Inside Washington's Quest to Bring Down Edward Snowden

Gathered together in one place, for easy access, an agglomeration of writings and images relevant to the Rapeutation phenomenon.

Re: Inside Washington's Quest to Bring Down Edward Snowden

Postby admin » Tue Nov 24, 2015 11:34 pm

These Are the Financial Disclosure Forms the NSA Said Would Threaten National Security
By Jason Leopold
October 10, 2014

NOTICE: THIS WORK MAY BE PROTECTED BY COPYRIGHT

YOU ARE REQUIRED TO READ THE COPYRIGHT NOTICE AT THIS LINK BEFORE YOU READ THE FOLLOWING WORK, THAT IS AVAILABLE SOLELY FOR PRIVATE STUDY, SCHOLARSHIP OR RESEARCH PURSUANT TO 17 U.S.C. SECTION 107 AND 108. IN THE EVENT THAT THE LIBRARY DETERMINES THAT UNLAWFUL COPYING OF THIS WORK HAS OCCURRED, THE LIBRARY HAS THE RIGHT TO BLOCK THE I.P. ADDRESS AT WHICH THE UNLAWFUL COPYING APPEARED TO HAVE OCCURRED. THANK YOU FOR RESPECTING THE RIGHTS OF COPYRIGHT OWNERS.


Image

Former National Security Agency (NSA) Director Keith Alexander has held investments in a corporation that identifies itself as a "world leader in cloud solutions." And in a "data gathering and research" firm. And in a company that develops software that improves the quality of images captured by surveillance cameras. And in a radio frequency business that, among other things, manufactures amplifiers for air traffic control, radar, and surveillance.

The NSA once said that if revealed, this information [pdf below] would threaten national security.

The agency refused VICE News' July request for copies of Alexander's financial disclosure reports, which he is required to fill out annually under a federal law known as the Ethics and Government Act. The law also states that government agencies are required to release the files upon request.

But attorney Shadey Brown, who is the NSA's ethics officer, said in a July 23 letter that the NSA has routinely denied requests for copies of its officials' financial disclosure reports under the National Security Agency Act of 1959. That law authorizes the NSA to withhold virtually everything about the inner workings of the agency, including data about the names, titles, and salaries of people the agency employs.

Moreover, Brown cited a provision in the Ethics and Government Act that suggested President Barack Obama issued Alexander a waiver that authorized the withholding of his financial reports if disclosure would "compromise the national interest of the United States."

In a lawsuit against the NSA, attorney Jeffrey Light argued that the agency had misinterpreted the laws it cited to justify the ongoing secrecy. Earlier this week, before the case hit a courtroom, a government attorney turned over 59 pages of financial disclosure reports Alexander filed between 2009 and 2014. Brown said in a letter dated October 2 that the NSA was releasing the material "in the interest of transparency."

Alexander's interest in spying was not limited to his tenure as NSA director. He also invested in firms that are on the cutting edge of surveillance technology.


In addition, a government attorney said the NSA would no longer deny access to financial disclosure forms from officials who are required to file the reports — the first time the agency has changed its policies regarding the National Security Agency Act. VICE News subsequently requested the financial disclosure forms of new NSA Director Michael Rogers and another official at the agency. Deputy General Counsel Ariane Cerlenko responded via email saying, "Both of these requests will be processed expeditiously and we expect to get back to you shortly."

Although Alexander was head of the NSA from 2005 through March of this year, Brown said the Ethics and Government Act only requires financial disclosure reports to be released for a period of six years before receipt; therefore, he would not provide reports Alexander filled out prior to 2008.

Steven Aftergood, director of the Project on Government Secrecy at the Federation of American Scientists, said the National Security Agency Act, like the CIA Act, is a "giant black hole for information."

"Withholding under the Act does not need to be justified on specific national security grounds — it is enough that the information pertains to agency organization, salaries, etc.," Aftergood said. "And the withholding is often done on a reflexive basis, without any serious thought process. What's interesting here, and maybe a tad encouraging, is that NSA changed its mind. What's discouraging, though, is that a lawsuit was necessary."

Alexander resigned as NSA director following a tumultuous year that saw former agency contractor Edward Snowden leak highly classified documents about top-secret NSA surveillance. Alexander then launched private consulting firm IronNet Cybersecurity Inc., reportedly offering to help banks and other firms protect their computer networks from hackers for up to $1 million a month (he later reduced that figure to $600,000 a month).

Representative Alan Grayson accused Alexander of profiting off the sale of classified information.

"Disclosing or misusing classified information for profit is, as Mr. Alexander well knows, a felony," Grayson wrote last June to three banking groups that hired Alexander as a cyber-consultant. "I question how Mr. Alexander can provide any of the services he is offering unless he discloses or misuses classified information, including extremely sensitive sources and methods. Without the classified information that he acquired in his former position, he literally would have nothing to offer to you."


Alexander's private consulting work and allegations made by Grayson are what prompted VICE News to seek Alexander's financial reports to determine whether he had a stake in any firms with whom he entered into consulting arrangements.

The reports show that Alexander's supervisors — Director of National Intelligence James Clapper and Undersecretary of Defense for Intelligence Michael Vickers — signed off on Alexander's financial interests, affirming that his investments were "unrelated to his prospective duties and no conflicts appear to exist."

That said, Alexander's interest in surveillance was not limited to his tenure as NSA director. He also invested in firms that are on the cutting edge of surveillance technology.

For example, Alexander invested as much as $15,000 in: Pericom Semiconductor, a company that has designed technology for the closed-circuit television and video surveillance markets; RF Micro Devices designs, which manufactures high-performance radio frequency technology that is also used for surveillance; and as much as $50,000 in Synchronoss Technologies, a cloud storage firm that provides a cloud platform to mobile phone carriers (the NSA has been accused of hacking into cloud storage providers).

Alexander also held shares in Datascension, Inc., a data gathering and research company. The Securities and Exchange Commission suspended trading in Datascension last August "due to a lack of current and accurate information" about the company. (Datascension was linked to telemarketing calls that apparently prompted one person in a complaint forum to remark the company is "trying to gain personal information.")

An NSA spokeswoman did not respond to requests for comment, and spokespeople for the technology firms did not respond to VICE News' questions about whether Alexander has offered his consulting services or whether they were awarded contracts with the NSA. Many of the firms have been awarded contracts by the Department of Defense and other government agencies.

UPDATE — October 14, 2014: Stacie Hiras, a spokeswoman for Synchronoss, told VICE News via email that the company "has not had a relationship in the past or currently with the NSA or with Keith Alexander."

Follow Jason Leopold on Twitter: @JasonLeopold
admin
Site Admin
 
Posts: 36125
Joined: Thu Aug 01, 2013 5:21 am

Re: Inside Washington's Quest to Bring Down Edward Snowden

Postby admin » Tue Nov 24, 2015 11:44 pm

NSA collecting phone records of millions of Verizon customers daily
Exclusive: Top secret court order requiring Verizon to hand over all call data shows scale of domestic surveillance under Obama
by Glenn Greenwald
6 June 2013
Last modified on 4 October 2014

NOTICE: THIS WORK MAY BE PROTECTED BY COPYRIGHT

YOU ARE REQUIRED TO READ THE COPYRIGHT NOTICE AT THIS LINK BEFORE YOU READ THE FOLLOWING WORK, THAT IS AVAILABLE SOLELY FOR PRIVATE STUDY, SCHOLARSHIP OR RESEARCH PURSUANT TO 17 U.S.C. SECTION 107 AND 108. IN THE EVENT THAT THE LIBRARY DETERMINES THAT UNLAWFUL COPYING OF THIS WORK HAS OCCURRED, THE LIBRARY HAS THE RIGHT TO BLOCK THE I.P. ADDRESS AT WHICH THE UNLAWFUL COPYING APPEARED TO HAVE OCCURRED. THANK YOU FOR RESPECTING THE RIGHTS OF COPYRIGHT OWNERS.




Image
Under the terms of the order, the numbers of both parties on a call are handed over, as is location data and the time and duration of all calls. Photograph: Matt Rourke/AP

The National Security Agency is currently collecting the telephone records of millions of US customers of Verizon, one of America's largest telecoms providers, under a top secret court order issued in April.

The order, a copy of which has been obtained by the Guardian, requires Verizon on an "ongoing, daily basis" to give the NSA information on all telephone calls in its systems, both within the US and between the US and other countries.

The document shows for the first time that under the Obama administration the communication records of millions of US citizens are being collected indiscriminately and in bulk – regardless of whether they are suspected of any wrongdoing.

The secret Foreign Intelligence Surveillance Court (Fisa) granted the order to the FBI on April 25, giving the government unlimited authority to obtain the data for a specified three-month period ending on July 19.

Under the terms of the blanket order, the numbers of both parties on a call are handed over, as is location data, call duration, unique identifiers, and the time and duration of all calls. The contents of the conversation itself are not covered.

The disclosure is likely to reignite longstanding debates in the US over the proper extent of the government's domestic spying powers.

Under the Bush administration, officials in security agencies had disclosed to reporters the large-scale collection of call records data by the NSA, but this is the first time significant and top-secret documents have revealed the continuation of the practice on a massive scale under President Obama.

The unlimited nature of the records being handed over to the NSA is extremely unusual. Fisa court orders typically direct the production of records pertaining to a specific named target who is suspected of being an agent of a terrorist group or foreign state, or a finite set of individually named targets.

The Guardian approached the National Security Agency, the White House and the Department of Justice for comment in advance of publication on Wednesday. All declined. The agencies were also offered the opportunity to raise specific security concerns regarding the publication of the court order.

The court order expressly bars Verizon from disclosing to the public either the existence of the FBI's request for its customers' records, or the court order itself.

"We decline comment," said Ed McFadden, a Washington-based Verizon spokesman.

The order, signed by Judge Roger Vinson, compels Verizon to produce to the NSA electronic copies of "all call detail records or 'telephony metadata' created by Verizon for communications between the United States and abroad" or "wholly within the United States, including local telephone calls".

The order directs Verizon to "continue production on an ongoing daily basis thereafter for the duration of this order". It specifies that the records to be produced include "session identifying information", such as "originating and terminating number", the duration of each call, telephone calling card numbers, trunk identifiers, International Mobile Subscriber Identity (IMSI) number, and "comprehensive communication routing information".

The information is classed as "metadata", or transactional information, rather than communications, and so does not require individual warrants to access. The document also specifies that such "metadata" is not limited to the aforementioned items. A 2005 court ruling judged that cell site location data – the nearest cell tower a phone was connected to – was also transactional data, and so could potentially fall under the scope of the order.

While the order itself does not include either the contents of messages or the personal information of the subscriber of any particular cell number, its collection would allow the NSA to build easily a comprehensive picture of who any individual contacted, how and when, and possibly from where, retrospectively.

It is not known whether Verizon is the only cell-phone provider to be targeted with such an order, although previous reporting has suggested the NSA has collected cell records from all major mobile networks. It is also unclear from the leaked document whether the three-month order was a one-off, or the latest in a series of similar orders.

The court order appears to explain the numerous cryptic public warnings by two US senators, Ron Wyden and Mark Udall, about the scope of the Obama administration's surveillance activities.

For roughly two years, the two Democrats have been stridently advising the public that the US government is relying on "secret legal interpretations" to claim surveillance powers so broad that the American public would be "stunned" to learn of the kind of domestic spying being conducted.


Because those activities are classified, the senators, both members of the Senate intelligence committee, have been prevented from specifying which domestic surveillance programs they find so alarming. But the information they have been able to disclose in their public warnings perfectly tracks both the specific law cited by the April 25 court order as well as the vast scope of record-gathering it authorized.

