FAIR USE NOTICE

FAIR USE NOTICE

A BEAR MARKET ECONOMICS BLOG


This site may contain copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in an effort to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. we believe this constitutes a ‘fair use’ of any such copyrighted material as provided for in section 107 of the US Copyright Law.

In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml

If you wish to use copyrighted material from this site for purposes of your own that go beyond ‘fair use’, you must obtain permission from the copyright owner.

FAIR USE NOTICE FAIR USE NOTICE: This page may contain copyrighted material the use of which has not been specifically authorized by the copyright owner. This website distributes this material without profit to those who have expressed a prior interest in receiving the included information for scientific, research and educational purposes. We believe this constitutes a fair use of any such copyrighted material as provided for in 17 U.S.C § 107.

Read more at: http://www.etupdates.com/fair-use-notice/#.UpzWQRL3l5M | ET. Updates
FAIR USE NOTICE FAIR USE NOTICE: This page may contain copyrighted material the use of which has not been specifically authorized by the copyright owner. This website distributes this material without profit to those who have expressed a prior interest in receiving the included information for scientific, research and educational purposes. We believe this constitutes a fair use of any such copyrighted material as provided for in 17 U.S.C § 107.

Read more at: http://www.etupdates.com/fair-use-notice/#.UpzWQRL3l5M | ET. Updates

All Blogs licensed under Creative Commons Attribution 3.0

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 Unported License.

Tuesday, December 31, 2013

iSpy? Apple Denies Assisting NSA with iPhone "Back Door"





 

Program codenamed DROPOUTJEEP allows NSA to retrieve all data—including calls, contact lists, geolocation, and other information—contained on iconic mobile device

- Jon Queally, staff writer 
 
 



Apple, the company giant behind the iconic iPhone, declared on Monday that is has never assisted the NSA in its efforts to create "back doors" to its signature mobile phone or any of its other products.

The declaration by the computer giant comes in response to revelations made public by the German newspaper Der Spiegel in recent days, based on internal documents provided by Edward Snowden, which revealed secret units within the NSA that have created and reportedly installed sophisticated malware and other software programs designed to bypass security features and give the spy agency full access to information contained on individuals' devices, including portable computers, memory devices, and smart phones.

The program targeting the iPhone, called DROPOUTJEEP and disclosed by noted digital security expert and independent journalist Jacob Applebaum, is designed to remotely retrieve virtually all the information on an iPhone, including text messages, photographs, contacts lists, geolocation data, voice mail and live calls.

The internal NSA slide detailing the program:

 


During a speech he gave at the Chaos Computer Conference in Hamburg, Germany over the weekend, Applebaum discussed DROPOUTJEEP and speculated that Apple may have assisted the spy agency in its efforts to infiltrate the iPhone.

"I hope Apple will clarify that," said Applebaum regarding Apple's possible role. He continued: "Here’s a problem: I don’t really believe that Apple didn’t help them. I can’t really prove it, but they [the NSA] literally claim that anytime they target an iOS device, that it will succeed for implantation. Either they have a huge collection of exploits that work against Apple products, meaning that they are hoarding information about critical systems that American companies produce and sabotaging them, or Apple sabotaged it themselves. Not sure which one it is. I’d like to believe that since Apple didn’t join the PRISM program until after Steve Jobs died, that maybe it’s just that they write shitty software."

On Tuesday, Apple responded by saying they had no knowledge of the program and denied cooperating in any way with the NSA on this or any similar scheme.

“Apple has never worked with the NSA to create a back door in any of our products, including iPhone," the statement read. "Additionally, we have been unaware of this alleged NSA program targeting our products. We care deeply about our customers’ privacy and security. Our team is continuously working to make our products even more secure, and we make it easy for customers to keep their software up to date with the latest advancements."

Explaining the contents of the NSA documents that refer to the DROPOUTJEEP program, the Guardian reports:
The slides mention iOS5, an iPhone operating system that was launched in June 2011 and updated by iOS6 in September 2012. It is not clear whether the NSA managed to develop the ability to perform remote installation. Given that Apple sold 250m iPhones in its first five years, large scale implementation of DropoutJeep seems unlikely by close access methods.
The spyware is one of the tools employed by the NSA's ANT (Advanced or Access Network Technology) division to gain backdoor access to various electronic devices. According to Applebaum, the NSA claims a 100% success rate on installation of the program.
Apple, along with its peers, has consistently denied working with the NSA unless it has been legally compelled to do so. The NSA documents, first obtained by whistleblower Edward Snowden, have revealed that the NSA has developed the capability to hack other companies, including Google and Yahoo, without their knowledge.
The slide is dated four years before the NSA included Apple in its Prism monitoring program. Apple was the last of the big tech companies to be included in the program, designed to ease data collection for the NSA. Microsoft, by contrast, joined the scheme in 2007, according to the NSA’s slides.
___________________________________________

The NSA Uses Powerful Toolbox in Effort to Spy on Global Networks


International

Inside TAO: Documents Reveal Top NSA Hacking Unit

By SPIEGEL Staff
Photo Gallery: A Powerful NSA Toolbox Photos
Google Earth
The NSA's TAO hacking unit is considered to be the intelligence agency's top secret weapon. It maintains its own covert network, infiltrates computers around the world and even intercepts shipping deliveries to plant back doors in electronics ordered by those it is targeting.


In January 2010, numerous homeowners in San Antonio, Texas, stood baffled in front of their closed garage doors. They wanted to drive to work or head off to do their grocery shopping, but their garage door openers had gone dead, leaving them stranded. No matter how many times they pressed the buttons, the doors didn't budge. The problem primarily affected residents in the western part of the city, around Military Drive and the interstate highway known as Loop 410.

In the United States, a country of cars and commuters, the mysterious garage door problem quickly became an issue for local politicians. Ultimately, the municipal government solved the riddle. Fault for the error lay with the United States' foreign intelligence service, the National Security Agency, which has offices in San Antonio. Officials at the agency were forced to admit that one of the NSA's radio antennas was broadcasting at the same frequency as the garage door openers. Embarrassed officials at the intelligence agency promised to resolve the issue as quickly as possible, and soon the doors began opening again. 

It was thanks to the garage door opener episode that Texans learned just how far the NSA's work had encroached upon their daily lives. For quite some time now, the intelligence agency has maintained a branch with around 2,000 employees at Lackland Air Force Base, also in San Antonio. In 2005, the agency took over a former Sony computer chip plant in the western part of the city. A brisk pace of construction commenced inside this enormous compound. The acquisition of the former chip factory at Sony Place was part of a massive expansion the agency began after the events of Sept. 11, 2001.

On-Call Digital Plumbers
 
One of the two main buildings at the former plant has since housed a sophisticated NSA unit, one that has benefited the most from this expansion and has grown the fastest in recent years -- the Office of Tailored Access Operations, or TAO. This is the NSA's top operative unit -- something like a squad of plumbers that can be called in when normal access to a target is blocked.

According to internal NSA documents viewed by SPIEGEL, these on-call digital plumbers are involved in many sensitive operations conducted by American intelligence agencies. TAO's area of operations ranges from counterterrorism to cyber attacks to traditional espionage. The documents reveal just how diversified the tools at TAO's disposal have become -- and also how it exploits the technical weaknesses of the IT industry, from Microsoft to Cisco and Huawei, to carry out its discreet and efficient attacks.

The unit is "akin to the wunderkind of the US intelligence community," says Matthew Aid, a historian who specializes in the history of the NSA. "Getting the ungettable" is the NSA's own description of its duties. "It is not about the quantity produced but the quality of intelligence that is important," one former TAO chief wrote, describing her work in a document. The paper seen by SPIEGEL quotes the former unit head stating that TAO has contributed "some of the most significant intelligence our country has ever seen." The unit, it goes on, has "access to our very hardest targets."

