DOCSLIB.ORG

New Threat Models for Cryptography 3 August 2016 Bart Preneel

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

New Threat Models for Cryptography 3 August 2016 Bart Preneel National Security Agency cryptologic intelligence agency of the USA DoD – collection and analysis of foreign communications and foreign signals intelligence New Threat Models – protecting government communications and information systems for Cryptography Bart Preneel COSIC KU Leuven and iMinds, Belgium Bart.Preneel(at)esat.kuleuven.be 3 August 2016 © KU Leuven COSIC, Bart Preneel 1 2 3 4 NSA calls the iPhone users public 'zombies' who pay for their own surveillance NSA: “Collect it all, know it all, exploit it all” www.wired.com 5 6 1 New Threat Models for Cryptography 3 August 2016 Bart Preneel Outline Snowden revelations most capabilities could have been extrapolated from open sources • Snowden revelation: the essentials But still… • Going after crypto massive scale and impact (pervasive) • Impact on systems research and policy level of sophistication both organizational and technical – redundancy: at least 3 methods to get to Google’s data – many other countries collaborated (beyond five eyes) – industry collaboration through bribery, security letters*, … • including industrial espionage undermining cryptographic standards with backdoors (Bullrun) … and also the credibility of NIST 7 * Impact of security letters reduced by Freedom Act (2 June 2015) 8 Snowden revelations (2) Most spectacular: active defense • networks – Quantum insertion: answer before the legitimate website – inject malware in devices • devices – malware based on backdoors and 0-days (FoxAcid) – supply chain subversion Translation in human terms: complete control of networks and systems, including bridging the air gaps No longer deniable Oversight weak 9 10 Rule #1 of cryptanalysis: Where do you find plaintext? SSO: Special Source Operations search for plaintext [B. Morris] 1. PRISM (server) 2. Upstream (fiber) AliceEve/NSA Bob CRY Clear Clear CRY Clear Clear PTO PTO text text text text BOX BOX Tempora 11 12 2 New Threat Models for Cryptography 3 August 2016 Bart Preneel 3. Traffic data (meta data) (DNR) TEMPORA architecture (1) Gain “access” to raw content: intercept (cable, satellite), hack, buy, ask. traffic data is not plaintext itself, but it is very informative Turbulence 3 days:125 Petabyte Tempora/Xks • who talks to whom from where and with which device (US$ 200M) • URLs of websites • locations of devices (2) “Selector” based Ring (3) Standard MetaMeta- “promotion” Queries • it allows to map networks and identify social relations Buffer Data Selectors (4) “Map Reduce” 4. Client systems (TAO) Target Queries Selectors Promoted Traffic Promoted Enrichment hack the client devices Signals Intelligence Traffic Promoted • use unpatched weaknesses (disclosed by vendors Queries Translation, or by update mechanism?) Target Collation, • sophisticated malware Selectors Long Term Intel. Database Analysis, products 13 Slide credit: George Danezis, UCL * Tempora ~ Deep Dive Xkeyscore (NSA) 14 Which questions can one answer with mass surveillance systems/bulk data collection? NSA is not alone Tempora (GCHQ) ~ Deep Dive Xkeyscore (NSA) • I have one phone number – find all the devices of this person, his surfing behavior, the location where he has travelled to and his closest collaborators • Find all Microsoft Excel sheets containing MAC addresses in Belgium • Find all exploitable machines in Panama • Find everyone in Austria who communicates in French and who use OTR or Signal BND has spied on EU (incl. German) companies and targets in exchange for access to these systems 15 16 Mass Surveillance panopticon If data is the new oil, data mining yields the rocket fuel [Jeremy Bentham, 1791] industry discrimination fear conformism - stifles dissent oppression and abuse users government 17 18 3 New Threat Models for Cryptography 3 August 2016 Bart Preneel Lessons learned Outline Economy of scale Never underestimate a motivated, well-funded and competent attacker • Snowden revelation: the essentials Pervasive surveillance requires pervasive collection and active • Going after crypto attacks (also on innocent bystanders) Active attacks undermines integrity of and trust in computing • Impact on systems research and policy infrastructure Emphasis moving from COMSEC to COMPUSEC (from network security to systems security) Need for combination of industrial policy and non-proliferation treaties 19 20 NSA foils much internet encryption If you can’t get the plaintext NYT 6 September 2013 The National Security Agency is winning its long- running secret war on encryption, using AliceEve/NSA Bob supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine CRY CRY %^C& %^C& Clear the major tools protecting the privacy of Clear PTO PTO @&^( @&^( text everyday communications in the Internet