Mediaboss Marketing

New York Times

Post-Snowden Efforts to Secure NSA Data Fell Short, Report Says New York Times The N.S.A. failed to consistently lock racks of servers storing highly classified data and to secure data center machine rooms, according to the report, an investigation by the Defense Department's inspector general completed in 2016. The report was ...

See original here:
Post-Snowden Efforts to Secure NSA Data Fell Short, Report Says - New York Times

A pair of senior U.S. senators is pressing the Trump administration for information about how the Augusta woman at the center of the National Security Agency leak investigation was screened for her security clearance.

Senate Homeland Security and Governmental Affairs Committee Chairman Ron Johnson, R-Wisconsin, and Ranking Member Clair McCaskill, a Missouri Democrat, sent seven questions about Reality Leigh Winner and the governments vetting process to the Office of Personnel Management this week.

Among other things, the senators want to know which federal agency initially screened Winner and when, when her clearance was last reinvestigated and whether those screenings were done by federal employees or contractors? They also want to know the size of the governments current backlog of security clearance reinvestigations.

Winner worked as a federal contractor at a U.S. government agency in Georgia between February and June and had a top-secret security clearance. A federal grand jury has indicted her on a single count of "willful retention and transmission of national defense information for allegedly leaking to the news media a classified NSA report on Russias meddling in the U.S. election system. Before she was indicted, Winner spent months unleashing a tirade of social media posts calling President Donald Trump, among other things, an "orange fascist."

Winner faces up to 10 years in prison and $250,000 in fines, plus up to three years of supervised release and a $100 special assessment. She has pleaded not guilty to the charge. Her next court hearing is set for June 27 in Augusta. TMZ recently publishedvideo of her exercising in an outdoor area of the Lincoln County Jail,wheresheisbeingdetained.

Ms. Winner allegedly chose to put Americans and our national security at risk when she leaked classified materials, Johnson said in a joint statement with McCaskill. It is my hope that OPM will do a thorough review of her security clearance, and determine if it was granted appropriately.

McCaskill said: The leaking of classified information jeopardizes our national security. We need to determine if Ms. Winners security clearance process was handled correctly or if we missed any red flags.

The Office of Personnel Management had no immediate comment Friday.

Gary Davis and Billie Winner-Davis, stepfather and mother of Reality Leigh Winner, spoke to The Atlanta Journal-Constitution about their daughter. Video by Hyosub Shin/AJC. Hyosub Shin/AJC

View original post here:
Senators seek answers about accused NSA leaker's security ... - Atlanta Journal Constitution

Do we have a voting system we can trust, that is accurate, secure and just? This question, raised by the 2016 multi-state recount effort, is roaring back at us louder than ever after the Intercepts publication last week of a leaked National Security Agency report documenting with unprecedented detail a hacking scheme targeting components of the U.S. voting system.

The NSA report shows how the hack first used a spear phishing attack in August on the employees of a company producing voter registration software. Information from that hack was then used in a second phishing email about a week before the election targeting over 100 government employees, presumably local election officials, as the Intercept put it, to trick [them] into opening Microsoft Word documents invisibly tainted with potent malware that could give hackers full control over the infected computers.

Some cybersecurity experts presume the hack was exploratory rather than an actual attack, given the short time until the election. Still, this remains unproven, and the leaked NSA report raises disturbing questions. In particular, how far did this particular hack penetrate into the election system? Were there other successful hacks into the 2016 election? And can we trust our election results going forward?

Todays voting system is a sprawling network of hardware, software and local election officials that integrate voter registration, electronic voting, tabulating vote totals, and reporting these results to precinct, county, state and national centers that compile final vote results.

As voting-security expert Alex Halderman stated in the Intercept article, I would worry about whether an attacker who could compromise the poll book vendor might be able to use software updates ... to also infect the election management system that programs the voting machines themselves. Once you do that, you can cause the voting machine to create fraudulent counts.