Julian Sanchez, a surveillance expert with the Cato Institute, explained: "We've certainly seen the government increasingly strain the bounds of 'relevance' to collect large numbers of records at once — everyone at one or two degrees of separation from a target — but vacuuming all metadata up indiscriminately would be an extraordinary repudiation of any pretence of constraint or particularized suspicion." The April order requested by the FBI and NSA does precisely that.

The law on which the order explicitly relies is the so-called "business records" provision of the Patriot Act, 50 USC section 1861. That is the provision which Wyden and Udall have repeatedly cited when warning the public of what they believe is the Obama administration's extreme interpretation of the law to engage in excessive domestic surveillance.

In a letter to attorney general Eric Holder last year, they argued that "there is now a significant gap between what most Americans think the law allows and what the government secretly claims the law allows."

"We believe," they wrote, "that most Americans would be stunned to learn the details of how these secret court opinions have interpreted" the "business records" provision of the Patriot Act.


Privacy advocates have long warned that allowing the government to collect and store unlimited "metadata" is a highly invasive form of surveillance of citizens' communications activities. Those records enable the government to know the identity of every person with whom an individual communicates electronically, how long they spoke, and their location at the time of the communication.

Such metadata is what the US government has long attempted to obtain in order to discover an individual's network of associations and communication patterns. The request for the bulk collection of all Verizon domestic telephone records indicates that the agency is continuing some version of the data-mining program begun by the Bush administration in the immediate aftermath of the 9/11 attack.

The NSA, as part of a program secretly authorized by President Bush on 4 October 2001, implemented a bulk collection program of domestic telephone, internet and email records. A furore erupted in 2006 when USA Today reported that the NSA had "been secretly collecting the phone call records of tens of millions of Americans, using data provided by AT&T, Verizon and BellSouth" and was "using the data to analyze calling patterns in an effort to detect terrorist activity." Until now, there has been no indication that the Obama administration implemented a similar program.

These recent events reflect how profoundly the NSA's mission has transformed from an agency exclusively devoted to foreign intelligence gathering, into one that focuses increasingly on domestic communications. A 30-year employee of the NSA, William Binney, resigned from the agency shortly after 9/11 in protest at the agency's focus on domestic activities.

In the mid-1970s, Congress, for the first time, investigated the surveillance activities of the US government. Back then, the mandate of the NSA was that it would never direct its surveillance apparatus domestically.

At the conclusion of that investigation, Frank Church, the Democratic senator from Idaho who chaired the investigative committee, warned: "The NSA's capability at any time could be turned around on the American people, and no American would have any privacy left, such is the capability to monitor everything: telephone conversations, telegrams, it doesn't matter."

Additional reporting by Ewen MacAskill and Spencer Ackerman
admin
Site Admin
 
Posts: 36125
Joined: Thu Aug 01, 2013 5:21 am

Re: Inside Washington's Quest to Bring Down Edward Snowden

Postby admin » Tue Nov 24, 2015 11:45 pm

TOP SECRET//SI//NOFORN

NOTICE: THIS WORK MAY BE PROTECTED BY COPYRIGHT

YOU ARE REQUIRED TO READ THE COPYRIGHT NOTICE AT THIS LINK BEFORE YOU READ THE FOLLOWING WORK, THAT IS AVAILABLE SOLELY FOR PRIVATE STUDY, SCHOLARSHIP OR RESEARCH PURSUANT TO 17 U.S.C. SECTION 107 AND 108. IN THE EVENT THAT THE LIBRARY DETERMINES THAT UNLAWFUL COPYING OF THIS WORK HAS OCCURRED, THE LIBRARY HAS THE RIGHT TO BLOCK THE I.P. ADDRESS AT WHICH THE UNLAWFUL COPYING APPEARED TO HAVE OCCURRED. THANK YOU FOR RESPECTING THE RIGHTS OF COPYRIGHT OWNERS.


UNITED STATES
FOREIGN INTELLIGENCE SURVEILLANCE COURT
WASHINGTON, D.C.

IN RE APPLICATION OF THE
FEDERAL BUREAU OF INVESTIGATION
FOR AN ORDER REQUIRING THE
PRODUCTION OF TANGIBLE THINGS
FROM VERIZON BUSINESS NETWORK SERVICES,
INC. ON BEHALF OF MCI COMMUNICATION
SERVICES, INC. D/B/A VERIZON
BUSINESS SERVICES.

Docket Number: BR 13-80

SECONDARY ORDER

This Court having found that the Application of the Federal Bureau of
Investigation (FBI) for an Order requiring the production of tangible things from
Verizon Business Network Services, Inc. on behalf of MCI Communication Services
Inc., d/b/a Verizon Business Services (individually and collectively "Verizon")
satisfies the requirements of 50 U.S.C. § 1861,

IT IS HEREBY ORDERED that, the Custodian of Records shall produce to the
National Security Agency (NSA) upon service of this Order, and continue production
on an ongoing daily basis thereafter for the duration of this Order, unless otherwise
ordered by the Court, an electronic copy of the following tangible things: all call detail
records or "telephony metadata" created by Verizon for communications (i) between
the United States and abroad; or (ii) wholly within the United States, including local
telephone calls. This Order does not require Verizon to produce telephony metadata
for communications wholly originating and terminating in foreign countries.
Telephony metadata includes comprehensive communications routing information,.
including but not limited to session identifying information (e.g., originating and
terminating telephone number, International Mobile Subscriber Identity (IMSI) number,
International Mobile station Equipment Identity (IMEI) number, etc.), trunk identifier,
telephone calling card numbers, and time and duration of call. Telephony metadata
does not include the substantive content of any communication, as defined by 18 U.S.C.
§ 2510(8), or the name, address, or financial information of a subscriber or customer.

IT IS FURTHER ORDERED that no person shall disclose to any other person that
the FBI or NSA has sought or obtained tangible things under this Order, other than to:
(a) those persons to whom disclosure is necessary to comply with such Order; (b) an
attorney to obtain legal advice or assistance with respect to the production of things in
response to the Order; or (c) other persons as permitted by the Director of the FBI or the
Director's designee. A person to whom disclosure is made pursuant to (a), (b), or (c)
shall be subject to the nondisclosure requirements applicable to a person to whom an
Order is directed in the same manner as such person. Anyone who discloses to a
person described in (a), (b), or (c) that the FBI or NSA has sought or obtained tangible
things pursuant to this Order shall notify such person of the nondisclosure
requirements of this Order. At the request of the Director of the FBI or the designee of
the Director, any person making or intending to make a disclosure under (a) or (c)
above shall identify to the Director or such designee the person to whom such
disclosure will be made or to whom such disclosure was made prior to the request.

IT IS FURTHER ORDERED that service of this Order shall be by a method
agreed upon by the Custodian of Records of Verizon and the FBI, and if no agreement is
reached, service shall be personal.

This authorization requiring the production of certain call detail records or
"telephony metadata" created by Verizon expires on the 19th day of July, 2013, at
5:00 p.m., Eastern Time.

Signed: 04-25-2014 P02:26 Eastern Time

ROGER VINSON
Judge, United States Foreign
Intelligence Surveillance Court

I, Beverly C. Queen, Chief Deputy
Clerk, FISC, certify that this document
is a true and correct copy of the
original
admin
Site Admin
 
Posts: 36125
Joined: Thu Aug 01, 2013 5:21 am

Re: Inside Washington's Quest to Bring Down Edward Snowden

Postby admin » Tue Nov 24, 2015 11:57 pm

Anger swells after NSA phone records court order revelations
Senior politicians reveal that US counter-terrorism efforts have swept up personal data from American citizens for years
by Dan Roberts and Spencer Ackerman
Washington
6 June 2013
Last modified 4 October 2014

NOTICE: THIS WORK MAY BE PROTECTED BY COPYRIGHT

YOU ARE REQUIRED TO READ THE COPYRIGHT NOTICE AT THIS LINK BEFORE YOU READ THE FOLLOWING WORK, THAT IS AVAILABLE SOLELY FOR PRIVATE STUDY, SCHOLARSHIP OR RESEARCH PURSUANT TO 17 U.S.C. SECTION 107 AND 108. IN THE EVENT THAT THE LIBRARY DETERMINES THAT UNLAWFUL COPYING OF THIS WORK HAS OCCURRED, THE LIBRARY HAS THE RIGHT TO BLOCK THE I.P. ADDRESS AT WHICH THE UNLAWFUL COPYING APPEARED TO HAVE OCCURRED. THANK YOU FOR RESPECTING THE RIGHTS OF COPYRIGHT OWNERS.


• NSA taps in to internet giants' systems to mine user data, secret files reveal

Image
A White House spokesman said that laws governing such orders 'are something that have been in place for a number of years now'. Photograph: Rex Features

The scale of America's surveillance state was laid bare on Thursday as senior politicians revealed that the US counter-terrorism effort had swept up swaths of personal data from the phone calls of millions of citizens for years.

After the revelation by the Guardian of a sweeping secret court order that authorised the FBI to seize all call records from a subsidiary of Verizon, the Obama administration sought to defuse mounting anger over what critics described as the broadest surveillance ruling ever issued.

A White House spokesman said that laws governing such orders "are something that have been in place for a number of years now" and were vital for protecting national security. Dianne Feinstein, the Democratic chairwoman of the Senate intelligence committee, said the Verizon court order had been in place for seven years. "People want the homeland kept safe," Feinstein said.

But as the implications of the blanket approval for obtaining phone data reverberated around Washington and beyond, anger grew among other politicians.

Intelligence committee member Mark Udall, who has previously warned in broad terms about the scale of government snooping, said: "This sort of widescale surveillance should concern all of us and is the kind of government overreach I've said Americans would find shocking." Former vice-president Al Gore described the "secret blanket surveillance" as "obscenely outrageous".

The Verizon order was made under the provisions of the Foreign Intelligence Surveillance Act (Fisa) as amended by the Patriot Act of 2001, passed in the wake of the 9/11 attacks. But one of the authors of the Patriot Act, Republican congressman Jim Sensenbrenner, said he was troubled by the Guardian revelations. He said that he had written to the attorney general, Eric Holder, questioning whether "US constitutional rights were secure".

He said: "I do not believe the broadly drafted Fisa order is consistent with the requirements of the Patriot Act. Seizing phone records of millions of innocent people is excessive and un-American."

The White House sought to defend what it called "a critical tool in protecting the nation from terrorist threats". White House spokesman Josh Earnest said Fisa orders were used to "support important and highly sensitive intelligence collection operations" on which members of Congress were fully briefed.

"The intelligence community is conducting court-authorized intelligence activities pursuant to a public statute with the knowledge and oversight of Congress and the intelligence community in both houses of Congress," Earnest said.

He pointed out that the order only relates to the so-called metadata surrounding phone calls rather than the content of the calls themselves. "The order reprinted overnight does not allow the government to listen in on anyone's telephone calls," Earnest said.

"The information acquired does not include the content of any communications or the name of any subscriber. It relates exclusively to call details, such as a telephone number or the length of a telephone call."

But such metadata can provide authorities with vast knowledge about a caller's identity. Particularly when cross-checked against other public records, the metadata can reveal someone's name, address, driver's licence, credit history, social security number and more. Government analysts would be able to work out whether the relationship between two people was ongoing, occasional or a one-off.

The disclosure has reignited longstanding debates in the US over the proper extent of the government's domestic spying powers.

Ron Wyden of Oregon, a member of the Senate intelligence committee who, along with Udell, has expressed concern about the extent of US government surveillance, warned of "sweeping, dragnet surveillance". He said: "I am barred by Senate rules from commenting on some of the details at this time, However, I believe that when law-abiding Americans call their friends, who they call, when they call, and where they call from is private information.

"Collecting this data about every single phone call that every American makes every day would be a massive invasion of Americans' privacy."

