Mediaboss Marketing

Thank you

Your message has been sent.

There was an error emailing this page.

The U.S. National Security Agency is now suggesting government departments and businesses buy smartphones secured using virtualization, a technology it currently requires only on tablets and laptops

The change comes about with the arrival of the first virtualization-based smartphone security system on the U.S. Commercial Solutions for Classified list.

CSFC is a program developed by the NSA to help U.S. government agencies and the businesses that serve them to quickly build layered secure systems from approved components.

AnHTC A9 smartphone security-hardened by Cog Systemsusing its D4 virtualization platform is now on that list, alongside devices without virtualization from Samsung Electronics, LG Electronics, and BlackBerry.

In the modified A9, communications functions are secured by running them in separate virtual machines on the D4 virtualization platform.

It's the first smartphone on the CSFC list to use virtualization, which the NSA has only required on more powerful devices such as tablets and laptops until now.

"If virtualization technology was commonly available in the smartphone, we could leverage it for some solutions. To date, the devices that have been considered did not offer that technology," the NSA's technical guidance reads.

Cog Systems' position on the list isn't definitive yet: It's still seeking certification for the D4/A9 combination against the National Information Assurance Partnership's mobile platform and IPSec VPN Client protection profiles. Vendors typically have six months to obtain the certification in order to remain on the list. For now, D4's validation is ongoing at Gossamer Security Solutions' Common Criteria Testing Laboratory.

Vendors don't seek certification lightly, according to Carl Nerup, chief marketing officer at Cog Systems. "It's a very expensive process," he said, between US$500,000 and $700,000 for each new model.

Somehow, though, Cog Systems is eating the additional cost of certification: The price for its security-hardened A9 is the same as HTC's list price for an unmodified phone, said Nerup. "We have multiple groups within the U.S. Department of Defense that have procured the device," he added.

A commercial off-the-shelf (COTS) smartphone like the modified A9 isn't only of interest to government customers, though, Cog Systems CEO Dan Potts pointed out. "In the oil and gas industry, they want to buy COTS. They want it to be at a competitive price, but with a greater concern for security."

Once certification for the modified A9 is in the bag, Potts is looking forward to seeking certification for D4 virtualization on other smartphones. The first time around takes time because there is a lot of preparatory work to do, but much of that work will also apply to other smartphones. Potts expects certification of D4 on other hardware to go more quickly.

Eric Klein, director for mobile software and enterprise mobility at analyst firm VDC Research, has had his eye on Cog Systems since meeting the company at Mobile World Congress.

He sees the broadest opportunity for Cog Systems in the enterprise market -- and expects that its approach to endpoint security could even take some business away from enterprise mobility management vendors.

Peter Sayer covers European public policy, artificial intelligence, the blockchain, and other technology breaking news for the IDG News Service.

See the original post:
NSA suggests using virtualization to secure smartphones | PCWorld - PCWorld

The NSA has stopped collecting messages sent from US citizens that cross international borders and mention foreign intelligence targets, according to a new report in The New York Times. The controversial practice, made public by Edward Snowden in 2013, allowed the agency to collect emails and other messages that mention a foreign intelligence target, even if neither party is subject to surveillance and one of the parties is a US citizen (and thus subject to constitutional protections against unwarranted searches).

The NSA confirmed the change in a subsequent announcement, writing that the Agency will stop the practice to reduce the chance that it would acquire communications of U.S. persons or others who are not in direct contact with a foreign intelligence target.

The truth changed everything.

In practical terms, this meant that including an email or phone number associated with a surveillance target (say, osamabinladen@gmail.com) in the body of an email could lead to the message being surfaced to NSA analysts.

According to the Times, the change came about last year after the NSA discovered analysts querying databases in violation of court guidelines set forth in 2011. Those violations triggered a broader review of NSA practices, which ultimately forced the NSA to discontinue the practice.