age text BOX BOX [Bullrun] Ask for the key! 21 22 Find the Private Key (Somehow) Asking for the key • Logjam: TLS fallback to 512-bit export control legacy • (alleged) examples – through security letters? systems • Lavabit email encryption • 1024-bit RSA and Diffie-Hellman widely used default • CryptoSeal Privacy VPN option not strong enough • SSL/TLS servers of large companies? • GCHQ Flying Pig program • Silent Circle email? • Truecrypt?? [Adrian+] Imperfect Forward Secrecy: How Diffie- Source: SSL Pulse Hellman Fails in Practice, CCS 2015 23 24 4 New Threat Models for Cryptography 3 August 2016 Bart Preneel If you can’t get the private key, If you can’t get the key substitute the public key 12M SSL/TLS servers make sure that the key is generated using a fake SSL certificates or SSL person-in-the-middle as random number generator with trapdoor commercial product or government attack – 650 CA certs trustable by common systems Pseudo- – Comodo, Diginotar, Turktrust, ANSSI, China Internet Network Information Center (CNNIC), Symantec random – Flame: rogue certificate by cryptanalysis seed number live since November 2015 generator https://letsencrypt.org/isrg/ (PRNG) [Holz+] TLS in the Wild, NDSS 2016 trapdoor allows to predict keys [Stevens] Counter-cryptanalysis, Crypto’13 25 26 Dual_EC_DRBG Dual_EC_DRBG Dual Elliptic Curve Deterministic Random Bit Generator • 10 Sept. 2013, NYT: "internal memos leaked by a former NSA • ANSI and ISO standard contractor suggest that [..] the Dual EC DRBG standard […] • 1 of the 4 PRNGs in NIST SP 800-90A contains a backdoor for the NSA." • draft Dec. 2005; published 2006; revised 2012 • 16 Sept. 2013: NIST “strongly recommends" against the use of Dual_EC_DRBG, as specified in SP 800-90A (2012) • Two “suspicious” parameters P and Q • Nov. 2013: RSA’s BSAFE library chooses DUAL_EC as default • Many warnings and critical comments • Dec. 2015: Juniper announces Dual_EC problems for Netscreen • before publication [Gjøsteen05], [Schoenmakers-Sidorenko06] • 08: 6.2.r01 uses Dual_EC in a way it can be exploited • after publication [Ferguson-Shumov07] • 12: someone changed the backdoor (6.2.r015) Appendix: The security of Dual_EC_DRBG requires that the [Checkoway+] On the Practical Exploitability of Dual EC in TLS points P and Q be properly generated. To avoid using Implementations, Usenix Security 2014 potentially weak points, the points specified in Appendix A.1 [Checkoway+] A Systematic Analysis of the Juniper Dual EC Incident, should be used. Cryptology ePrint Archive, Report 2016/376 27 28 Cryptovirology [Young-Yung] NSA can (sometimes) break SSL/TLS, IPsec, SSH, PPTP, Skype http://www.cryptovirology.com/cryptovfiles/research.html end 2011: decrypt 20,000 VPN connections/hour • http://www.spiegel.de/international/germany/inside-the-nsa-s-war-on-internet-security-a-1010361.html • http://blog.cryptographyengineering.com/2014/12/on-new-snowden-documents.html 29 30 5 New Threat Models for Cryptography 3 August 2016 Bart Preneel Fighting cryptography Encryption to protect industry ~18.3B • Weak implementations: PRNG or more log10 • Going after keys 12 • Undermining standards 6.2B 6B 10 3B 2.4B • Cryptanalysis 250M 200M 200M 8 37M • Increase complexity of standards 6 • Export controls 4 • Hardware backdoors • Work with law enforcement to promote backdoor 2 access and data retention 0 31 © Bart Preneel 32 Not Encryption to protect user data ~12.5B end to (not meta data) Browser Outline end http:// https:// SSL Transport System log10 HTTP over SSL 12 • Snowden revelation: the essentials 6.3B 10 3.5B • Going after crypto 1B 700M 500M 500M 20- • Impact on systems research and policy 8 50M? 12 M 6 ? ? 4 2 0 Mobile Browsers WhatsApp iMessage Skype Harddisk IPsec SSL/TLS © Bart Preneel 33 34 COMSEC - Communication Security COMSEC - Communication Security meta data Secure channels: still a challenge Hiding communicating identities • authenticated encryption studied in CAESAR http://competitions.cr.yp.to/caesar.html – few solutions – need more Forward secrecy: Diffie-Hellman versus RSA – largest one is TOR with a few million users – well managed but known limitations Denial of service • e.g. security limited if user and destination are in same country Simplify internet protocols with security by default: DNS, BGP, TCP, IP, http, SMTP,… Location privacy: problematic 35 36 6 New Threat Models for Cryptography 3 August 2016 Bart Preneel COMSEC - Communication Security COMPUSEC - Computer Security Do not move problems to a single secret key Protecting data at rest – example: Lavabit email – well established solutions for local encryption: – solution: threshold cryptography; proactive cryptography Bitlocker, Truecrypt Do not move problems to the authenticity of a single public key – infrequently
Recommended publications
  • What Is Xkeyscore, and Can It 'Eavesdrop on Everyone, Everywhere'? (+Video) - Csmonitor.Com

