Sunday, April 24, 2011

No Place to Hide: Internet Tracking Probe Unveiled as New Smartphone Spy Scandal Unwinds

As the United States morphs into a failed state, one unwilling and soon perhaps, unable, to provide for the common good even as it hands over trillions of dollars to a gang of financial brigands engorged like parasitic ticks on the wealth of others, keeping the lid on is more than just an imperial obsession: it's big business.

Earlier this month, New Scientist reported that "a new way of working out where you are by looking at your internet connection could pin down your current location to within a few hundred metres."

Although similar techniques are already in use, they are not very accurate in terms of closing the surveillance trap. "Every computer connected to the web has an internet protocol (IP) address, but there is no simple way to map this to a physical location," reporter Jacob Aron informs us. "The current best system can be out by as much as 35 kilometres."

However, Yong Wang, "a computer scientist at the University of Electronic Science and Technology of China in Chengdu, and colleagues at Northwestern University in Evanston, Illinois, have used businesses and universities as landmarks to achieve much higher accuracy."

According to New Scientist, "Wang's team used Google Maps to find both the web and physical addresses of such organisations, providing them with around 76,000 landmarks. By comparison, most other geolocation methods only use a few hundred landmarks specifically set up for the purpose."

With geolocation tracking devices embedded in smartphones (and, as we'll see below, this data is stored without their users' consent), all of which is happily turned over to authorities by telecoms (for the right price, of course!), as privacy researcher Christopher Soghoian revealed in 2009, it becomes abundantly clear that sooner than most people think they'll be no escaping Big Brother's electronic dragnet.

"The new method," Aron writes, "zooms in through three stages to locate a target computer." First, the team of public-private financed research snoops measured "the time it takes to send a data packet to the target and converts it into a distance--a common geolocation technique that narrows the target's possible location to a radius of around 200 kilometres."

Wang and his cohorts then "send data packets to the known Google Maps landmark servers in this large area to find which routers they pass through." New Scientist reports that when "a landmark machine and the target computer have shared a router, the researchers can compare how long a packet takes to reach each machine from the router; converted into an estimate of distance, this time difference narrows the search down further."

"We shrink the size of the area where the target potentially is," Wang cheerfully explained.

"Finally," Aron writes, "they repeat the landmark search at this more fine-grained level: comparing delay times once more, they establish which landmark server is closest to the target."

"On average," we're told, "their method gets to within 690 metres of the target and can be as close as 100 metres--good enough to identify the target computer's location to within a few streets."

While New Scientist focused their attention on how an IP address tracking tool might be a boon to advert pimps, who else might find the method "useful in certain situations"?

Tightening the Surveillance Noose

Back in December, The Wall Street Journal reported that "few devices know more personal details about people than the smartphones in their pockets: phone numbers, current location, often the owner's real name--even a unique ID number that can never be changed or turned off."

As part of the Journal's excellent "What They Know" series, reporters Scott Thurm and Yukari Iwatani Kane revealed that an examination of more than 100 smartphone apps for Apple's iPhone and Google's Android platforms "showed that 56 transmitted the phone's unique device ID to other companies without users' awareness or consent," 47 apps "transmitted the phone's location in some way," and "five sent age, gender and other personal details to outsiders."

Like the New Scientist report above, the Journal focused their investigative lens on "intrusive effort[s] by online-tracking companies to gather personal data about people in order to flesh out detailed dossiers on them."

Without a doubt, such data is already being collected by various police intelligence agencies at the local, state and federal levels.

In all likelihood, smartphone geolocation data has now been added to the dossier creation mix, another component of the secret state's massive national security index called "Main Core" by investigative journalists Christopher Ketchum and Tim Shorrock.

As Ketchum reported in his 2008 piece, three unnamed former intelligence officials told him that "8 million Americans are now listed in Main Core as potentially suspect" and, in the event of a national emergency, "could be subject to everything from heightened surveillance and tracking to direct questioning and even detention."

We've now learned that Apple's iPhone and iPad and Google's Android smartphone platforms "constantly track users' physical location and store the data in unencrypted files that can be read by anyone with physical access to the device," The Register disclosed.

And with technological advances far-outstripping legal remedies to protect Americans' privacy as Soghoian wrote last week, and with Congress and the Obama administration further lowering the boom, the notion that our personal communications are off-limits to advertisers and government officials is as quaint as the concept that financial institutions should be transparent when it comes to investing our hard-earned dollars.

According to researchers Pete Warden and Alasdair Allen, who first reported their findings on the iPhone Tracker blog, the geolocation file is stored on both the iOS device and "any computers that store backups of its data," and "can be used to reconstruct a detailed snapshot of the user's comings and goings, down to the second."

The researchers aver that despite Apple's refusal to even acknowledged the existence of these files, or frankly what the firm does with the data once its been downloaded to their servers, users of iPhones and iPads are put at risk that their movements are available to any and all comers with the requisite skills to access their information.

"The most immediate problem is that this data is stored in an easily-readable form on your machine," Warden and Allen wrote.

"Any other program you run or user with access to your machine can look through it. By passively logging your location without your permission, Apple have made it possible for anyone from a jealous spouse to a private investigator to get a detailed picture of your movements."

Needless to say, such information would be a boon to police agencies seeking to "terminate with extreme prejudice" the ability of protest organizers to communicate with demonstrators, as happened during the G20 protests in Pittsburgh, as Antifascist Calling reported in 2009.

Elliot Madison was arrested after he relayed a police order to disperse message via Twitter to demonstrators during the protests. A week later, his New York City home was raided by the FBI's Joint Terrorism Task Force (!) which carted off his computers and cell phone as "evidence." Madison and co-defendant Michael Wallschlaeger were criminally charged with using computers, cell phones and a police scanner to track the movements of "Pittsburgh's finest." Federal prosecutors charged the activists with "hindering apprehension or prosecution, criminal use of a communication facility, and possession of instruments of crime."

While such repressive acts may have raised eyebrows two years ago, they have now become part of the seamless panopticon spreading across the "shining city on a hill" like an invisible swarm of privacy-killing locusts.