'Beyond Orwellian'

Jameel Jaffer, deputy legal director at the American Civil Liberties Union, said: "From a civil liberties perspective, the program could hardly be any more alarming. It's a program in which some untold number of innocent people have been put under the constant surveillance of government agents.

"It is beyond Orwellian, and it provides further evidence of the extent to which basic democratic rights are being surrendered in secret to the demands of unaccountable intelligence agencies."

Under the Bush administration, officials in security agencies had disclosed to reporters the large-scale collection of call records data by the NSA, but this is the first time significant and top-secret documents have revealed the continuation of the practice under President Obama.

The order names Verizon Business Services, a division of Verizon Communications. In its first-quarter earnings report, published in April, Verizon Communications listed about 10 million commercial lines out of a total of 121 million customers. The court order, which lasts for three months from 25 April, does not specify what type of lines are being tracked. It is not clear whether any additional orders exist to cover Verizon's wireless and residential customers, or those of other phone carriers.

Fisa court orders typically direct the production of records pertaining to a specific, named target suspected of being an agent of a terrorist group or foreign state, or a finite set of individually named targets. The unlimited nature of the records being handed over to the NSA is extremely unusual.

Image
Senators Dianne Feinstein, chairman of the Senate intelligence committee, and Saxby Chambliss, the vice chairman, speak to reporters about the NSA cull of phone records. Photograph: Alex Wong/Getty Images

Feinstein said she believed the order had been in place for some time. She said: "As far as I know this is the exact three-month renewal of what has been the case for the past seven years. This renewal is carried out by the [foreign intelligence surveillance] court under the business records section of the Patriot Act. Therefore it is lawful. It has been briefed to Congress."

The Center for Constitutional Rights said in a statement that the secret court order was unprecedented. "As far as we know this order from the Fisa court is the broadest surveillance order to ever have been issued: it requires no level of suspicion and applies to all Verizon [business services] subscribers anywhere in the US.

"The Patriot Act's incredibly broad surveillance provision purportedly authorizes an order of this sort, though its constitutionality is in question and several senators have complained about it."

Russell Tice, a retired National Security Agency intelligence analyst and whistleblower, said: "What is going on is much larger and more systemic than anything anyone has ever suspected or imagined."

Although an anonymous senior Obama administration official said that "on its face" the court order revealed by the Guardian did not authorise the government to listen in on people's phone calls, Tice now believes the NSA has constructed such a capability.

"I figured it would probably be about 2015" before the NSA had "the computer capacity … to collect all digital communications word for word," Tice said. "But I think I'm wrong. I think they have it right now."
admin
Site Admin
 
Posts: 36125
Joined: Thu Aug 01, 2013 5:21 am

Re: Inside Washington's Quest to Bring Down Edward Snowden

Postby admin » Wed Nov 25, 2015 12:06 am

NSA Prism program taps in to user data of Apple, Google and others
by Glenn Greenwald and Ewen MacAskill
June 7, 2013

NOTICE: THIS WORK MAY BE PROTECTED BY COPYRIGHT

YOU ARE REQUIRED TO READ THE COPYRIGHT NOTICE AT THIS LINK BEFORE YOU READ THE FOLLOWING WORK, THAT IS AVAILABLE SOLELY FOR PRIVATE STUDY, SCHOLARSHIP OR RESEARCH PURSUANT TO 17 U.S.C. SECTION 107 AND 108. IN THE EVENT THAT THE LIBRARY DETERMINES THAT UNLAWFUL COPYING OF THIS WORK HAS OCCURRED, THE LIBRARY HAS THE RIGHT TO BLOCK THE I.P. ADDRESS AT WHICH THE UNLAWFUL COPYING APPEARED TO HAVE OCCURRED. THANK YOU FOR RESPECTING THE RIGHTS OF COPYRIGHT OWNERS.


• Top-secret Prism program claims direct access to servers of firms including Google, Apple and Facebook
• Companies deny any knowledge of program in operation since 2007
• Obama orders US to draw up overseas target list for cyber-attacks

Image
A slide depicting the top-secret PRISM program. Guardian

The National Security Agency has obtained direct access to the systems of Google, Facebook, Apple and other US internet giants, according to a top secret document obtained by the Guardian.

The NSA access is part of a previously undisclosed program called Prism, which allows officials to collect material including search history, the content of emails, file transfers and live chats, the document says.


The Guardian has verified the authenticity of the document, a 41-slide PowerPoint presentation – classified as top secret with no distribution to foreign allies – which was apparently used to train intelligence operatives on the capabilities of the program. The document claims "collection directly from the servers" of major US service providers.

Although the presentation claims the program is run with the assistance of the companies, all those who responded to a Guardian request for comment on Thursday denied knowledge of any such program.

In a statement, Google said: "Google cares deeply about the security of our users' data. We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government 'back door' into our systems, but Google does not have a back door for the government to access private user data."

Several senior tech executives insisted that they had no knowledge of Prism or of any similar scheme. They said they would never have been involved in such a program. "If they are doing this, they are doing it without our knowledge," one said.

An Apple spokesman said it had "never heard" of Prism.

The NSA access was enabled by changes to US surveillance law introduced under President Bush and renewed under Obama in December 2012.

The program facilitates extensive, in-depth surveillance on live communications and stored information. The law allows for the targeting of any customers of participating firms who live outside the US, or those Americans whose communications include people outside the US.

It also opens the possibility of communications made entirely within the US being collected without warrants.

Disclosure of the Prism program follows a leak to the Guardian on Wednesday of a top-secret court order compelling telecoms provider Verizon to turn over the telephone records of millions of US customers.

The participation of the internet companies in Prism will add to the debate, ignited by the Verizon revelation, about the scale of surveillance by the intelligence services. Unlike the collection of those call records, this surveillance can include the content of communications and not just the metadata.

Some of the world's largest internet brands are claimed to be part of the information-sharing program since its introduction in 2007. Microsoft – which is currently running an advertising campaign with the slogan "Your privacy is our priority" – was the first, with collection beginning in December 2007.

It was followed by Yahoo in 2008; Google, Facebook and PalTalk in 2009; YouTube in 2010; Skype and AOL in 2011; and finally Apple, which joined the program in 2012. The program is continuing to expand, with other providers due to come online.

Collectively, the companies cover the vast majority of online email, search, video and communications networks.

Image
Guardian

The extent and nature of the data collected from each company varies.

Companies are legally obliged to comply with requests for users' communications under US law, but the Prism program allows the intelligence services direct access to the companies' servers. The NSA document notes the operations have "assistance of communications providers in the US".

The revelation also supports concerns raised by several US senators during the renewal of the Fisa Amendments Act in December 2012, who warned about the scale of surveillance the law might enable, and shortcomings in the safeguards it introduces.

When the FAA was first enacted, defenders of the statute argued that a significant check on abuse would be the NSA's inability to obtain electronic communications without the consent of the telecom and internet companies that control the data. But the Prism program renders that consent unnecessary, as it allows the agency to directly and unilaterally seize the communications off the companies' servers.

A chart prepared by the NSA, contained within the top-secret document obtained by the Guardian, underscores the breadth of the data it is able to obtain: email, video and voice chat, videos, photos, voice-over-IP (Skype, for example) chats, file transfers, social networking details, and more.

Image
Guardian

The document is recent, dating to April 2013. Such a leak is extremely rare in the history of the NSA, which prides itself on maintaining a high level of secrecy.

The Prism program allows the NSA, the world's largest surveillance organisation, to obtain targeted communications without having to request them from the service providers and without having to obtain individual court orders.

With this program, the NSA is able to reach directly into the servers of the participating companies and obtain both stored communications as well as perform real-time collection on targeted users.

The presentation claims Prism was introduced to overcome what the NSA regarded as shortcomings of Fisa warrants in tracking suspected foreign terrorists. It noted that the US has a "home-field advantage" due to housing much of the internet's architecture. But the presentation claimed "Fisa constraints restricted our home-field advantage" because Fisa required individual warrants and confirmations that both the sender and receiver of a communication were outside the US.

"Fisa was broken because it provided privacy protections to people who were not entitled to them," the presentation claimed. "It took a Fisa court order to collect on foreigners overseas who were communicating with other foreigners overseas simply because the government was collecting off a wire in the United States. There were too many email accounts to be practical to seek Fisas for all."

The new measures introduced in the FAA redefines "electronic surveillance" to exclude anyone "reasonably believed" to be outside the USA – a technical change which reduces the bar to initiating surveillance.

The act also gives the director of national intelligence and the attorney general power to permit obtaining intelligence information, and indemnifies internet companies against any actions arising as a result of co-operating with authorities' requests.

In short, where previously the NSA needed individual authorisations, and confirmation that all parties were outside the USA, they now need only reasonable suspicion that one of the parties was outside the country at the time of the records were collected by the NSA.

The document also shows the FBI acts as an intermediary between other agencies and the tech companies, and stresses its reliance on the participation of US internet firms, claiming "access is 100% dependent on ISP provisioning".

In the document, the NSA hails the Prism program as "one of the most valuable, unique and productive accesses for NSA".

It boasts of what it calls "strong growth" in its use of the Prism program to obtain communications. The document highlights the number of obtained communications increased in 2012 by 248% for Skype – leading the notes to remark there was "exponential growth in Skype reporting; looks like the word is getting out about our capability against Skype". There was also a 131% increase in requests for Facebook data, and 63% for Google.

The NSA document indicates that it is planning to add Dropbox as a PRISM provider. The agency also seeks, in its words, to "expand collection services from existing providers".

The revelations echo fears raised on the Senate floor last year during the expedited debate on the renewal of the FAA powers which underpin the PRISM program, which occurred just days before the act expired.

Senator Christopher Coons of Delaware specifically warned that the secrecy surrounding the various surveillance programs meant there was no way to know if safeguards within the act were working.

"The problem is: we here in the Senate and the citizens we represent don't know how well any of these safeguards actually work," he said.

"The law doesn't forbid purely domestic information from being collected. We know that at least one Fisa court has ruled that the surveillance program violated the law. Why? Those who know can't say and average Americans can't know."

Other senators also raised concerns. Senator Ron Wyden of Oregon attempted, without success, to find out any information on how many phone calls or emails had been intercepted under the program.

When the law was enacted, defenders of the FAA argued that a significant check on abuse would be the NSA's inability to obtain electronic communications without the consent of the telecom and internet companies that control the data. But the Prism program renders that consent unnecessary, as it allows the agency to directly and unilaterally seize the communications off the companies' servers.

When the NSA reviews a communication it believes merits further investigation, it issues what it calls a "report". According to the NSA, "over 2,000 Prism-based reports" are now issued every month. There were 24,005 in 2012, a 27% increase on the previous year.

In total, more than 77,000 intelligence reports have cited the PRISM program.

Jameel Jaffer, director of the ACLU's Center for Democracy, that it was astonishing the NSA would even ask technology companies to grant direct access to user data.

"It's shocking enough just that the NSA is asking companies to do this," he said. "The NSA is part of the military. The military has been granted unprecedented access to civilian communications.

"This is unprecedented militarisation of domestic communications infrastructure. That's profoundly troubling to anyone who is concerned about that separation."

A senior administration official said in a statement: "The Guardian and Washington Post articles refer to collection of communications pursuant to Section 702 of the Foreign Intelligence Surveillance Act. This law does not allow the targeting of any US citizen or of any person located within the United States.

"The program is subject to oversight by the Foreign Intelligence Surveillance Court, the Executive Branch, and Congress. It involves extensive procedures, specifically approved by the court, to ensure that only non-US persons outside the US are targeted, and that minimize the acquisition, retention and dissemination of incidentally acquired information about US persons.

"This program was recently reauthorized by Congress after extensive hearings and debate.

