News you may have missed #901

Michal GarbovitzUS Army already looking to future pandemics. While still in the midst of the COVID-19 crisis, the US Army is already thinking ahead about the impacts of future pandemics and how they will affect the service, according to the head of Army Futures Command. General John Murray, Futures Command’s commanding general, said on May 27 that “The chances of this happening again are not zero for sure”. “It’s demographics, it’s urbanization, it’s economies, it’s pandemics,” he said during a teleconference with reporters hosted by George Washington University’s Project for Media and National Security.
The sex worker who spied for Israel’s pre-state militia. Once a disregarded sex worker, today Michal Garbovitz is hailed for aiding the Haganah, a Jewish paramilitary organization in British-Mandate Palestine between 1920 and 1948. Described in contemporary accounts as a “good-looking and handsome” woman, Garbovitz was estranged by her Jewish family for fraternizing with Arabs. However, during the Arab Revolt of 1936-39 against the Mandatory forces, she “exploited her contacts with Arabs and British police officers to extract vital information and transfer it to the Haganah”.
Should COVID-19 status be a protected classification? People who have recovered from COVID-19 already face significant disadvantages, even if they have fully recuperated from the virus. For instance, the military announced several weeks ago that recovering from COVID-19 would be a permanently disqualifying condition for entrance into the armed services. Although the military later clarified that such a disqualification would only apply to individuals hospitalized because of COVID-19, many people who have recovered from the virus will face obstacles to joining the military due to these restrictions.

German court stops spy agencies from conducting mass surveillance of foreigners

BND GermanyGermany’s Federal Court of Justice has ruled that the country’s intelligence agencies are not entitled to spy en masse on the telecommunications exchanges of foreign citizens. The ruling comes in response to a lawsuit filed by several journalist groups, including the German chapter of Reporters Without Borders. The groups partnered with the German-based Society for Civil Rights and argued in their lawsuit that existing law did not prevent German spy agencies from spying at will on the communications of journalists. This could potentially allow the intelligence agencies to identify trusted sources that journalists use in their work, and even share that information with intelligence agencies of other countries, they argued.

Germany’s foreign intelligence agency, the Federal Intelligence Service, or BND, is uniquely positioned with access to a vast volume of telecommunications data and content. This is because Germany hosts some of the busiest and highest-capacity Internet exchange points in the world. The country’s extensive telecommunications infrastructure includes the so-called DE-CIX exchange in Frankfurt, believed to be the world’s second-busiest Internet node. It is believed that the DE-CIX Internet exchange alone carries over a trillion messages per day to and from Western Europe, Russia, the Middle East and North Africa.

The BND is not allowed to spy on the communications of German nationals. However, according to German media reports, the agency had until now assumed that Internet messages sent by foreigners, which passed through German-based exchanges, were fair game for interception and analysis. This was because, according to the BND, foreign nationals were not protected under Germany’s Basic Law —a term that refers to the German Constitution— which means they and their communications had no privacy protections under German law.

But this assumption was dispelled on Tuesday by the Federal Court of Justice, which is Germany’s highest court. The court ruled that telecommunications surveillance against foreigners is subject to Article 10 of Germany’s Basic Law, which affords German citizens the right to privacy. In other words, the law also protects the telecommunications of foreigners, according to the court, which means that surveillance of foreign communications should be carried out only in a targeted fashion, in response to specific cases or to target specific individuals. The court challenged the mass-surveillance —as opposed to a targeted surveillance— model of the BND’s data collection, and said that it the spy agency’s activities required more stringent oversight, especially in relation to the communications of reporters and lawyers. Finally, the court agreed with the plaintiffs that the constitutional safeguards against the BND’s ability to share its intercepted data with foreign spy agencies were insufficient.

In its ruling, the court gave the German government until December of 2021 to propose a new law governing telecommunications surveillance against foreigners, which will be compliant with the German Constitution.

Author: Joseph Fitsanakis | Date: 20 May 2020 | Permalink

Google removes Iranian government’s COVID-19 app amidst claims of espionage

Iran Ministry of Health and Medical EducationAn Android application developed by the Iranian government to assist in coordinating the country’s response to the COVID-19 epidemic has been removed by Google amidst accusations that it may be used to track Iranian dissidents. The application, named AC19, was released several days ago by Iran’s Ministry of Health and Medical Education. Its release was announced through a text message sent by the Iranian government to every mobile telephone subscriber in the country. The text message urged citizens to download the application through a dedicated website or third-party app stores, including the Google Play Store. Millions have since done so.

