A federal judge in New York ruled today that the National Security Agency’s (NSA) mass telephone data collection program is legal, rejecting claims put forward by the American Civil Liberties Union.
William Pauley, the presiding judge for the case, revealed how the program has affected the NSA’s intelligence gathering capabilities since the terrorist attacks on September 11, 2001. He suggested that with the current program, the NSA could have helped the US government to prevent al-Qaida’s actions that day.
“Prior to the September 11th attacks, the NSA intercepted seven calls made by hijacker Khalid al-Mihdhar, who was living in San Diego, California, to an al-Qaeda safe house in Yemen,” Pauley said in his ruling.
“The NSA intercepted those calls using overseas signals intelligence capabilities that could not capture al-Mihdhar’s telephone number identifier. Without that identifier, NSA analysts concluded mistakenly that Al-Mihdhar was overseas and not in the United States.”
Pauley said that with the telephone data it collects today, the NSA might have been able to tell the FBI that al-Mihdhar was, in fact, calling this safe house from within the United States. In the case, Pauley said the data collection program was lawful, but fell short of saying that the NSA should be able to continue its work with the current checks and regulatory framework.
“While robust discussions are underway across the nation, in Congress and at the White House, the questions for this Court is whether the Government’s bulk telephone metadata program is lawful. This Court finds it is. But the question of whether that program should be conducted is for the other two coordinate branches of Government to decide.”
The ACLU moved for a preliminary injunction, but this was denied by the court.
In a separate case earlier this month, a federal judge in Washington ruled that the NSA’s data collection program was unconstitutional.
Image Credit: PAUL J. RICHARDS/AFP/Getty Images
The Silk Road 2, a hidden website modeled on the original Silk Road contraband marketplace, is regrouping as the users and single remaining moderator prepare for a Christmas lockdown. The group faced a setback on Friday when US and Irish authorities arrested moderators Andrew Michael Jones, Gary Davis, and Peter Philip Nash. A final moderator, Cirrus, remains on the site. The arrests happened in conjunction with the shut-down of the first Silk Road and are probably unrelated to the new version.
The site is currently “closed” to orders and will reopen after Christmas on the 28th. On the 22nd a moderator named Defcon allowed the site to remain open twelve more hours so users could withdraw funds. Defcon wrote:
As his second in command, I have very clear instructions as to what to do in this worst case scenario.
He appointed a successor before he began. You know who you are, and you know what to do. Consider this the signal.
I cannot elaborate on the specifics, but the marketplace is safe and in my hands until the Captain returns or his successor appears.
“Make no mistake – Silk Road is not dead, the marketplace is not compromised, and it will return after the break regardless of how this plays out,” wrote Defcon.
New markets that use improved cryptographic systems, including a service called the Marketplace, are on the rise. Users and admins claim that that they are ostensibly safer than the Tor-based Silk Roads. It is, as they say, business as usual on the DarkNet.
Read the original: Silk Road 2 Still Running After Moderator Arrests
In this episode of my Foundation video series, I sit down for a chat with Coinbase founder Brian Armstrong. We chat about Bitcoin, his first Android wallet project, and the insane security he uses to protect your coins.
Brian on security:
“We have over 200 tests that run against the code before every deploy…we keep the vast majority of customer funds offline…we split the keys with redundancy and geographically split them all over the world so that each of the pieces is in a safe deposit box geographically.”
Kevin Rose is a general partner at Google Ventures. You can watch Kevin’s prior Foundation episode, an interview with Matt Galligan of Circa, here.
Read the original here: Foundation: Brian Armstrong on Coinbase and Bitcoin Security
Google today updated its Search app for Android and iOS with expanded voice support: in addition to English, the app now understands and speaks French, German, and Japanese. You can download the new version now directly from Google Play and Apple’s App Store.
In case you need proof, below you can see the app answering the following questions: “What is the height of the Eiffel tower?”, “Where can one find some coffee in Munich?”, and “Who invented the transistor?” in French, German, and Japanese, respectively.
Not only can Google speak out answers to your questions in your native language, but it can do that after first interpreting what you’re saying. Don’t expect miracles though: just like the English language, these three new additions have many dialects and accents that make such a feature very hard to perfect.
Still, Google Search has only supported English speakers up until today. While Google calls this an “international upgrade,” it’s quite obviously just the very early days of regularly adding support for more and more tongues.
Naturally, the company won’t say when that will be: “Stay tuned as we work to add more languages so you can have a conversation with Google in more and more places around the world.” Given that three languages have been added today though, it’s safe to say that Google is working on implementing more than one at a time.