The bottom line is this: The voting machines and software must be examined in order to conclude that the vote has not been hacked, and to protect our elections going forward. This was the demand made by the 2016 recount effort. The imperative to do so now is stronger than ever. In fact, the universe of investigation should be expanded, based on this report, to include hardware and software involved in vote tabulation and reporting, as well as voting machines themselves.

The integrity of our elections is paramount. The issue transcends partisan politics. We are all harmed by corruption of our elections and the cynicism it breeds, contributing to the loss of confidence in our political system expressed by 90 percent of Americans according to an AP/NORC poll last year. Hacking is just one part of the problem. Elections are likewise degraded by racially-biased voter suppression, the control of big money and big media over our elections, the suppression of independent and third party voices in debates and media and more. A vote we can believe in is the bedrock foundation of a functioning democracy, as Judge Mark Goldsmith noted in the initial ruling to proceed with the Michigan recount. That bedrock has gone missing.

The urgent need to respond to the NSA revelations of election hacking must not be lost beneath the outrage and political controversy over alleged Russian responsibility for the attack. Fortunately, we don't need to settle the debate over who hacked into our election system in order to proceed urgently to safeguard our elections. In fact, we must protect our elections from all potential interference, whether from foreign state actors, domestic political partisans, gangster networks, lone wolves or private corporations, including companies who control the voting software.

In any event, identifying and punishing the perpetrator/s will not make our future votes secure. Truly solving the problem of hacking may well require the resumption of a long-stalled effort to create an international treaty on cyberwarfare. Perhaps, as Microsoft President Brad Smith suggests, its time for a Geneva Convention on Cybersecurity.

In the meantime, future, and no doubt current, hacking into our election system can and must be stopped by adopting common sense safeguards long advocated by the election integrity movement and advanced by the recount effort. We must end the use of hack-friendly, error-prone electronic voting machines, and revert to hand-marked paper ballots, ideally counted by hand or by optical scanners carefully monitored by cross-checking against paper ballots (a process known as statistical audits). Hand recounts of the paper ballots should be readily available whenever elections are very close, or when legitimate concerns are raised about hacking, corruption or error at any level of the system. These safeguards must be in place in time to secure the 2018 elections.

A vote we can trust must not only be accurate and secure. It must also be just and true to the promise of democracy. That means we must guarantee the unimpeded right to vote and end racist voter suppression schemes that cost millions of Americans the right to vote, including voter ID laws, felon disenfranchisement, and Interstate Crosscheck. It means ending discrimination against alternative parties and independents in getting on the ballot, in the debates and in the media. It means getting big money out of our elections, and enacting improved voting systems like ranked choice voting and proportional representation that give voters the freedom to vote their values instead of their fears. Fixing our broken, unjust election system is no less urgent than fixing hackable electronic voting.

In this age of unprecedented converging crises of our economy, ecology, peace and democracy, we cannot wait to build the America we deserve. To do so, we need a voting system we can trust.

Dr. Stein was the 2016 Green Party Presidential candidate who initiated a multi-state recount effort backed by leading election integrity experts, largely due to concerns about the security of our voting system that are extremely topical in light of recent revelations.

Read the original post:
OPINION: Leaked NSA report rings alarm sounded by 2016 election recount - The Hill (blog)

An unknown U.S. technology company secretly refused to comply with the National Security Agencys most cherished surveillance authority, a newly declassified document shows.

Instead, the companynot identified in a highly unusual order from the secret Foreign Intelligence Surveillance Courttold the NSA, in effect: get a warrant or get lost.

Its the first known time that a company did not comply with the NSAs exercise of its powers under a highly controversial legal authority known as Section 702. Section 702, which is the subject of a white-knuckle fight in Congress over its reauthorization before expiration in December, is the legal underpinning of the NSAs infamous PRISM program, which takes vast quantities of user communications from participating companies.

According to the heavily redacted court ruling, the unnamed company appears to have resisted PRISM, on the grounds that cooperation would implicate its own First and Fourth Amendment rights. It told the worlds most powerful surveillance agency to come back with a warrant.