The purpose of AC19 is to help coordinate the nationwide response to COVID-19, known as coronavirus, in a country that is experiencing one of the world’s most prolific outbreaks of the disease. App users can register using their unique phone number and determine whether their flu-like symptoms resemble those of COVID-19. The app’s developers argue that it can help keep people from flooding local hospitals throughout the country, which are already overwhelmed.

But some users have raised concerns that the app also requests access to the real-time geolocation data of users, which it then stores in remote databases. As technology news website ZDNet reports, some have accused the government in Tehran of using the AC19 app in order to track the movements of citizens. An expert consulted by ZDNet to examine the app’s technical details said that it did not appear to contain unusually intrusive features or functions.

However, the company used to develop the app, called Smart Land Strategy, has previously built apps that, according to ZDNet, were used by the Iranian intelligence services and were subsequently removed from the Google Play Store. Some Iranians claim that, given the connection between AC19 and Smart Land Strategy, it is possible that the new app may be used in the future by the Iranian government to spy on citizens, despite the fact that it may be presently useful in efforts to contain the COVID-19 epidemic.

The app continues to be available through Iranian government websites and app sites other than Google’s.

Author: Ian Allen | Date: 10 March 2020 | Permalink

Facing skepticism by experts, NSA backs down in global encryption standards debate

NSARepresentatives from the United States National Security Agency (NSA) withdrew a proposal to introduce new global industry standards for data encryption, after encountering prolonged skepticism by experts representing other Western countries. Some observers have interpreted this development as indicative of the damaged relationship between the NSA and its Western counterparts following revelations by American defector Edward Snowden.

Deliberations for establishing new industry standards for data encryption have been taking place for over three years under the supervision of the International Organization for Standardization (ISO). The ISO is a worldwide standard-setting body founded in 1947, which brings together representatives from national standards organizations. The US delegation, had proposed the adoption of two new data encryption techniques, known as ‘Simon’ and ‘Speck’. The techniques had the approval of the US national standards organization, which is known as the American National Standards Institute (ANSI) . However, it also had the approval of the NSA, America’s signals intelligence agency, whose representatives were members of the US delegation to the ISO. According to the Reuters news agency, the presence of the NSA representatives in ANSI prompted skepticism among other national delegations.

Eventually, encryption experts from countries including Israel, Japan, Germany, and the United Kingdom, rejected ‘Simon’ and ‘Speck’. The reason, according to Reuters, was that they were “worried that the [NSA] was pushing the new techniques not because they were good encryption tools, but because it knew how to break them”. Some commentators believe that this incident illustrates the suspicion with which the NSA is seen by American allies following headline-grabbing revelations made Edward Snowden, a former employee of the NSA who defected to Russia in 2013. Some of Snowden’s most sensational revelations involved alleged NSA operations targeting Germany, France, Israel, Japan, and other American allies. The revelations shocked public opinion in Europe and elsewhere, and resulted in the unprecedented expulsion of the CIA station chief in Berlin —the most senior US intelligence official in the country. ISO delegates are now thought to be working on a revised plan to keep some of ANSI’s proposed standards but enhance them with stronger layers of encryption, said Reuters.

Author: Joseph Fitsanakis | Date: 22 September 2017 | Permalink

Did domestic snooping by Canadian spy agency increase 26-fold in a year?

CSE Canada - IAThe volume of domestic communications that were intercepted by Canada’s spy agency increased 26 times between 2014 and 2015, according to a recently released report by a government watchdog. The same report states that intercepted information about Canadian citizens, which is given to Canada’s spy agency by the intelligence organizations of other Western countries, has increased so much that it now requires an elaborate mechanism to analyze it. When asked to explain the reasons for these increases, Canadian government officials said they could not do so without divulging secrets of national importance.

Information about these increases is contained in the latest annual report by the Office of the Commissioner of the Communications Security Establishment. The body was set up in 1996 to review the operations of the Communications Security Establishment (CSE). Founded in 1946, CSE is Canada’s primary signals intelligence agency. It is responsible for interception foreign communications while at the same time securing the communications of the Canadian government. The Office of the Commissioner monitors CSE’s activities and ensures that they conform with Canadian law. It also investigates complaints against the CSE’s conduct of and its officers.

Canadian law forbids the CSE from intercepting communications in which at least one of the parties participating in the exchange is located in Canada. If that happens, the message exchange is termed “private communication” and CSE is not allowed to intercept it, unless it gets written permission from Canada’s National Defense minister. Such permission is usually given only if the interception is deemed essential to protect Canadian national security or national defense. If a “private communication” is inadvertently intercepted, CSE is required to take “satisfactory measures” to protect the personal privacy of the participant in the exchange that is located inside Canada.

