gradually blanketing the Web, the N.S.A. invested billions of dollars in a clandestine campaign to preserve its ability to eavesdrop. Having lost a public battle in the 1990s to insert its own “back door” in all encryption, it set out to accomplish the same goal by stealth.
The agency, according to the documents and interviews with industry officials, deployed custom-built, superfast computers to break codes, and began collaborating with technology companies in the United States and abroad to build entry points into their products. The documents do not identify which companies have participated.
The N.S.A. hacked into target computers to snare messages before they were encrypted. In some cases, companies say they were coerced by the government into handing over their master encryption keys or building in a back door. And the agency used its influence as the world’s most experienced code maker to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world.
“For the past decade, N.S.A. has led an aggressive, multipronged effort to break widely used Internet encryption technologies,” said a 2010 memo describing a briefing about N.S.A. accomplishments for employees of its British counterpart, Government Communications Headquarters, or GCHQ. “Cryptanalytic capabilities are now coming online. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.”
When the British analysts, who often work side by side with N.S.A. officers, were first told about the program, another memo said, “those not already briefed were gobsmacked!”
An intelligence budget document makes clear that the effort is still going strong. “We are investing in groundbreaking cryptanalytic capabilities to defeat adversarial cryptography and exploit Internet traffic,” the director of national intelligence, James R. Clapper Jr., wrote in his budget request for the current year.
In recent months, the documents disclosed by Mr. Snowden have described the N.S.A.’s broad reach in scooping up vast amounts of communications around the world. The encryption documents now show, in striking detail, how the agency works to ensure that it is actually able to read the information it collects.
The agency’s success in defeating many of the privacy protections offered by encryption does not change the rules that prohibit the deliberate targeting of Americans’ e-mails or phone calls without a warrant. But it shows that the agency, which was sharply rebuked by a federal judge in 2011 for violating the rules and misleading the Foreign Intelligence Surveillance Court, cannot necessarily be restrained by privacy technology. N.S.A. rules permit the agency to store any encrypted communication, domestic or foreign, for as long as the agency is trying to decrypt it or analyze its technical features.
The N.S.A., which has specialized in code-breaking since its creation in 1952, sees that task as essential to its mission. If it cannot decipher the messages of terrorists, foreign spies and other adversaries, the United States will be at serious risk, agency officials say.
Just in recent weeks, the Obama administration has called on the intelligence agencies for details of communications by leaders of Al Qaedaabout a terrorist plot and of Syrian officials’ messages about the chemical weapons attack outside Damascus. If such communications can be hidden by unbreakable encryption, N.S.A. officials say, the agency cannot do its work.
But some experts say the N.S.A.’s campaign to bypass and weaken communications security may have serious unintended consequences. They say the agency is working at cross-purposes with its other major mission, apart from eavesdropping: ensuring the security of American communications.
Some of the agency’s most intensive efforts have focused on the encryption in universal use in the United States, including Secure Sockets Layer, or SSL; virtual private networks, or VPNs; and the protection used on fourth-generation, or 4G, smartphones. Many Americans, often without realizing it, rely on such protection every time they send an e-mail, buy something online, consult with colleagues via their company’s computer network, or use a phone or a tablet on a 4G network.
For at least three years, one document says, GCHQ, almost certainly in close collaboration with the N.S.A., has been looking for ways into protected traffic of the most popular Internet companies: Google, Yahoo, Facebook and Microsoft’s Hotmail. By 2012, GCHQ had developed “new access opportunities” into Google’s systems, according to the document.
“The risk is that when you build a back door into systems, you’re not the only one to exploit it,” said Matthew D. Green, a cryptography researcher at Johns Hopkins University. “Those back doors could work against U.S. communications, too.”
Paul Kocher, a leading cryptographer who helped design the SSL protocol, recalled how the N.S.A. lost the heated national debate in the 1990s about inserting into all encryption a government back door called the Clipper Chip.
“And they went and did it anyway, without telling anyone,” Mr. Kocher said. He said he understood the agency’s mission but was concerned about the danger of allowing it unbridled access to private information.
“The intelligence community has worried about ‘going dark’ forever, but today they are conducting instant, total invasion of privacy with limited effort,” he said. “This is the golden age of spying.”
A Vital Capability