A warrant is necessary, the company contended, for all surveillance conducted on the servers of a U.S.-based provider, regardless of whether the target of surveillance is a U.S. person or a non-U.S. person, and regardless of where that person is located when they use the service, because the communications of U.S. persons will be collected as part of such surveillance.

In other words, the company argued, the NSAs Section 702 powers inevitably violate the Fourth Amendment, since industrial-strength surveillance ostensibly focused on foreigners will inevitably collect communications from Americans. The companys solution: a warrant, please.

The contention so alarmed Barack Obama administrations that it asked the Court to order the companys compliance the first time, surveillance experts said, the government is known to have clashed with a service provider over an assertion of its Section 702 powers.

Noncompliance with secret, warrantless government surveillance has a real price. The only other confirmed time in which a provider has resisted the NSA came in 2007, when Yahoo rebuffed the governments demand for customer data under the precursor to Section 702, known as the Protect America Act. Documents declassified in 2014 showed that the government threatened Yahoo with a $250,000 for every day of noncompliance. Yahoo ultimately began cooperation with PRISM in March 2008 after losing secret-court appeals.

The FISA Court did not view the 2014 case any more favorably.

Judge Rosemary Collyer sided with the NSA on every particular. Collyer found that the NSAs internal procedures about focusing its 702 collection targets on non-Americans reasonably believed to be overseas despite the fact that Americans communications data is nevertheless incidentally collected in the process obviated the companys resistance.

Collyer called the tech firms fears of unreasonable surveillance arguendo, writing, the mere fact that there is some potential for error is not a sufficient reason to invalidate the surveillance. Without a showing of misconduct by the government, she found, a presumption of regularity applies. That would be a hard burden for a tech firm to meet, considering the issue was secret surveillance.

However, her FISA Court colleague John Bates had already found in 2011 that the NSA had surpassed the limits of its mass data collection as it had described the procedures to the court. And in 2016, two years after the now-revealed surveillance fight, the NSA revealed to the court that it had violated the revamped post-2011 rules it agreed to with the court. The judge who signed off on modified rules for 702 collection was, ironically, Collyer, in a ruling savaged by independent journalist Marcy Wheeler.

Get The Beast In Your Inbox!

Start and finish your day with the top stories from The Daily Beast.

A speedy, smart summary of all the news you need to know (and nothing you don't).

Subscribe

Thank You!

You are now subscribed to the Daily Digest and Cheat Sheet. We will not share your email with anyone for any reason.

Ashley Gorski, an attorney with the ACLU which acquired the document in a freedom-of-information lawsuit took issue with Collyers fateful 2014 finding that the NSA was owed the benefit of the doubt.

Given the litany of NSA compliance violations known to the [FISA Court] even back in 2014, the courts insistence that a presumption of regularity should apply to the NSAs spying is deeply problematic, Gorski said.

This challenge to the governments warrantless spying under Section 702 underscores just how controversial this mass surveillance program really is, and why it must be significantly reformed. The anonymous tech company that brought this challenge should be commended for defending its users privacy, and other companies must do the same by fighting for critical reforms in the courts and in Congress.

See the article here:
Mystery Company Told NSA Spies: Get a Warrant or Get Lost - Daily Beast

The Hill

Foreign investigators join NSA in blaming North Korea for Wannacry: report The Hill The BBC is reporting that British-lead international investigation into the origins of Wanna Cry has come to the same conclusions as the NSA and a number of private firms: North Korea was behind the attacks. The Wanna Cry ransomware held hundreds of ... NSA ties North Korea to WannaCry attacks: 5 things to knowBecker's Hospital Review NSA points to North Korea as culprit in WannaCry ransomware ...The Hankyoreh NHS cyber-attack was 'launched from North Korea'BBC News all 46 news articles »

Continue reading here:
Foreign investigators join NSA in blaming North Korea for Wannacry: report - The Hill