"Information collected under this program is among the most important and valuable intelligence information we collect, and is used to protect our nation from a wide variety of threats.

"The Government may only use Section 702 to acquire foreign intelligence information, which is specifically, and narrowly, defined in the Foreign Intelligence Surveillance Act. This requirement applies across the board, regardless of the nationality of the target."

Additional reporting by James Ball and Dominic Rushe
admin
Site Admin
 
Posts: 36125
Joined: Thu Aug 01, 2013 5:21 am

Re: Inside Washington's Quest to Bring Down Edward Snowden

Postby admin » Wed Nov 25, 2015 12:17 am

Obama orders US to draw up overseas target list for cyber-attacks
Exclusive: Top-secret directive steps up offensive cyber capabilities to 'advance US objectives around the world'
by Glenn Greenwald and Ewen MacAskill
June 7, 2013

NOTICE: THIS WORK MAY BE PROTECTED BY COPYRIGHT

YOU ARE REQUIRED TO READ THE COPYRIGHT NOTICE AT THIS LINK BEFORE YOU READ THE FOLLOWING WORK, THAT IS AVAILABLE SOLELY FOR PRIVATE STUDY, SCHOLARSHIP OR RESEARCH PURSUANT TO 17 U.S.C. SECTION 107 AND 108. IN THE EVENT THAT THE LIBRARY DETERMINES THAT UNLAWFUL COPYING OF THIS WORK HAS OCCURRED, THE LIBRARY HAS THE RIGHT TO BLOCK THE I.P. ADDRESS AT WHICH THE UNLAWFUL COPYING APPEARED TO HAVE OCCURRED. THANK YOU FOR RESPECTING THE RIGHTS OF COPYRIGHT OWNERS.


• Read the secret presidential directive here

Barack Obama has ordered his senior national security and intelligence officials to draw up a list of potential overseas targets for US cyber-attacks, a top secret presidential directive obtained by the Guardian reveals.

The 18-page Presidential Policy Directive 20, issued in October last year but never published, states that what it calls Offensive Cyber Effects Operations (OCEO) "can offer unique and unconventional capabilities to advance US national objectives around the world with little or no warning to the adversary or target and with potential effects ranging from subtle to severely damaging".

It says the government will "identify potential targets of national importance where OCEO can offer a favorable balance of effectiveness and risk as compared with other instruments of national power".

The directive also contemplates the possible use of cyber actions inside the US, though it specifies that no such domestic operations can be conducted without the prior order of the president, except in cases of emergency.

The aim of the document was "to put in place tools and a framework to enable government to make decisions" on cyber actions, a senior administration official told the Guardian.

The administration published some declassified talking points from the directive in January 2013, but those did not mention the stepping up of America's offensive capability and the drawing up of a target list.

Obama's move to establish a potentially aggressive cyber warfare doctrine will heighten fears over the increasing militarization of the internet.

The directive's publication comes as the president plans to confront his Chinese counterpart Xi Jinping at a summit in California on Friday over alleged Chinese attacks on western targets.

Even before the publication of the directive, Beijing had hit back against US criticism, with a senior official claiming to have "mountains of data" on American cyber-attacks he claimed were every bit as serious as those China was accused of having carried out against the US.

Presidential Policy Directive 20 defines OCEO as "operations and related programs or activities … conducted by or on behalf of the United States Government, in or through cyberspace, that are intended to enable or produce cyber effects outside United States government networks."

Asked about the stepping up of US offensive capabilities outlined in the directive, a senior administration official said: "Once humans develop the capacity to build boats, we build navies. Once you build airplanes, we build air forces."

The official added: "As a citizen, you expect your government to plan for scenarios. We're very interested in having a discussion with our international partners about what the appropriate boundaries are."

The document includes caveats and precautions stating that all US cyber operations should conform to US and international law, and that any operations "reasonably likely to result in significant consequences require specific presidential approval".

The document says that agencies should consider the consequences of any cyber-action. They include the impact on intelligence-gathering; the risk of retaliation; the impact on the stability and security of the internet itself; the balance of political risks versus gains; and the establishment of unwelcome norms of international behaviour.

Among the possible "significant consequences" are loss of life; responsive actions against the US; damage to property; serious adverse foreign policy or economic impacts.

The US is understood to have already participated in at least one major cyber attack, the use of the Stuxnet computer worm targeted on Iranian uranium enrichment centrifuges, the legality of which has been the subject of controversy. US reports citing high-level sources within the intelligence services said the US and Israel were responsible for the worm.

In the presidential directive, the criteria for offensive cyber operations in the directive is not limited to retaliatory action but vaguely framed as advancing "US national objectives around the world".

The revelation that the US is preparing a specific target list for offensive cyber-action is likely to reignite previously raised concerns of security researchers and academics, several of whom have warned that large-scale cyber operations could easily escalate into full-scale military conflict.

Sean Lawson, assistant professor in the department of communication at the University of Utah, argues: "When militarist cyber rhetoric results in use of offensive cyber attack it is likely that those attacks will escalate into physical, kinetic uses of force."

An intelligence source with extensive knowledge of the National Security Agency's systems told the Guardian the US complaints again China were hypocritical, because America had participated in offensive cyber operations and widespread hacking – breaking into foreign computer systems to mine information.

Provided anonymity to speak critically about classified practices, the source said: "We hack everyone everywhere. We like to make a distinction between us and the others. But we are in almost every country in the world."

The US likes to haul China before the international court of public opinion for "doing what we do every day", the source added.

One of the unclassified points released by the administration in January stated: "It is our policy that we shall undertake the least action necessary to mitigate threats and that we will prioritize network defense and law enforcement as preferred courses of action."

The full classified directive repeatedly emphasizes that all cyber-operations must be conducted in accordance with US law and only as a complement to diplomatic and military options. But it also makes clear how both offensive and defensive cyber operations are central to US strategy.

Under the heading "Policy Reviews and Preparation", a section marked "TS/NF" - top secret/no foreign - states: "The secretary of defense, the DNI [Director of National Intelligence], and the director of the CIA … shall prepare for approval by the president through the National Security Advisor a plan that identifies potential systems, processes and infrastructure against which the United States should establish and maintain OCEO capabilities…" The deadline for the plan is six months after the approval of the directive.

The directive provides that any cyber-operations "intended or likely to produce cyber effects within the United States" require the approval of the president, except in the case of an "emergency cyber action". When such an emergency arises, several departments, including the department of defense, are authorized to conduct such domestic operations without presidential approval.

Obama further authorized the use of offensive cyber attacks in foreign nations without their government's consent whenever "US national interests and equities" require such nonconsensual attacks. It expressly reserves the right to use cyber tactics as part of what it calls "anticipatory action taken against imminent threats".

The directive makes multiple references to the use of offensive cyber attacks by the US military. It states several times that cyber operations are to be used only in conjunction with other national tools and within the confines of law.

When the directive was first reported, lawyers with the Electronic Privacy Information Center filed a Freedom of Information Act request for it to be made public. The NSA, in a statement, refused to disclose the directive on the ground that it was classified.

In January, the Pentagon announced a major expansion of its Cyber Command Unit, under the command of General Keith Alexander, who is also the director of the NSA. That unit is responsible for executing both offensive and defensive cyber operations.

Earlier this year, the Pentagon publicly accused China for the first time of being behind attacks on the US. The Washington Post reported last month that Chinese hackers had gained access to the Pentagon's most advanced military programs.

The director of national intelligence, James Clapper, identified cyber threats in general as the top national security threat.

Obama officials have repeatedly cited the threat of cyber-attacks to advocate new legislation that would vest the US government with greater powers to monitor and control the internet as a means of guarding against such threats.

One such bill currently pending in Congress, the Cyber Intelligence Sharing and Protection Act (Cispa), has prompted serious concerns from privacy groups, who say that it would further erode online privacy while doing little to enhance cyber security.

In a statement, Caitlin Hayden, national security council spokeswoman, said: "We have not seen the document the Guardian has obtained, as they did not share it with us. However, as we have already publicly acknowledged, last year the president signed a classified presidential directive relating to cyber operations, updating a similar directive dating back to 2004. This step is part of the administration's focus on cybersecurity as a top priority. The cyber threat has evolved, and we have new experiences to take into account.

"This directive establishes principles and processes for the use of cyber operations so that cyber tools are integrated with the full array of national security tools we have at our disposal. It provides a whole-of-government approach consistent with the values that we promote domestically and internationally as we have previously articulated in the International Strategy for Cyberspace.

"This directive will establish principles and processes that can enable more effective planning, development, and use of our capabilities. It enables us to be flexible, while also exercising restraint in dealing with the threats we face. It continues to be our policy that we shall undertake the least action necessary to mitigate threats and that we will prioritize network defense and law enforcement as the preferred courses of action. The procedures outlined in this directive are consistent with the US Constitution, including the president's role as commander in chief, and other applicable law and policies."
admin
Site Admin
 
Posts: 36125
Joined: Thu Aug 01, 2013 5:21 am

Re: Inside Washington's Quest to Bring Down Edward Snowden

Postby admin » Wed Nov 25, 2015 12:21 am

TOP SECRET/NOFORN

NOTICE: THIS WORK MAY BE PROTECTED BY COPYRIGHT

YOU ARE REQUIRED TO READ THE COPYRIGHT NOTICE AT THIS LINK BEFORE YOU READ THE FOLLOWING WORK, THAT IS AVAILABLE SOLELY FOR PRIVATE STUDY, SCHOLARSHIP OR RESEARCH PURSUANT TO 17 U.S.C. SECTION 107 AND 108. IN THE EVENT THAT THE LIBRARY DETERMINES THAT UNLAWFUL COPYING OF THIS WORK HAS OCCURRED, THE LIBRARY HAS THE RIGHT TO BLOCK THE I.P. ADDRESS AT WHICH THE UNLAWFUL COPYING APPEARED TO HAVE OCCURRED. THANK YOU FOR RESPECTING THE RIGHTS OF COPYRIGHT OWNERS.


PRESIDENTIAL POLICY DIRECTIVE/PPD-20

MEMORANDUM FOR THE VICE PRESIDENT
THE SECRETARY OF STATE
THE SECRETARY OF THE TREASURY
THE SECRETARY OF DEFENSE
THE ATTORNEY GENERAL
THE SECRETARY OF COMMERCE
THE SECRETARY OF ENERGY
THE SECRETARY OF HOMELAND SECURITY
ASSISTANT TO THE PRESIDENT AND CHIEF OF STAFF
DIRECTOR OF THE OFFICE OF MANAGEMENT AND BUDGET
ASSISTANT TO THE PRESIDENT FOR NATIONAL SECURITY AFFAIRS
DIRECTOR OF NATIONAL INTELLIGENCE
ASSISTANT TO THE PRESIDENT FOR HOMELAND SECURITY AND COUNTERTERRORISM
DIRECTOR OF THE OFFICE OF SCIENCE AND TECHNOLOGY POLICY
DIRECTOR OF THE FEDERAL BUREAU OF INVESTIGATION
DIRECTOR OF THE CENTRAL INTELLIGENCE AGENCY
CHAIRMAN OF THE JOINT CHIEFS OF STAFF
DIRECTOR OF THE NATIONAL SECURITY AGENCY

SUBJECT: U.S. Cyber Operations Policy (U)

This Presidential Policy Directive (PPD) supersedes National
Security Presidential Directive of July 7, 2004. This
directive complements, but does not affect, NSPD-54/Homeland
Security Presidential Directive on "Cybersecurity
Policy" of January 8, 2008; National Security Directive
on "National Policy for the Security of National Security
Telecommunications and Information Systems" of July 5, 1990; and
PPD-8 on "National Preparedness" of March 30, 2011.