We’ll be watching closely. Based on how Google has added support in the past, and given that some languages are spoken much more widely than others, we’d bet Spanish, Chinese, and Portuguese are on their way.
See also – Google Translate for Android gets faster and simpler speech translation, gestures, support for more languages and Google updates Gesture Search for Android with support for over 40 languages and transliteration
Top Image Credit: RAWKU5
If you own a Western Digital branded external hard drive you might want to be careful about upgrading to Mavericks. The hard disk manufacturer has emailed customers warning of data loss when upgrading to Mavericks if its Drive Manager, Raid Manager or SmartWare applications are installed.
The email to customers comes after the company support forum exploded with users complaining that they experienced data loss after upgrading to Mavericks with the applications installed. The company says if users uninstall all three pieces of software then they are safe to upgrade to the new OS and will not lose their data. If you’ve already upgraded, you should delete the applications right away to be sure your data is safe.
While the software is being fixed, it has been removed from the Western Digital website.
See the original post: Western Digital warns Mavericks users of external hard drive data loss risk
Social sharing service Buffer was the victim of a cyber attack last week after a hacker gained access to Cloud-based database services company, MongoHQ. Buffer wasn’t the only company affected by the attack; developer product CircleCI was also victimized along with smart calendar app, Sunrise, we discover today. Sunrise’s hacking was revealed via an email sent by Sunrise CEO Pierre Valade to the product’s users this weekend.
Sunrise says it has already taken steps to protect user information, including refreshing the identification key that permits its servers from connecting with a user’s Google, Facebook, and Twitter account, something that will prevent the “malicious party” from using the data that may have been extracted.
The company says that LinkedIn, Foursquare, and Producteev data remain safe as those services do not have the same connection process as Google, Facebook, and Twitter. In addition, user emails and passwords are also safe as these credentials have been encrypted. However, the email stresses that if users connected iCloud to their account, they should reset their passwords and also reconnect its app with Apple’s cloud and storage service.
Valade says no credit card or banking information was compromised and in the interest of further protection, all users have been automatically logged out of its app.
See related: Lessons to learn from the MongoHQ database breach (Naked Security)
Photo credit: Sean Gallup/Getty Images
The Washington Post broke news this afternoon that the National Security Agency (NSA) is collecting huge numbers of email address books and chat buddy lists for both foreign individuals and United States citizens.
It appears that the NSA lacks Congressional authority to collect buddy lists and address book information in the way that it currently does. As the Post rightly points out, address book data can include physical addresses, very personal information, and more.
To get around that lack of a mandate, the NSA has agreements with non-U.S. telcos and works with other, non-U.S. intelligence groups. So to get its hands on even more information, the NSA avoids the constraints of its provided oversight and legal boundaries, by going to alternative sources of the data that it wants.
That matters because the rules of other countries for tracking the communication of United States citizens are more lax. Recall that the NSA is in some ways slowed from collecting information on citizens of the United States, but not those of other countries.
So, if the NSA is willing to accept data from foreign intelligence agencies that it is not able to collect in this case, why not in other cases as well?
If the NSA won’t respect the constraints that are put in place on its actions for a reason, and will instead shirk its responsibilities and find a way to get all the data it could ever desire, then we have even less reason to trust its constant petitions that it follows the law, and is the only thing keeping the United States safe from conflagration.
The Post continues: “When information passes through ‘the overseas collection apparatus,’ [an intelligence office] added, ‘the assumption is you’re not a U.S. person.’” This means that when the NSA sweeps up contact data, buddy lists, and address sets from overseas, the same rules that keep it from collecting information on United States citizens aren’t likely in play. Minimization, it would seem, would be minimal.
The phone metadata program knows who you called, when, and for how long. PRISM can force your private information out of major Internet companies. XKeyscore can read your email, and tracks most of what you do online. And the above program circumvents Congressional oversight by collecting more data on U.S. citizens by merely executing that collection abroad.
How private are you feeling?
Facebook provided TechCrunch with the following statement:
“As we have said many times, we believe that while governments have an important responsibility to keep people safe, it is possible to do so while also being transparent. We strongly encourage all governments to provide greater transparency about their efforts aimed at keeping the public safe, and we will continue to be aggressive advocates for greater disclosure.”
Microsoft repeated to TechCrunch what it had told the Washington Post, that it “does not provide any government with direct or unfettered access to our customers’ data” and that if the above revelations are true, then the company would “have significant concerns.”
Top Image Credit: Zoe Rudisill