A Unit Born of the Internet
 
Defining the future of her unit at the time, she wrote that TAO "needs to continue to grow and must lay the foundation for integrated Computer Network Operations," and that it must "support Computer Network Attacks as an integrated part of military operations." To succeed in this, she wrote, TAO would have to acquire "pervasive, persistent access on the global network." An internal description of TAO's responsibilities makes clear that aggressive attacks are an explicit part of the unit's tasks. In other words, the NSA's hackers have been given a government mandate for their work. During the middle part of the last decade, the special unit succeeded in gaining access to 258 targets in 89 countries -- nearly everywhere in the world. In 2010, it conducted 279 operations worldwide.

Indeed, TAO specialists have directly accessed the protected networks of democratically elected leaders of countries. They infiltrated networks of European telecommunications companies and gained access to and read mails sent over Blackberry's BES email servers, which until then were believed to be securely encrypted. Achieving this last goal required a "sustained TAO operation," one document states.

This TAO unit is born of the Internet -- created in 1997, a time when not even 2 percent of the world's population had Internet access and no one had yet thought of Facebook, YouTube or Twitter. From the time the first TAO employees moved into offices at NSA headquarters in Fort Meade, Maryland, the unit was housed in a separate wing, set apart from the rest of the agency. Their task was clear from the beginning -- to work around the clock to find ways to hack into global communications traffic.

Recruiting the Geeks
 
To do this, the NSA needed a new kind of employee. The TAO workers authorized to access the special, secure floor on which the unit is located are for the most part considerably younger than the average NSA staff member. Their job is breaking into, manipulating and exploiting computer networks, making them hackers and civil servants in one. Many resemble geeks -- and act the part, too.

Indeed, it is from these very circles that the NSA recruits new hires for its Tailored Access Operations unit. In recent years, NSA Director Keith Alexander has made several appearances at major hacker conferences in the United States. Sometimes, Alexander wears his military uniform, but at others, he even dons jeans and a t-shirt in his effort to court trust and a new generation of employees.

The recruitment strategy seems to have borne fruit. Certainly, few if any other divisions within the agency are growing as quickly as TAO. There are now TAO units in Wahiawa, Hawaii; Fort Gordon, Georgia; at the NSA's outpost at Buckley Air Force Base, near Denver, Colorado; at its headquarters in Fort Meade; and, of course, in San Antonio. 
One trail also leads to Germany. According to a document dating from 2010 that lists the "Lead TAO Liaisons" domestically and abroad as well as names, email addresses and the number for their "Secure Phone," a liaison office is located near Frankfurt -- the European Security Operations Center (ESOC) at the so-called "Dagger Complex" at a US military compound in the Griesheim suburb of Darmstadt.

But it is the growth of the unit's Texas branch that has been uniquely impressive, the top secret documents reviewed by SPIEGEL show. These documents reveal that in 2008, the Texas Cryptologic Center employed fewer than 60 TAO specialists. By 2015, the number is projected to grow to 270 employees. In addition, there are another 85 specialists in the "Requirements & Targeting" division (up from 13 specialists in 2008). The number of software developers is expected to increase from the 2008 level of three to 38 in 2015. The San Antonio office handles attacks against targets in the Middle East, Cuba, Venezuela and Colombia, not to mention Mexico, just 200 kilometers (124 miles) away, where the government has fallen into the NSA's crosshairs.

The Psychological Dark Side of Gmail




 

Google is using its popular Gmail service to build profiles on the hundreds of millions of people who use it.



 
 
 
 


This article first appeared on PandoDaily. 
“We know where you are. We know where you’ve been. We can more or less know what you’re thinking about.”
“Your digital identity will live forever… because there’s no delete button.” —Eric Schmidt
Some of the biggest names in Silicon Valley recently announced that they had gotten together to form a new forward-thinking organization dedicated to promoting government surveillance reform in the name of “free expression” and “privacy.”

The charade should have been laughed at and mocked — after all, these same companies feed on privacy for profit, and unfettered surveillance is their stock and trade. Instead, it was met with cheers and fanfare from reporters and privacy and tech experts alike. “Finally!” people cried, Silicon Valley has grown up and matured enough to help society tackle the biggest problem of our age: the runaway power of the modern surveillance state.

The Guardian described the tech companies’ plan as “radical,” and predicted it would “end many of the current programs through which governments spy on citizens at home and abroad.” Laura W. Murphy, Director of ACLU’s DC Legislative Office, published an impassioned blog post praising tech giants for urging President Barack Obama and Congress to enact comprehensive reform of government surveillance. Silicon Valley booster Jeff Jarvis could hardly contain his glee. “Bravo,” he yelped. “The companies came down at last on the side of citizens over spies.” And then added:
"Spying is bad for the internet; what’s bad for the internet is bad for Silicon Valley; and — to reverse the old General Motors saw — what’s bad for Silicon Valley is bad for America."
But while leading tech and privacy experts like Jarvis slobber over Silicon Valley megacorps and praise their heroic stand against oppressive government surveillance, most still don’t seem to mind that these same tech billionaires run vast private sector surveillance operations of their own. They  vacuum up private information and use it to compile detailed dossiers on hundreds of millions of people around the world — and that’s on top of their work colluding and contracting with government intelligence agencies.

If you step back and look at the bigger picture, it’s not hard to see that Silicon Valley is heavily engaged in for-profit surveillance, and that it dwarfs anything being run by the NSA.

I recently wrote about Google’s Street View program, and how after a series of investigations in the US and Europe, we learned that Google had used its Street View cars to carry out a covert — and certainly illegal — espionage operation on a global scale, siphoning loads of personally identifiable data from people’s Wi-Fi connections all across the world. Emails, medical records, love notes, passwords, the whole works — anything that wasn’t encrypted was fair game. It was all part of the original program design: Google had equipped its Street View cars with surveillance gear designed to intercept and vacuum up all the wireless network communication data that crossed their path. An FCC investigation showing that the company knowingly deployed Street View’s surveillance program, and then had analyzed and integrated the data that it had intercepted.

Most disturbingly, when its Street View surveillance program was uncovered by regulators, Google pulled every crisis management trick in the book to confuse investors, dodge questions, avoid scrutiny, and prevent the public from finding out the truth. The company’s behavior got so bad that the FCC fined it for obstruction of justice.

The investigation in Street View uncovered a dark side to Google. But as alarming as it was, Google’s Street View wiretapping scheme was just a tiny experimental program compared Google’s bread and butter: a massive surveillance operation that intercepts and analyzes terabytes of global Internet traffic every day, and then uses that data to build and update complex psychological profiles on hundreds of millions of people all over the world — all of it in real time. You’ve heard about this program. You probably interact with it every day. You call it Gmail.

Google launched Gmail in 2004. It was the company’s first major “log in” service and was aimed at poaching email users from Microsoft and Yahoo. To do that, Google offered one gigabyte of free storage space standard with every account. It was an insane amount of data at the time — at least several hundred times more space than what was being offered by Yahoo or Hotmail — and people signed up en masse. At one point, Gmail’s limited pre-public release invites were so desirable that at one point they fetched over $150 on eBay.

To tech reporters Gmail’s free email service was nothing short of revolutionary. New York Times tech columnist David Pogue wrote: “One gigabyte changes everything. You no longer live in terror that somebody will send you a photo, thereby exceeding your two-megabyte limit and making all subsequent messages bounce back to their senders.”

And what about the fact that Gmail scanned your email correspondence to deliver targeted ads?

Well, what of it?

Gmail users handed over all their personal correspondence to Google, giving the company to right to scan, analyze, and retain in perpetuity their correspondence in return for a gigabyte of storage, which even at that early stage already cost Google only $2 per gigabyte per year.
Selling the contents of our private and business life to a for-profit corporation in return for half a Big Mac a year? What a steal!

You’d be hard pressed to find a bum who’d sell out to Google that cheap. But most mainstream tech journalist weren’t that scrupulous, and lined up to boost Gmail to the public.