I. Definitions (U)

The following terms are defined for the purposes of this
directive and should be used when possible in interagency
documents and communications on this topic to ensure common
understanding. (U)

Cyberspace: The interdependent network of information
technology infrastructures that includes the Internet,
telecommunications networks, computers, information or
communications systems, networks, and embedded processors and
controllers. (U)

Network Defense: Programs, activities, and the use of tools
necessary to facilitate them (including those governed by
and conducted on a computer, network,
or information or communications system by the owner or with
the consent of the owner and, as appropriate, the users for
the primary purpose of protecting (1) that computer, network,
or system; (2) data stored on, processed on, or transiting
that computer, network, or system; or (3) physical and virtual
infrastructure controlled by that computer, network, or
system. Network defense does not involve or require accessing
or conducting activities on computers, networks, or
information or communications systems without authorization
from the owners or exceeding access authorized by the owners.
(U)

Malicious Cyber Activity: Activities, other than those
authorized by or in accordance with U.S. law, that seek to
compromise or impair the confidentiality, integrity, or
availability of computers, information or communications
systems, networks, physical or virtual infrastructure
controlled by computers or information systems, or information
resident thereon. (U)

Cyber Effect: The manipulation, disruption, denial,
degradation, or destruction of computers, information or
communications systems, networks, physical or virtual
infrastructure controlled by computers or information systems,
or information resident thereon. (U)

Cyber Collection: Operations and related programs or
activities conducted by or on behalf of the United States
Government, in or through cyberspace, for the primary purpose
of collecting intelligence -- including information that can be
used for future operations -- from computers, information or
communications systems, or networks with the intent to remain
undetected. Cyber collection entails accessing a computer,
information system, or network without authorization from the
owner or operator of that computer, information system, or
network or from a party to a communication or by exceeding
authorized access. Cyber collection includes those activities
essential and inherent to enabling cyber collection, such as
inhibiting detection or attribution, even if they create cyber
effects.


Defensive Cyber Effects Operations (DCEO): Operations and
related programs or activities other than network defense or
cyber collection - conducted by or on behalf of the
United States Government, in or through cyberspace, that are
intended to enable or produce cyber effects outside
United States Government networks for the purpose of defending
or protecting against imminent threats or ongoing attacks or
malicious cyber activity against U.S. national interests from
inside or outside cyberspace.

Nonintrusive Defensive Countermeasures (NDCM): The subset of
DCEO that does not require accessing computers, information or
communications systems, or networks without authorization from
the owners or operators of the targeted computers, information
or communications systems, or networks or exceeding authorized
access and only creates the minimum cyber effects needed to
mitigate the threat activity.

Offensive Cyber Effects Operations (OCEO): Operations and
related programs or activities other than network defense,
cyber collection, or DCEO -- conducted by or on behalf of the
United States Government, in or through cyberspace, that are
intended to enable or produce cyber effects outside
United States Government networks.

Cyber Operations: Cyber collection, DCEO (including NDCM),
and OCEO collectively. (U)

Significant Consequences: Loss of life, significant
responsive actions against the United States, significant
damage to property, serious adverse U.S. foreign policy
consequences, or serious economic impact on the United States.
(U)


U.S. National Interests: Matters of vital interest to the
United States to include national security, public safety,
national economic security, the safe and reliable functioning
of "critical infrastructure," and the availability of "key
resources."1 (U)

Emergency Cyber Action: A cyber operation undertaken at the
direction of the head of a department or agency with
appropriate authorities who has determined that such action is
necessary, pursuant to the requirements of this directive, to
mitigate an imminent threat or ongoing attack against U.S.
national interests from inside or outside cyberspace and under
circumstances that at the time do not permit obtaining prior
Presidential approval to the extent that such approval would
otherwise be required.

II. Purpose and Scope (U)

The United States has an abiding interest in developing and
maintaining use of cyberspace as an integral part of U.S.
national capabilities to collect intelligence and to deter,
deny, or defeat any adversary that seeks to harm U.S. national
interests in peace, crisis, or war. Given the evolution in U.S.
experience, policy, capabilities, and understanding of the cyber
threat, and in information and communications technology, this
directive establishes updated principles and processes as part
of an overarching national cyber policy framework. (C/NF)

The United States Government shall conduct all cyber
operations consistent with the U.S. Constitution and other
applicable laws and policies of the United States, including
Presidential orders and directives.
(C/NF)

The United States Government shall conduct DCEO and OCEO under
this directive consistent with its obligations under
international law, including with regard to matters of
sovereignty and neutrality, and, as applicable, the law of
armed conflict.
(C/NF)


This directive pertains to cyber operations, including those
that support or enable kinetic, information, or other types of
operations. Most of this directive is directed exclusively to
DCEO and OCEO. (S/NF)

The United States Government has mature capabilities and
effective processes for cyber collection. (S/NF)

Therefore, this directive affirms and does not intend to alter
existing procedures, guidelines, or authorities for cyber
collection. (S/NF)

This directive provides a procedure for cyber collection
operations that are reasonably likely to result in
"significant consequences."
[2] (S/NF)


The principles and requirements in this directive apply except
as otherwise lawfully directed by the President. With the
exception of the grant of authority to the Secretary of Defense
to conduct Emergency Cyber Actions as provided below, nothing in
this directive is intended to alter the existing authorities of,
or grant new authorities to, any United States Government
department or agency (including authorities to carry out
operational activities), or supersede any existing coordination
and approval processes, other than those of Nothing in
this directive is intended to limit or impair military
commanders from using DCEO or OCEO specified in a military
action approved by the President and previously coordinated and
deconflicted as required by existing processes and this
directive.
(S/NF)

In addition, this directive does not pertain to or alter
existing authorities related to the following categories of
activities by or on behalf of the United States Government,
regardless of whether they produce cyber effects:

Activities conducted under section 503 of the National
Security Act of 1947 (as amended);

Activities conducted pursuant to the Foreign Intelligence
Surveillance Act, the approval authority delegated to the
Attorney General (AG) by section 2;5 of Executive Order 12333
(as amended), or law enforcement authorities; however, cyber
operations reasonably likely to result in significant
consequences still require Presidential approval
, and
operations that reasonably can be expected to adversely affect
other United States Government operations still require
coordination under established processes;

Activities conducted by the United States Secret Service for
the purpose of protecting the President, the Vice President,
and others as defined in 18 U.S.C. 3056; however, cyber
operations reasonably likely to result in significant
consequences still require Presidential approval, and
operations that reasonably can be expected to adversely affect
other United States Government operations still require
coordination under established processes;

The use of online personas and other virtual operations [3] --
undertaken exclusively for counterintelligence, intelligence
collection, or law enforcement purposes that do not involve
the use of DCEO or OCEO;

Activities conducted in cyberspace pursuant to
counterintelligence authorities for the purpose of protecting
specific intelligence sources, methods, and activities;
Signals intelligence collection other than cyber collection as
defined in this directive;

Open-source intelligence collection;

Network defense;

Traditional electronic warfare [4] activities;

The development of content to support influence campaigns,
military deception, or military information support
operations; or

Simple transit of data or commands through networks that do
not create cyber effects on those networks. (S/NF)


III. Guiding Principles for DCEO and OCEO (U)

DCEO and OCEO may raise unique national security and foreign
policy concerns that require additional coordination and policy
considerations because cyberspace is globally connected. DCEO
and OCEO, even for subtle or clandestine operations, may
generate cyber effects in locations other than the intended
target, with potential unintended or collateral consequences
that may affect U.S. national interests in many locations.
(S/NF)

The United States Government shall conduct DCEO and OCEO in a
manner consistent with applicable values, principles, and norms
for state behavior that the United States Government promotes
domestically and internationally as described in the
2011 "International Strategy for Cyberspace." (C/NF)

National-level strategic objectives and operational
necessities shall dictate what the United States Government
seeks to accomplish with DCEO and OCEO. (C/NF)

The United States Government shall integrate DCEO and OCEO, as
appropriate, with other diplomatic, informational, military,
economic, financial, intelligence, counterintelligence, and
law enforcement options, taking into account effectiveness,
costs, risks, potential consequences, foreign policy, and
other policy considerations. (C/NF)

The United States Government shall reserve the right to act in
accordance with the United States' inherent right of self
defense as recognized in international law, including through
the conduct of DCEO.
(C/NF)

The United States Government shall conduct neither DCEO nor
OCEO that are intended or likely to produce cyber effects
within the United States unless approved by the President. A
department or agency, however, with appropriate authority may
conduct a particular case of DCEO that is intended or likely
to produce cyber effects within the United States if it
qualifies as an Emergency Cyber Action as set forth in this
directive and otherwise complies with applicable laws and
policies, including Presidential orders and directives. (C/NF)


The United States Government shall obtain consent from countries
in which cyber effects are expected to occur or those countries
hosting U.S. computers and systems used to conduct DCEO or OCEO
unless:

Military actions approved by the President and ordered by the
Secretary of Defense authorize nonconsensual DCEO or OCEO,
with provisions made for using existing processes to conduct
appropriate interagency coordination on targets, geographic
areas, levels of effect, and degrees of risk for the
operations;

DCEO is undertaken in accordance with the United States'
inherent right of self defense as recognized in international
law, and the United States Government provides notification
afterwards in a manner consistent with the protection of
U.S. military and intelligence capabilities and foreign policy
considerations and in accordance with applicable law; or

The President -- on the recommendation of the Deputies
Committee and, as appropriate, the Principals Committee --
determines that an exception to obtaining consent is
necessary, takes into account overall U.S. national interests
and equities, and meets a high threshold of need and effective
outcomes relative to the risks created by such an exception. (S/NF)


The information revealed to other countries in the course of
seeking consent shall be consistent with operational security
requirements and the protection of intelligence sources,
methods, and activities. (S/NF)

The United States Government, to ensure appropriate application
of these principles, shall make all reasonable efforts, under
circumstances prevailing at the time, to identify the adversary
and the ownership and geographic location of the targets and
related infrastructure where DCEO or OCEO will be conducted or
cyber effects are expected to occur, and to identify the people
and entities, including U.S. persons, that could be affected by
proposed DCEO or OCEO. (S/NF)

Additional Considerations for DCEO (U)

The Nation requires flexible and agile capabilities that
leverage the full resources of the United States Government to
conduct necessary and proportionate DCEO. These operations
shall conform to the following additional policy principles:

The United States Government shall reserve use of DCEO to
protect U.S. national interests in circumstances when network
defense or law enforcement measures are insufficient or cannot
be put in place in time to mitigate a threat, and when other
previously approved measures would not be more appropriate, or
if a Deputies or Principals Committee review determines that
proposed DCEO provides an advantageous degree of
effectiveness, timeliness, or efficiency compared to other
methods commensurate with the risks;

The United States Government shall conduct DCEO with the least
intrusive methods feasible to mitigate a threat;

The United States Government shall seek partnerships with
industry, other levels of government as appropriate, and other
nations and organizations to promote cooperative defensive
capabilities, including, as appropriate, through the use of
DCEO as governed by the provisions in this directive; and
Partnerships with industry and other levels of government for
the protection of critical infrastructure shall be coordinated
with the Department of Homeland Security (DHS), working with
relevant sector-specific agencies and, as appropriate, the
Department of Commerce (DOC).
(S/NF)


The United States recognizes that network defense, design, and
management cannot mitigate all possible malicious cyber activity
and reserves the right, consistent with applicable law, to
protect itself from malicious cyber activity that threatens U.S.
national interests. (S/NF)

The United States Government shall work with private industry
-- through DHS, DOC, and relevant sector-specific agencies to
protect critical infrastructure in a manner that minimizes the
need for DCEO against malicious cyber activity; however, the
United States Government shall retain DCEO, including
anticipatory action taken against imminent threats, as
governed by the provisions in this directive, as an option to
protect such infrastructure. (S/NF)