Last week, in the wake of the smartphone tracking scandal, CNET News reported that "law enforcement agencies have known since at least last year that an iPhone or iPad surreptitiously records its owner's approximate location, and have used that geolocation data to aid criminal investigations."

Security journalist Declan McCullagh revealed that although "Apple has never publicized the undocumented feature buried deep within the software that operates iPhones and iPads," the secretive Mountain View firm acknowledged to Congress last year that "cell tower and Wi-Fi access point information" is "intermittently" collected and "transmitted to Apple" every 12 hours.

CNET reported that "phones running Google's Android OS also store location information," according to Swedish programer Magnus Eriksson. Another researcher told McCullagh that "'virtually all Android devices' send some of those coordinates back to Google."

"Among computer forensics specialists," CNET avers, "those location logs--which record nearby cell tower coordinates and time stamps and cannot easily be disabled by someone who wants to use location services--are not merely an open secret. They've become a valuable sales pitch when targeting customers in police, military, and intelligence agencies."

In other words, enterprising grifters from niche security firms servicing the secret state--or anyone willing to pay for their unique services, say a dodgy employer, a jealous spouse or a sociopathic freak for that matter--can take advantage of a smartphone's embedded location files.

CNET reported that the "U.K-based company Forensic Telecommunications Services advertises its iXAM product as able to 'extract GPS location fixes' from an iPhone 3GS including 'latitude, longitude, altitude and time'."

"Its literature boasts," McCullagh writes, that "'these are confirmed fixes--they prove that the device was definitely in that location at that time'."

"Another mobile forensics company, Cellebrite," CNET avers, even "brags that its products can pluck out geographical locations derived from both 'Wi-Fi and cell tower' signals, and a third lists Android devices as able to yield 'historical location data' too."

Just last week, The Tech Herald disclosed that the Michigan State Police have been using a handheld device and "secretly extracting information from cell phones during traffic stops," and have refused to release information on this program to the ACLU.

The Tech Herald reports that for "nearly three years, the ACLU has attempted to get the Michigan State Police (MSP) to answer questions over their use of Cellebrite's UFED Physical Pro scanner."

"The handheld device allows police to extract data from phones and SIM memory," journalist Steve Ragan writes, and that "in addition to the normal information, such as contact lists, email, and text messages, the UFED is also able to recover hidden and deleted data."

Manufactured by security outfit Cellebrite, the company boasts that their "mobile forensics products enable extraction and analysis of invaluable evidentiary data including deleted and hidden data for military, law enforcement, governments, and intelligence agencies across the world," according to a blurb on their web site.

The ACLU charges that the device is routinely used during traffic stops and that state troopers were able to access the mobile devices without their users being aware their data was being grabbed.

In their letter to the MSP, the ACLU cautioned that "The Fourth Amendment protects citizens from unreasonable searches. With certain exceptions that do not apply here," the civil liberties watchdogs averred, "a search cannot occur without a warrant in which a judicial officer determines that there is probable cause to believe that the search will yield evidence of criminal activity."

"A device that allows immediate, surreptitious intrusion into private data creates enormous risks that troopers will ignore these requirements to the detriment of the constitutional rights of persons whose cell phones are searched."

Sounds reasonable, right? The MSP responded by demanding the ACLU fork over $544,680 before they'd even consider releasing these public documents!

But as Cryptohippie reported in their excellent study, The Electronic Police State, "two crucial facts about the information gathered under an electronic police state are these: 1. It is criminal evidence, ready for use in a trial. 2. It is gathered universally ('preventively') and only later organized for use in prosecutions."

"In an Electronic Police State," researchers averred, "every surveillance camera recording, every email sent, every Internet site surfed, every post made, every check written, every credit card swipe, every cell phone ping... are all criminal evidence, and all are held in searchable databases. The individual can be prosecuted whenever the government wishes."

Called a "Universal Forensic Extraction Device," Cellebrite claims their "UFED family of products is able to extract and analyze data from more than 3000 phones, including smartphones and GPS devices."

According to the firm, such tools will prove invaluable to secret state snoops. "Diving deeper into a mobile phone's memory than ever before provides them with the ability to gather data and establish connections between networks and people that is quicker and easier to arrive at."

The secret-spilling web site Cryptome has generously provided us with with Cellebrite's Smartphone PDA Spy Guide. Amongst other things, we're told that the firm's "UFED Forensics system empowers law enforcement, anti-terror and security organizations to capture critical forensic evidence from mobile phones, Smartphones and PDAs."

"UFED," we're informed, "extracts vital data such as phonebook, camera pictures, videos, audio, text messages (SMS), call logs, ESN IMEI, ICCID and IMSI information from over 1,600 handset models, including Symbian, Microsoft Mobile, Blackberry and Palm OS devices."

Think you've erased those messy call logs or text messages to your girl- or boyfriend? Better think again! With Cellebrite on the job, "the UFED can extract data from a phone, or directly from the SIM card. When extracting from phone, the UFED connects to the phone via cable, Bluetooth or infrared, and the data is read logically from the phone. It also performs a physical extraction from SIM cards, allowing extraction of additional data such as deleted SMS, ICCID, IMSI, location information and more."

We're told that the company's UFED "helps intelligence agencies widen their view and form a complete picture with access to content that can be repurposed, analyzed, and linked to information existing in databases," Main Core, or a similar national security index, perhaps?

"For us, people look like little particles..."

While digital technologies advance by leaps and bounds, the Empire's political-economic requirements are determining how new devices will be used, who has access to the data points and, once our personal details are extracted--by corporations or shadowy intel outfits (public and private) who do their bidding--what happens to it once it's been stored in giant data farms.

The Wall Street Journal reported that Massachusetts Institute of Technology researchers are conducting a study that "has tracked 60 families living in campus quarters via sensors and software on their smartphones--recording their movements, relationships, moods, health, calling habits and spending."

"In this wealth of intimate detail," reporter Robert Lee Hotz writes, MIT researcher Alex Pentland "is finding patterns of human behavior that could reveal how millions of people interact at home, work and play."