According to the CSE commissioner’s report for 2015, which was released in July, but was only recently made available to the media, CSE intercepted 342 “private communications” in 2014-2015. The year before, the spy agency had intercepted just 13 such exchanges. The report states that all 342 instances of interception during 2014-2015 were either unintentional or critical for the protection of Canada’s security. It further states that the reason for the huge increase is to be found in “the technical characteristics of a particular communications technology and of the manner in which private communications are counted”.

Canadian newspaper The Ottawa Citizen asked the CSE commissioner, Jean-Pierre Plouffe, to explain what he meant by “technical characteristics of a particular communications technology” in his report. His office responded that the commissioner could not explain the subject in more detail, because doing so would “reveal CSE operational capabilities” and thus hurt Canada’s national security. The newspaper also contacted CSE, but was given a similar answer. Some telecommunications security experts speculate that the increase in intercepted “private communications” may be due to exchanges in social media, whereby each message is counted separately.

Author: Ian Allen | Date: 25 August 2016 | Permalink

Canada stops sharing intelligence with Five Eyes partners over data breach

CSE CanadaCanada says it will stop sharing certain types of intelligence with some of its closest international allies until it ensures that Canadian citizens’ information is not included in the data given to foreign spy agencies. The announcement follows an official admission, made earlier this week, that a Canadian intelligence agency failed to remove Canadian citizens’ data from information it shared with member-agencies of the so-called Five Eyes Agreement. The pact, which is sometimes referred to as the UK-USA Security Agreement, has been in existence since World War II. It provides a multilateral framework for cooperation in signals intelligence (SIGINT) between the United Kingdom, the United States, Canada, Australia, and New Zealand.

On Thursday, the Commissioner of the Communications Security Establishment (CSE) of Canada, Jean-Pierre Plouffe, published a report on the activities of the CSE —the country’s primary SIGINT agency. The document, which is published annually by the Commissioner, states that the majority of the CSE’s SIGINT collection activities took place in accordance with Canadian law. However, the report found that some of the data shared by CSE with its Five Eyes partners contained data that could potentially be used to identify the identities of Canadian citizens. According to Canadian law, the CSE is not allowed to specifically target the communications of —or information about— Canadian citizens or Canadian companies. Moreover, information pertaining to those, which may be indirectly collected in the course of legitimate targeting of foreign citizens, is supposed to be immediately purged by CSE collection staff.

However, the Commissioner’s report found that some metadata —namely information pertaining to communications other than their content— that could be used to identify Canadian citizens had been shared by the CSE with Five Eyes spy agencies. Later on Thursday, Harjit Sajjan, Canada’s Minister of Defense, announced that SIGINT intelligence-sharing would be suspended until the metadata breach identified in the Commissioner’s report could be adequately addressed and corrected. Minister Sajjan said the roots of the breach had to do with “technical deficiencies” at the CSE, but added that it was crucial that the privacy of Canadians was protected. Therefore, he said, the spy agency would “not resume sharing this information with our partners” until he was “fully satisfied” that the proper control systems were in place.

Author: Joseph Fitsanakis | Date: 29 January 2016 | Permalink

NSA gives Israel raw intercepts containing US citizens’ data

NSA headquartersBy JOSEPH FITSANAKIS | intelNews.org |
The United States National Security Agency (NSA) shares raw intercepted data with Israeli intelligence without first deleting information pertaining to American citizens, according to a leaked document. British newspaper The Guardian published on Wednesday an informal memorandum of understanding between the NSA and the Israel SIGINT National Unit (ISNU). The five-page document was supplied to the newspaper by Edward Snowden, a technical contractor for the NSA who defected to Russia this past summer. It outlines an agreement reached in 2009 between the NSA and the ISNU, under which the American side provides the Israelis with raw intercepts, which often contain telephone and email data belonging to American citizens. The memorandum describes this type intelligence sharing as a “routine” aspect of a broader “SIGINT relationship between the two organizations”. SIGINT refers to signals intelligence, a term used in the intelligence community to describe the interception of communications data or content. Additionally, the document specifically mentions that the data shared with the Israelis is “raw” or “unminimized”, meaning it has not been subjected to the process of extracting and deleting information that identifies US citizens or residents —known as “US persons”. By law, the NSA is not permitted to spy on US persons and is required to ‘minimize’ intercepted data so that the communications of US persons remain private, unless they are absolutely indispensible in understanding a piece of foreign intelligence. The memorandum describes a number of restrictions on the use of this information by Israeli intelligence, stating that the ISNU is forbidden from using it in order to target US persons. It also states that the ISNU must shield the identities of US persons when sharing the information with other Israeli government agencies. Read more of this post