    What Is Xkeyscore, and Can It 'Eavesdrop on Everyone, Everywhere'? (+Video) - Csmonitor.Com

    8/3/13 What is XKeyscore, and can it 'eavesdrop on everyone, everywhere'? (+video) - CSMonitor.com The Christian Science Monitor ­ CSMonitor.com What is XKeyscore, and can it 'eavesdrop on everyone, everywhere'? (+video) XKeyscore is apparently a tool the NSA uses to sift through massive amounts of data. Critics say it allows the NSA to dip into people's 'most private thoughts' – a claim key lawmakers reject. This photo shows an aerial view of the NSA's Utah Data Center in Bluffdale, Utah. The long, squat buildings span 1.5 million square feet, and are filled with super­ powered computers designed to store massive amounts of information gathered secretly from phone calls and e­mails. (Rick Bowmer/AP/File) By Mark Clayton, Staff writer / August 1, 2013 at 9:38 pm EDT Top­secret documents leaked to The Guardian newspaper have set off a new round of debate over National Security Agency surveillance of electronic communications, with some cyber experts saying the trove reveals new and more dangerous means of digital snooping, while some members of Congress suggested that interpretation was incorrect. The NSA's collection of "metadata" – basic call logs of phone numbers, time of the call, and duration of calls – is now well­known, with the Senate holding a hearing on the subject this week. But the tools discussed in the new Guardian documents apparently go beyond mere collection, allowing the agency to sift through the www.csmonitor.com/layout/set/print/USA/2013/0801/What-is-XKeyscore-and-can-it-eavesdrop-on-everyone-everywhere-video 1/4 8/3/13 What is XKeyscore, and can it 'eavesdrop on everyone, everywhere'? (+video) - CSMonitor.com haystack of digital global communications to find the needle of terrorist activity.
  • Advocating for Basic Constitutional Search Protections to Apply to Cell Phones from Eavesdropping and Tracking by Government and Corporate Entities

    Advocating for Basic Constitutional Search Protections to Apply to Cell Phones from Eavesdropping and Tracking by Government and Corporate Entities

    University of Central Florida STARS HIM 1990-2015 2013 Brave New World Reloaded: Advocating for Basic Constitutional Search Protections to Apply to Cell Phones from Eavesdropping and Tracking by Government and Corporate Entities Mark Berrios-Ayala University of Central Florida Part of the Legal Studies Commons Find similar works at: https://stars.library.ucf.edu/honorstheses1990-2015 University of Central Florida Libraries http://library.ucf.edu This Open Access is brought to you for free and open access by STARS. It has been accepted for inclusion in HIM 1990-2015 by an authorized administrator of STARS. For more information, please contact [email protected]. Recommended Citation Berrios-Ayala, Mark, "Brave New World Reloaded: Advocating for Basic Constitutional Search Protections to Apply to Cell Phones from Eavesdropping and Tracking by Government and Corporate Entities" (2013). HIM 1990-2015. 1519. https://stars.library.ucf.edu/honorstheses1990-2015/1519 BRAVE NEW WORLD RELOADED: ADVOCATING FOR BASIC CONSTITUTIONAL SEARCH PROTECTIONS TO APPLY TO CELL PHONES FROM EAVESDROPPING AND TRACKING BY THE GOVERNMENT AND CORPORATE ENTITIES by MARK KENNETH BERRIOS-AYALA A thesis submitted in partial fulfillment of the requirements for the Honors in the Major Program in Legal Studies in the College of Health and Public Affairs and in The Burnett Honors College at the University of Central Florida Orlando, Florida Fall Term 2013 Thesis Chair: Dr. Abby Milon ABSTRACT Imagine a world where someone’s personal information is constantly compromised, where federal government entities AKA Big Brother always knows what anyone is Googling, who an individual is texting, and their emoticons on Twitter.
  • Fast Elliptic Curve Cryptography in Openssl