“The only population likely not to be delighted by Gmail are those still uncomfortable with those computer-generated ads. Those people are free to ignore or even bad-mouth Gmail, but they shouldn’t try to stop Google from offering Gmail to the rest of us. We know a good thing when we see it,” wrote Pogue in 2004.

But not everyone was as excited as Mr. Pogue.

Several privacy groups, including the Electronic Privacy Information Center, were alarmed by Gmail’s vast potential for privacy abuse. In particular, EPIC was concerned that Google was not restricting its email scanning activities solely to its registered user base, but was intercepting and analyzing the private communication of anyone who emailed with a Gmail user:

“Gmail violates the privacy rights of non-subscribers. Non-subscribers who e-mail a Gmail user have ‘content extraction’ performed on their e-mail even though they have not consented to have their communications monitored, nor may they even be aware that their communications are being analyzed,” EPIC explained at the time. The organization pointed out that this practice almost certainly violates California wiretapping statues — which expressly criminalizes the interception of electronic communication without consent of all parties involved.

What spooked EPIC even more: Google was not simply scanning people’s emails for advertising keywords, but had developed underlying technology to compile sophisticated dossiers of everyone who came through its email system. All communication was subject to deep linguistic analysis; conversations were parsed for keywords, meaning and even tone; individuals were matched to real identities using contact information stored in a user’s Gmail address book; attached documents were scraped for intel — that info was then cross-referenced with previous email interactions and combined with stuff gleamed from other Google services, as well as third-party sources…

Here’s are some of the things that Google would use to construct its profiles, gleamed from two patents company filed prior to launching its Gmail service:
  • Concepts and topics discussed in email, as well as email attachments
  • The content of websites that users have visited
  • Demographic information — including income, sex, race, marital status
  • Geographic information
  • Psychographic information — personality type, values, attitudes, interests and lifestyle interests
  • Previous searches users have made
  • Information about documents a user viewed and or edited by the users
  • Browsing activity
  • Previous purchases
To EPIC, Google’s interception and use of such detailed personal information was clearly violation of California law, and the organization called on California’s Attorney General promised to investigate Google’s Gmail service. The Attorney General promise to look into the matter, but nothing much happened.

Meanwhile, Gmail’s user base continued to rocket. As of this month, there are something like 425 million active users around the world using email services. Individuals, schools, universities, companies, government employees, non-profits — and it’s not just Gmail anymore.
After its runaway success with Gmail, Google aggressively expanded its online presence, buying up smaller tech companies and deploying a staggering number of services and apps. In just a few years, Google had suddenly become ubiquitous, inserting themselves into almost every aspect of our lives: We search through Google, browse the Web through Google, write in Google, store our files in Google and use Google to drive and take public transport. Hell, even our mobile phones run on Google.

All these services might appear disparate and unconnected. To the uninitiated, Google’s offering of free services — from email, to amazing mobile maps, to a powerful replacement for Microsoft Office — might seem like charity. Why give away this stuff for free? But to think that way is to miss the fundamental purpose that Google serves and why it can generate nearly $20 billion in profits a year.

The Google services and apps that we interact with on a daily basis aren’t the company’s main product: They are the harvesting machines that dig up and process the stuff that Google really sells: for-profit intelligence.

Google isn’t a traditional Internet service company. It isn’t even an advertising company. Google is a whole new type of beast: a global advertising-intelligence company that tries to funnel as much user activity in the real and online world through its services in order to track, analyze and profile us: it tracks as much of our daily lives as possible — who we are, what we do, what we like, where we go, who we talk to, what we think about, what we’re interested in — all those things are seized, packaged, commodified and sold on the market — at this point, most of the business comes from matching the right ad to the right eyeballs. But who knows how the massive database Google’s compiling on all of us will be used in the future.

No wonder that when Google first rolled out Gmail in 2004, cofounder Larry Page refused to rule out that the company would never combine people’s search and browsing history with their Gmail account profiles: “It might be really useful for us to know that information. I’d hate to rule anything like that out.” Indeed it was. Profitable, too.

It’s been almost a decade since Google launched its Gmail service, but the fundamental questions about the legality of the company’s surveillance operations first posed by EPIC have not been resolved.
Indeed, a class action lawsuit currently winding its way through California federal court system shows that we’ve not moved an inch.
The complaint — a consolidation of six separate class action lawsuits that had been filed against Google in California, Florida, Illinois, Maryland and Pennsylvania — accuses Google of illegally intercepting, reading and profiting off people’s private correspondence without compensation. The lawsuit directly challenges Google’s legal right to indiscriminately vacuum up people’s data without clear consent, and just might be the biggest threat Google has ever faced.

Here’s how the New York Times described the case:
Wiretapping is typically the stuff of spy dramas and shady criminal escapades. But now, one of the world’s biggest Web companies, Google, must defend itself against accusations that it is illegally wiretapping in the course of its everyday business — gathering data about Internet users and showing them related ads.
…The Gmail case involves Google’s practice of automatically scanning e-mail messages and showing ads based on the contents of the e-mails. The plaintiffs include voluntary Gmail users, people who have to use Gmail as part of an educational institution and non-Gmail users whose messages were received by a Gmail user. They say the scanning of the messages violates state and federal antiwiretapping laws.
Google has aggressively fought the lawsuit. It first convinced a judge to put it under seal — which redacted most of the complaint and made it unavailable to public scrutiny — and then made a series of disingenuous arguments in an attempt to get the get the lawsuit preemptively dismissed. Google’s attorneys didn’t dispute its for-profit surveillance activities. What they claimed was that intercepting and analyzing electronic communication, and using that information to build sophisticated psychological profiles, was no different than scanning emails for viruses or spam. And then they made a stunning admission, arguing that as far as Google saw it, people who used Internet services for communication had “no legitimate expectation of privacy” — and thus anyone who emailed with Gmail users had given “implied consent” for Google to intercept and analyze their email exchange.

No expectation of privacy? Implied consent for surveillance?

Google’s claims were transparently disingenuous, and Judge Lucy Koh rejected them out of hand and allowed the lawsuit to proceed.

Unfortunately, it’s difficult to comment on or analyze the contents of the class action lawsuit filed against Google, as the company redacted just about all of it. One thing is clear: the complaint goes beyond simple wiretapping and brings into question an even bigger concern: Who owns the digital personal information about our lives — our thoughts, ideas, interactions, personal secrets, preferences, desires and hopes? And can all these things be seized bit by bit, analyzed, packaged, commodified and then bought and sold on the market like any other good? Can Google do that? What rights do we have over our inner lives? It’s scary and crazy. Especially when you think kids born today: Their entire lives will be digitally surveilled, recorded, analyzed, stored somewhere and then passed around from company to company. What happens to that information?

What happens to all this data in the future should be of serious concern. Not only because, with the right warrant (or in many cases without) the data is available to law enforcement. But also because in the unregulated hands of Google, our aggregated psychological profiles are an extremely valuable asset that could end us used for almost anything.
EPIC points out that Google reservers the right to “transfer all of the information, including any profiles created, if and when it is merged or sold.” How do we know that information won’t end up in some private background check database that’ll be available to your boss? How do we know this information won’t be hacked or stolen and won’t fall into the hands of scammers and repressive dictators?

The answer is: We don’t. And these tech companies would rather keep us in the dark and not caring.

Google’s corporate leadership understands that increased privacy regulations could torpedo its entire business model and the company takes quite a lot of space on its SEC filing disclosing the dangers to its investors:
Privacy concerns relating to elements of our technology could damage our reputation and deter current and potential users from using our products and services…
We also face risks from legislation that could be passed in the future. For example, there is a risk that state legislatures will attempt to regulate the automated scanning of email messages in ways that interfere with our Gmail free advertising-supported web mail service. Any such legislation could make it more difficult for us to operate or could prohibit the aspects of our Gmail service that uses computers to match advertisements to the content of a user’s email message when email messages are viewed using the service. This could prevent us from implementing the Gmail service in any affected states and impair our ability to compete in the email services market…
Former Google CEO Eric Schmidt has not been shy about his company’s views on Internet privacy: People don’t have any, nor should they expect it. “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place,” he infamously told CNBC in 2009. And he’s right. Because true Internet privacy and real surveillance reform would be the end of Google.