The documents are among more than 50,000 shared by The Guardian with The New York Times and ProPublica, the nonprofit news organization. They focus primarily on GCHQ but include thousands either from or about the N.S.A.
Intelligence officials asked The Times and ProPublica not to publish this article, saying that it might prompt foreign targets to switch to new forms of encryption or communications that would be harder to collect or read. The news organizations removed some specific facts but decided to publish the article because of the value of a public debate about government actions that weaken the most powerful tools for protecting the privacy of Americans and others.
The files show that the agency is still stymied by some encryption, as Mr. Snowden suggested in a question-and-answer session on The Guardian’s Web site in June.
“Properly implemented strong crypto systems are one of the few things that you can rely on,” he said, though cautioning that the N.S.A. often bypasses the encryption altogether by targeting the computers at one end or the other and grabbing text before it is encrypted or after it is decrypted.
The documents make clear that the N.S.A. considers its ability to decrypt information a vital capability, one in which it competes with China, Russia and other intelligence powers.
“In the future, superpowers will be made or broken based on the strength of their cryptanalytic programs,” a 2007 document said. “It is the price of admission for the U.S. to maintain unrestricted access to and use of cyberspace.”
The full extent of the N.S.A.’s decoding capabilities is known only to a limited group of top analysts from the so-called Five Eyes: the N.S.A. and its counterparts in Britain, Canada, Australia and New Zealand. Only they are cleared for the Bullrun program, the successor to one called Manassas — both names of an American Civil War battle. A parallel GCHQ counterencryption program is called Edgehill, named for the first battle of the English Civil War of the 17th century.
Ties to Internet Companies
When the N.S.A. was founded, encryption was an obscure technology used mainly by diplomats and military officers. Over the last 20 years, with the rise of the Internet, it has become ubiquitous. Even novices can tell that their exchanges are being automatically encrypted when a tiny padlock appears next to the Web address on their computer screen.
Because strong encryption can be so effective, classified N.S.A. documents make clear, the agency’s success depends on working with Internet companies — by getting their voluntary collaboration, forcing their cooperation with court orders or surreptitiously stealing their encryption keys or altering their software or hardware.
According to an intelligence budget document leaked by Mr. Snowden, the N.S.A. spends more than $250 million a year on its Sigint Enabling Project, which “actively engages the U.S. and foreign IT industries to covertly influence and/or overtly leverage their commercial products’ designs” to make them “exploitable.” Sigint is the acronym for signals intelligence, the technical term for electronic eavesdropping.
By this year, the Sigint Enabling Project had found ways inside some of the encryption chips that scramble information for businesses and governments, either by working with chipmakers to insert back doors or by surreptitiously exploiting existing security flaws, according to the documents. The agency also expected to gain full unencrypted access to an unnamed major Internet phone call and text service; to a Middle Eastern Internet service; and to the communications of three foreign governments.
In one case, after the government learned that a foreign intelligence target had ordered new computer hardware, the American manufacturer agreed to insert a back door into the product before it was shipped, someone familiar with the request told The Times.
The 2013 N.S.A. budget request highlights “partnerships with major telecommunications carriers to shape the global network to benefit other collection accesses” — that is, to allow more eavesdropping.
At Microsoft, as The Guardian has reported, the N.S.A. worked with company officials to get pre-encryption access to Microsoft’s most popular services, including Outlook e-mail, Skype Internet phone calls and chats, and SkyDrive, the company’s cloud storage service.
Microsoft asserted that it had merely complied with “lawful demands” of the government, and in some cases, the collaboration was clearly coerced. Some companies have been asked to hand the government the encryption keys to all customer communications, according to people familiar with the government’s requests. Executives who refuse to comply with secret court orders can face fines or jail time.
N.S.A. documents show that the agency maintains an internal database of encryption keys for specific commercial products, called a Key Provisioning Service, which can automatically decode many messages. If the necessary key is not in the collection, a request goes to the separate Key Recovery Service, which tries to obtain it.
How keys are acquired is shrouded in secrecy, but independent cryptographers say many are probably collected by hacking into companies’ computer servers, where they are stored.
Simultaneously, the N.S.A. has been deliberately weakening the international encryption standards adopted by developers. One goal in the agency’s 2013 budget request was to “influence policies, standards and specifications for commercial public key technologies,” the most common encryption method.