    Fast Elliptic Curve Cryptography in Openssl

    Fast Elliptic Curve Cryptography in OpenSSL Emilia K¨asper1;2 1 Google 2 Katholieke Universiteit Leuven, ESAT/COSIC [email protected] Abstract. We present a 64-bit optimized implementation of the NIST and SECG-standardized elliptic curve P-224. Our implementation is fully integrated into OpenSSL 1.0.1: full TLS handshakes using a 1024-bit RSA certificate and ephemeral Elliptic Curve Diffie-Hellman key ex- change over P-224 now run at twice the speed of standard OpenSSL, while atomic elliptic curve operations are up to 4 times faster. In ad- dition, our implementation is immune to timing attacks|most notably, we show how to do small table look-ups in a cache-timing resistant way, allowing us to use precomputation. To put our results in context, we also discuss the various security-performance trade-offs available to TLS applications. Keywords: elliptic curve cryptography, OpenSSL, side-channel attacks, fast implementations 1 Introduction 1.1 Introduction to TLS Transport Layer Security (TLS), the successor to Secure Socket Layer (SSL), is a protocol for securing network communications. In its most common use, it is the \S" (standing for \Secure") in HTTPS. Two of the most popular open- source cryptographic libraries implementing SSL and TLS are OpenSSL [19] and Mozilla Network Security Services (NSS) [17]: OpenSSL is found in, e.g., the Apache-SSL secure web server, while NSS is used by Mozilla Firefox and Chrome web browsers, amongst others. TLS provides authentication between connecting parties, as well as encryp- tion of all transmitted content. Thus, before any application data is transmit- ted, peers perform authentication and key exchange in a TLS handshake.
  • Ashley Deeks*

    Ashley Deeks*

    ARTICLE An International Legal Framework for Surveillance ASHLEY DEEKS* Edward Snowden’s leaks laid bare the scope and breadth of the electronic surveillance that the U.S. National Security Agency and its foreign counterparts conduct. Suddenly, foreign surveillance is understood as personal and pervasive, capturing the communications not only of foreign leaders but also of private citizens. Yet to the chagrin of many state leaders, academics, and foreign citizens, international law has had little to say about foreign surveillance. Until recently, no court, treaty body, or government had suggested that international law, including basic privacy protections in human rights treaties, applied to purely foreign intelligence collection. This is now changing: Several UN bodies, judicial tribunals, U.S. corporations, and individuals subject to foreign surveillance are pressuring states to bring that surveillance under tighter legal control. This Article tackles three key, interrelated puzzles associated with this sudden transformation. First, it explores why international law has had so little to say about how, when, and where governments may spy on other states’ nationals. Second, it draws on international relations theory to argue that the development of new international norms regarding surveillance is both likely and essential. Third, it identifies six process-driven norms that states can and should adopt to ensure meaningful privacy restrictions on international surveillance without unduly harming their legitimate national security interests. These norms, which include limits on the use of collected data, periodic reviews of surveillance authorizations, and active oversight by neutral bodies, will increase the transparency, accountability, and legitimacy of foreign surveillance. This procedural approach challenges the limited emerging scholarship on surveillance, which urges states to apply existing — but vague and contested — substantive human rights norms to complicated, clandestine practices.
  • Downloads (‘High-Volume, Low-Value Traffic’).43 Reports with Regard to UK and German Programmes Also Cite the Use of ‘Selectors’ (E.G

    Downloads (‘High-Volume, Low-Value Traffic’).43 Reports with Regard to UK and German Programmes Also Cite the Use of ‘Selectors’ (E.G