According to preliminary findings, "the data can predict with uncanny accuracy where people are likely to be at any given time in the future," and the data "can reveal subtle symptoms of mental illness, foretell movements in the Dow Jones Industrial Average, and chart the spread of political ideas as they move through a community much like a contagious virus, research shows."

"Advances in statistics, psychology and the science of social networks are giving researchers the tools to find patterns of human dynamics too subtle to detect by other means," the Journal reports.

At Northeastern University in Boston for example, "network physicists discovered just how predictable people could be by studying the travel routines of 100,000 European mobile-phone users."

"After analyzing more than 16 million records of call date, time and position," Hotz reports, "the researchers determined that, taken together, people's movements appeared to follow a mathematical pattern," and that given enough information about past movements, scientists averred "they could forecast someone's future whereabouts with 93.6% accuracy."

Chillingly, Northeastern physicist Albert-Laszlo Barabasi, who conducted the study, told the Journal: "For us, people look like little particles that move in space and that occasionally communicate with each other. We have turned society into a laboratory where behavior can be objectively followed."

Ruthless "objectivity" such as this have real world consequences, not that it matters to those whose butter their bread by bludgeoning our privacy and cratering our political rights.

"As a reward when the [MIT] experiment was done," the Journal laconically observed, "the students were allowed to keep the smartphones used to monitor them."

Sunday, April 17, 2011

Senate's 'Privacy Bill of Rights' Exempts the Government, Short Sells Consumers

Call it another virtual "defense" of privacy rights by U.S. lawmakers.

Last week, senators John Kerry (D-MA) and John McCain (R-AZ) introduced legislation in the U.S. Senate, the "Commercial Privacy Bill of Rights Act of 2011," they claimed would "establish a framework to protect the personal information of all Americans."

During a D.C. press conference, McCain told reporters that the proposed law would protect a "fundamental right of American citizens, that is the right to privacy."

While Kerry and McCain correctly state that "The ease of gathering and compiling personal information on the Internet and off, both overtly and surreptitiously, is becoming increasingly efficient and effortless due to advances in technology which have provided information gatherers the ability to compile seamlessly highly detailed personal histories of individuals" (p. 4), there's one small catch.

CNET's Declan McCullagh reported that the bill "doesn't apply to data mining, surveillance, or any other forms of activities that governments use to collect and collate Americans' personal information."

While the measure would apply to "companies and some nonprofit groups," CNET disclosed that "federal, state, and local police agencies that have adopted high-tech surveillance technologies including cell phone tracking, GPS bugs, and requests to Internet companies for users' personal information--in many cases without obtaining a search warrant from a judge" would be exempt.

As we know, a gaggle of privacy-killing agencies inside the secret state, the National Security Agency, the Federal Bureau of Investigation, the U.S. Department of Homeland Security as well as offices and subunits sprinkled throughout the Pentagon's sprawling bureaucracy, including U.S. Cyber Command, all claim authority to extract personal information on individuals from still-secret Office of Legal Counsel memoranda and National Security Presidential Directives.

As the American Civil Liberties Union reported in March, what little has been extracted from the Executive Branch through Freedom of Information Act litigation is heavily-redacted, rendering such disclosures meaningless exercises.

For example, the bulk of the November 2, 2001 21-page Memorandum for the Attorney General, penned by former Deputy Assistant Attorney General John C. Yoo, which provided the Bush administration with a legal fig-leaf for their warrantless wiretapping programs, is blank. That is, if one ignores exemptions to FOIA now claimed by the Obama administration. (B1, b3, b5, exemptions relate to "national security," "inter-departmental communications" and/or programs labelled "TS/SCI"--Top Secret/Sensitive Compartmented Information, the highest classification).

And, as of this writing, the American people still do not have have access to nor even knowledge of the snooping privileges granted securocrats by the Bush and Obama administrations under cover of the Comprehensive National Cybersecurity Initiative (CNCI).

As Antifascist Calling previously reported, CNCI derives authority from classified annexes of National Security Presidential Directive 54, Homeland Security Presidential Directive 23 (NSPD 54/HSPD 23) first issued by our former "decider."

Those 2008 presidential orders are so contentious that both the Bush and Obama administrations have even refused to release details to Congress, prompting a 2010 Freedom of Information Act lawsuit by the Electronic Privacy Information Center (EPIC) demanding that the full text, and underlying legal authority governing federal cybersecurity programs be made public.

McCullagh points out that the bill "also doesn't apply to government agencies including the Department of Health and Human Services, the Department of Veterans Affairs, the Social Security Administration, the Census Bureau, and the IRS, which collect vast amounts of data on American citizens."

Nor are there provisions in the bill that would force federal or state agencies to notify American citizens in the event of a data breach. No small matter considering the flawed data security practices within such agencies.

Just last week, InformationWeek revealed that the "Texas comptroller's office began notifying millions of people Monday that their personal data had been involved in a data breach. The private data was posted to a public server, where it was available--in some cases--for over a year."

"The posted records," we're told, "included people's names, mailing addresses, social security numbers, and in some cases also dates of birth and driver's license numbers."

None of the data was encrypted and was there for the taking by identity thieves or other shady actors. InformationWeek pointed out although "most organizations that experience a serious data breach" offer free credit monitoring services to victims, "to date, Texas has not said it will offer such services to people affected by the comptroller's breach."

CNET reminds us that the "Department of Veterans Affairs suffered a massive security breach in 2006 when an unencrypted laptop with data on millions of veterans was stolen."

McCullagh avers that "a government report last year listed IRS security and privacy vulnerabilities" and that "even the Census Bureau has, in the past, shared information with law enforcement from its supposedly confidential files."

The limited scope of the Kerry and McCain proposal is underscored by moves by the Obama Justice Department to actually increase the secret state's already formidable surveillance powers and short-circuit anemic privacy reforms that have been proposed.

In fact, as Antifascist Calling reported last week, during hearings before the Senate Judiciary Committee, Associate Attorney General James A. Baker warned the panel that granting "cloud computing users more privacy protections and to require court approval before tracking Americans' cell phones would hinder police investigations."

But even when it comes to reining-in out-of-control online tracking by internet advertising firms, the Kerry-McCain bill comes up short.

