"EVERYTHING goes into the US-based spy cloud," Kim Dotcom tells Ars.

New Zealand appears to have used NSA spy network to target Kim Dotcom 

by Cyrus Farivar
Ars Technica
Aug 23, 2013
[emphasis added]

A new examination of previously published affidavits from the Government Communications Security Bureau (GCSB)—the New Zealand equivalent of the National Security Agency (NSA)—appears to suggest that the GCSB used the “Five Eyes” international surveillance network to capture the communications of Kim Dotcom, the founder of Megaupload.

The new analysis was posted by New Zealand journalist Keith Ng in a Thursday blog post. 

 If the link proves to be true, it would seem that the NSA’s vast international surveillance capability can be turned against individuals unrelated to the NSA’s stated mission to aid military, counterintelligence, or counterterrorism objectives.

Kim Dotcom has been charged in the United States with copyright infringement rather than terrorism or any other violent crime. The German-born entrepreneur is currently fighting extradition from New Zealand to the United States. Separately, he has launched a civil suit in New Zealand against the GCSB for what the New Zealand government has already admitted was unlawful surveillance.

REL TO NZL, FVEY

On Page 21 of the GCSB’s Affadavit of Disclosure (PDF), in an internal e-mail dated February 17, 2012, the document is marked: 

"TOP SECRET//COMINT//REL TO NZL, FVEY."

The last section of that classification (REL TO NZL, FVEY)—“Relevant to New Zealand, Five Eyes”—refers to the vast intelligence and data sharing program between the United States, the United Kingdom, Canada, Australia, and New Zealand, known as “Five Eyes.” 

Given new disclosures about the capabilities of PRISM and XKeyscore as a result of the documents provided by former NSA contractor Edward Snowden, a close examination of this affidavit seems to suggest that the Five Eyes infrastructure was used in Dotcom’s case. (In a slide published last month by The Guardian, XKeyscore is clearly shown to have a presence in New Zealand.)

The affadavit also provides a redacted list of “selectors” for Kim Dotcom, his wife Monica Dotcom, and Bram Van Der Kolk, one of Dotcom’s co-defendants.

“We intercepted [REDACTED] from the first two selectors on the list," the document states. "Obviously only a small fraction of them were used in the reports that were generated. We had no [REDACTED] collection on Dotcom, and I’m advised we saw a little [REDACTED] none of which was used in reporting.”

“All Five Eyes partners have access [to the NSA's systems], including GCSB,” Dotcom told Ars. “GCSB doesn’t even operate their own spy cloud. Everything goes into the US-based spy cloud. Including all the surveillance they have done on me. They typed in the selector and got access to everything the Five Eyes spy cloud had on me. Then the GCSB started real-time surveillance of all my communications, IP, mobile, etc. and was feeding that into the spy cloud.”

Neither the GCSB nor a spokesperson for the Embassy of New Zealand in the United States immediately responded to Ars’ request for comment. In June 2013, New Zealand Prime Minister John Key evaded answering whether the GCSB uses or has access to the NSA’s PRISM system.

"I can't tell you how the United States gather all of their information, what techniques they use, I just simply don't know,” Key told TV3’s Firstline. “But if the question is do we use the United States or one of our other partners to circumvent New Zealand law then the answer is categorically no. We do exchange—and it's well known—information with our partners. We do do that. How they gather that information and whether they use techniques or systems like PRISM, I can't comment on that.''

"What was done was illegal"

As we reported in March 2013, a New Zealand appeals court ruled (PDF) that Kim Dotcom has the right to sue the government of New Zealand for illegal surveillance. 

As we reported further last year, the NZ government admitted after the fact that Dotcom should not have been subjected to government surveillance due to his having obtained permanent resident status.

According to new documents acquired earlier this year by a New Zealand TV channel, the GCSB already had information as of December 16, 2011 (before the January 2012 raid) showing that Dotcom was a permanent resident of New Zealand and that the agency knew Dotcom should not have been targeted at all. Interestingly, the documents also show Dotcom’s government code name: “Billy Big Steps.”