And not just Google, but nearly every major consumer Silicon Valley company — all of them feed people’s personal data one way or another and depend on for-profit surveillance for survival.

Which brings me to Silicon Valley’s “Reform Government Surveillance” project.

The fact that the biggest, most data-hungry companies in Silicon Valley joined up in a cynical effort to shift attention away from their own for-profit surveillance operations and blame it all on big bad government is to be expected. What’s surprising is just how many supposed journalists and so-called privacy advocates fell for it.

Yasha Levine is an editor for eXiledonline.com. He is the author of the book, The Corruption of Malcolm Gladwell (2012).

Sunday, December 29, 2013

I Worked on the US Drone Program. The Public Should Know What Really Goes On





 

Few of the politicians who so brazenly proclaim the benefits of drones have a real clue how it actually works (and doesn't)

 

 
 
 
The Elbit Systems Hermes 450 is an Israeli medium size multi-payload unmanned aerial vehicle (UAV) designed for tactical long endurance missions.


Whenever I read comments by politicians defending the Unmanned Aerial Vehicle Predator and Reaper program – aka drones – I wish I could ask them some questions. I'd start with: "How many women and children have you seen incinerated by a Hellfire missile?" And: "How many men have you seen crawl across a field, trying to make it to the nearest compound for help while bleeding out from severed legs?" Or even more pointedly: "How many soldiers have you seen die on the side of a road in Afghanistan because our ever-so-accurate UAVs [unmanned aerial vehicle] were unable to detect an IED [improvised explosive device] that awaited their convoy?"

Few of these politicians who so brazenly proclaim the benefits of drones have a real clue of what actually goes on. I, on the other hand, have seen these awful sights first hand.

I knew the names of some of the young soldiers I saw bleed to death on the side of a road. I watched dozens of military-aged males die in Afghanistan, in empty fields, along riversides, and some right outside the compound where their family was waiting for them to return home from mosque.

The US and British militaries insist that this is such an expert program, but it's curious that they feel the need to deliver faulty information, few or no statistics about civilian deaths and twisted technology reports on the capabilities of our UAVs. These specific incidents are not isolated, and the civilian casualty rate has not changed, despite what our defense representatives might like to tell us.

What the public needs to understand is that the video provided by a drone is a far cry from clear enough to detect someone carrying a weapon, even on a crystal-clear day with limited clouds and perfect light. This makes it incredibly difficult for the best analysts to identify if someone has weapons for sure. One example comes to mind: "The feed is so pixelated, what if it's a shovel, and not a weapon?" I felt this confusion constantly, as did my fellow UAV analysts. We always wonder if we killed the right people, if we endangered the wrong people, if we destroyed an innocent civilian's life all because of a bad image or angle.

It's also important for the public to grasp that there are human beings operating and analyzing intelligence these UAVs. I know because I was one of them, and nothing can prepare you for an almost daily routine of flying combat aerial surveillance missions over a war zone. UAV proponents claim that troops who do this kind of work are not affected by observing this combat because they are never directly in danger physically.

But here's the thing: I may not have been on the ground in Afghanistan, but I watched parts of the conflict in great detail on a screen for days on end. I know the feeling you experience when you see someone die. Horrifying barely covers it. And when you are exposed to it over and over again it becomes like a small video, embedded in your head, forever on repeat, causing psychological pain and suffering that many people will hopefully never experience. UAV troops are victim to not only the haunting memories of this work that they carry with them, but also the guilt of always being a little unsure of how accurate their confirmations of weapons or identification of hostile individuals were.

Of course, we are trained to not experience these feelings, and we fight it, and become bitter. Some troops seek help in mental health clinics provided by the military, but we are limited on who we can talk to and where, because of the secrecy of our missions. I find it interesting that the suicide statistics in this career field aren't reported, nor are the data on how many troops working in UAV positions are heavily medicated for depression, sleep disorders and anxiety.

Recently, the Guardian ran a commentary by Britain's secretary of state for defence Philip Hammond. I wish I could talk to him about the two friends and colleagues I lost, within one year leaving the military, to suicide. I am sure he has not been notified of that little bit of the secret UAV program, or he would surely take a closer look at the full scope of the program before defending it again.

The UAV's in the Middle East are used as a weapon, not as protection, and as long as our public remains ignorant to this, this serious threat to the sanctity of human life – at home and abroad – will continue.

Heather Linebaugh
Heather Linebaugh served in the United Stated Air Force from 2009 until March 2012. She worked in intelligence as an imagery analyst and geo-spatial analyst for the drone program during the occupations of Iraq and Afghanistan. Follow her on Twitter: @hllinebaugh

NSA Intercepting Laptops Bought Online to Install Spy Malware





 

The NSA's TAO hacking unit is considered to be the intelligence agency's top secret weapon

- Common Dreams staff 
 
This National Security Agency complex in San Antonio, Texas, located in a former Sony chip factory, is one of the central offices of the intelligence agency's Tailored Access Operations, the NSA's top operative unit. It's something like a squad of plumbers that can be called in when normal access to a target is blocked. 


Germany's Der Spiegel is reporting Sunday that the US National Security Agency (NSA), working with the CIA and FBI, has been intercepting laptops and other electronics bought online before delivery to install malware and other spying tools.

According to Der Spiegel, the NSA diverts shipping deliveries to its own "secret workshops" to install the software before resending the deliveries to their purchasers.

Elite hackers working for the NSA's Tailored Access Operations (TAO) division are considered to be the intelligence agency's top secret weapon.

The NSA's TAO reportedly has backdoor access to many hardware and software systems from major tech companies such as Cisco, Dell, and Western Digital and others. The NSA exploits Microsoft Windows error reports to find weak spots in compromised machines in order to install Trojans and other viruses.

The Der Spiegel report also notes that the NSA has successfully tapped into some of the massive, under-sea fiber-optic cables that connect the global data infrastructure, in particular the “SEA-ME-WE-4″ cable system.

“This massive underwater cable bundle connects Europe with North Africa and the Gulf states and then continues on through Pakistan and India,” Der Spiegel reports, ”all the way to Malaysia and Thailand. The cable system originates in southern France, near Marseille. Among the companies that hold ownership stakes in it are France Telecom, now known as Orange and still partly government-owned, and Telecom Italia Sparkle.”

From Der Spiegel:

To conduct those types of operations, the NSA works together with other intelligence agencies such as the CIA and FBI, which in turn maintain informants on location who are available to help with sensitive missions. This enables TAO to attack even isolated networks that aren't connected to the Internet. If necessary, the FBI can even make an agency-owned jet available to ferry the high-tech plumbers to their target. This gets them to their destination at the right time and can help them to disappear again undetected after even as little as a half hour's work.

Responding to a query from SPIEGEL, NSA officials issued a statement saying, "Tailored Access Operations is a unique national asset that is on the front lines of enabling NSA to defend the nation and its allies." The statement added that TAO's "work is centered on computer network exploitation in support of foreign intelligence collection." The officials said they would not discuss specific allegations regarding TAO's mission.

Sometimes it appears that the world's most modern spies are just as reliant on conventional methods of reconnaissance as their predecessors.

Take, for example, when they intercept shipping deliveries. If a target person, agency or company orders a new computer or related accessories, for example, TAO can divert the shipping delivery to its own secret workshops. The NSA calls this method interdiction. At these so-called "load stations," agents carefully open the package in order to load malware onto the electronics, or even install hardware components that can provide backdoor access for the intelligence agencies. All subsequent steps can then be conducted from the comfort of a remote computer.