    DIRECTORATE GENERAL FOR INTERNAL POLICIES POLICY DEPARTMENT C: CITIZENS' RIGHTS AND CONSTITUTIONAL AFFAIRS CIVIL LIBERTIES, JUSTICE AND HOME AFFAIRS NATIONAL PROGRAMMES FOR MASS SURVEILLANCE OF PERSONAL DATA IN EU MEMBER STATES AND THEIR COMPATIBILITY WITH EU LAW STUDY Abstract In the wake of the disclosures surrounding PRISM and other US surveillance programmes, this study makes an assessment of the large-scale surveillance practices by a selection of EU member states: the UK, Sweden, France, Germany and the Netherlands. Given the large-scale nature of surveillance practices at stake, which represent a reconfiguration of traditional intelligence gathering, the study contends that an analysis of European surveillance programmes cannot be reduced to a question of balance between data protection versus national security, but has to be framed in terms of collective freedoms and democracy. It finds that four of the five EU member states selected for in-depth examination are engaging in some form of large-scale interception and surveillance of communication data, and identifies parallels and discrepancies between these programmes and the NSA-run operations. The study argues that these surveillance programmes do not stand outside the realm of EU intervention but can be engaged from an EU law perspective via (i) an understanding of national security in a democratic rule of law framework where fundamental human rights standards and judicial oversight constitute key standards; (ii) the risks presented to the internal security of the Union as a whole as well as the privacy of EU citizens as data owners, and (iii) the potential spillover into the activities and responsibilities of EU agencies.
  • Digital Security for Activists

    Digital Security for Activists

    Training the Motivated: Digital Security for Activists Glencora Borradaile Kelsy Kretschmer Abstract School of Electrical Engineering School of Public Policy The state of global surveillance and the political and Computer Science Sociology Program environment has many activists caring more about their Oregon State University Oregon State University online security culture. We report on the initiation of a Corvallis, OR 97331, USA Corvallis, OR 97331, USA Digital Security for Activists program and a pilot study of an [email protected] [email protected] introductory seminar. Pre- and post-surveys of the seminar will form an initial assessment of what kind of intervention might increase the security practices of activists and to inform the design of program offerings. We report on the pre-surveys from three offerings of the seminar. Introduction In collaboration with the Civil Liberties Defense Center (CLDC), the first author had been offering informal digital security trainings for activists and their lawyers. After the fall elections in the U.S., requests for these trainings increased dramatically and shortly thereafter we launched a Digital Security for Activists (DSA) program. The DSA program’s intent is to align with the CLDC mission (“to defend and uphold civil liberties through education, outreach, litigation, legal support, and assistance”) and enable citizen activists to assert their constitutional rights while organizing online. Copyright is held by the author/owner. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee. Poster In order to provide trainings that are useful and effective, we presented at the 13th Symposium on Usable Privacy and Security (SOUPS 2017).
  • Dynamic Public Key Certificates with Forward Secrecy

    Dynamic Public Key Certificates with Forward Secrecy

    electronics Article Dynamic Public Key Certificates with Forward Secrecy Hung-Yu Chien Department of Information Management, National Chi Nan University, Nantou 54561, Taiwan; [email protected] Abstract: Conventionally, public key certificates bind one subject with one static public key so that the subject can facilitate the services of the public key infrastructure (PKI). In PKI, certificates need to be renewed (or revoked) for several practical reasons, including certificate expiration, private key breaches, condition changes, and possible risk reduction. The certificate renewal process is very costly, especially for those environments where online authorities are not available or the connection is not reliable. A dynamic public key certificate (DPKC) facilitates the dynamic changeover of the current public–private key pairs without renewing the certificate authority (CA). This paper extends the previous study in several aspects: (1) we formally define the DPKC; (2) we formally define the security properties; (3) we propose another implementation of the Krawczyk–Rabin chameleon-hash- based DPKC; (4) we propose two variants of DPKC, using the Ateniese–Medeiros key-exposure-free chameleon hash; (5) we detail two application scenarios. Keywords: dynamic public key certificate; chameleon signature; certificate renewal; wireless sensor networks; perfect forward secrecy 1. Introduction Citation: Chien, H.-Y. Dynamic Certificates act as the critical tokens in conventional PKI systems. With the trust Public Key Certificates with Forward of the CA, a
  • SSL Checklist for Pentesters