Cryptographers have long suspected that the agency planted vulnerabilities in a standard adopted in 2006 by the National Institute of Standards and Technology, the United States’ encryption standards body, and later by the International Organization for Standardization, which has 163 countries as members.
Classified N.S.A. memos appear to confirm that the fatal weakness, discovered by two Microsoft cryptographers in 2007, was engineered by the agency. The N.S.A. wrote the standard and aggressively pushed it on the international group, privately calling the effort “a challenge in finesse.”
“Eventually, N.S.A. became the sole editor,” the memo says.
Even agency programs ostensibly intended to guard American communications are sometimes used to weaken protections. The N.S.A.’s Commercial Solutions Center, for instance, invites the makers of encryption technologies to present their products and services to the agency with the goal of improving American cybersecurity. But a top-secret N.S.A. document suggests that the agency’s hacking division uses that same program to develop and “leverage sensitive, cooperative relationships with specific industry partners” to insert vulnerabilities into Internet security products.
A Way Around
By introducing such back doors, the N.S.A. has surreptitiously accomplished what it had failed to do in the open. Two decades ago, officials grew concerned about the spread of strong encryption software like Pretty Good Privacy, or P.G.P., designed by a programmer named Phil Zimmermann. The Clinton administration fought back by proposing the Clipper Chip, which would have effectively neutered digital encryption by ensuring that the N.S.A. always had the key.
That proposal met a broad backlash from an unlikely coalition that included political opposites like Senator John Ashcroft, the Missouri Republican, and Senator John Kerry, the Massachusetts Democrat, as well as the televangelist Pat Robertson, Silicon Valley executives and the American Civil Liberties Union. All argued that the Clipper would kill not only the Fourth Amendment, but also America’s global edge in technology.
By 1996, the White House backed down. But soon the N.S.A. began trying to anticipate and thwart encryption tools before they became mainstream.
“Every new technology required new expertise in exploiting it, as soon as possible,” one classified document says.
Each novel encryption effort generated anxiety. When Mr. Zimmermann introduced the Zfone, an encrypted phone technology, N.S.A. analysts circulated the announcement in an e-mail titled “This can’t be good.”
But by 2006, an N.S.A. document notes, the agency had broken into communications for three foreign airlines, one travel reservation system, one foreign government’s nuclear department and another’s Internet service by cracking the virtual private networks that protected them.
By 2010, the Edgehill program, the British counterencryption effort, was unscrambling VPN traffic for 30 targets and had set a goal of an additional 300.
But the agencies’ goal was to move away from decrypting targets’ tools one by one and instead decode, in real time, all of the information flying over the world’s fiber optic cables and through its Internet hubs, only afterward searching the decrypted material for valuable intelligence.
A 2010 document calls for “a new approach for opportunistic decryption, rather than targeted.” By that year, a Bullrun briefing document claims that the agency had developed “groundbreaking capabilities” against encrypted Web chats and phone calls. Its successes against Secure Sockets Layer and virtual private networks were gaining momentum.
But the agency was concerned that it could lose the advantage it had worked so long to gain, if the mere “fact of” decryption became widely known. “These capabilities are among the Sigint community’s most fragile, and the inadvertent disclosure of the simple ‘fact of’ could alert the adversary and result in immediate loss of the capability,” a GCHQ document outlining the Bullrun program warned.
Corporate Pushback
Since Mr. Snowden’s disclosures ignited criticism of overreach and privacy infringements by the N.S.A., American technology companies have faced scrutiny from customers and the public over what some see as too cozy a relationship with the government. In response, some companies have begun to push back against what they describe as government bullying.
Google, Yahoo, Microsoft and Facebook have pressed for permission to reveal more about the government’s secret requests for cooperation. One small e-mail encryption company, Lavabit, shut down rather than comply with the agency’s demands for what it considered confidential customer information; another, Silent Circle, ended its e-mail service rather than face similar demands.
In effect, facing the N.S.A.’s relentless advance, the companies surrendered.
Ladar Levison, the founder of Lavabit, wrote a public letter to his disappointed customers, offering an ominous warning. “Without Congressional action or a strong judicial precedent,” he wrote, “I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States.”
John Markoff contributed reporting.
This story has been reported in partnership among The New York Times, The Guardian andProPublica based on documents obtained by The Guardian. For The Guardian: James Ball, Julian Borger, Glenn Greenwald. For The New York Times: Nicole Perlroth, Scott Shane. For ProPublica: Jeff Larson.