These minor disruptions in the parcel shipping business rank among the "most productive operations" conducted by the NSA hackers, one top secret document relates in enthusiastic terms. This method, the presentation continues, allows TAO to obtain access to networks "around the world."

Even in the Internet Age, some traditional spying methods continue to live on.
* * *

 
An aerial view of National Security Administration (NSA) headquarters in Fort Meade, MD

Saturday, December 21, 2013

Do We Have the NSA on the Run, or Is a Much Worse Surveillance State in the Making?


  Civil Liberties  


It's way too soon to break out the applause.



 
 
 
Earlier this week, Obama's hand-picked panel charged with reviewing the nation's surveillance state issued a set of recommendations that includes limiting the indiscriminate mass collection of telephone records and other reforms. This came right after a decision by U.S. District Court Judge Richard Leon issued a preliminary injunction barring NSA metadata collection related to a conservative activist (he later stayed the order to allow for an appeal).

However, while it may look like the NSA and surveillance state are on the run -- it's too soon to break out the applause. The White House panel's recomendations also included the suggestion that data collected on individuals should be held by telecommunications providers or a private third party. There is a threat that this surveillance state may simply reconstitute itself into an increasingly privatized apparatus that the government can access through fees and subpoenas. 

VICE's Megan Neal reports that so-called “data brokers” – firms that spy on Americans' behavior and then sell that information to businesses looking to profit off of it – have become a $156 billion industry. Neal notes that the Senate Commerce Committee recently published a report looking into how these data marketers spy on Americans – the report shows how these firms label Americans under various categories depending on their financial security and other demographic categories, including “Ethnic Second-City Strugglers” and “X-tra Needy.”

One firm named in the report, Experian's “ChoiceScore,” says that it “helps marketers identify and more effectively market to under-banked consumers.” The consumers targeted for data collection include “new legal immigrants, recent graduates, widows, those with a generation bias against the use of credit,” and “consumers with transitory lifestyles, such as military personnel.” That's right – these data companies now want to spy even on American soldiers, so that they can be located and marketed to by firms selling cheap credit.

This massive private surveillance state has many reformers looking for ways to reclaim our privacy. Federal Trade Commission member Julie Brill has called on the industry to create an online portal where data brokers would be open about their collection processes and consumer access properties. She calls this initiative “Reclaim Your Name.” “Reclaim Your Name would empower the consumer to find out how brokers are collecting and using data; give her access to information that data brokers have amassed about her; allow her to opt-out if she learns a data broker is selling her information for marketing purposes and provide her the opportunity to correct errors in information used for substantive decisions – like credit, insurance, employment, and other benefits,” Ms. Brill she said in a speech to the Computers, Freedom and Privacy Conference in Washington earlier this year.

Which brings us back to efforts to reform the NSA's spying powers. Earlier this month, eight prominent IT companies, including Google, Facebook, Yahoo, Twitter, and Apple – published an open letter asking for reform of government surveillance programs.

But as The Nation's Zoe Carpenter notes, these tech giants are only advocating for narrow changes to how the government can spy – they are not asking for or promising any reforms to the massive private surveillance states. This isn't only a problem because private surveillance in and of itself is harmful for American privacy, but because the government has used the private sector as a conduit for its surveillance activities.

The Washington Post, utilizing leaks from whistleblower Edward Snowden, reported earlier this month that the NSA “is secretly piggybacking on the tools that enable Internet advertisers to track consumers, using 'cookies' and location data to pinpoint targets for government hacking and to bolster surveillance.”

We also know that the National Security Agency has been able to spy on the communications of Google and Yahoo users without even accessing the data centers of either company, instead choosing to utilize the fiber-optic networks these companies use as an in.

What all this means is that as long as private surveillance companies collect so much data on Americans, the government has a proven capacity to access this data. Thus any true spying reform must not only seek to tie the hands of direct government data collection, but must look at the spying activities of data brokers that both for-profit corporations and the government itself want access to.

Zaid Jilani is the investigative blogger and campaigner for the Progressive Change Campaign Committee. He is formerly the senior reporter-blogger for ThinkProgress.

See more stories tagged with:



Thursday, December 5, 2013

Facebook's Future Plans for Data Collection Beyond All Imagination


  

Civil Liberties  


 

Facebook's dark plans for the future are given away in its patent applications.

 

 
 
 
 
“No one knows who will live in this cage in the future, or whether at the end of this tremendous development, entirely new prophets will arise, or there will be a great rebirth of old ideas and ideals, or, if neither, mechanized petrification, embellished with a sort of convulsive self-importance. For of the fast stage of this cultural development, it might well be truly said: ‘Specialists without spirit, sensualists without heart; this nullity imagines that it has attained a level of civilization never before achieved.’”
—Max Weber, 1905
On November 12 Facebook, Inc. filed its 178th patent application for a consumer profiling technique the company calls “inferring household income for users of a social networking system.”

“The amount of information gathered from users,” explain Facebook programmers Justin Voskuhl and Ramesh Vyaghrapuri in their patent application, “is staggering — information describing recent moves to a new city, graduations, births, engagements, marriages, and the like.” Facebook and other so-called tech companies have been warehousing all of this information since their respective inceptions. In Facebook’s case, its data vault includes information posted as early as 2004, when the site first went live. Now in a single month the amount of information forever recorded by Facebook —dinner plans, vacation destinations, emotional states, sexual activity, political views, etc.— far surpasses what was recorded during the company’s first several years of operation. And while no one outside of the company knows for certain, it is believed that Facebook has amassed one of the widest and deepest databases in history. Facebook has over 1,189,000,000 “monthly active users” around the world as of October 2013, providing considerable width of data. And Facebook has stored away trillions and trillions of missives and images, and logged other data about the lives of this billion plus statistical sample of humanity. Adjusting for bogus or duplicate accounts it all adds up to about 1/7th of humanity from which some kind of data has been recorded.

According to Facebook’s programmers like Voskuhl and Vyaghrapuri, of all the clever uses they have already applied this pile of data toward, Facebook has so far “lacked tools to synthesize this information about users for targeting advertisements based on their perceived income.” Now they have such a tool thanks to the retention and analysis of variable the company’s positivist specialists believe are correlated with income levels.

They’ll have many more tools within the next year to run similar predictions. Indeed, Facebook, Google, Yahoo, Twitter, and the hundreds of smaller tech lesser-known tech firms that now control the main portals of social, economic, and political life on the web (which is now to say everywhere as all economic and much social activity is made cyber) are only getting started. The Big Data analytics revolutions has barely begun, and these firms are just beginning to tinker with rational-instrumental methods of predicting and manipulating human behavior.
There are few, if any, government regulations restricting their imaginations at this point. Indeed, the U.S. President himself is a true believer in Big Data; the brain of Obama’s election team was a now famous “cave” filled with young Ivy League men (and a few women) sucking up electioneering information and crunching demographic and consumer data to target individual voters with appeals timed to maximize the probability of a vote for the new Big Blue, not IBM, but the Democratic Party’s candidate of “Hope” and “Change.” The halls of power are enraptured by the potential of rational-instrumental methods paired with unprecedented access to data that describes the social lives of hundreds of millions.

Facebook’s intellectual property portfolio reads like cliff notes summarizing the aspirations of all corporations in capitalist modernity; to optimize efficiency in order to maximize profits and reduce or externalize risk. Unlike most other corporations, and unlike previous phases in the development of rational bureaucracies, Facebook and its tech peers have accumulated never before seen quantities of information about individuals and groups. Recent breakthroughs in networked computing make analysis of these gigantic data sets fast and cheap. Facebook’s patent holdings are just a taste of what’s arriving here and now.

The way you type, the rate, common mistakes, intervals between certain characters, is all unique, like your fingerprint, and there are already cyber robots that can identify you as you peck away at keys. Facebook has even patented methods of individual identification with obviously cybernetic overtones, where the machine becomes an appendage of the person. U.S. Patents 8,306,256, 8,472,662, and 8,503,718, all filed within the last year, allow Facebook’s web robots to identify a user based on the unique pixelation and other characteristics of their smartphone’s camera. Identification of the subject is the first step toward building a useful data set to file among the billion or so other user logs. Then comes analysis, then prediction, then efforts to influence a parting of money.