The United States Government shall -- in coordination, as
appropriate, with DHS, law enforcement, and other relevant
departments and agencies, to include sector-specific agencies
-- obtain the consent of network or computer owners for
United States Government use of DCEO to protect against
malicious cyber activity on their behalf, unless the activity
implicates the United States' inherent right of self-defense
as recognized in international law or the policy review
processes established in this directive and appropriate legal
reviews determine that such consent is not required. (S/NF)


Offensive Cyber Effects Operations (U)

OCEO can offer unique and unconventional capabilities to advance
U.S. national objectives around the world with little or no
warning to the adversary or target and with potential effects
ranging from subtle to severely damaging.
The development and
sustainment of OCEO capabilities, however, may require
considerable time and effort if access and tools for a specific
target do not already exist. (TS/NF)

The United States Government shall identify potential targets
of national importance where OCEO can offer a favorable
balance of effectiveness and risk as compared with other
instruments of national power, establish and maintain OCEO
capabilities integrated as appropriate with other U.S.
offensive capabilities, and execute those capabilities in a
manner consistent with the provisions of this directive.( TS/NF)


IV. Cyber Operations with Significant Consequences (U)

Specific Presidential approval is required for any cyber
operations including cyber collection, DCEO, and OCEO --
determined by the head of a department or agency to conduct the
operation to be reasonably likely to result in "significant
consequences" as defined in this directive.
This requirement
applies to cyber operations generally, except for those already
approved by the President, even if this directive otherwise does
not pertain to such operations as provided in the "Purpose and
Scope" section of this directive. (S/NF)

V. Threat Response Operations (U)

Responses to Persistent Malicious Cyber Activity (U)

Departments and agencies with appropriate authorities
consistent with the provisions set forth in this directive and
in coordination with the Departments of State, Defense (DOD),
Justice (DOJ), and Homeland Security; the Federal Bureau of
Investigation the Office of the Director of National
Intelligence the National Security Agency the
Central Intelligence Agency the Departments of the
Treasury and Energy and other relevant members of the
Intelligence Community (IC) and sector-specific agencies -- shall
establish criteria and procedures to be approved by the
President for responding to persistent malicious cyber activity
against U.S. national interests. Such criteria and procedures
shall include the following requirements:

The United States Government shall reserve use of such
responses to circumstances when network defense or law
enforcement measures are insufficient or cannot be put in
place in time to mitigate the malicious cyber activity; and
Departments and agencies shall conduct these responses in a
manner not reasonably likely to result in significant
consequences and use the minimum action required to mitigate
the activity. (S/NF)


Emergency Cyber Actions

The Secretary of Defense is hereby authorized to conduct, or a
department or agency head with appropriate authorities may
conduct, under procedures approved by the President, Emergency
Cyber Actions necessary to mitigate an imminent threat or
ongoing attack using DCEO if circumstances at the time do not
permit obtaining prior Presidential approval (to the extent that
such approval would otherwise be required) and the department or
agency head determines that:

An emergency action is necessary in accordance with the
United States inherent right of self-defense as recognized in
international law to prevent imminent loss of life or
significant damage with enduring national impact on the
Primary Mission Essential Functions of the United States
Government,5 U.S. critical infrastructure and key resources,
or the mission of U.S. military forces;

Network defense or law enforcement would be insufficient or
unavailable in the necessary time-frame, and other previously
approved activities would not be more appropriate;

The Emergency Cyber Actions are reasonably likely not to
result in significant consequences;

The Emergency Cyber Actions will be conducted in a manner
intended to be nonlethal in purpose, action, and consequence;

The Emergency Cyber Actions will be limited in magnitude,
scope, and duration to that level of activity necessary to
mitigate the threat or attack;

The Emergency Cyber Actions, when practicable, have been
coordinated with appropriate departments and agencies,

including State, DOD, DES, DOJ, the Office of the DNI, FBI,
CIA, NSA, the Treasury, DOE, and other relevant members of the
IC and sector-specific agencies; and

The Emergency Cyber Actions are consistent with the
U.S. Constitution and other applicable laws and policies of
the United States, including Presidential orders and
directives. (S/NF)


In addition, Emergency Cyber Actions that are intended or likely
to produce cyber effects within the United States (or otherwise
likely to adversely affect U.S. network defense activities or
U.S. networks) must be conducted:

Under the procedures and, as appropriate, criteria for
domestic operations previously approved by the President; and
Under circumstances that at the time of the Emergency Cyber
Action preclude the use of network defense, law enforcement,
or some form of DOD support to civil authorities that would
prevent the threatened imminent loss of life or significant
damage. (S/NF)


Department and agency heads shall report Emergency Cyber Actions
to the President through the National Security Advisor as soon
as feasible. If the coordination specified above is not
practicable in the available time, then notification shall occur
after the fact as soon as possible to inform subsequent whole-
of-government response and recovery activities. (S/NF)

Until such time as any additional criteria for domestic
operations are approved by the President, authorization by
department and agency heads for Emergency Cyber Actions that are
intended or likely to produce cyber effects within the United
States (or otherwise likely to adversely affect U.S. network
defense activities or U.S. networks) shall be granted only if
the President has provided prior approval for such activity, or
circumstances at the time do not permit obtaining prior approval
from the President and such actions are conducted within the
other constraints defined above. (S/NF)

VI. Process (U)

The National Security Staff (NSS) shall formalize the functions
of the Cyber Operations Policy Working Group (COP-WG) as the
primary United States Government forum below the level of an
Interagency Policy Committee (IPC) for integrating DCEO or OCEO
policy, including consideration of exceptions or refinements to
the principles of this directive. The COP-WG shall work with
other elements of the policy community as appropriate to the
geographic or functional context of the DCEO- or OCEO~related
policy discussion at the earliest opportunity. The COP-WG is
not an operational group, but will address policy issues related
to the conduct of operations raised by departments and agencies
or the NSS. (S/NF)

Departments and agencies shall work through the to raise
unresolved or ambiguous policy questions in an integrated IPC
meeting of all appropriate national and economic security
stakeholders. The NSS shall use existing channels to elevate
any unresolved policy conflicts to the Deputies and Principals
Committees, as appropriate. (C/NF)

Departments and agencies shall continue to use existing
operational processes for cyber operations, except as those
processes are modified by or under this directive. Other types
of operations that are supported or enabled by cyber operations
shall use their existing operational processes. This continued
use of existing operational processes applies, for example, to
operations conducted under military orders that authorize DCEO
or OCEO, including clandestine preparatory activities. (C/NF)

Departments and agencies, during planning for proposed cyber
operations, shall use established processes [6] to coordinate and
deconflict with other organizations -- including, as appropriate,
State, DOD, DOJ, DES, members of the IC, and relevant sector-
specific agencies -- and obtain any other approvals required
under applicable policies, except as those processes are
modified by or under this directive. Departments and agencies
shall modify or enhance these processes as future circumstances
dictate. (S/NF)

Departments and agencies shall coordinate DCEO and OCEO with
State and Chiefs of Station or their designees in countries
where DCEO or OCEO are conducted or cyber effects are expected
to occur. (S/NF)


Coordination of DCEO and OCEO with network defense efforts shall
be sufficient to enable a whole-of-government approach to the
protection of U.S. national interests and shall identify
potential implications of proposed DCEO and OCEO for U.S.
networks, including potential adversary responses or unintended
consequences of U.S. operations for which the United States
Government or the private sector would need to prepare. This
coordination shall occur in a manner consistent with operational
security requirements and the protection of intelligence
sources, methods, and activities.

Toward this end of ensuring a unified whole-of-government
approach, departments and agencies shall coordinate and
deconflict DCEO and OCEO with network defense efforts of other
departments and agencies as appropriate. (S/NF)

In addition, DCEO and OCEO with potential implications for
U.S. networks shall be deconflicted as appropriate and
coordinated with DHS, appropriate law enforcement agencies,
and relevant sector-specific agencies. (S/NF)

The United States Government shall make all reasonable efforts
to identify and notify, as appropriate, private sector
entities that could be affected by DCEO and OCEO.
(S/NF)


Policy Criteria (U)

Policy deliberations for DCEO and OCEO shall consider, but not
be limited to, the following criteria:

Impact: The potential threat from adversary actions or the
potential benefits, scope, and recommended prioritization of
proposed U.S. operations as compared with other approaches --
including, as appropriate, network defense by the
United States Government or private sector network operators;

Risks: Assessments of intelligence gain or loss, the risk of
retaliation or other impacts on U.S. networks or interests
(including economic), impact on the security and stability of
the Internet, and political gain or loss to include impact on
foreign policies, bilateral and multilateral relationships
(including Internet governance), and the establishment of
unwelcome norms of international behavior;

Methods: The intrusiveness, timeliness, efficiency, capacity,
and effectiveness of operational methods to be employed;

Geography and Identity: Geographic and identity aspects of
the proposed activity, including the location of operations
and the resulting effects, the identity of network owners and
users that will be affected, and the identity or type -- when
known -- of adversaries to be countered or affected by U.S.
operations;

Transparency: The need for consent or notification of network
or computer owners or host countries, the potential for impact
on U.S. persons and U.S. private sector networks, and the need
for any public or private communications strategies before or
after an operation; and

Authorities and Civil Liberties: The available authorities
and procedures and the potential for cyber effects inside the
United States or against U.S. persons. (S/NF)


Policy decisions shall be broad enough and include rationales in
order to provide guidelines and direction for future proposals
with the same operational and risk parameters.

Annex: Implementation (U)

Departments and agencies shall establish necessary Capabilities
and procedures for appropriate and timely implementation of DCEO
and OCEO policies in the national interest.

Policy Process (U)

Departments and agencies shall, as appropriate, conduct DCEO
and OCEO in accordance with the principles set forth in this
directive and shall bring forward to the COP-WG situations
that require policy discussion, including considerations of
exceptions to those principles, using the policy criteria
described in this directive. [Action: All; ongoing] (C/NF)

The National Security Advisor, through the NSS, shall
establish and operate the COP-WG to serve as the entry point
for interagency deliberations of policy matters related to
DCEO and OCEO. [Action: ongoing] (C/NF)

The National Security Advisor, through the NSS, as needed,
shall use the existing policy escalation process through an
appropriate joint IPC-level group involving all stakeholders
for a given situation, the Deputies Committee, and the
Principals Committee. This process shall clarify the
application of the principles set forth in this directive to
specific operations, including consideration of exceptions or
refinements to those principles. [Action: NSS; ongoing] (C/NF)

The NSS, as needed, shall lead reviews by appropriate
departments and agencies of legal issues associated with DCEO
and OCEO. The NSS shall refer legal questions to the chief
legal officers of the appropriate departments or agencies or
to DOJ for resolution of interagency disagreements or as
otherwise appropriate. [Action: ongoing] (C/NF)

The DNI shall continue to ensure, through appropriate policies
and procedures, the deconfliction, coordination, and
integration of all IC cyber operations and serve as the EC
focal point for strategic planning and policy coordination
related to cyber operations, both within the EC and with other
departments and agencies in interagency coordination
processes. [Actionz ongoing]


Policy Reviews and Preparation (U)

The Office of the DNI, in coordination with appropriate
departments and agencies, shall prepare a classification guide
for departments and agencies to use in the implementation of
the policies in this directive. [Action: Office of the
2 months after directive approval] (U) (C/NF)

The National Security Advisor, through the NSS, shall lead an
interagency review of the United States Government's
communications strategy: including public affairs guidance,
regarding DCEO and OCEO. Pending approval of this strategy by
the Deputies Committee, the United States Government's public
posture on related matters shall be: "All United States
Government activities in cyberspace are consistent with the
principles stated in the May 2011 International Strategy for
Cyberspace."
[Action: NSS report to Deputies; 1 month after
directive approval] (C/NF)