Still, Ira Rothken, Dotcom’s California-based attorney, seemed to be a bit more cautious about drawing any new implications from the NZ affidavit.

“We’re in the process of litigating a civil case that implicates the New Zealand government for their illegal spying,” he told Ars. “At this point, while we have a healthy appreciation for whatever informal analysis is being done, our goal in this case is to actually get the information directly from New Zealand government sources. I don’t want to prejudge the very thing that we’re litigating now.”

Still, Rothken seemed to indicate that it was within the realm of possibility that Five Eyes was turned against Dotcom illegally.

“I think it’s axiomatic that New Zealand has access to the Five Eyes infrastructure because it’s a member of Five Eyes and it has network points in New Zealand, including a large installation in New Zealand,” he added. “I think that that’s common knowledge. We know that the spy machinery was misused because what was done was illegal. The interesting thing about this case is that it shows how not having sufficient checks and balances against the spy machinery can come back to hurt and impact the rights of innocent residents. Here, the Prime Minister has already apologized and admitted that what happened was illegal. We are litigating for what damages and remedies should be provided.”

Mark Rumold, a staff attorney at the Electronic Frontier Foundation, said that it wasn’t clear how much New Zealand authorities obtained via the NSA.

“It would all be dependent on New Zealand law,” he told Ars. “There’s nothing in here that looks like a slam dunk. It doesn't seem like it’s outside the realm of possibility, but if everything is based on a single classification, it seems possible.”

Meanwhile, NZ expands GCSB spying domestically

At the time of the surveillance against Dotcom, the GCSB was only allowed to engage in surveillance of non-resident foreigners. However, earlier this week, the New Zealand parliament voted 61-59 to expand the GCSB’s powers to encompass citizens and legal residents.

"This is not, and never will be, about wholesale spying on New Zealanders," Prime Minister John Key told parliament on Thursday. "There are threats our government needs to protect New Zealanders from. Those threats are real and ever-present, and we underestimate them at our peril."

 Source:
 http://arstechnica.com/tech-policy/2013/08/new-zealand-appears-to-have-used-nsa-spy-network-to-target-kim-dotcom/
________________________

German security chief: Ditch Google and Facebook if you’re afraid of spying 

By Zach Epstein 
BGR.com
Jul 4, 201

Germany continued its campaign to stir up outrage this week over recent revelations that the NSA spies on Internet communications. German Interior Minister Hans-Peter Friedrich on Wednesday said that any Internet users afraid that their private information might be exposed to NSA snooping have a simple way to protect their data: Stop using U.S. services like Google and Facebook. 

“Whoever fears their communication is being intercepted in any way should use services that don’t go through American servers,” Friedrich said, according to theAssociated Press. He also said that a delegation of German officials will fly to the U.S. next week to discuss recent claims that the NSA and other U.S. intelligence agencies are spying on European citizens.

Source:
http://bgr.com/2013/07/04/nsa-spying-advice-germany/
________________ 

German IT officials reportedly deem Windows 8 too ‘dangerous’ to use 

By Brad Reed 
BGR.com 
Aug. 21, 201

The National Security Agency’s snooping practices may be costing American companies a lot of money. German publication Zeit Online has obtained leaked documents that purportedly show that IT experts within the German government believe that Windows 8 contains back doors that the NSA could use to remotely control any computers that have it installed.

The German officials specifically worry about how Windows 8 interacts with Trusted Platform Modules (TPMs) and are concerned that once Windows machines are paired with TPM 2.0 in 2015, they won’t be able to deactivate it on their machines if they don’t want it. Once TPM 2.0 is in place, Zeit says that German researchers fear that there will be “simply no way to tell what exactly Microsoft does to their system through remote updates.” Because of this “loss of control over [the capabilities of] information technology,” the researchers conclude that ”the security-oriented principles of ‘confidentiality’ and ‘integrity’ are no longer achievable” in machines that have TPM 2.0 installed.

Interestingly, the researchers say that they’ll still be able to use Windows 7 securely “until 2020,” so it seems the German government may be using the legacy version of Microsoft’s platform for years to come if it takes up its IT experts’ recommendations.

