May 12, 2017

On Thursday, the National Security Agency and Office of the Director of National Intelligence declassified documents explaining why the NSA has stopped collecting emails and text messages from Americans that mention foreign surveillance targets but are not to or from them ("about" mentions). Last fall, the Foreign Intelligence Surveillance Court had put off reauthorizing the NSA's authority to collect certain intelligence without warrants under Section 702 of the 2008 FISA Amendments Act because, as FISC presiding Judge Rosemary Collyer wrote, an NSA inspector general's report had uncovered "a very serious Fourth Amendment issue" with how NSA agents searched for the names of Americans tied to foreign targets.

When NSA analysts searched "upstream" channels — like switches that emails and texts travel through in and out of the U.S. — they were more likely to accidentally capture purely domestic communications, so the court had blocked the NSA from searching for "about" mentions in upstream searches ("downstream" focuses on the content of email accounts). Most of the time, analysts didn't use those restrictions, the report found. In March, the NSA, with the approval of the Trump administration, stopped all use of "about" searches, a major contraction of the surveillance apparatus put in place after the Sept. 11, 2001, terrorist attacks. In April, Judge Collyer authorized the new system, without "about" searches, and allowed analysts to search upstream channels again.

"The move increased the risk that the program might miss something important it otherwise would have collected," The New York Times explains, "but removed a cloud at a time when the law on which the program is based, the FISA Amendments Act, is about to expire unless Congress extends it." Peter Weber

October 21, 2016

Federal prosecutors plan to charge former National Security Agency contractor Harold T. Martin III with violating the Espionage Act after he stole what is believed to be "the largest theft of classified government material ever" over the course of 20 years, The Washington Post reports.

In a 12-page memo, U.S. Attorney Rod Rosenstein and two other prosecutors laid out a much more far-reaching case against Harold T. Martin III than was previously outlined. They say he took at least 50 terabytes of data and "six full banker's boxes worth of documents," with many lying open in his home office or kept on his car's back seat and in the trunk. Other material was stored in a shed on his property.

One terabyte is the equivalent of 500 hours' worth of movies. [The Washington Post]

In early October, Martin's former wife told The New York Times Martin was "a bit of a hoarder." Investigators were unsure if Martin had intended to leak the data.

For now, prosecutors are hoping to keep Martin in jail, saying he could still flee abroad; he reportedly communicated with people in Russia and downloaded information on the Russian language. Martin also had an "arsenal" of weapons in his car and home, which his current wife, Deborah Vinson, asked to be removed because she feared Martin would commit suicide if he "thought it was all over." Jeva Lange

August 17, 2016

A group calling itself "The Shadow Brokers" has released a cache of what appear to be genuine and powerful hacking tools developed at the National Security Agency (NSA) to break into the networks of foreign governments and other espionage targets, and nobody seems sure why the hackers leaked them to the public or what other NSA tools they have. The groups says it is auctioning off a separate cache with "the best files" to the highest bidder in a Bitcoin auction, though security experts laugh that off as misdirection.

"The auction is the equivalent of a criminal asking to be paid in new, marked, sequential bills," writes Nicholas Weaver, a computer security researcher at U.C. Berkeley. "Because the actors here are certainly not amateurs, the auction is presumably a bit of 'Doctor Evil' theater." The tools, however, are the work of the NSA's elite hacker division, Tailored Access Operations (TAO), according to experts who've examined the 300 MB of code. "Without a doubt, they're the keys to the kingdom," a former TAO employee tells The Washington Post. "The stuff you're talking about would undermine the security of a lot of major government and corporate networks both here and abroad."

The main suspect is Russia, and it's not clear if the hackers broke into the secure NSA computer network or, perhaps more likely, a TAO employee left the tool kit on an unsecured intermediary server being used in a hacking operation. "NSA's hackers (TAO) are told not to leave their hack tools ('binaries') on the server after an op," former NSA contractor Edward Snowden tweeted Tuesday, amid a longer thread on the malware release. "But people get lazy." Snowden and other experts say that the files leaked so far aren't operationally devastating for America's cyberspies — the most recent ones are from mid-2013, after Snowden's leak of NSA secrets (not code), when the NSA would have locked down and switched servers — but are still a really big deal.

First, the tools still work on corporate and government servers that haven't been patched. Second, if Russia is responsible, as widely suspected, they are sending a message. Snowden's theory is that this is a warning not to retaliate against the suspected Russian hack of Democratic Party emails and documents, slowly being leaked out by a hacker with the pseudonym Guccifer 2.0. "The real problem for us is that the Russians seem to have taken the gloves off in the cyberdomain," James A. Lewis at the Center for Strategic and International Studies tells The New York Times, "and we don't know how to respond." Peter Weber

August 15, 2015

The National Security Agency has been able to spy on a massive amount of internet traffic due to a partnership with AT&T dating back to 1985, ProPublica and The New York Times reported Saturday based on documents provided by whistleblower Edward Snowden.

It's been reported before that telecommunications companies cooperated with the NSA, but new documents specifically highlight AT&T's "extreme willingness to help."

When George W. Bush passed the Patriot Act and also secretly started a warrantless wiretapping programming in 2001, AT&T was the first company to start turning over records. The company also started forwarding one billion emails per day and hundreds of millions of internet metadata records per month.

Read the full report here. Julie Kliegman

June 3, 2015

Now that President Obama has signed the USA Freedom Act, the National Security Agency will start collecting telephone metadata en masse again for six months, until the new system is up and running. At that point, phone companies will have to store that information — length of calls, numbers dialed, not content — for an unspecified amount of time, and the NSA and other spy agencies will need to get a court order to search through it.

But what about the years of phone records the NSA has already amassed? It's not clear, The Associated Press reports. "Obama administration officials have not said what they will do with those and whether they will continue to search them." AP does have other, more definitive answers in its Q&A about the Freedom Act, which you can read for further information. Peter Weber

November 18, 2014

On Tuesday, a bill that would have ended the National Security Agency's program that collects the phone records of Americans in bulk stalled in the Senate.

The bill was supported by the Obama administration and technology companies like Google, Yahoo, Apple, and Microsoft. It fell two votes short of the 60 necessary to pass, with Democrats and a few Republicans voting in favor.

Sen. Mitch McConnell (R) said the program as it is now works to fight terrorism, and "this is the worst possible time to be tying our hands behind our backs."

Under the bill, most records would have stayed with the phone companies. An analyst would have had to get a new type of court order to obtain records, and they would only have access to records up to two degrees away from a suspect, The New York Times reports. Catherine Garcia

See More Speed Reads