The National Security Advisor, through the NSS, shall work
with the Secretaries of Defense, State, and Homeland Security,
the AG, the DNI, relevant IC and sector-specific agencies, and
other heads of departments and agencies as appropriate to
develop for the conduct of Emergency Cyber Actions, as set
forth in this directive -- in addition to the previously cited
procedures and, as appropriate, domestic criteria to be
approved by the President -- detailed concepts of operation,
supporting processes, communications capabilities, exercises,
and training. In addition, the NSS -- working with these same
departments and agencies shall, as necessary, develop for
Presidential approval procedures and criteria for DCEO to be
conducted in response to malicious cyber activity. [Action:
NSS update on implementation to Deputies; 3 months after
directive approval] (TS/NF)

The Secretary of Defense, the DNI, and the Director of the CIA
in coordination with the AG, the Secretaries of State and
Homeland Security, and relevant IC and sector-specific
agencies shall prepare for approval by the President through
the National Security Advisor a plan that identifies potential
systems, processes, and infrastructure against which the
United States should establish and maintain OCEO capabilities;
proposes circumstances under which OCEO might be used; and
proposes necessary resources and steps that would be needed
for implementation, review, and updates as U.S. national
security needs change. [Action: DOD, Office of the DNI, and
CIA update to Deputies on scope of plans; 6 months after
directive approval] (TS/NF)

The Secretary of Defense and other department and agency heads
as appropriate -- in coordination with the Secretary of
Homeland Security shall develop and
maintain a flexible, agile capability for the purpose of using
DCEO to defend U.S. networks consistent with the provisions
set forth in this directive. [Action: DOD and others;
ongoing] (C/NF)

The Secretary of Defense -- in coordination with the
Secretaries of Homeland Security, Commerce, and State, the AG,
the DNI, and relevant IC and sectorwspecific agencies shall
develop a multi-phase plan to be approved by the Deputies
Committee for testing, reviewing, and implementing NDCM. The
plan shall be subjected to legal review and address
authorities, technical feasibility, operational risks, and
coordination procedures. [Action: DOD present first phase of
plans to Deputies; 2 months after directive approval] (S/NF)

The AG and the DNI -- in
collaboration with the Secretaries of
Defense, State, Commerce, and Homeland Security, and relevant
IC and sector-specific agencies shall develop a multi-phase
plan to be approved by the Deputies Committee for a test of
the applicability and efficacy of counterintelligence
authorities in the conduct of DCEO. The plan shall be
subjected to legal review and address technical feasibility,
operational risks, and coordination procedures. [Action: D0J
and Office of the DNI present first phase of plans to
Deputies; 2 months after directive approval] (S/NF)

The Secretaries of Defense and Homeland Security, the DNI, the
AG, and the Director of the CIA in collaboration as
appropriate with the Secretaries of State and Commerce and the
heads of relevant IC and sector-specific agencies shall
develop proposals to be approved by the President through the
National Security Advisor to ensure that a necessary framework
of proposed options, roles, and levels of delegation is in
place for the use of all appropriate United States Government
DCEO and OCEO capabilities to advance and defend U.S. national
interests, including actions taken in response to indications
of imminent threat or when the United States or the Internet
is subjected to a debilitating attack. This framework shall
consider how cyber operations capabilities will complement
other United States Government cyber capabilities, including
network defense and law enforcement. [Action: DOD, DHS, DOJ,
Office of the DNI, and CIA update to Deputies; 6 months after
directive approval] (S/NF)

Department and agency heads conducting DCEO or OCEO covered
under this directive shall report annually on the use and
effectiveness of operations of the previous year to the
President through the National Security Advisor. [Action:
relevant departments and agencies; ongoing until otherwise
directed] (S/NF)

Foundation Building (U)

The DNI, working with appropriate departments and agencies,
shall continue to lead interagency efforts to improve
intelligence collection in support of DCEO and OCEO, including
under conditions when Internet infrastructure is significantly
degraded. These efforts shall include an enhanced process for
sharing intelligence-based cyber threat information with the
private sector and international partners in the interest of
minimizing the need for DCEO.
The DNI shall identify needed
investments -- including in research and development, testing,
and evaluation -- to help develop intelligence capabilities in
support of DCEO and OCEO. [Action: Office of the
ongoing] (S/NF)

The Secretary of State -- in coordination with the Secretaries
of Defense and Homeland Security, the AG, the DNI, and others
as appropriate shall continue to lead efforts to establish
an international consensus around norms of behavior in
cyberspace to reduce the likelihood of and deter actions by
other nations that would require the United States Government
to resort to DCEO. [Action: State; ongoing] (C/NF)

The AG -- through the FBI and in coordination as appropriate
with DHS, appropriate elements of the EC, and other
departments and agencies - shall continue to identify,
investigate, mitigate, and disrupt malicious cyber activity in
the interest of minimizing the need for DCEO. The AG, through
the National Cyber Investigative Joint Task Force, shall lead
related interagency efforts by integrating, sharing,
coordinating, and collaborating on counterintelligence,
counterterrorism, intelligence, and law enforcement
information from member organizations concerning
investigations of malicious cyber activity in order to
facilitate the use of all available authorities to address
such threats. These activities shall be coordinated with
other entities and the private sector as appropriate.
[Action: ongoing] (C/NF)

The Secretaries of State, Defense, Homeland Security, and
Commerce -- along with the AG, the DNI, and others as
appropriate shall continue to advance interagency efforts
with international partners to increase their cyber capacities
for self protection and, where appropriate, to facilitate
cooperative defense of cyberspace in the interest of
minimizing the need for DCEO. The partnerships shall include
application of not only improvements to network defenses, but
also sharing -- as appropriate and consistent with operational
security requirements and the protection of intelligence
sources, methods, and activities -- of DCEO-related
information, tools, and methods consistent with the provisions
set forth in this directive, the National Disclosure Policy,
and with U.S. national interests. [Action: State, DOD, DHS,
DOC, and Office of the ongoing] (C/NF)

The Secretary of Homeland Security in coordination with the
Secretaries of Defense and Commerce, the AG, the DNI, and the
heads of relevant sector-specific agencies -- shall continue to
lead interagency efforts to develop partnerships with other
levels of government and the private sector to increase the
nation's cyber capacities for self protection and, where
appropriate, to facilitate cooperative efforts to secure
cyberspace in the interest of minimizing the need for DCEO.

[Action: ongoing] (C/NF)

_______________

Notes:

1. As these terms are used in on "Critical Infrastructure,
Identification, Prioritization, and Protection" from December 17, 2003. (U)

2 referred to operations with significant consequences as "sensitive
offensive cyber operations."

3 Human intelligence operations undertaken via the Internet.

4 As defined by the Joint Dictionary 1-02, "Department of Defense Dictionary
of Military and Associated Terms" (as amended through February 15, 2012):
military action involving the use of electromagnetic or directed energy to
control the electromagnetic spectrum or to attack the enemy. Electronic
warfare consists of three divisions: electronic attack, electronic
protection, and electronic warfare support. (U)

5 As defined in on "National Continuity Policy" of May 9,
2007. (U)

6 Including the May 9, 2007, "Trilateral Memorandum of Agreement (MOA) among
the Department of Defense and the Department of Justice and the Intelligence
Community Regarding Computer Network Attack and Computer Network Exploitation
Activities," and other operational Coordination processes that exist between
departments and agencies. (S/NF)
admin
Site Admin
 
Posts: 36125
Joined: Thu Aug 01, 2013 5:21 am

Re: Inside Washington's Quest to Bring Down Edward Snowden

Postby admin » Wed Nov 25, 2015 1:33 am

Senate Approves Major Changes to Surveillance Laws in Passing USA Freedom Act
By VICE News
June 2, 2015

NOTICE: THIS WORK MAY BE PROTECTED BY COPYRIGHT

YOU ARE REQUIRED TO READ THE COPYRIGHT NOTICE AT THIS LINK BEFORE YOU READ THE FOLLOWING WORK, THAT IS AVAILABLE SOLELY FOR PRIVATE STUDY, SCHOLARSHIP OR RESEARCH PURSUANT TO 17 U.S.C. SECTION 107 AND 108. IN THE EVENT THAT THE LIBRARY DETERMINES THAT UNLAWFUL COPYING OF THIS WORK HAS OCCURRED, THE LIBRARY HAS THE RIGHT TO BLOCK THE I.P. ADDRESS AT WHICH THE UNLAWFUL COPYING APPEARED TO HAVE OCCURRED. THANK YOU FOR RESPECTING THE RIGHTS OF COPYRIGHT OWNERS.


The US Senate voted Tuesday in favor of passing the USA Freedom Act, which will replace key parts of controversial legislation that had allowed the government to conduct a mass surveillance program — largely unchecked — since the 9/11 attacks.

The 67-32 Senate vote came two days after key controversial pieces of the USA PATRIOT ACT expired, temporarily halting the government's contested anti-terror surveillance measures.

The House already voted on the Freedom Act, and it is now before President Barack Obama, who is expected to speedily give his seal of approval. Certain provisions in the Act mandate the phasing out of the National Security Agency's (NSA) bulk phone records collection program over the next six months.

The new, more restrictive legislation instead will allow officials to access phone records, which will remain with phone companies, as long as the agency has a search warrant.

The American Civil Liberties Union Tuesday praised the Senate vote on the Freedom Act, calling its passage a "milestone."

"This is the most important surveillance reform bill since 1978, and its passage is an indication that Americans are no longer willing to give the intelligence agencies a blank check," the ACLU's Legal Director Jameel Jaffer said in a statement. "It's a testament to the significance of the Snowden disclosures and also to the hard work of many principled legislators on both sides of the aisle. Still, no one should mistake this bill for comprehensive reform."

"The bill leaves many of the government's most intrusive and overbroad surveillance powers untouched, and it makes only very modest adjustments to disclosure and transparency requirements," he added.


Senate Republican leaders had initially attempted to block the Act's passage, but relented after proposed amendments to the House's bill failed.

Related: With a Deadline Looming, the Fate of the PATRIOT Act Is in Limbo

The Associated Press contributed to this report
admin
Site Admin
 
Posts: 36125
Joined: Thu Aug 01, 2013 5:21 am

Re: Inside Washington's Quest to Bring Down Edward Snowden

Postby admin » Wed Nov 25, 2015 1:44 am

Keith Alexander Unplugged: on Bush/Obama, 1.7 million stolen documents and other matters
by Glenn Greenwald
May 8, 2014

NOTICE: THIS WORK MAY BE PROTECTED BY COPYRIGHT

YOU ARE REQUIRED TO READ THE COPYRIGHT NOTICE AT THIS LINK BEFORE YOU READ THE FOLLOWING WORK, THAT IS AVAILABLE SOLELY FOR PRIVATE STUDY, SCHOLARSHIP OR RESEARCH PURSUANT TO 17 U.S.C. SECTION 107 AND 108. IN THE EVENT THAT THE LIBRARY DETERMINES THAT UNLAWFUL COPYING OF THIS WORK HAS OCCURRED, THE LIBRARY HAS THE RIGHT TO BLOCK THE I.P. ADDRESS AT WHICH THE UNLAWFUL COPYING APPEARED TO HAVE OCCURRED. THANK YOU FOR RESPECTING THE RIGHTS OF COPYRIGHT OWNERS.