Sources:
http://bgr.com/2013/08/21/microsoft-windows-8-nsa-back-door/
__________________________ 

No Escape

The Public-Private Surveillance Partnership 

By Bruce Schneier
Bloomberg
Jul 31, 201

Imagine the government passed a law requiring all citizens to carry a tracking device. Such a law would immediately be found unconstitutional. Yet we all carry mobile phones.

If the National Security Agency required us to notify it whenever we made a new friend, the nation would rebel. Yet we notify Facebook Inc. (FB) If the Federal Bureau of Investigation demanded copies of all our conversations and correspondence, it would be laughed at. Yet we provide copies of our e-mail to Google Inc. (GOOG), Microsoft Corp. (MSFT) or whoever our mail host is; we provide copies of our text messages to Verizon Communications Inc. (VZ),AT&T Inc. (T) and Sprint Corp. (S); and we provide copies of other conversations to Twitter Inc., Facebook, LinkedIn (LNKD) Corp. or whatever other site is hosting them.

The primary business model of the Internet is built on mass surveillance, and our government’s intelligence-gathering agencies have become addicted to that data. Understanding how we got here is critical to understanding how we undo the damage.

Computers and networks inherently produce data, and our constant interactions with them allow corporations to collect an enormous amount of intensely personal data about us as we go about our daily lives. Sometimes we produce this data inadvertently simply by using our phones, credit cards, computers and other devices. Sometimes we give corporations this data directly on Google, Facebook, Apple Inc.’s iCloud and so on in exchange for whatever free or cheap service we receive from the Internet in return.

The NSA is also in the business of spying on everyone, and it has realized it’s far easier to collect all the data from these corporations rather than from us directly. In some cases, the NSA asks for this data nicely. In other cases, it makes use of subtle threats or overt pressure. If that doesn’t work, it uses tools like national security letters.

The Partnership

The result is a corporate-government surveillance partnership, one that allows both the government and corporations to get away with things they couldn’t otherwise.

There are two types of laws in the U.S., each designed to constrain a different type of power: constitutional law, which places limitations on government, and regulatory law, which constrains corporations. Historically, these two areas have largely remained separate, but today each group has learned how to use the other’s laws to bypass their own restrictions. The government uses corporations to get around its limits, and corporations use the government to get around their limits.

This partnership manifests itself in various ways. The government uses corporations to circumvent its prohibitions against eavesdropping domestically on its citizens. Corporations rely on the government to ensure that they have unfettered use of the data they collect.

Here’s an example: It would be reasonable for our government to debate the circumstances under which corporations can collect and use our data, and to provide for protections against misuse. But if the government is using that very data for its own surveillance purposes, it has an incentive to oppose any laws to limit data collection. And because corporations see no need to give consumers any choice in this matter -- because it would only reduce their profits -- the market isn’t going to protect consumers, either.

Our elected officials are often supported, endorsed and funded by these corporations as well, setting up an incestuous relationship between corporations, lawmakers and the intelligence community.

The losers are us, the people, who are left with no one to stand up for our interests. Our elected government, which is supposed to be responsible to us, is not. And corporations, which in a market economy are supposed to be responsive to our needs, are not. What we have now is death to privacy -- and that’s very dangerous to democracy and liberty.

Challenging Power

The simple answer is to blame consumers, who shouldn’t use mobile phones, credit cards, banks or the Internet if they don’t want to be tracked. But that argument deliberately ignores the reality of today’s world. Everything we do involves computers, even if we’re not using them directly. And by their nature, computers produce tracking data. We can’t go back to a world where we don’t use computers, the Internet or social networking. We have no choice but to share our personal information with these corporations, because that’s how our world works today.

Curbing the power of the corporate-private surveillance partnership requires limitations on both what corporations can do with the data we choose to give them and restrictions on how and when the government can demand access to that data. Because both of these changes go against the interests of corporations and the government, we have to demand them as citizens and voters. We can lobby our government to operate more transparently -- disclosing the opinions of the Foreign Intelligence Surveillance Court would be a good start -- and hold our lawmakers accountable when it doesn’t. But it’s not going to be easy. 