Copyright © 2013 The New York Times Company. All rights reserved.



NSA暗中开发强大信息解码技术

最新披露的文件显示,美国国家安全局(National Security Agency,简称NSA)在长期的加密技术秘密战争中占了上风,它利用超级计算机、技术花招、法院指令和幕后劝说,对互联网时代保护日常通讯隐私的主要工具造成了损害。
加密技术,或称数码干扰技术,可以为国际商业和银行系统提供防卫、保护商业机密和医疗记录等敏感数据,并自动为美国及世界各地民众的电子邮件、网页搜索、网络通讯和通话提供安全保证。上述文件表明,国家安全局绕开或破解了大部分加密技术。
  • 查看大图 美国政府发布的这张照片没有注明日期,照片上是马里兰州米德堡国家安全局的园区。
    Associated Press
    美国政府发布的这张照片没有注明日期,照片上是马里兰州米德堡国家安全局的园区。
  • 查看大图 
很多用户都认为——或者说网络公司曾向他们保证——他们的数据绝不会遭到他人窥探,即便政府情报机构也无法获得这些数据,而NSA则希望他们继续这么认为。根据NSA承包商前雇员爱德华·J·斯诺登(Edward J. Snowden)所提供的文件,NSA把它最近在解密受保护信息方面所取得的成功归入最核心机密的行列,只有那些可以接触代号为Bullrun的高保密项目的人才能了解相关讯息。
该项目始于2000年,当时加密工具正在逐渐覆盖整个网络,为了保留自己的窃听能力,NSA便投资数十亿美元开展了一项秘密活动。20世纪90年代,NSA希望能在所有加密讯息中安插自己的“后门”,但最终却在这场公开斗争中败北,然后它便试图通过秘密行动来达到同样的目的。
根据上述文件以及对业内管理人员的采访,为了破解密码,NSA采用了定制的高级计算机,而且还开始与国内外的科技公司进行合作,在这些公司的产品中建立入口。文件并未表明哪些公司曾参与这个过程。
NSA会在信息被加密前潜入目标计算机获取相关信息。在一些案例中,公司表示,它们受到了政府胁迫,不得不交出自己的主密钥或是建立后门。此外,NSA还利用自己作为世界上最有经验的密码制造者的影响力,秘密在世界各地的软硬件开发商所遵循的加密标准上设置了薄弱环节。
“过去10年中,为了破解各种广泛使用的网络加密技术,NSA针对多个方向大力开展工作,”2010年的一份备忘录表示。“现在正在获得密码分析能力,此前被丢弃的海量加密网络数据目前可被利用。”这份备忘录来自一场与NSA对应的英国机构政府通讯总部(Government Communications Headquarters,简称GCHQ)为员工举行的关于NSA成就的通报会。
另一份备忘录称,当这些经常与NSA官员并肩工作的英国分析师首次得知这个项目时,“那些还不知情的人大吃了一惊!”
一份情报机构的预算文件表明,这项工作的力度并未减弱。国家情报总监小詹姆斯·R·克拉珀(James R. Clapper Jr.)在今年的预算请求中写道,“为了击败敌方的加密技术和利用网络流量,我们正在对突破性密码分析能力进行投资。”
最近几个月,斯诺登披露的文件显示,NSA的行动范围甚广,从世界各地获取了的大量通讯内容。而关于加密讯息的文件现在极其详细地讲述了NSA是如何确保自己能够解读搜集到的讯息。
虽然NSA成功破解了加密技术所提供的很多隐私保护机制,但是这种成功并未改变如下,即禁止有关部门在没有得到授权的情况下,故意以美国人的电子邮件或电话为窃取目标。然而这份文件表明,隐私保护技术并不能完全限制NSA的行动。2011年,一名联邦法官曾尖锐批评NSA违反了上述规定,并误导了外国情报监视法庭(Foreign Intelligence Surveillance Court)。按照NSA的规定,它可以在解密国内外任何加密讯息或分析其技术特征期间储存这些讯息,不论时间多长。
自1952年成立以来,NSA就开始专攻解密技术,并把这项任务看作自身使命的基本要素。NSA官员表示,倘若无法解密恐怖主义者、外国间谍以及其他敌人的讯息,美国就将面临巨大风险。
就在最近几周,奥巴马政府向该情报机构了解了基地组织(Al Qaeda)领导人关于一次恐怖主义行动的通讯内容以及叙利亚官员关于发生在大马士革外围地区的化学武器袭击的讯息。NSA官员表示,如果此类通讯信息能够用无法破解的加密技术进行隐藏,NSA就将无法开展工作。
但有些专家表示,NSA绕开及削弱通讯安全保障的做法或许会带来严重的意外结果。他们说,NSA正在与自己的其他重大使命(除窃听以外)——保证美国的通讯安全——背道而驰。
NSA力度最强的一些工作都集中在美国广泛使用的加密术上,其中包括安全套层(Secure Sockets Layer,简称SSL)、虚拟专用网(virtual private networks,简称VPN),以及4G智能手机所使用的保护措施。很多美国人在发送邮件、网上购物、通过公司计算机网络与同事交流,以及通过4G网络使用电话或平板电脑时,都会依赖这些保护措施,而他们往往不会意识到这一点。