    SSL Checklist for Pentesters

    SSL Checklist for Pentesters Jerome Smith BSides MCR, 27th June 2014 # whoami whoami jerome • Pentester • Author/trainer – Hands-on technical – Web application, infrastructure, wireless security • Security projects – Log correlation – Dirty data – Incident response exercises • Sysadmin • MSc Computing Science (Dist) • www.exploresecurity.com | @exploresecurity Introduction • Broad review of SSL/TLS checks – Viewpoint of pentester – Pitfalls – Manually replicating what tools do (unless you told the client that SSL Labs would be testing them ) – Issues to consider reporting (but views are my own) • While SSL issues are generally low in priority, it’s nice to get them right! • I’m not a cryptographer: this is all best efforts SSLv2 • Flawed, e.g. no handshake protection → MITM downgrade • Modern browsers do not support SSLv2 anyway – Except for IE but it’s disabled by default from IE7 – That mitigates the risk these days – http://en.wikipedia.org/wiki/Transport_Layer_Security#W eb_browsers • OpenSSL 1.0.0+ doesn’t support it – Which means SSLscan won’t find it – General point: tools that dynamically link to an underlying SSL library in the OS can be limited by what that library supports SSLv2 • Same scan on different OpenSSL versions: SSLv2 • testssl.sh warns you – It can work with any installed OpenSSL version • OpenSSL <1.0.0 s_client -ssl2 switch – More on this later • Recompile OpenSSL – http://blog.opensecurityresearch.com/2013/05/fixing-sslv2-support- in-kali-linux.html • SSLyze 0.7+ is statically linked – Watch out for bug https://github.com/iSECPartners/sslyze/issues/73
  • Sicherheit in Kommunikationsnetzen (Network Security)

    Sicherheit in Kommunikationsnetzen (Network Security)

    Sicherheit in Kommunikationsnetzen (Network Security) Transport Layer Security Dr.-Ing. Matthäus Wander Universität Duisburg-Essen Transport Layer Security (TLS) PrivateTLS data Web browser Web server ∙ Cryptographic protocol ∘ Provides security on top of reliable transport (TCP) ∘ Used to secure HTTP, SMTP, IMAP, XMPP and others ∙ Security goals ∘ Authentication of server and optionally client ∘ Data integrity (no manipulation of data) ∘ Confidentiality (encryption) Universität Duisburg-Essen Matthäus Wander 2 Verteilte Systeme History ∙ Predecessor: Secure Sockets Layer (SSL) ∘ Developed by Netscape for HTTPS (= HTTP + SSL) ∙ 1994: SSL 2.0 ∘ Insecure, major security weaknesses ∙ 1995: SSL 3.0 ∘ Insecure, deprecated since 2015 (RFC 7568) ∙ 1999: TLS 1.0, minor improvements to SSL 3.0 ∘ Standardization and further development by IETF Universität Duisburg-Essen Matthäus Wander 3 Verteilte Systeme History ∙ 2003: TLS Extensions ∘ New features or security mechanisms (e.g. Encrypt-then-MAC, RFC 7366) ∙ 2006: TLS 1.1 ∘ Security improvements ∙ 2008: TLS 1.2 Presented in this lecture ∘ Added new or replaced old cryptographic algorithms ∙ TLS 1.3 is work in progress as of 2017 ∘ Outlook: new handshake and other major changes Universität Duisburg-Essen Matthäus Wander 4 Verteilte Systeme Protocol Overview Application Layer (e.g. HTTP) Handshake Change Cipher Application Alert Protocol Protocol Spec Protocol Data Protocol Record Protocol Transport Layer (e.g. TCP) ∙ TLS consists of two layers: ∘ Handshake Protocol and other protocols ∘ Record Protocol
  • SURVEILLE NSA Paper Based on D2.8 Clean JA V5