There are strong interests doing their best to ensure that the steady stream of data keeps flowing.

(Bruce Schneier is a computer security technologist. He is the author of several books, including his latest, “Liars and Outliers: Enabling the Trust Society Needs to Thrive.”)

 Source:
 http://www.bloomberg.com/news/2013-07-31/the-public-private-surveillance-partnership.html
______________________

Oil and gas interests that successfully fought a fracking-tax increase pushed by Gov. John Kasich poured money into Republican legislative campaign coffers during the budget debate this year.

Fracking lobby helps fund GOP campaigns 

By Jim Siegel 
The Columbus Dispatch 
August 1, 201

Oil and gas interests that successfully fought a fracking-tax increase pushed by Gov. John Kasich poured money into Republican legislative campaign coffers during the budget debate this year.

Calling Ohio’s current drilling tax woefully low, Kasich last year tried and failed to persuade GOP lawmakers to increase the severance tax on the emerging shale-drilling industry. He reintroduced the proposal in February as part of the new two-year budget, only to have majority Republicans swat it away again.

Asked in June about the chances of getting the tax passed in the future, Kasich said, “I think we wait for (House Speaker William G.) Batchelder to retire.”

Shale drilling known as fracking has exploded in Ohio, and as lawmakers consider how to regulate and tax the industry, Statehouse lobbying and the campaign donations that go with it also has ramped up considerably.

In the last two-year election cycle, oil and gas interests pumped about $830,000 into Republican legislative campaigns, including $131,000 from fracking giant Chesapeake Energy, $111,000 from NiSourceand $255,000 from the Ohio Oil and Gas Association, a Dispatch analysis shows.

Through the first half of 2013, the industry has given more than $242,000 to state lawmakers and candidates. Batchelder was the top recipient, pulling in about $25,500; followed by Rep. Ron Amstutz of Wooster, the House Finance Committee chairman ($23,200); and Senate President Keith Faber of Celina ($20,500).

GOP legislative leaders never expressed much interest in the drilling-tax increase, which Kasich argued would put Ohio more on par with other states. Some, including Amstutz, questioned the administration’s numbers and argued that lawmakers shouldn’t do anything to impact a booming industry in its infancy.

“Political donations have never driven policy decisions in the Senate,” said John McClelland, spokesman for Faber. “It never happened before, and it’s not going to happen now.”

A House GOP spokesman made a similar assurance.

Jack Shaner of the Ohio Environmental Council called the lobbying by the oil and gas industry a “ near-bulletproof operation.”

“Governors and lawmakers of all stripes have taken their best shot, including our current governor,” he said. “It seems like the law only changes when this industry allows the law to be changed.”

With large majorities secured by gerrymandered districts, legislative Republicans are crushing Democrats in fund raising. The House Republican caucus reported $2.1 million on hand, compared with $66,000 for the Democrats. In the Senate, Republicans have $2.1 million on hand versus $48,000 for Democrats.

GOP lawmakers picked up a healthy sum from e-school operator William Lager, who gave $180,000 — already approaching the $243,000 he gave for the last entire two-year campaign cycle. The operation and funding of charter schools is always a major budget discussion, and most charter schools benefited along with public schools when funding was increased.

The budget included a cap on e-school enrollment, including at 1,000 students for new e-schools, and now allows e-schools to provide career technical education.

Batchelder was by far the top legislative fundraiser, bringing in $516,000 in the first six months. 

His top donors included $12,000 from FirstEnergy CEO Anthony Alexander, $10,000 from American Electric Power, $12,155 from the Wholesale Beer and Wine Association; and $10,000 each from charter-school operators Lager and David Brennan.

Faber raised $245,000 in the first half of 2013. His largest individual contributor was $11,500 from Lager — an amount he also gave to other top GOP leaders — while the Ohio Beer and Wine Association gave him the maximum $12,155.

Source:
http://www.dispatch.com/content/stories/local/2013/08/01/fracking-lobby-helps-fund-gop-campaigns.html
______________________