As the Electronic Frontier Foundation points out, the Kerry-McCain bill won't stop online tracking by advert pimps who hustle consumers' private details to the highest bidder.

The civil liberties' watchdogs aver, "the privacy risk is not in consumers seeing targeted advertisements, but in the unchecked accumulation and storage of data about consumers' online activities."

"Collecting and retaining data on consumers can create a rich repository of information," EFF's legislative analyst Rainey Reitman writes, one that "leaves consumer data vulnerable to a data breach as well as creating an unnecessary enticement for government investigators, civil litigants and even malicious hackers."

Additionally, the proposal is silent on Do Not Track, "meaning there is no specific proposal for a meaningful, universal browser-based opt-out mechanism that could be respected by all large third-party tracking companies," and consumers "would still need to opt-out of each third party individually," a daunting process.

Worst of all, consumers "won't have a private right of action in the new Commercial Privacy Bill of Rights. That means consumers won't be granted the right to sue companies for damages if the provisions of the Commercial Privacy Bill of Rights are violated." In other words, even when advertising firms and ISPs violate their users' privacy rights, the bill would specifically prohibit individuals from seeking relief in the courts.

Moving in for the Cybersecurity Kill

While the Kerry-McCain bill would exempt government agencies from privacy protections, the Defense Department is aggressively seeking more power to monitor civilian computer networks.

NextGov reported that General Keith Alexander, the dual-hatted commander of U.S. Cyber Command and the National Security Agency said that his agency "cannot monitor civilian networks" and that congressional authorization will be required so that CYBERCOM can "look at what's going on in other government sectors" and other "critical infrastructures," i.e., civilian networks.

Mendacity aside, considering that NSA already vacuums-up terabytes of America's electronic communications data on a daily basis, reporter Aliya Sternstein notes that Alexander "offered hints about what the Pentagon might be pushing the Obama administration to consider."

"Civil liberties and privacy are not [upheld] at the expense of cybersecurity," he said. "They will benefit from cybersecurity," available only, or so we've been led to believe, from the military, well-known for their commitment to civil liberties and the rule of law as the case of Pfc. Bradley Manning amply demonstrates.

Cyberspace, according to Alexander, is a domain that must be protected like the air, sea and land, "but it's also unique in that it's inside and outside military, civilian and government" domains.

Military forces "have to have the ability to move seamlessly when our nation is under attack to defend it ... the mechanisms for doing that have to be laid out and agreed to. The laws don't exist in this area."

While Cyber Command currently shares network security duties with the U.S. Department of Homeland Security, as I reported last year, a Memorandum of Agreement between DHS and NSA, claims that increased "interdepartmental collaboration in strategic planning for the Nation's cybersecurity, mutual support for cybersecurity capabilities development, and synchronization of current operational cybersecurity mission activities," will be beneficial.

We were informed that the Agreement "will focus national cybersecurity efforts, increasing the overall capacity and capability of both DHS's homeland security and DoD's national security missions, while providing integral protection for privacy, civil rights, and civil liberties."

But as Rod Beckström, the former director of Homeland Security's National Cybersecurity Center (NCSC), pointed out in 2009 when he resigned his post, he viewed increased control by NSA over national cybersecurity programs a "power grab."

In a highly-critical letter to DHS Secretary Janet Napolitano, Beckström said that NSA "effectively controls DHS cyber efforts through detailees [and] technology insertions."

Citing the agency's role as the secret state's eyes and ears that peer into America's electronic and telecommunications' networks, Beckström warned that handing more power to NSA could significantly threaten "our democratic processes...if all top level government network security and monitoring are handled by any one organization."

Those warnings have gone unheeded.

National Defense Magazine reported that retired Marine Corps General Peter Pace, the former chairman of the Joint Chiefs of Staff, "would hand over the Department of Homeland Security's cybersecurity responsibilities to the head of the newly created U.S. Cyber Command."

Seconding Pace's call for cybersecurity consolidation, under Pentagon control, Roger Cressey, a senior vice president with the ultra-spooky Booz Allen Hamilton firm, a company that does billions of dollars of work for the Defense Department, "agreed that putting all the responsibility for the federal government's Internet security needs would help the talent shortage by consolidating the responsibilities under one roof."

"The real expertise in the government," Cressey told National Defense, "capable of protecting networks currently lies in the NSA."

Cressey's is hardly an objective opinion. The former member of the National Security Council and the elitist Council on Foreign Relations, joined Booz Allen after an extensive career inside the secret state.

A military-industrial complex powerhouse, Booz Allen clocks-in at No. 9 on Washington Technology's list of 2010 Top 100 Contractors with some $3.3 billion in revenue.

As Spies For Hire author Tim Shorrock pointed out for CorpWatch, "Among the many services Booz Allen provides to intelligence agencies ... are data-mining and data analysis, signals intelligence systems engineering (an NSA specialty), intelligence analysis and operations support, the design and analysis of cryptographic or code-breaking systems (another NSA specialty), and 'outsourcing/privatization strategy and planning'."

With "data mining, surveillance, or any other forms of activities that governments use to collect and collate Americans' personal information" off the Kerry-McCain "privacy" bill table, as CNET reported, enterprising security firms are undoubtedly salivating over potential income--and lack of accountability--which a cybersecurity consolidation, Pentagon-style, would all but guarantee.

Sunday, April 10, 2011

While Justice Department Opposes Digital Privacy for Americans, Pentagon Stonewalls Corporate Spy Probe

When Politico reported late last month that President Obama quietly received a "transparency" award "in a closed, undisclosed meeting at the White House," I first thought it was an April Fool's gag.

But as with all things Obama, the joke is on us.

Reporter Abby Phillip revealed that during a "secret presentation" which had been "inexplicably postponed" two weeks earlier, His Changeness received high marks from "Gary Bass of OMB Watch, Tom Blanton of the National Security Archive, Danielle Brian of the Project on Government Oversight, Lucy Dalglish of the Reporters Committee for Freedom of the Press, and Patrice McDermott of OpenTheGovernment.org."