    SURVEILLE NSA Paper Based on D2.8 Clean JA V5

    FP7 – SEC- 2011-284725 SURVEILLE Surveillance: Ethical issues, legal limitations, and efficiency Collaborative Project This project has received funding from the European Union’s Seventh Framework Programme for research, technological development and demonstration under grant agreement no. 284725 SURVEILLE Paper on Mass Surveillance by the National Security Agency (NSA) of the United States of America Extract from SURVEILLE Deliverable D2.8: Update of D2.7 on the basis of input of other partners. Assessment of surveillance technologies and techniques applied in a terrorism prevention scenario. Due date of deliverable: 31.07.2014 Actual submission date: 29.05.2014 Start date of project: 1.2.2012 Duration: 39 months SURVEILLE WorK PacKage number and lead: WP02 Prof. Tom Sorell Author: Michelle Cayford (TU Delft) SURVEILLE: Project co-funded by the European Commission within the Seventh Framework Programme Dissemination Level PU Public X PP Restricted to other programme participants (including the Commission Services) RE Restricted to a group specified by the consortium (including the Commission Services) CO Confidential, only for members of the consortium (including the Commission Services) Commission Services) Executive summary • SURVEILLE deliverable D2.8 continues the approach pioneered in SURVEILLE deliverable D2.6 for combining technical, legal and ethical assessments for the use of surveillance technology in realistic serious crime scenarios. The new scenario considered is terrorism prevention by means of Internet monitoring, emulating what is known about signals intelligence agencies’ methods of electronic mass surveillance. The technologies featured and assessed are: the use of a cable splitter off a fiber optic backbone; the use of ‘Phantom Viewer’ software; the use of social networking analysis and the use of ‘Finspy’ equipment installed on targeted computers.
  • NSA) Office of Inspector General (OIG), 2003-2006

    NSA) Office of Inspector General (OIG), 2003-2006

    Description of document: Semi-annual reports for Congress produced by the National Security Agency (NSA) Office of Inspector General (OIG), 2003-2006 Requested date: 14-April-2008 Release date: 09-March-2020 Posted date: 30-March-2020 Source of document: FOIA Request National Security Agency Attn: FOIA/PA Office 9800 Savage Road, Suite 6932 Ft. George G. Meade, MD 20755-6932 Fax: 443-479-3612 Online FOIA Request Form The governmentattic.org web site (“the site”) is a First Amendment free speech web site, and is noncommercial and free to the public. The site and materials made available on the site, such as this file, are for reference only. The governmentattic.org web site and its principals have made every effort to make this information as complete and as accurate as possible, however, there may be mistakes and omissions, both typographical and in content. The governmentattic.org web site and its principals shall have neither liability nor responsibility to any person or entity with respect to any loss or damage caused, or alleged to have been caused, directly or indirectly, by the information provided on the governmentattic.org web site or in this file. The public records published on the site were obtained from government agencies using proper legal channels. Each document is identified as to the source. Any concerns about the contents of the site should be directed to the agency originating the document in question. GovernmentAttic.org is not responsible for the contents of documents published on the website. ,. NATIONAL SECURITY AGENCY CENTRAL SECURITY SERVICE I~ FORT GEORGE G.
  • Legal Responses and Countermeasures to National Security Letters

    Legal Responses and Countermeasures to National Security Letters

    Washington University Journal of Law & Policy Volume 47 Intellectual Property: From Biodiversity to Technical Standards 2015 Legal Responses and Countermeasures to National Security Letters Brett Weinstein Washington University School of Law Follow this and additional works at: https://openscholarship.wustl.edu/law_journal_law_policy Part of the National Security Law Commons Recommended Citation Brett Weinstein, Legal Responses and Countermeasures to National Security Letters, 47 WASH. U. J. L. & POL’Y 217 (2015), https://openscholarship.wustl.edu/law_journal_law_policy/vol47/iss1/15 This Note is brought to you for free and open access by the Law School at Washington University Open Scholarship. It has been accepted for inclusion in Washington University Journal of Law & Policy by an authorized administrator of Washington University Open Scholarship. For more information, please contact [email protected]. Legal Responses and Countermeasures to National Security Letters Brett Weinstein INTRODUCTION In early June of 2013, governmental surveillance suddenly and dramatically entered the public consciousness, prompting a torrent of debate and backlash. The Guardian published a top secret court order requiring Verizon to hand over all telephone call records to the National Security Agency (NSA); the Washington Post disclosed a secret but widespread Internet surveillance program, and months of similar revelations followed, all stemming from leaks by former NSA contractor, Edward Snowden.1 As a result, the public and the press began to question the tools that the government uses for surveillance, including National Security Letters (NSLs), and the relationship between the government and the technology and telecommunications companies that seemingly possess all personal and private information generated in the modern, digital world.2 J.D.