Image

The just-retired long-time NSA chief, Gen. Keith Alexander, recently traveled to Australia to give a remarkably long and wide-ranging interview with an extremely sycophantic “interviewer” with The Australian Financial Review. The resulting 17,000-word transcript and accompanying article form a model of uncritical stenography journalism, but Alexander clearly chose to do this because he is angry, resentful, and feeling unfairly treated, and the result is a pile of quotes that are worth examining, only a few of which are noted below:

AFR: What were the key differences for you as director of NSA serving under presidents Bush and Obama? Did you have a preferred commander in chief?

Gen. Alexander:
Obviously they come from different parties, they view things differently, but when it comes to the security of the nation and making those decisions about how to protect our nation, what we need to do to defend it, they are, ironically, very close to the same point. You would get almost the same decision from both of them on key questions about how to defend our nation from terrorists and other threats.


The almost-complete continuity between George W. Bush and Barack Obama on such matters has been explained by far too many senior officials in both parties, and has been amply documented in far too many venues, to make it newsworthy when it happens again. Still, the fact that one of the nation’s most powerful generals in history, who has no incentive to say it unless it were true, just comes right out and states that Bush and The Candidate of Change are “very close to the same point” and “you would get almost the same decision from both of them on key questions” is a fine commentary on a number of things, including how adept the 2008 Obama team was at the art of branding.

The fact that Obama, in 2008, specifically vowed to his followers angered over his campaign-season NSA reversal that he possessed “the firm intention — once I’m sworn in as president — to have my Attorney General conduct a comprehensive review of all our surveillance programs, and to make further recommendations on any steps needed to preserve civil liberties and to prevent executive branch abuse in the future” only makes that point a bit more vivid.

AFR: Can you now quantify the number of documents [Snowden] stole?

Gen. Alexander:
Well, I don’t think anybody really knows what he actually took with him, because the way he did it, we don’t have an accurate way of counting. What we do have an accurate way of counting is what he touched, what he may have downloaded, and that was more than a million documents.


It’s hard to recall a better and clearer example of how mindless and uncritical the American media is when it comes to the unproven pronouncements of the U.S. Government. Back in December, 60 Minutes broadcast a now-notorious segment of pure access journalism in which they gullibly disseminated one false NSA claim after the next in exchange for being given exclusive(!) access to a few Secret and Exciting Rooms inside the agency’s headquarters. The program claimed that Snowden “is believed to still have access to 1.5 million classified documents he has not leaked”. On its Twitter account, 60 Minutes made this claim to promote its show:

How Edward Snowden managed to steal an alleged 1.7 million documents from the NSA. Sunday: http://t.co/gbrIu5yMcc

— 60 Minutes (@60Minutes) December 13, 2013


Mike McConnell, the vice chairman of Booz Allen and former Director of National Intelligence in the Bush administration, then claimed that “Snowden absconded with 1.7 million to 1.8 million documents.”

Ever since then, that Snowden “stole” 1.7 or 1.8 million documents from the NSA has been repeated over and over again by US media outlets as verified fact. The Washington Post‘s Walter Pincus, citing an anonymous official source, purported to tell readers that “among the roughly 1.7 million documents he walked away with — the vast majority of which have not been made public — are highly sensitive, specific intelligence reports”. Reuters frequently includes in its reports the unchallenged assertion that “Snowden was believed to have taken 1.7 million computerized documents.” Just this week, the global news agency told its readers that “Snowden was believed to have taken 1.7 million computerized documents.”

In fact, that number is and always has been a pure fabrication, as even Keith Alexander admits. The claimed number has changed more times than one can count: always magically morphing into randomly chosen higher and scarier numbers. The reality, in the words of the General, is that the US Government “really [doesn’t] know[] what he actually took with him” and they “don’t have an accurate way of counting”. All they know is how many documents he accessed in his entire career at NSA, which is a radically different question from how many documents he took. But that hasn’t stopped American media outlets from repeatedly affirming the inflammatory evidence-free claim that Snowden took 1.7 million documents. As usual, even the most blatantly unreliable claims from National Security State officials are treated as infallible papal pronouncements by our Adversarial Watchdog Press.

There’s an equally vital point made by Alexander’s admission. The primary defense of the NSA and its defenders is that one need not worry about the staggering sums of data they collect because they have implemented very rigorous oversight mechanisms and controls that prevent abuse. Yet Edward Snowden spent months downloading a large amount of highly sensitive documents right under their noses. And not only did they have no idea that he was doing it, but now – even after spending large sums of money to find out – they are still completely incapable of learning which documents he took or even how many he took. Does that at all sound like a well-managed, tightly controlled system that you can trust to safeguard your most personal data and to detect and prevent abuse of this system by the tens of thousands of people who have access to it?

AFR: What is your personal opinion on the decision to award a Pulitzer Prize to the Guardian and Washington Post newspapers for their “revelation of widespread secret surveillance by the National Security Agency, helping through aggressive reporting to spark a debate about the relationship between the government and the public over issues of security and privacy”?

Gen. Alexander:
I’m greatly disappointed that we have rewarded those who have put so many lives at risk. I think that’s the best way to say that. . . . At the end of the day, I believe peoples’ lives will be lost because of the Snowden leaks because we will not be able to protect them with capabilities that were once effective but are now being rendered ineffective because of these revelations.


There are few things in life more ironic than being accused by U.S. Generals, including those who participated in the war in Iraq, of being responsible for the loss of lives. For that sort of irony, nothing will beat that episode where the US Pentagon chief and Chairman of the Joint Chiefs of Staff announced that WikiLeaks – not themselves, but WikiLeaks – has “blood on its hands” by virtue of publishing documents about the U.S. war in Afghanistan. In the world of the U.S. National Security State and its loyal media, those who go around the world killing innocent people over and over are noble and heroic, while those who report on what they do are the ones with “blood on their hands”.

But what makes this claim so remarkable is how often it is made and how false it always turns out to be. The accusation about WikiLeaks was ultimately demonstrated to be false. The same was true of the identical claim made about NSA whistleblower Thomas Drake, and the leaker who exposed the Bush-era warrantless eavesdropping program, and Pentagon Papers leaker Daniel Ellsberg, and virtually every other person who has brought unwanted transparency to what the U.S. Government is doing in the dark. But accusing whistleblowers and journalists of causing the deaths of innocent people is a tactic people like Gen. Alexander continue to embrace because it’s virtually never pointed out by our stalwart media how many times that claim has been proven to be an utter fabrication.

* * * * *

The release date for my book on the NSA, privacy, and our reporting of the surveillance story, No Place to Hide, is next Tuesday, May 13, at which time all of the previously unpublished NSA documents that are reported on in the book will be placed online, with free access, at the book’s website.
admin
Site Admin
 
Posts: 36125
Joined: Thu Aug 01, 2013 5:21 am

Re: Inside Washington's Quest to Bring Down Edward Snowden

Postby admin » Wed Nov 25, 2015 1:52 am

WikiLeaks 'has blood on its hands' over Afghan war logs, claim US officials
by David Leigh
July 30. 2010

NOTICE: THIS WORK MAY BE PROTECTED BY COPYRIGHT

YOU ARE REQUIRED TO READ THE COPYRIGHT NOTICE AT THIS LINK BEFORE YOU READ THE FOLLOWING WORK, THAT IS AVAILABLE SOLELY FOR PRIVATE STUDY, SCHOLARSHIP OR RESEARCH PURSUANT TO 17 U.S.C. SECTION 107 AND 108. IN THE EVENT THAT THE LIBRARY DETERMINES THAT UNLAWFUL COPYING OF THIS WORK HAS OCCURRED, THE LIBRARY HAS THE RIGHT TO BLOCK THE I.P. ADDRESS AT WHICH THE UNLAWFUL COPYING APPEARED TO HAVE OCCURRED. THANK YOU FOR RESPECTING THE RIGHTS OF COPYRIGHT OWNERS.


• Defence secretary describes leak as 'potentially dangerous'
• 'Loose' intelligence policy in US army to be reviewed

Image
Julian Assange said WikiLeaks tried to follow a request to redact some names but the US refused to help. Photograph: Linda Nylind for the Guardian Linda Nylind/Guardian

WikiLeaks and its editor-in-chief, Julian Assange, have come under attack from US officials and their allies for potentially endangering informants and troops in Afghanistan by posting the texts of thousands of leaked war logs.

The US defence secretary, Robert Gates, claimed in Washington: "The battlefield consequences are potentially severe and dangerous for our troops, our allies and Afghan partners, and may well damage our relationships and reputation in that key part of the world."

Gates said sensitive intelligence which could endanger informants had been widely distributed down to junior level in the US army, in a loose policy which might now have to be reconsidered.

"We endeavour to push access to sensitive battlefield information down to where it is most useful – on the front lines – where as a practical matter there are fewer restrictions and controls than at rear headquarters," he said. "In the wake of this incident, it will be a real challenge to strike the right balance between security and providing our frontline troops the information they need."

Admiral Mike Mullen, who chairs the joint chiefs of staff, said: "Mr Assange can say whatever he likes about the greater good he thinks he and his source are doing, but the truth is they might already have on their hands the blood of some young soldier or that of an Afghan family."

The Afghan president, Hamid Karzai, called the disclosure of the names of Afghans who had co-operated with Nato and US forces "irresponsible and shocking". He said in Kabul: "Whether those individuals acted legitimately or illegitimately in providing information to the Nato forces, their lives will be in danger."

WikiLeaks withheld some 15, 000 intelligence reports to protect informants. But some of the posted texts contain details of Afghans who have dealt with the coalition.

Assange said today that they had tried to comply with a private White House request to redact the names of informants before publication. But the US authorities had refused to assist them.

He said in a statement: "Secretary Gates speaks about hypothetical blood, but the grounds of Iraq and Afghanistan are covered with real blood."

Thousands of children and adults had been killed and the US could have announced a broad inquiry into these killings, "but he decided to treat these issues with contempt''.

He said: "This behaviour is unacceptable. We will continue to expose abuses by this administration and others."

Meanwhile, both US and UK authorities remained silent about the disclosures in the 92,000 war log files that hundreds of civilians have been killed or wounded by coalition forces in unreported or previously under-reported incidents. The Ministry of Defence withdrew promises to make an official statement about US allegations that two units of British troops had caused exceptional loss of civilian life.

MoD sources said that at least 15 of the 21 alleged cases had now been confirmed, but they were unable to say what investigations had subsequently taken place, or when they would now make a statement.

A detachment of the Coldstream Guards was newly arrived in Kabul when innocent civilians were shot on four separate occasions in October-November 2007.

Several different companies of Royal Marine commands are alleged to have shot civilians who came "too close" to convoys or patrols on eight occasions in Helmand province during the six-month period ending in March 2008.

Sources said that the then Labour foreign secretary, David Miliband, was so concerned about civilian deaths that he helped push forward a UN resolution in 2008, setting up an UN system to monitor such casualties.

But it does not function effectively, according to the independent Human Rights Watch. The United Nations Assistance Mission in Afghanistan reported 828 civilian deaths in 2008, thanks to "pro-government forces", saying force protection incidents, "are of continuing concern", where innocent drivers, car passengers or motorcyclists, are shot by passing troops.

The US authorities are concentrating their firepower on leakers and their friends. Gates said the FBI had been called in to widen the criminal investigation into Private Bradley Manning, who is in military custody charged with leaking a classified video showing Apache pilots gunning down two Reuters cameramen in Baghdad who they believed might be insurgents.

Manning is being moved from a military jail in Kuwait to Quantico, Virginia, and the FBI will now be able to investigate civilians such as Assange, for possible conspiracy offences. Assange's whereabouts were unknown today.

• This article was amended on 2 August 2010. The original referred to Qauntico, Maryland. This has been corrected.
admin
Site Admin
 
Posts: 36125
Joined: Thu Aug 01, 2013 5:21 am

Next

Return to A Growing Corpus of Analytical Materials

Who is online

Users browsing this forum: No registered users and 23 guests