Let it be said, these organizations do yeoman's work uncovering official waste, fraud and abuse and have done much to expose state crimes (past and present) committed by the U.S. government.

Nevertheless, in callous disregard for his supporters (which should be an object lesson for those who believe the secret state can be "reformed" from the inside), the White House failed to post the meeting on the president's public schedule and barred photographers and print journalists from recording the august event.

OMB Watch's Gary Bass found it "baffling" that the president wouldn't want to trumpet his award; after all, hadn't Obama promised his would be the most "open" administration in history?

For her part, OpenTheGovernment.org's Patrice McDermott expressed "disappointment" that the meeting was held in camera and "surprise" when they learned the event was "not on the President's daily calendar."

Caught off-guard by the White House McDermott averred, "Why they decided to close the meeting to the press is not something we understand."

Scarcely a week later, we learned that the administration will soon seek legislation from Congress that would "punish leaks of classified information" and authorize "intelligence agencies to seize the pension benefits of current or former employees who are believed to have committed an unauthorized disclosure of classified information," Secrecy News revealed.

Given the embarrassing fact that the award was bestowed "in honor of President Obama's commitment to transparency," even as his administration hounds and prosecutes whistleblowers with a ferocity not seen since the darkest days of Watergate, the question is: why is there still such a profound disconnect between the harsh realities of White House policy and its perception management amongst those who should know better?

Digital Privacy? Forgetaboutit!

What other ironies are hiding in plain sight in well-appointed Washington hearing rooms and dark corridors?

CNET News reported that the Justice Department "offered what amounts to a frontal attack on proposals to amend federal law to better protect Americans' privacy."

During hearings last week before the Senate Judiciary Committee, which is rewriting portions of the 1986 Electronic Communications Privacy Act (ECPA), Associate Attorney General James A. Baker warned the panel that granting "cloud computing users more privacy protections and to require court approval before tracking Americans' cell phones would hinder police investigations."

Baker told the committee "that requiring a search warrant to obtain stored e-mail could have an 'adverse impact' on criminal investigations," CNET reported. And making location information only available with a search warrant, he said, would hinder "the government's ability to obtain important information in investigations of serious crimes."

"As we engage in that discussion," Baker averred, "what we must not do--either intentionally or unintentionally--is unnecessarily hinder the government's ability to effectively and efficiently enforce the criminal law and protect national security."

How obtaining a search warrant to legally investigate crime while protecting the rights of suspects would hinder "the government's ability to access, review, analyze, and act promptly upon the communications of criminals that we acquire lawfully," was side-stepped by the Justice Department.

Coming on the heels of new administration rules that "allow investigators to hold domestic-terror suspects longer than others without giving them a Miranda warning," as The Wall Street Journal reported, while "significantly expanding exceptions to the instructions that have governed the handling of criminal suspects for more than four decades," weakening already anemic digital privacy rights would grant even more power to those building a National Surveillance State.

Indeed, short of obtaining a search warrant as stipulated in the Fourth Amendment, any and all electronic communications trolled by the secret state, whether or not they are part of an ongoing criminal or national security investigation have not been acquired "lawfully."

On this point, the law is clear: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

But as Antifascist Calling reported in February, the Electronic Frontier Foundation (EFF) released an explosive report that documented the lawless, constitution-free zone that already exists in "new normal" America.

According to EFF, their review of nearly 2,500 pages of previously classified documents pried from the FBI through Freedom of Information Act litigation, revealed that Bureau "intelligence investigations have compromised the civil liberties of American citizens far more frequently, and to a greater extent, than was previously assumed."

In fact, "almost one-fifth involved an FBI violation of the Constitution, the Foreign Intelligence Surveillance Act, or other laws governing criminal investigations or intelligence gathering activities."

"From 2001 to 2008," the civil liberties' watchdogs uncovered evidence that "the FBI engaged in a number of flagrant legal violations." Amongst the more egregious abuses of democratic norms, EFF revealed that FBI investigators could be criminally charged with "submitting false or inaccurate declarations to courts, using improper evidence to obtain federal grand jury subpoenas" and "accessing password protected documents without a warrant."

Keep in mind these transgressions occurred in but one of 16 agencies which comprise the so-called "Intelligence Community." It's anyone's guess what dirty work is being hatched in darkness by opaque Pentagon satrapies such as the National Security Agency or U.S. Cyber Command, let alone that institutional black hole of crime and corruption, the CIA.

Never one to miss a beat, or offer ever more insidious snooping privileges to the Executive Branch, Senator Charles Grassley (R-IA) said "it's crucial to ensure we don't limit (law enforcement's) ability to obtain information necessary to catch criminals and terrorists who use electronic communication."

Grassley also suggested that requiring warrants, a thoroughly novel and radical approach to policing in a society that presumably champions the rule of law and the rights of the accused, would lead to "increased burdens on the court system."

We wouldn't want that would we? Heavens no! Considering how tiresome it must already be for our "overburdened" federal court system and Justice Department busily and conscientiously investigating and prosecuting Bush, now Obama, administration officials for high crimes and misdemeanors.

Launch a preemptive war against a nation that hasn't attacked us, say Libya, without consulting Congress whom the Constitution alone has granted the power to declare war? Well, there's an app for that too!, the White House Office of Legal Counsel (OLC), which recently declared "that the President had the constitutional authority to direct the use of force in Libya because he could reasonably determine that such use of force was in the national interest."

Memo to Congress: sit down, shut up and continue doing what you do best--taking blood money from the corporate merchants of death who profit from the enterprise.

Pentagon Stonewalls Corporate Spy Probe

Violating the digital privacy and political rights of Americans isn't the exclusive purview of the secret state.

As fallout from the HBGary/Palantir/Berico/Team Themis hack by Anonymous continues to spread like a radioactive cloud, The Tech Herald, which first broke the story of Bank of America's sleazy project to bring down WikiLeaks by targeting journalists and supporters, reported that the Defense Department is stonewalling Rep. Hank Johnson's (D-GA) request "to review contracts signed with Team Themis."