几乎可以肯定,GCHQ曾与NSA就此展开密切合作。一份文件称,至少在过去三年中,GCHQ尝试用各种手段来获取最受欢迎的互联网公司——谷歌、雅虎、Facebook和微软Hotmail——中受保护的通讯。文件还显示,截至2012年,GCHQ开发了进入谷歌系统的“新途径”。
“风险在于,当你在系统中插入了后门,你不会是唯一能利用它的人,”约翰斯·霍普金斯大学(Johns Hopkins University)密码学研究员马修·D·格林(Matthew D. Green)说。“这些后门也可能被利用来打击美国通讯。”
曾联合设计SSL协议的著名编码师保罗·科克(Paul Kocher)回忆称,NSA在20世纪90年代曾要求在所有加密系统里安插叫做“Clipper芯片”(Clipper Chip)的政府后门,并最终失败。
“但他们不顾一切,还是这么做了,而且没有告诉任何人,”科克说。他说他理解NSA的使命,但是他担心允许NSA不受限制地获取私人讯息会带来危险。
“情报界一直都在担心世界会陷入永远‘静默’的状态,但他们如今却不费吹灰之力就能在瞬间全面侵入人们的隐私之中,”他说,“这简直是间谍活动的黄金时代。”
重要能力
这些文件属于《卫报》(The Guardian)向《纽约时报》与非营利性新闻机构ProPublica分享的逾5万份文件之列。它们主要侧重GCHQ ,但其中有数千份文件来自NSA或跟它有关。
情报官员要求《纽约时报》和ProPublica不要刊发这篇文章,说它可能导致外国目标改用新的加密或通信方式,令收集或读取信息变得更困难。新闻机构删除了一些具体细节,但还是决定刊发这篇文章,因为这对于公众就政府行为展开辩论具有价值。这些政府行为削弱了保护美国人和其他人隐私的最为有力的工具。
这些文件显示,该机构仍然没有攻克所有的加密阻碍,正如斯诺登6月在《卫报》网站上进行网络问答时所提到的。
“正确使用强大的加密系统,是少数你可以依靠的手段之一, ”他说。不过他也告诫道,NSA经常会完全绕过加密系统,方法是针对一端或者另一端的计算机,在文本被加密之前或者解密之后获取它们。
该文件明确指出,NSA认为自己解密信息的能力非常重要,并在就此与中国、俄罗斯和其他国家的情报机构开展竞争。
“在未来,超级大国的成败将取决于它们密码分析项目的实力,” 2007年的一份文件写道, “美国要想继续不受限制地访问和使用网络空间,这就是入场费。”
NSA解码能力究竟有多强大只有少数顶级分析师知道,他们来自所谓的“五只眼”(Five Eyes):NSA及其在英国、加拿大、澳大利亚和新西兰的对应机构。只有他们能充分接触Bullrun项目,及其前身项目Manassas——这两个名字都取自美国南北战争中的战役。GCHQ的一个平行的反解密项目叫作Edgehill,名字取自17世纪英国内战的首个战役。
跟互联网公司的关系
NSA成立之初,加密还是一种鲜为人知的技术,主要供外交官和军官使用。过去的20年里,随着互联网的兴起,它已经变得无处不在。即使新手也知道,如果电脑屏幕上的网址旁边出现一个小小的挂锁图案,他们的信息交换就被自动加密了。
NSA机密文件明确表示,由于严格加密之后的效果非常好,该机构的成功有赖于跟互联网公司的合作——要么获得它们的自愿合作,要么用法庭命令迫使它们合作,或者暗中窃取它们的加密密钥,又或者修改它们的软硬件。
斯诺登泄露的一份情报预算文件显示, NSA每年花费逾2.5亿美元在Sigint促进计划(Sigint Enabling Project)上,这个项目“主动积极地接触美国和外国IT产业,暗中或公开影响它们的商业产品设计”,让这些产品“可被利用”。Sigint是电子窃听技术的术语“信号情报”(signals intelligence)的缩写。
这些文件显示,今年,Sigint项目找到了进入某些为企业和政府编码信息的加密芯片的数个途径,方法要么是通过与芯片制造商合作来植入后门,要么是暗中利用现有的安全缺陷。NSA还有望获得完整权限,从而在加密前访问一家未具名的大型互联网电话与短信服务公司、一家中东互联网公司,以及三个外国政府的通讯信息。
知情人士告诉《纽约时报》:有一次,在美国政府了解到某外国情报目标订购了新的计算机硬件之后,美国制造商同意在硬件出货之前植入一个后门。
NSA在其2013年的预算申请中强调了“与各大电信运营商保持合作伙伴关系,使全球网络有利于其他信息搜集活动”——也就是说,获得更多的窃听机会。
据《卫报》报道,NSA跟微软公司的管理层合作,可以在加密前访问该公司人气最高的服务项目,比如Outlook电子邮件、互联网通话与聊天软件Skype,以及该公司的云存储服务SkyDrive。
微软强调,自己只是遵从了政府的“合法要求” ,而且在某些情况下,合作显然是迫不得已的。熟悉内情的人士透露,政府曾经要求一些公司交出所有用户通信的加密密钥。如果公司高管拒绝执行秘密法庭颁发的这个命令,可能会被处以罚款或监禁。
NSA的文件显示,该机构有一个名为密钥供应服务(Key Provisioning Service)的内部数据库,里面是特定商业产品的加密密钥,可以自动解码很多信息。如果解码所需的密钥不在数据库中,它会向密钥收回服务(Key Recovery Service)发送请求。后者就会设法获取相应的密钥。