The move comes amid a broader debate over Section 702 of the FISA Amendments Act, the legal authority used by the NSA to justify this collection. Signed into law in 2008, the laws authorities are scheduled to expire at the end of this year unless renewed by Congress. Surveillance critics are hoping to significantly curtail those authorities, leading to significant debate in Congress.

Speaking on Twitter, Edward Snowden applauded the change, saying simply, The truth changed everything.

Update 3:09PM ET: Updated with NSA announcement.

Read more:
The NSA will stop reading American emails that mention intelligence ... - The Verge

The NSA is attempting to adhere to a 2011 ruling by the Foreign Intelligence Surveillance Court. The court found this "about the target" collection program violated the Fourth Amendment because some internet companies packaged and processed emails in bundles -- meaning if one message contained a foreign target's email address, the entire group was swept up. The NSA was intercepting domestic communications, resulting in illegal searches.

FISC allowed the surveillance to continue, but with a new safeguard in place: The NSA proposed a program where it would keep these bundled emails in a separate repository where analysts would not be able to see them.

In 2016, the NSA reported the revamped program was not going as planned and analysts were, in fact, still searching the sequestered documents, The New York Times says. FISC delayed renewing the agency's warrantless surveillance program until it promised to cancel the entire "about the target" collection process.

The NSA has argued its bulk-collection methods help officials track potential threats, as contact with someone under surveillance is grounds for suspicion. Privacy advocates like the American Civil Liberties Union argue otherwise.

"This development underscores the need for Congress to significantly reform Section 702 of FISA, which will continue to allow warrantless surveillance of Americans," ACLU legislative counsel Neema Singh Guliani says in response to today's news. "While the NSA's policy change will curb some of the most egregious abuses under the statute, it is at best a partial fix. Congress should take steps to ensure such practices are never resurrected and end policies that permit broad, warrantless surveillance under Section 702, which is up for reauthorization at the end of the year."

Of course, technology continues to rapidly advance, and online communication has changed a lot since 2011. Today, more people are using end-to-end encryption and email providers are offering more secure ways to communicate, potentially making it harder for the NSA to round up these messages in the first place. In 2014, Google announced it would use HTTPS connections in Gmail specifically because the NSA was poking around in users' business.

View original post here:
NSA will stop illegally collecting American emails

Earlier today, the NSA announced its intentions to limit a surveillance technique that had a nasty side effect of sweeping up communications toand fromAmericans.

In a rare unprompted press statement, the NSA explained that it would halt any upstream internet communications that are solely about a foreign intelligence target, restrictingits surveillance to messages sent or received byforeign intelligence targets.

TechCrunch spoke with General Michael Hayden, former director of the NSA and CIA, about how the shiftwill be implementedand thereasoning behind the agencys surprise decision.

TC: Will this significantly impact the quality of the NSAs data collection on foreign targets?

Hayden: This will have an impact, I think marginal, on some foreign intelligence collection. It also reduces to zero the amount of inadvertent collection you do on Americans. We do that balancing all the time. They decided they were getting too much inadvertent collectionbut you lose some legitimate collection as well.

TC: Why did the NSA have so much trouble complying with court rules?

Hayden: Its routine due diligence, we do this all the time. I have been told there were court concerns about how much inadvertent collection was taking place. No one has blinders on, they know theres going to be grand debate about this system. Theyve got an option here with marginal intelligence disadvantage to reduce how much it squeezes American privacy. Operational, political, legal it all makes sense.

This does not affect something that will be contentious this summer. The stuff you will continue to collect, you can use a U.S. person identifier to query the data youve already collected. That will also be contentious.

Idont think thats right. The number of times you use a U.S. person query is easily retrievable. Incidental [collection]is foreigner is in the conversation, but theres information to, from or about an American.

They didnt know how much inadvertent [collection] they had unless you go back and look at every one. Wyden kept saying, how many? We said we dont know

TC: What does this mean for upstream data collection?

Hayden: What theyre going to do, theyve got to have a selector for upstream to grab the email coming by and it has to be someone they believe is not an American and outside the U.S. Up until this point, they used the selector to check to see who the email was from or to, or if the selector was mentioned in the body of the email.