"Last week," investigative journalist Steve Ragan disclosed, "Rep. Johnson sent a letter to the DOD, as well as the Department of Justice (DOJ) and the Office of the Director of National Intelligence (ODNI), asking that any information regarding contracts signed with Team Themis be returned to his office within 10 business days."

Ragan writes that "Johnson is seeking 'in their entirety,' all past and present contracts held by Team Themis, in addition to a written explanation of what safeguards are in place to restrain federal contractors from using technologies for official use against American citizens. Moreover, he asked for a written explanation of who owns and controls the tools developed by contractors for the government."

"This last request," The Tech Herald avers, "is important when you consider that the persona management software developed for the U.S. Central Command (USCENTCOM), also known as MetalGear, isn't owned by the government, it's owned by developer Ntrepid."

Such contracts are worth millions and niche security outfits like Team Themis are viewed by the Pentagon as key players in the development of surveillance tools in Washington's endless "War on Terror."

Last week, the secrecy-shredding web site Public Intelligence published two additional HBGary documents that provided new details on the close, and profitable, conjunction amongst opaque corporate entities and the Pentagon.

The first is the HBGary SRA International 'Memory Grabber' Forensics Tool White Paper, which describes a system for obtaining "memory access to a running and password protected laptop through the use of a small PC Card inserted into the PCMCIA slot of the laptop."

We're told that "law enforcement agents and Special Operations personnel need a tool that provides memory access to a running laptop in the field enabling the timely capture of volatile information."

Such a device would be of particular interest to Border Patrol agents who might seize the laptop of a dissident returning from an overseas peace conference, or a journalist who may have had the temerity to probe too deeply into state-sanctioned crimes.

Last week, the 9th U.S. Circuit Court of Appeals ruled in a 2-1 decision that "authorities may seize laptops, cameras and other digital devices at the U.S. border without a warrant, and scour through them for days hundreds of miles away," Wired reported.

Unsurprisingly, "under the Obama administration, law enforcement agents have aggressively used this power to search travelers' laptops, sometimes copying the hard drive before returning the computer to its owner."

The second document, HBGary DARPA Cyber Insider Threat (CINDER) Proposal, details a bid by the dodgy firm to secure a piece of the Defense Advanced Research Project Agency's "Insider Threat" pie.

"Like a lie detector detects physical changes in the body based on sensitivities to specific questions," HBGary avers, "we believe there are physical changes in the body that are represented in observable behavioral changes when committing actions someone knows is wrong."

"Our solution," disgraced former HBGary Federal CEO Aaron Barr wrote, "is to develop a paranoia-meter to measure these observables."

Before being run to ground by Anonymous, Barr and HBGary CEO Greg Hoglund claimed they had developed a system, a "full functional rootkit on every host or on targeted hosts that can have complete control over the operating environment."

We're told that "the rootkit loads as a stealth kernel-mode base implant," and "will collect select file access, process execution with parameters, email communications, keyboard activity with a time/date stamp, network/TDI activity (and the actual network data if appropriate), and IM traffic. If detailed surveillance is required, it can be enabled to capture screenshots and construct a video stream. All traces of the rootkit installation will be removed after the initial deployment (event log, etc)."

But as we have seen, projects such as this can just as easily migrate into the private sector and be deployed by corporations to spy on employees who might have an unfavorable view of shady practices, such as robo-signing tens of thousands of fraudulent foreclosure notices to cash-strapped homeowners, and then do something about it.

Johnson, in his letter to ODNI Director James Clapper is determined to discover whether Team Themis "violated the law and/or their federal contracts by conspiring to use technologies developed for U.S. intelligence and counterterrorism purposes against American citizens and organizations on behalf of private actors."

In the best traditions of DOD stonewalling and cover-up, the Department's CIO Teri Takai and deputy CMO Elizabeth McGrath both said they were not familiar with "that company" [HBGary] but, as Ragan reported, Takai said "she would have her office look into things and make sure that 'we get back to you...'"

When hell freezes over!

Sunday, April 3, 2011

With Obama and Congress Poised to Gut Social Spending, Pentagon Demands Billions in 'Cybersecurity' Handouts

Call it another sterling example of corporate-flavored "bipartisanship."

With a government shut-down looming over a manufactured "deficit crisis," the World Socialist Web Site reports that the "Obama administration and congressional Democrats have offered to triple the amount of cuts in social spending for the remainder of the current fiscal year, from $10 billion to $30 billion, in ongoing talks with congressional Republicans that face an April 8 deadline."

Leftist critic Patrick Martin comments that these "cuts would be the largest ever imposed in a single year's federal budget." If passed, the "cumulative effect" of slashing social spending in FY2011 will be "much greater" over time. In fact, according to estimates, "the House Republican plan would result in social spending that is $1 trillion lower over ten years."

Grand Theft Wall Street

While legislators in a score of states are slashing unemployment benefits, medical care and educational opportunities for Americans hit hardest by the crisis, Zero Hedge reports that at the beginning of the 2008 financial meltdown the largest U.S. banks "scrambled to the Fed to soak up any and all available liquidity after confidence in the entire ponzi collapsed."

Hardly a shocker considering that investment banking giant Goldman Sachs, as McClatchy revealed, "peddled more than $40 billion in securities backed by at least 200,000 risky home mortgages, but never told the buyers it was secretly betting that a sharp drop in U.S. housing prices would send the value of those securities plummeting."

As investigative journalist Greg Gordon reported, "Goldman's clandestine wagers" completed just before the overinflated housing bubble burst like a putrescent boil, "enabled the nation's premier investment bank to pass most of its potential losses to others before a flood of mortgage defaults staggered the U.S. and global economies."

According to Zero Hedge, once the system entered full crisis mode, with share prices plummeting and pension funds, insurance firms, labor unions and overseas financial houses facing catastrophic losses and potential collapse, Federal Reserve Bank Chairman Ben Bernanke mandated that the Primary Dealer Credit Facility be "downgraded to accept collateral of any type," and that the very institutions responsible for the crisis "had the temerity to pledge bonds that had defaulted (i.e. had a rating of D)." In fact, Zero Hedge revealed, "the Fed would accept Defaulted bonds as collateral: or 'assets' that have no value whatsoever"!