如何得到密钥是保密的,但一些独立的密码专家称,许多密钥很可能都是通过秘密侵入相关企业存储密钥的计算机服务器来获取的。
与此同时,NSA也刻意削弱了开发人员采用的国际加密标准。该机构2013年的预算申请中阐述的目标之一是“影响商用公钥技术的政策、标准和规范”,而这种技术是最常见的加密方法。
密码专家早就怀疑NSA在一个标准中植入了漏洞。这个标准于2006年被负责美国加密标准的国家标准与技术研究院(National Institute of Standards and Technology)所采用,后来又被拥有163个成员国的国际标准化组织(International Organization for Standardization)采纳。
NSA的数份机密备忘录似乎证实了,微软的两个密码破译人员2007年在标准中发现的致命漏洞是该机构的手笔。NSA编制了这个标准,花大力气把它推向国际社会,并在私下里称这个任务是“需要精妙应对的挑战”。
“最终, NSA成为了唯一的编撰者。 ”备忘录中写道。
即使某些看似旨在保护美国人通信的NSA项目,有时也被用来削弱这种保护。举例来说,NSA旗下的商业解决方案中心(Commercial Solutions Center)曾以改善美国网络安全为名,邀请加密技术开发机构来展示它们的产品和服务。但一份绝密NSA文件显示,该机构的黑客部门使用同一个项目培养并“利用跟特定行业合作伙伴之间的敏感合作关系”,以达到把漏洞植入到互联网安全产品中的目的。
绕道而行
通过引入此类后门,NSA悄无声息地获得了在公开场合未能取得的成效。20年前,美国官方对一些强大加密软件的流行担忧起来,比如程序开发员菲尔·齐默尔曼(Phil Zimmermann)设计的“完美隐私软件”(Pretty Good Privacy,简称PGP)。克林顿政府提出了Clipper芯片予以还击。如果推行下去,NSA将始终掌握密钥,实际上会使电子加密失去作用。
这项提议在很大范围内遭遇了强烈反对,并出人意料地团结了一批人,其中包括参议院里的政治对头,比如来自密苏里州的共和党人约翰·阿什克罗夫特(John Ashcroft)和来自马萨诸塞州的民主党人约翰·克里(John Kerry),还有电视传教士帕特·罗伯森(Pat Robertson)、一批硅谷高管,以及美国公民自由联盟(American Civil Liberties Union)。他们都认为,Clipper不仅会让宪法第四修正案形同虚设,还会扼杀美国在科技领域的全球领先优势。
1996年,白宫终于让步。但很快地,NSA就开始尝试,在加密成为主流之前进行预先准备并予以阻挠。
“每项新技术都需要新的专业知识来对其进行利用,越快越好,”一份机密文件中这样写道。
每次出现创新性的加密方式都会让他们心生焦虑。当齐默尔曼推出了加密电话技术Zfone时,NSA分析师通过电子邮件竞相传阅这一消息,邮件主题栏上写着“此事不妙”。
一份NSA文件显示,到了2006年,通过破解保护性的VPN,该局已攻破了三家外国航空公司、一个旅行预订系统、一个外国政府的核能部门,以及另一个外国政府互联网服务的通讯系统。
到了2010年,英国反制加密的Edgehill计划已成功破解了30个目标的VPN,而且设立了再破解300个的目标。
不过,这些机构的目的是要摆脱逐个破解目标工具的局面,迈向实时解译通过全世界光纤和互联网交换机的所有信息,仅需事后搜寻解密材料来获取有价值的情报。
2010年的一份材料呼吁,采取“全新的方式来进行随机解码,而非逐个破解目标”。就在当年,Bullrun的一份报告文件宣称,NSA已获取了针对加密网络聊天与电话的“突破性能力”。该机构在破解SSL和VPN上也不断有所斩获。
不过,NSA担心,一旦解码的“实情”广为人知,就会丧失长时间努力得来的优势。GCHQ概述Bullrun计划的一份文件中警告,“这些能力是Sigint项目中最为脆弱的部分,无意间泄露这一简单‘实情’的话,可能会让对手警觉,并导致能力的迅速丧失。”
业界反弹
自从斯诺登的揭秘激起外界对NSA触角太广、侵犯隐私的批评,美国科技企业就面临着消费者和公众的审视。一些人认为,业界与政府的关系太过紧密。作为回应,一些企业开始反击他们眼中的政府的霸道行为。
谷歌、雅虎、微软和Facebook都施加了压力,希望允许它们披露有关政府下达秘密合作要求的更多信息。由于不愿满足NSA的要求,小型邮件加密企业Lavabit干脆关门,因为公司认为NSA要求的是机密客户信息。另一家企业Silent Circle宁可终止邮件服务也不愿满足类似的要求。
实际上,当NSA不断得寸进尺的时候,业界都做出了让步。
Lavabit的创始人拉达尔·莱韦森(Ladar Levison)给失望的客户写了一封公开信,给出了不详的警告。“除非国会采取行动,或是法院做出强有力的判例,”文中写道,“我强烈建议,任何人都不要把自己的私人信息交给与美国有任何实际联系的公司。”