The problem they had was when you use the selector about in the body of the email, occasionally you will pick up a communication in which neither end is foreign, in which both ends are American. Its inadvertent and its not authorized. When you discover it, you have to flush it from the system. Occasionally, when the foreign selector was in the body of the email and they picked up a communication,unless they looked at the email they would never know it. Itwould just sit in the database.

What they decided to do, and this means giving up a bit of intelligence collection, they are going to stop using the about selector. The only thing youre going to intercept is a communication to or from your target. In order to go the extra mile for American privacy, they are going to give up a bit of collecting that might have been useful. What this means is they were also getting a lot of information from a foreign selector mentioned in a body of email that wasnt us to us.

They are going to give up some coverage, but its due diligence so as not to do the inadvertent collection of communication between two Americans.

And then theyre going to go back in the database and purge all the collection that was triggered by about, without regard to who the communicates were.

TC: Does this mean the agency has a viable workaround that decouples about surveillance from upstream surveillance?

Hayden: They do. There is technology available to them that allows the selector to be applied to the to or from. You got a gajillion emails skidding by, your selector grabs the one related to the foreign target outside the US. [The]selector is just going to look at the to and from, not the content.

It isnt objectionable except when you do it that way, when youre grabbing some emails because of the content, occasionally you are getting emails to and from an American, [on]both ends.

Its an operational decision. We do this all the time,balancing privacy and operational effect. [Its]a reasonably dramatic step to preserve privacy. I think they made the operational decision.

Link:
Former NSA director explains why the spy agency will end a ...

The NSA announced Friday that they would stop the controversial program which sweeps up all emails and text messages which an American exchanges with someone overseas that makes reference to a real target of NSA surveillance.

By way of background, if Russias Putin was an NSA target, and an American received an email from a Russian saying I hate Putin, then that American could be surveilled by the NSA.

Washingtons Blog asked Bill Binney what he thought of the NSAs announcement.

Binney is the NSA executive who created the agencys mass surveillance program for digital information, who served as the senior technical director within the agency, who managed six thousand NSA employees, the 36-year NSA veteran widely regarded as a legend within the agency and the NSAs best-ever analyst and code-breaker, who mapped out the Soviet command-and-control structure before anyone else knew how, and so predicted Soviet invasions before they happened (in the 1970s, he decrypted the Soviet Unions command system, which provided the US and its allies with real-time surveillance of all Soviet troop movements and Russian atomic weapons). Binney is the real McCoy. Binney has been interviewed by virtually all of the mainstream media, including CBS, ABC, CNN, New York Times, USA Today, Fox News, PBS and many others.

Specifically, we asked Binney:

Do you buy it? https://www.yahoo.com/tech/us-nsa-spy-agency-halts-controversial-email-sweep-215107654.html

Or do you think theyre just collecting under a different authorization/program?

Binney responded:

Short answer, NO.

This is a farce given the bulk continuous domestic data collection and storage from the Upstream programs: Fairview, Stormbrew and Blarney. [Heres background on Fairview/Stormbrew/Blarney.]

This FAA 702 [Section 702 of the Foreign Intelligence Surveillance Act] has been a charade from the beginning. [Specifically, the NSA is spying on all Americans under Executive Order 12333, and only talking about Section 702 to confuse people as to what theyre doing.]

It was a way to make people/congress/judiciary think that they were trying to conform to the law.

And, by spreading false information, which our useless MSM fail to challenge, its a way of subverting our republic all done in secret with only a few people in the know of what really is going on.

Meanwhile in the background, NSA through program Muscular was unilaterally tapping the fiber lines between Google and Yahoo and others data centers; so that when they backed up their data between centers, NSA got it all and the companies did not even know that was happening.

Absolutely nothing has changed.

Read more from the original source:
No, the NSA Has NOT Stopped Spying On Americans' Emails - Center for Research on Globalization