Within a few weeks "this practice became pervasive, with virtually every banker pledging defaulted bonds in exchange for money good cash with which to pretend these banks were doing just fine (not to mention that $71.7 billion in collapsing equities represented nearly half the total collateral of $164.3 billion pledged to receive $155 billion in cash.)"

And whom, pray tell, with a wink and a nod from Bush, and now Obama administration "deficit hawks" gamed the system best? Why Goldman Sachs and JP Morgan Chase of course!

It gets better. ProPublica tells us that while teachers, nurses and other greedy public sector workers (you know, Leona Helmsley's "little people") have their rights stripped away, pay for bank executives "seems to have been immune to the recession and unaffected by the bailouts."

According to a report in American Banker cited by the investigative news site, "in 2003, the banking industry's 1.3 million full-time employees took home $78.3 billion. In 2010, its 2.1 million employees took home $168.1 billion."

ProPublica's Marian Wang informs us "that the point here is the trend, not the actual average. The figure mixes the modest wages of bank tellers with the big bonuses for top execs and investment bankers."

"CEOs, of course," notes Wang, "are still pulling in millions." Bank of America for example "made headlines this week for what seemed to be a cut to CEO Brian Moynihan's compensation. But the $1.94 million he's reported to have taken home in 2010 doesn't include the more than $9 million in deferred compensation that he's due to receive this year."

A sweet deal if you can get it, which of course, you can't.

Instead, for misplaced loyalties to a system intent on grinding us underfoot and charging us for the privilege, The Wall Street Journal reported that despite an alleged "improvement in the labor market, many workers are barely treading water as their wages fail to keep up with rising prices."

"Compared with a year earlier," the Journal avers, "average inflation-adjusted wages have declined."

Unsurprisingly, "the weakness in wages comes amid surging corporate profits and continued productivity gains. With unemployment still high--8.8% in March--employers are finding so much labor available that they are able to keep a tight lid on wages."

These latest outrages come hard on the heels of reports that arms, nuke plant and media giant (can you say Fukashima Daiichi 1-6 and NBC), General Electric, will pay no federal income taxes this year despite "earning" some $14.1 billion in 2010 profits. Under Congress' watchful eye, GE stands to rake in a $3.2 billion tax credit for offshoring U.S. jobs to low wage platforms in various managed democracies.

Rather rich considering that our Grifter-in-Chief, hope and change huckster Barack Obama, named GE's CEO Jeffrey Immelt to head the president's Council on Jobs and Economic Competitiveness back in January, Bloomberg News reported.

No surprise here once you learn, as OpenSecrets.org did, that GE doled out some $39.2 million in 2010 lobbying the best Congress money can buy.

The World Socialist Web Site avers, with troglodytic Republicans demanding some $61 billion in social spending cuts at the behest of crazed Tea Party groups bankrolled by billionaires, "progressive" Democrats have agreed to meet their henchmen half-way across the aisle, a process called "splitting the difference" that will result in "cuts of approximately $33 billion."

"A bipartisan group of 64 senators, 32 from each party, signed a joint letter to Obama," Martin observes, urging the president "to 'engage' personally in talks on long-term deficit reduction, which would include major cuts in Social Security, Medicare and Medicaid, the three most costly federal social programs."

Want to guess who's demanding more from an ever-dwindling federal pie, largely the result of multiple imperial wars to steal other people's resources, corporate bailouts, tax cuts for the filthy rich and a National Surveillance State that views the American people as their deadliest enemy?

All Aboard the "Cybersecurity" Gravy Train

As Antifascist Calling has frequently reported, with various cyber panics now supplementing secret state scaremongering over terrorist threats from a score of shady actors, more often than not off-the-shelf "irregular forces" who, when not murdering official U.S. enemies, i.e., leftists, human rights campaigners, trade unionists and other opponents of Empire, do a brisk business trafficking arms, drugs, human organs, women, whatever.

Orwell reminds us: "All the war-propaganda, all the screaming and lies and hatred, comes invariably from people who are not fighting." But that doesn't mean they can't make a killing when opportunity comes knocking. After all, as Market Research Media reported, "with a cumulative market valued at $55 billion (2010-2015), the U.S. Federal Cybersecurity market will grow steadily--at about 6.2% CAGR over the next six years."

Panic sells, and once the terms of the debate have been set by interested parties adept at feathering their nests, well, it's all aboard the "cybersecurity" gravy train!

Last month, NextGov disclosed that "protecting military networks" in FY2012 will "cost nearly $1 billion more than the Pentagon publicly reported last month, an increase that reflects the growing number of programs being re-categorized as cybersecurity-related, agency officials said."

When the Obama administration released its 2012 budget back in February, "the Pentagon announced it was requesting $2.3 billion to bolster network security within the Defense Department and to strengthen ties with its counterparts at the Homeland Security Department, which is responsible for overseeing civilian cybersecurity," reporter Aliya Sternstein wrote.

But as I reported last year, "strengthening ties" amongst civilian and military cyber warriors means that the "Memorandum of Agreement" struck between the Department of Homeland Security and the National Security Agency will inevitably lead to a marked increase of Pentagon control, in profitable alliance with major defense and security firms, over America's telecommunications and electronic infrastructure.