John Markoff对本文有报道贡献。
本文是《纽约时报》、《卫报》和ProPublica的合作报道,基于的是《卫报》获取的文件。参与本次报道的有《卫报》的James Ball、Julian Borger及Glenn Greenwald;《纽约时报》的Nicole Perlroth与Scott Shane;以及ProPublica的Jeff Larson。
翻译:陈柳、土土、黄铮

本文内容版权归纽约时报公司所有,任何单位及个人未经许可,不得擅自转载或翻译。

NSA can access most smartphone dat



'Der Spiegel': NSA can access most smartphone data

BERLIN (AP) — The German news weekly Der Spiegel reported Sun that the National Security Agency can access users' data on all major smartphones.
The magazine cites internal documents from the NSA and its British counterpart GCHQ in which the agencies describe setting up dedicated teams to crack protective measures on iPhones, BlackBerry and Android devices.
This data includes contacts, call lists, SMS traffic, notes and location data.
Der Spiegel says the documents don't indicate that the NSA is conducting mass surveillance of phone users but rather that these techniques are used to eavesdrop on specific individuals.
The article published Sunday doesn't say how the magazine obtained the documents. But one of its authors is Laura Poitras, an American filmmaker with close contacts to NSA leaker Edward Snowden.
Copyright 2013 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.
http://www.usatoday.com/story/news/nation/2013/09/08/report-nsa-can-access-most-smartphone-data/2781753/