Many Facebook patents pertain to advertising techniques that are designed and targeted, and continuously redesigned with ever-finer calibrations by robot programs, to be absorbed by the gazes of individuals as they scroll and swipe across their Facebook feeds, or on third party web sites.

Speaking of feeds, U.S. Patent 8,352,859, Facebook’s system for “Dynamically providing a feed of stories about a user of a social networking system” is used by the company to organize the constantly updated posts and activities inputted by a user’s “friends.” Of course embedded in this system are means of inserting advertisements. According to Facebook’s programmers, a user’s feeds are frequently injected with “a depiction of a product, a depiction of a logo, a display of a trademark, an inducement to buy a product, an inducement to buy a service, an inducement to invest, an offer for sale, a product description, trade promotion, a survey, a political message, an opinion, a public service announcement, news, a religious message, educational information, a coupon, entertainment, a file of data, an article, a book, a picture, travel information, and the like.” That’s a long list for sure, but what gets injected is more often than not whatever will boost revenues for Facebook.

The advantage here, according to Facebook, is that “rather than having to initiate calls or emails to learn news of another user, a user of a social networking website may passively receive alerts to new postings by other users.” The web robot knows best. Sit back and relax and let sociality wash over you, passively. This is merely one of Facebook’s many “systems for tailoring connections between various users” so that these connections ripple with ads uncannily resonant with desires and needs revealed in the quietly observed flow of e-mails, texts, images, and clicks captured forever in dark inaccessible servers of Facebook, Google and the like. These communications services are free in order to control the freedom of data that might otherwise crash about randomly, generating few opportunities for sales.

Where this fails Facebook ratchets up the probability of influencing the user to behave as a predictable consumer. “Targeted advertisements often fail to earn a user’s trust in the advertised product,” explain Facebook’s programmers in U.S. Patent 8,527,344, filed in September of this year. “For example, the user may be skeptical of the claims made by the advertisement. Thus, targeted advertisements may not be very effective in selling an advertised product.” Facebook’s computer programmers who now profess mastery over sociological forces add that even celebrity endorsements are viewed with skepticism by the savvy citizen of the modulated Internet. They’re probably right.

Facebook’s solution is to mobilize its users as trusted advertisers in their own right. “Unlike advertisements, most users seek and read content generated by their friends within the social networking system; thus,” concludes Facebook’s mathematicians of human inducement, “advertisements generated by a friend of the user are more likely to catch the attention of the user, increasing the effectiveness of the advertisement.” That Facebook’s current So-And-So-likes-BrandX ads are often so clumsy and ineffective does not negate the qualitative shift in this model of advertising and the possibilities of un-freedom it evokes.

Forget iPhones and applications, the tech industry’s core consumer product is now advertising. Their essential practice is mass surveillance conducted in real time through continuous and multiple sensors that pass, for most people, entirely unnoticed. The autonomy and unpredictability of the individual —in Facebook’s language the individual is the “user”— is their fundamental business problem. Reducing autonomy via surveillance and predictive algorithms that can placate existing desires, and even stimulate and mold new desires is the tech industry’s reason for being. Selling their capacious surveillance and consumer stimulus capabilities to the highest bidder is the ultimate end.

Sounds too dystopian? Perhaps, and this is by no means the world we live in, not yet. It is, however, a tendency rooted in the tech economy. The advent of mobile, hand-held, wirelessly networked computers, called “smartphones,” is still so new that the technology, and its services feel like a parallel universe, a new layer of existence added upon our existing social relationships, business activities, and political affiliations. In many ways it feels liberating and often playful. Our devices can map geographic routes, identify places and things, provide information about almost anything in real time, respond to our voices, and replace our wallets. Who hasn’t consulted “Dr. Google” to answer a pressing question? Everyone and everything is seemingly within reach and there is a kind of freedom to this utility.

Most of Facebook’s “users” have only been registered on the web site since 2010, and so the quintessential social network feels new and fun, and although perhaps fraught with some privacy concerns, it does not altogether fell like a threat to the autonomy of the individual. To say it is, is a cliche sci-fi nightmare narrative of tech-bureaucracy, and we all tell one another that the reality is more complex.

Privacy continues, however, too be too narrowly conceptualized as a liberal right against incursions of government, and while the tech companies have certainly been involved in a good deal of old-fashioned mass surveillance for the sake of our federal Big Brother, there’s another means of dissolving privacy that is more fundamental to the goals of the tech companies and more threatening to social creativity and political freedom.

Georgetown University law professor Julie Cohen notes that pervasive surveillance is inimical to the spaces of privacy that are required for liberal democracy, but she adds importantly, that the surveillance and advertising strategies of the tech industry goes further.

“A society that permits the unchecked ascendancy of surveillance infrastructures, which dampen and modulate behavioral variability, cannot hope to maintain a vibrant tradition of cultural and technical innovation,” writes Cohen in a forthcoming Harvard Law Review article.

“Modulation” is Cohen’s term for the tech industry’s practice of using algorithms and other logical machine operations to mine an individual’s data so as to continuously personalize information streams. Facebook’s patents are largely techniques of modulation, as are Google’s and the rest of the industry leaders. Facebook conducts meticulous surveillance on users, collects their data, tracks their movements on the web, and feeds the individual specific content that is determined to best resonate with their desires, behaviors, and predicted future movements. The point is to perfect the form and function of the rational-instrumental bureaucracy as defined by Max Weber: to constantly ratchet up efficiency, calculability, predictability, and control. If they succeed in their own terms, the tech companies stand to create a feedback loop made perfectly to fit each an every one of us, an increasingly closed systems of personal development in which the great algorithms in the cloud endlessly tailor the psychological and social inputs of humans who lose the gift of randomness and irrationality.

“It is modulation, not privacy, that poses the greater threat to innovative practice,” explains Cohen. “Regimes of pervasively distributed surveillance and modulation seek to mold individual preferences and behavior in ways that reduce the serendipity and the freedom to tinker on which innovation thrives.” Cohen has pointed out the obvious irony here, not that it’s easy to miss; the tech industry is uncritically labeled America’s hothouse of innovation, but it may in fact be killing innovation by disenchanting the world and locking inspiration in an cage.

If there were limits to the reach of the tech industry’s surveillance and stimuli strategies it would indeed be less worrisome. Only parts of our lives would be subject to this modulation, and it could therefore benefit us. But the industry aspires to totalitarian visions in which universal data sets are constantly mobilized to transform an individual’s interface with society, family, the economy, and other institutions. The tech industry’s luminaries are clear in their desire to observe and log everything, and use every “data point” to establish optimum efficiency in life as the pursuit of consumer happiness. Consumer happiness is, in turn, a step toward the rational pursuit of maximum corporate profit. We are told that the “Internet of things” is arriving, that soon every object will have embedded within it a computer that is networked to the sublime cloud, and that the physical environment will be made “smart” through the same strategy of modulation so that we might be made free not just in cyberspace, but also in the meatspace.

Whereas the Internet of the late 1990s matured as an archipelago of innumerable disjointed and disconnected web sites and databases, today’s Internet is gripped by a handful of giant companies that observe much of the traffic and communications, and which deliver much of the information from an Android phone or laptop computer, to distant servers, and back. The future Internet being built by the tech giants —putting aside the Internet of things for the moment— is already well into its beta testing phase. It’s a seamlessly integrated quilt of web sites and apps that all absorb “user” data, everything from clicks and keywords to biometric voice identification and geolocation.

