Using encryption? That means the US spooks have you on file

By my order for the good of the state, the bearer has done what has been done


Anyone who encrypts their emails or uses secure instant message services runs the risk of having their communications stored by the US National Security Agency, according to the latest leaks from former NSA sysadmin Edward Snowden.

The Guardian has published two more explosive documents which set out what sort of information the NSA is allowed to harvest from foreign targets, as well American citizens.

Both were issued by the secret Foreign Intelligence Surveillance Court and were signed by US Attorney General Eric Holder in 2009.

The leaked documents show that data about a US citizen collected "inadvertently" can also be stored for up to five years, giving agents significant breathing space when gathering intelligence. They also show the methods agents use to establish whether targets are based in the US and what they are allowed to do in order to spy on "non-US persons".

The documents clearly state that surveillance should cease the minute a target is on US soil or is deemed to be an American – but there are exceptions to this which allow spooks to store communications from American citizens.

If someone's location can not be clearly established, then they "will not be treated as a United States person" unless other evidence becomes apparent. This would mean that anyone using anonymity software like Tor, which deliberately masks their location, is liable to have their communications stored.

Spies are also told they can retain "all communications that are enciphered or reasonably believed to contain secret meaning" for up to five years, giving them another way to keep American citizens' communications data.

These must be kept to help create a "technical data base", which is spook slang for any data which is useful for cryptanalysis - the breaking of codes - or analysis of internet traffic. In practice, this means that using encrypted messages for security purposes may have the ironic effect of drawing the secret message to the attention of spies.

This data should really be destroyed within five years, unless they are "communications that are enciphered or reasonably believed to contain secret meaning, and sufficient duration may consist of any period of time during which encrypted material is subject to, or of use in, cryptanalysis".

Exchanges between attorneys and clients can also be kept, as long as they contain foreign intelligence information.

The documents follow in the wake of other revelations from Snowden, including an NSA programme called PRISM which trawled data on individuals from popular US cloud and social services. ®


Other stories you might like

  • Never fear, the White House is here to tackle web trolls
    'No one should have to endure abuse just because they are attempting to participate in society'

    A US task force aims to prevent online harassment and abuse, with a specific focus on protecting women, girls and LGBTQI+ individuals.

    In the next 180 days, the White House Task Force to Address Online Harassment and Abuse will, among other things, draft a blueprint on a "whole-of-government approach" to stopping "technology-facilitated, gender-based violence." 

    A year after submitting the blueprint, the group will provide additional recommendations that federal and state agencies, service providers, technology companies, schools and other organisations should take to prevent online harassment, which VP Kamala Harris noted often spills over into physical violence, including self-harm and suicide for victims of cyberstalking as well mass shootings.

    Continue reading
  • Abortion rights: US senators seek ban on sale of health location data
    With Supreme Court set to overturn Roe v Wade, privacy is key

    A group of senators wants to make it illegal for data brokers to sell sensitive location and health information of individuals' medical treatment.

    A bill filed this week by five senators, led by Senator Elizabeth Warren (D-MA), comes in anticipation the Supreme Court's upcoming ruling that could overturn the 49-year-old Roe v. Wade ruling legalizing access to abortion for women in the US.

    The worry is that if the Supreme Court strikes down Roe v. Wade – as is anticipated following the leak in May of a majority draft ruling authored by Justice Samuel Alito – such sensitive data can be used against women.

    Continue reading
  • Brave Search leaves beta, offers Goggles for filtering, personalizing results
    Freedom or echo chamber?

    Brave Software, maker of a privacy-oriented browser, on Wednesday said its surging search service has exited beta testing while its Goggles search personalization system has entered beta testing.

    Brave Search, which debuted a year ago, has received 2.5 billion search queries since then, apparently, and based on current monthly totals is expected to handle twice as many over the next year. The search service is available in the Brave browser and in other browsers by visiting search.brave.com.

    "Since launching one year ago, Brave Search has prioritized independence and innovation in order to give users the privacy they deserve," wrote Josep Pujol, chief of search at Brave. "The web is changing, and our incredible growth shows that there is demand for a new player that puts users first."

    Continue reading

Biting the hand that feeds IT © 1998–2022