據美聯社報導,今天出刊的德國「明鏡」週刊(Der Spiegel)說,美國國家安全局(NSA)和英國政府通訊總部(GCHQ)能讀取所有主要智慧型手機作業系統上的使用者資料。
明鏡週刊引述國安局和政府通訊總部內部文件報導,這些情報機構在文件中敘述如何設立工作組,破解蘋果公司智慧型手機iPhone、黑莓機(BlackBerry)和Android裝置的保護措施。
因此可能取得的資料包括聯絡人、電話名單、簡訊和位置資料。
明鏡週刊說,這些文件顯示,這些技術主要用來監聽特定人物,不是用作大規模監聽電話之用。



Friday, September 06, 2013

N.S.A. Able to Foil Basic Safeguards of Privacy on Web



N.S.A. Able to Foil Basic Safeguards of Privacy on Web

The National Security Agency is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age, according to newly disclosed documents.
The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show.
Many users assume — or have been assured by Internet companies — that their data is safe from prying eyes, including those of the government, and the N.S.A. wants to keep it that way. The agency treats its recent successes in deciphering protected information as among its most closely guarded secrets, restricted to those cleared for a highly classified program code-named Bullrun, according to the documents, provided by Edward J. Snowden, the former N.S.A. contractor.
Beginning in 2000, as encryption tools were gradually blanketing the Web, the N.S.A. invested billions of dollars in a clandestine campaign to preserve its ability to eavesdrop. Having lost a public battle in the 1990s to insert its own “back door” in all encryption, it set out to accomplish the same goal by stealth.
The agency, according to the documents and interviews with industry officials, deployed custom-built, superfast computers to break codes, and began collaborating with technology companies in the United States and abroad to build entry points into their products. The documents do not identify which companies have participated.
The N.S.A. hacked into target computers to snare messages before they were encrypted. In some cases, companies say they were coerced by the government into handing over their master encryption keys or building in a back door. And the agency used its influence as the world’s most experienced code maker to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world.
“For the past decade, N.S.A. has led an aggressive, multipronged effort to break widely used Internet encryption technologies,” said a 2010 memo describing a briefing about N.S.A. accomplishments for employees of its British counterpart, Government Communications Headquarters, or GCHQ. “Cryptanalytic capabilities are now coming online. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.”
When the British analysts, who often work side by side with N.S.A. officers, were first told about the program, another memo said, “those not already briefed were gobsmacked!”
An intelligence budget document makes clear that the effort is still going strong. “We are investing in groundbreaking cryptanalytic capabilities to defeat adversarial cryptography and exploit Internet traffic,” the director of national intelligence, James R. Clapper Jr., wrote in his budget request for the current year.
In recent months, the documents disclosed by Mr. Snowden have described the N.S.A.’s reach in scooping up vast amounts of communications around the world. The encryption documents now show, in striking detail, how the agency works to ensure that it is actually able to read the information it collects.
The agency’s success in defeating many of the privacy protections offered by encryption does not change the rules that prohibit the deliberate targeting of Americans’ e-mails or phone calls without a warrant. But it shows that the agency, which was sharply rebuked by a federal judge in 2011 for violating the rules and misleading the Foreign Intelligence Surveillance Court, cannot necessarily be restrained by privacy technology. N.S.A. rules permit the agency to store any encrypted communication, domestic or foreign, for as long as the agency is trying to decrypt it or analyze its technical features.
The N.S.A., which has specialized in code-breaking since its creation in 1952, sees that task as essential to its mission. If it cannot decipher the messages of terrorists, foreign spies and other adversaries, the United States will be at serious risk, agency officials say.
Just in recent weeks, the Obama administration has called on the intelligence agencies for details of communications by leaders of Al Qaedaabout a terrorist plot and of Syrian officials’ messages about the chemical weapons attack outside Damascus. If such communications can be hidden by unbreakable encryption, N.S.A. officials say, the agency cannot do its work.

John Markoff contributed reporting.
-------
Page 2


========.          =============

Secret Documents Reveal N.S.A. Campaign Against Encryption

Documents show that the N.S.A. has been waging a war against encryption using a battery of methods that include working with industry to weaken encryption standards, making design changes to cryptographic software, and pushing international encryption standards it knows it can break. Related Article »



This excerpt from the N.S.A.’s 2013 budget request outlines the ways in which the agency circumvents the encryption protection of everyday Internet communications. The Sigint Enabling Project involves industry relationships, clandestine changes to commercial software to weaken encryption, and lobbying for encryption standards it can crack.