United States Patent 8,572,174, another of Facebook’s recent inventions, allows the company to personalize a web page outside of Facebook’s own system with content from Facebook’s databases. Facebook is selling what the company calls its “rich set of social information” to third party web sites in order to “provide personalized content for their users based on social information about those users that is maintained by, or otherwise accessible to, the social networking system.” Facebook’s users generated this rich social information, worth many billions of dollars as recent quarterly earnings of the company attest.

In this way the entire Internet becomes Facebook. The totalitarian ambition here is obvious, and it can be read in the securities filings, patent applications, and other non-sanitized business documents crafted by the tech industry for the financial analysts who supply the capital for further so-called innovation. Everywhere you go on the web, with your phone or tablet, you’re a “user,” and your social network data will be mined every second by every application, site, and service to “enhance your experience,” as Facebook and others say. The tech industry’s leaders aim to expand this into the physical world, creating modulated advertising and environmental experiences as cameras and sensors track our movements.

Facebook and the rest of the tech industry fear autonomy and unpredictability. The ultimate expression of these irrational variables that cannot be mined with algorithmic methods is absence from the networks of surveillance in which data is collected.

One of Facebook’s preventative measures is United States Patent 8,560,962, “promoting participation of low-activity users in social networking system.” This novel invention devised by programmers in Facebook’s Palo Alto and San Francisco offices involves a “process of inducing interactions,” that are meant to maximize the amount of “user-generated content” on Facebook by getting lapsed users to return, and stimulating all users to produce more and more data. User generated content is, after all, worth billions. Think twice before you hit “like” next time, or tap that conspicuously placed “share” button; a machine likely put that content and interaction before your eyes after a logical operation determined it to have the highest probability of tempting you to add to the data stream, thereby increasing corporate revenues.
Facebook’s patents on techniques of modulating “user” behavior are few compared to the real giants of the tech industry’s surveillance and influence agenda. Amazon, Microsoft, and of course Google hold some of the most fundamental patents using personal data to attempt to shape an individual’s behavior into predictable consumptive patterns. Smaller specialized firms like Choicestream and Gist Communications have filed dozens more applications for modulation techniques. The rate of this so-called innovation is rapidly telescoping.

Perhaps we do know who will live in the iron cage. It might very well be a cage made of our own user generated content, paradoxically ushering in a new era of possibilities in shopping convenience and the delivery of satisfactory experiences even while it eradicates many degrees of chance, and pain, and struggle (the motive forces of human progress) in a robot-powered quest to have us construct identities and relationships that yield to prediction and computer-generated suggestion. Defense of individual privacy and autonomy today is rightly motivated by the reach of an Orwellian security state (the NSA, FBI, CIA). This surveillance changes our behavior by chilling us, by telling us we are always being watched by authority. Authority thereby represses in us whatever might happen to be defined as “crime,” or any anti-social behavior at the moment. But what about the surveillance that does not seek to repress us, the watching computer eyes and ears that instead hope to stimulate a particular set of monetized behaviors in us with the intimate knowledge gained from our every online utterance, even our facial expressions and finger movements?

Darwin Bond-Graham, a contributing editor to CounterPunch, is a sociologist and author who lives and works in Oakland, CA. His essay on economic inequality in the “new” California economy appears in theJuly issue of CounterPunch magazine. He is a contributor to Hopeless: Barack Obama and the Politics of Illusion
 
Darwin Bond-Graham, a contributing editor to CounterPunch, is a sociologist and author who lives and works in Oakland, CA. His essay on economic inequality in the “new” California economy appears in theJuly issue of CounterPunch magazine. He is a contributor to Hopeless: Barack Obama and the Politics of Illusion

Wednesday, December 4, 2013

12 Corporate Espionage Tactics Used Against Leading Progressive Groups, Activists and Whistleblowers





 

Corporate spies for Dow, Kraft and others have tried to discredit, shame and infiltrate civic groups using an array of dirty tricks. 

 
 
 



Posing as volunteers. Stealing documents. Dumpster diving. Planting electronic bugs. Hacking computers. Tapping phones and voicemail. Planting false information. Trailing family members. Threatening reporters. Hiring cops, CIA officers and combat veterans to do all these dirty deeds—and counting on little pushback from law enforcement, mainstream media or Congress.

These are some of the ways that many of America’s largest corporations have spied on nonprofits for years, according to a detailed new report from the Center for Corporate Policy tracing decades of corporate espionage where tactics developed for American intelligence agencies have been imported by a long list of corporate giants for use against progressives.

“The U.S. Chamber of Commerce, Walmart, Monsanto, Bank of America, Dow Chemical, Kraft, Coca-Cola, Chevron, Burger King, McDonald’s, Shell, BP, BEA, Sasol, Brown & Williamson and E.ON have all been linked to espionage against non-profit organizations, activists and whistleblowers,” the report said, noting that its targets are “environmental, anti-war, public-interest, consumer, food safety, pesticide reform, nursing home reform, gun control, social justice, animal rights and arms-control groups.”

“There’s so many different tactics,” said Gary Ruskin, the center’s director and the report’s author. “It’s so important to talk about the effects on our democracy and privacy. Civic groups can’t work if they’re surrounded by serious espionage activities. And citizens don’t lose their rights to privacy if they disagree with corporations.”

Compared to Europe, where some of the same corporate players—and their staff or hired guns—have landed in court, been shamed in the media and even given jail terms, spying against non-profits has flourished with little legal consequence in America. The Justice Department almost never investigates. Nor does Congress look at the practice, which clearly would be illegal with its break-ins, thefts, threats, slander and racketeering.

“If corporate espionage is done with impunity, or near impunity, it invites more corporate espionage,” Ruskin said. “The Department of Justice needs to investigate and prosecute where warranted, and Congress needs to hold hearings.”

AlterNet counted a dozen dirty tactics and trends used by corporate spies, whether inside “security” or “threat-assessment” staff, or a mix of outside public relations and law firms and other covert operations specialists. These trends start at the most basic level, like pretending to be a volunteer, but escalate to cyber warfare and even blackmail. 

1. Posing as volunteers.


For most of the 1990s, Greenpeace was repeatedly targeted due to its campaign to phase out the use of chlorine in making plastics and paper. In 2008, investigative reporter James Ridgeway reported on a trove of documents obtained from an ex-employee of a private security firm, Becket Brown International. The papers described how BBI planted “undercover operatives” in many environmental groups, with a heavy emphasis on Greenpeace. BBI wanted everything and anything about its anti-corporate strategies.

In late 2010, Greenpeace sued BBI’s backer—Dow Chemical—in federal district court, citing anti-racketeering law. Its suit noted that “Mary Lou Sapone, a BBI consultant and experienced infiltrator of nonprofits, posed as a prospective volunteer” at its Washington, D.C. headquarters. BBI knew the office layout, key codes to open doors, and much more, the suit said. “BBI procured and held highly confidential Greenpeace records, including, for example, confidential personal, financial and employment records—which could only have been secured from Greenpeace’s offices.”

Greenpeace was not alone in being infiltrated by corporate spies. “From the mid-1990s through much of the 2000s, Mary McFate was a prominent volunteer for gun-control groups,” the Center For Corporate Policy report said.

“She ran for a seat on the board of directors of the Brady Campaign to Prevent Gun Violence, and worked closely with other national gun-control organizations, such as the Violence Policy Center. She was director of federal legislation for States United to Prevent Gun Violence. She was deeply knowledgeable about the plans and actions of these and other national gun conteol groups. They, however, did not know that her other identity was Mary Lou Sapone, who since the late 1980s had been paid by corporations to spy on citizens groups.”

Sapone, according to BBI documents cited by the report, had billed the National Rifle Association “nearly $80,000” for 11 months of work during this time.   

2. Dumpster diving.


What corporate spies could not gather by walking into meetings and offices as volunteers, they got by dumpster diving—stealing bags of trash and sifting through them. Greenpeace’s lawsuit said that BBI and others raided the dumpsters outside its Washington offices more than 120 times. What was especially notable about these raids is that a local Washington police officer was part of BBI’s team, flashing his badge to gain access to dumpsters kept behind locked fences. BBI also had Baltimore police on its payroll.