A reflexive power-grab by the Pentagon is not however, a sign that the internet and related telecommunications' platforms are being absorbed by that scarecrow beloved by neoliberals, libertarians and other "free market" fanatics: "big government." As Marxist social media critic Christian Fuchs points out:

Foucault characterized surveillance in the following way: "He is seen, but he does not see; he is the object of information, never a subject in communication." With the rise of "web 2.0," the Internet has become a universal communication system, which is shaped by privileged data control by corporations that own most of the communication-enabling web platforms and by the state that can gain access to personal data by law. ... By being subjects of communication on the Internet, users make available personal data to others and continuously communicate over the Internet. These communications are mainly mediated by corporate-owned platforms, therefore the subjects of communication become objects of information for corporations and the state in surveillance processes. ... In web 2.0, corporate and state power is exercised through the gathering, combination, and assessment of personal data that users communicate over the web to others, and the global communication of millions within a heteronomous society produces the interest of certain actors to exert control over these communications. In web 2.0, power relations and relationships of communication are interlinked. The users are producers of information ... but this creative communicative activity enables the controllers of disciplinary power to closely gain insights into the lives, secrets, and consumption preferences of the users. (Christian Fuchs, "Web 2.0, Prosumption, and Surveillance," Surveillance & Society, Vol. 8, No. 3, p. 304)


In this light, the Pentagon's obsessive secrecy, particularly as it relates to "cybersecurity" and programs designed for offensive cyber war, its management-driven cult of controlling informational flows and pathological aversion to democratic decision-making processes are anything but antithetical to a neoliberal regime that commodifies everything and values nothing. Rather, the broader militarization of society and social relations as a whole, characterized by endless imperial wars and a system of generalized plunder must be viewed as an expression, albeit a sinister one, of capitalism's drive to privatize and commodify the state itself as a profit-generating center.

This is clearly the case when it comes to Defense Department inflation of their FY2012 cybersecurity budgets. While it is certainly true that the military is the "consumer" of cyber-related "products," it is the producers of those products, defense and security corporations who drive market demand. As investigative journalist Tim Shorrock uncovered in his landmark study, Spies For Hire, "the bulk of this $50 billion [intelligence] market is serviced by one hundred companies, ranging in size from multibillion-dollar defense behemoths to small technology shops funded by venture capitalists that have yet to turn a profit."

In a follow-up piece, NextGov revealed while "the White House proposed spending $2.3 billion on cybersecurity at the Defense Department ... simultaneously Air Force officials announced their cybersecurity request would be $4.6 billion."

For their part, the "Army and Defense Information Systems Agency referred inquiries about their proposed cyber spending to department-level officials." And "Navy officials said they could not provide a top-line budget figure, since funding that supports Navy cybersecurity activities is scattered across several line items, as well as multiple programs, organizations and commands."

As Sternstein points out, while "the area surrounding 'cybersecurity' funding is gray ... the various interpretations of cybersecurity spending translate into real-world financial and national security costs, budget and technology."

Defense Department spokeswoman April Cunningham told NextGov, that the Air Force "included things that we, [at the department's office of the chief information officer] categorize as IT infrastructure, or other activities--not directly information assurance."

"According to the department," Sternstein writes, "information assurance consists of five programs, including public key infrastructure, or digital certificates, as well as defense industrial base cybersecurity for private sector assets that support the military."

Cunningham said that "activities at the Air Force and other services that Defense considers to be 'information assurance-cybersecurity' are captured in the total $3.2 billion figure." And "based on this formula" the Army is seeking $432 million and the Navy are lusting after $347 million in FY2012.

However, other Defense agencies "including DISA, the National Security Agency and the Defense Advanced Research Projects Agency--are asking for a cumulative $1.6 billion. Details on proposed cyber spending at all Pentagon components are shared with Congress in a classified budget book, she said."

Which means, given the Pentagon's propensity to quietly hide their most controversial programs within the dark folds of the black budget, Congress, let alone the American people, really have no idea what such programs entail, who benefits from black contract outlays and ultimately, how they'll be deployed.

NextGov reported that the revised budget request "also includes funding for noninformation assurance activities" that the Pentagon claims "are integral to the military's cyber posture, specifically cyber operations, security innovations and forensics."

Additionally, "the budget assigns $159 million to the relatively new U.S. Cyber Command, and distributes $258 million among science and technology investments targeted at cyber tools," and that "some" of the proposed funding will go "toward a new partnership with the Homeland Security Department, which oversees civilian cyber operations."

"Any way you measure it," Sternstein writes, "Defense funding for cybersecurity dwarfs that of Homeland Security. The fiscal 2012 budget for DHS information security is $936 million."

And given the fact that "some cybersecurity funding is classified at Defense components such as the NSA," the Pentagon satrapy with the brief to driftnet spy on Americans' communications and potentially, through U.S. Cyber Command, carry out offensive operations against selected domestic targets in tandem with corporate partners, as the HBGary emails and documents leaked by Anonymous seem to suggest, total cybersecurity spending is an immense black hole.

As investigative journalist Nate Anderson revealed in Ars Technica, the HBGary hack demonstrated how the U.S. government is now "in the position of deploying the hacker's darkest tools--rootkits, computer viruses, trojan horses, and the like."

Indeed, Anderson reports, in 2009 "HBGary had partnered with the Advanced Information Systems group of defense contractor General Dynamics to work on a project euphemistically known as 'Task B.' The team had a simple mission: slip a piece of stealth software onto a target laptop without the owner's knowledge."

HBGary's CEO Greg Hoglund was focused on delivering such tools in tandem with defense giant General Dynamics "which a later e-mail makes clear was for a government agency."

"Hoglund's special interest was in all-but-undetectable computer 'rootkits'," Ars Technica reported, "programs that provide privileged access to a computer's innermost workings while cloaking themselves even from standard operating system functions. A good rootkit can be almost impossible to remove from a running machine--if you could even find it in the first place."

According to a 243 page report by HBGary, "Windows Rootkit Analysis Report," posted by the secrecy-shredding web site Public Intelligence, Hoglund averred that "combining deployment of a rootkit with a BOT makes for a very stealth piece of malicious software."

A companion document published by Public Intelligence, "Proposal for Project C," informs us that "General Dynamics has selected HBGary Inc to provide this proposal for development of a software application targeting the Windows XP Operating System that, when executed, loads and enables a covert kernel-mode implant that will exfiltrate a file from disk (or other remotely called commands) over a connected serial port to a remote device."

We're informed that the "enabling kernel mode implant will cater to a command and control element via the serial port," which "as part of the exploit delivery package, a usermode trojan will assist in the loading of the implant, which will clearly demonstrate the full capability of the implant."

In plain English: private contractors, including some of the largest U.S. defense and security firms, are busy as proverbial bees designing malware for the secret state; insidious, undetectable applications that can transform an individual's laptop or smart phone into a component of a malicious botnet under cover of "cyber defense."

Try finding those line items in the Defense Department's FY2012 budget!