Greenpeace wasn’t alone in having its trash targeted by corporate spies. The report lists other environmental groups, as well as David Fenton, who started a PR firm that represents progressives. His home was watched by BBI and had its trash stolen after midnight, the report said, adding that his firm’s office also was broken into a decade ago, “during which boxes of files and two laptops were stolen. The culprits were never caught.”

3. Tapping phones and voicemail.


Greenpeace’s anti-racketeering suit—most of which was thrown out by a federal court—also talked about other firms spying for Dow Chemical. One was a company run by ex-National Security Agency officials, TriWest Investigations, which procured “phone call records of Greenpeace employees or contractors,” the report said, add that cellphones given to Greenpeace employees were also tapped. “BBI’s notes to its clients ‘include verbatim quotes attributed to specific Greenpeace employees.’”

4. Casing offices, stealing files.


These first three tactics—posing as volunteers, stealing trash and wiretapping—allowed a team of corporate spies, including the supposedly credible PR firm, Ketchum, to steal all kinds of documents about different Greenpeace projects. The corporate espionage report says the same tactics also were used “on behalf of Kraft,” to “provide intelligence about organizations opposed to genetically engineered food.” The report notes these tactics were not confined to Washington, but were also used against activists in Louisiana opposing petrochemical plant pollution, immigrant farm workers in Florida working for a Burger King supplier, Northern Californians opposing a new garbage dump, and nursing home activists in Maryland.

5. Impersonating activists.


As businesses moved online, so did the practice of breaking into websites and servers. In January 2011, the computer security firm HBGary Federal claimed that it identified the leaders of the hacker collective Anonymous. In response, the collective broke into the firm’s e-mail and other accounts and put the contents online. In those files were details of how the U.S. Chamber of Commerce had been working to discredit its nonprofit critics.

Unlike Greenpeace’s dumpster-diving foes, HBGary and two high-tech firms, Palantir Technologies and Berico Technologies—which both have multi-million-dollar contracts with U.S. military and intelligence agencies—created a plan to infiltrate U.S. Chamber Watch, which monitors the U.S. Chamber of Commerce. They proposed creating false documents—basically, bait—to see if the watchdog group would use them, as part of an effort to discredit it. The corporate consultants’ memos also discussed creating a “fake insider persona” at another progressive group, Change To Win, to release its forgeries. “Both instances will prove that US Chamber Watch cannot be trusted,” its memo said.   
  

7. Hacking and disrupting computers.


The trio of coporate spies, who call themselves "Team Themis," also “proposed to wage electronic warfare against U.S. Chamber Watch and its allies,” the report said. The team boasted of its capacity to place “malware” and “custom bots” in Chamber Watch’s computers. These and other details about Team Themis’ proposal were cited in a bar association ethics complaint filed against lawyers working with the corporate spies, the report said.   

8. Trailing family members.


The high-tech team of thugs also boasted of following family members of public-interest activists and journalists, according to their proposals unmasked by Anonymous. “Other e-mails show that HBGary Federal investigated the critics of the U.S. Chamber of commerce, including their spouses, children, religious activities and personal lives—and even gethered photos of them,” the report said, citing additional reporting on its strategy from theNew York Times and ThinkProgress.org.

“They propose to ‘use the following tactics to mitigate the effect of adversarial groups,’” it said. “These tactics include: ‘Discredit, Confuse, Shame, Combat, Infiltrate, Fracture’ They propose using these tactics against the Center for American Progress, MoveOn.org, Velvet Revolution, Move To Amend, JTMP (Justice Through Music Project), U.S. Chamber Watch, Brad’s Blog, Joe Trippi, Brave New Films, New Left Media, Agit-PoP, Courage Campaign and the Ruckus Society.”

These were not empty threats. In early 2011, while substituting for a nationally syndicated talk radio host, Mike Malloy, and aggressively talking about the Chamber’s anti-activist campaign, Brad Friedman’s BradBlog website was knocked offline for several days. His personal information was also displayed in Team Themis’ proposal.

9. Adding blackmail to disinformation campaign.


In late 2010, Julian Assange, then the editor-in-chief of WikiLeaks, announced he was poised to “take down” a big U.S. bank by revealing a corruption scandal. Bank of America thought it was the target, and received a Team Themis proposal that included spreading “disinformation” about WikiLeaks, creating forged documents “and then call out the error,” and a cyber attack against its “infrastructure,” the report said. But the Team Themis proposal also suggested making “an implicit threat to ruin the career of Glenn Greenwald, a prominent journalist, if he continues to support Wikileaks.” 

Equally disturbing, the U.S. Department of Justice apparently told Bank of America’s top lawyer that the bank contact the law firm working with Team Themis, Hunton & Williams, “according to an e-mail chain viewed by theTech Herald. If this is true, it raises questions of… how much Justice Department officials knew of and even supported corporate espionage against WikiLeaks and its allies,” the Center for Corporate Policy report said.

10. Posing as journalists.


Another side of the corporate espionage universe is posing as a reporter to quickly gather information about activists. In 2010, Kroll, which is a private investigations firm, tried to recruit a journalist, Mary Cuddehe, as a “corporate spy for Chevron,” the report noted. It “offered her $20,000 to pose as a journalist while conducting interviews to undermine a study of health effects of the [330-million gallon] oil spill [around Lago Agrio, Ecuador]” by Texaco (which was aquired by Chevron). She turned down the money and instead wrote an article about the experience for theAtlantic.

11. Hiring cops, ex-spooks and veterans.


There are other dimensions to corporate espionage against nonprofits. One is relying on members of the national security establishment—notably ex-CIA or NSA employees—as well as moonlightling local police, and Iraq-Afghanistan war veterans to do the spying, the report said. Many of the proposals for anti-activist campaigns tout these credentials, citing ex-military resumes as they seek fees ranging from hundreds of thousands to several million dollars. “Even active-duty CIA operatives are allowed to sell their expertise,” it said. “Corporations are now able to replicate in miniature the services of a private CIA, employing active-duty and retired officers from intelligence and/or law enforcement.”

12. Little pushback from law enforcement.


Hiring cops, spooks and vets to do corporate dirty work leads to one more trend enabling corporate espionage to flourish. That is a lack of accountability or legal consequence for espionage that clearly breaks domestic law, such as stealing documents, wiretapping, etc. In France or England, where some of these same actvities have come to the attention of authorities, those responsible have been prosecuted and some perpetrators have even gone to jail. Not so in the U.S.

“Hiring former intelligence, military and law enforcement officials has its advantages,” the report notes. “First, these officials may be able to use their status as a shield. For example, current law enforcement officials may be disinclined to investigate or prosecute former intelligence or law enforcement agents… In effect, the revolving door for intelligence, military and law enforcement officials is yet another aspect of the corporate capture of federal agencies, and another government subsidy for corporations.”

What Americans Don’t Know


As detailed as the Center for Corporate Policy report is, author Gary Ruskin says most of the information was obtained “by accident.” It wasn’t freely given. It was the result of lawsuits, a handful of whisteblowers, mistakes by those hired to do the corporate espionage, boasts in trade press and other somewhat random sources.
But even so, there is a dark playbook that comes into view. Nonprofits are scrutinzed for vulnerabilities. Computers are hacked. Documents are copied or stolen. Phone calls and voice mail are secretly recorded. Personal dossiers are compiled. Disinformation is created and spread. Websites are targeted and taken down. Blackmail is attempted. Just as bad, Ruskin says, the Justice Department and Congress look the other way. 

“The entire subject is veiled in secrecy,” his report says. “In recent years, there have been few serious journalistic efforts—and no serious government efforts—to come to terms with the reality of corporate spying against nonprofits.”  

Steven Rosenfeld covers democracy issues for AlterNet and is the author of "Count My Vote: A Citizen's Guide to Voting" (AlterNet Books, 2008).