What Facebook Collects and Shares
July 7, 2014
What Facebook could know about you, and why you should care.
Facebook is a resource for opinions and hobbies, celebrities and love interests, friends and family, and all the activities that whirl them together in our daily lives. Much like other social networking sites, Facebook is free except for one thing that all users give up: a certain amount of personal information.
Information Collected by Facebook
Facebook collects two types of information: personal details provided by a user and usage data collected automatically as the user spends time on the Web site clicking around.
Regarding personal information, the user willfully discloses it, such as name, email address, telephone number, address, gender and schools attended, for example. Facebook may request permission to use the user’s email address to send occasional notifications about the new services offered.
Facebook records Web site usage data, in terms of how users access the site, such as type of web browser they use, the user’s IP address, how long they spend logged into the site, and other statistics. Facebook compiles this data to understand trends for improving the site or making marketing decisions.
Facebook now has fine-grained privacy settings for its users. Users can decide which part of their information should be visible and to whom. Facebook categorizes members of the user’s network as “Friends” and “Friends of Friends,” or a broader group, such as a university or locality, and “Everyone,” which includes all users of the site. The categorization increases the granularity of the privacy settings in a user’s profile.
Children: No one under 13 is permitted to register. Children between 13 and 18 require parental permission before sending personal information over Internet. A policy alone, however, does not stop children from using the site, and parents must be watchful of their children’s online activities in order to enforce these policies.
Facebook stores users’ personal information on secure servers behind a firewall.
Sharing of Information with Third Parties
Facebook does not provide personal information to third parties without the user’s consent. Facebook also limits the information available to Internet search engines. Before accepting third-party services, Facebook makes the third party sign an agreement that holds it responsible for any misuse of personal information. However, advertising by third parties on Facebook can lead to their gaining access to user information, such as IP address or cookie-based web usage information that allows personalization of advertisements.
Precautions for Users
Facebook provides thousands of third-party applications for its users to download. Facebook further personalizes the advertisements of these applications on the user’s profiles. It does this by mining through other sources on the Internet to information about the likings and interests of these users. Sources for such mined data are newspapers, blogs and instant messaging to provide services customized according to the user’s personality. However, because these sources are not affiliated with Facebook, it raises a concern of data mining by these sources.
Facebook does not actually provide a mechanism for users to close their accounts, and thus raises the concern that private user data will remain indefinitely on Facebook’s servers.
Over time, the CEO and Board of Directors of a company change, or the company may even be sold. Under such circumstances, a concern arises about the private information held by the company. Deactivation without deletion of a user’s account implies that the data continue to be present on the servers. If a company is then sold, the data of those users who are currently deactivated may be subject to compromise.
Find this story at 2014
Copyright © 2003–2012 Carnegie Mellon CyLab
Where Does Facebook Stop and the NSA Begin?
July 7, 2014
Sometimes it’s hard to tell the difference.
“That social norm is just something that has evolved over time” is how Mark Zuckerberg justified hijacking your privacy in 2010, after Facebook imperiously reset everyone’s default settings to “public.” “People have really gotten comfortable sharing more information and different kinds.” Riiight. Little did we know that by that time, Facebook (along with Google, Microsoft, etc.) was already collaborating with the National Security Agency’s PRISM program that swept up personal data on vast numbers of internet users.
In light of what we know now, Zuckerberg’s high-hat act has a bit of a creepy feel, like that guy who told you he was a documentary photographer, but turned out to be a Peeping Tom. But perhaps we shouldn’t be surprised: At the core of Facebook’s business model is the notion that our personal information is not, well, ours. And much like the NSA, no matter how often it’s told to stop using data in ways we didn’t authorize, it just won’t quit. Not long after Zuckerberg’s “evolving norm” dodge, Facebook had to promise the feds it would stop doing things like putting your picture in ads targeted at your “friends”; that promise lasted only until this past summer, when it suddenly “clarified” its right to do with your (and your kids’) photos whatever it sees fit. And just this week, Facebook analytics chief Ken Rudin told the Wall Street Journal that the company is experimenting with new ways to suck up your data, such as “how long a user’s cursor hovers over a certain part of its website, or whether a user’s newsfeed is visible at a given moment on the screen of his or her mobile phone.”
There will be a lot of talk in coming months about the government surveillance golem assembled in the shadows of the internet. Good. But what about the pervasive claim the private sector has staked to our digital lives, from where we (and our phones) spend the night to how often we text our spouse or swipe our Visa at the liquor store? It’s not a stretch to say that there’s a corporate spy operation equal to the NSA—indeed, sometimes it’s hard to tell the difference.
In light of what we know now, Zuckerberg’s high-hat act has a bit of a creepy feel, like that guy who told you he was a documentary photographer, but turned out to be a Peeping Tom.
Yes, Silicon Valley libertarians, we know there is a difference: When we hand over information to Facebook, Google, Amazon, and PayPal, we click “I Agree.” We don’t clear our cookies. We recycle the opt-out notice. And let’s face it, that’s exactly what internet companies are trying to get us to do: hand over data without thinking of the transaction as a commercial one. It’s all so casual, cheery, intimate—like, like?
But beyond all the Friends and Hangouts and Favorites, there’s cold, hard cash, and, as they say on Sand Hill Road, when the product is free, you are the product. It’s your data that makes Facebook worth $100 billion and Google $300 billion. It’s your data that info-mining companies like Acxiom and Datalogix package, repackage, sift, and sell. And it’s your data that, as we’ve now learned, tech giants also pass along to the government. Let’s review: Companies have given the NSA access to the records of every phone call made in the United States. Companies have inserted NSA-designed “back doors” in security software, giving the government (and, potentially, hackers—or other governments) access to everything from bank records to medical data. And oh, yeah, companies also flat-out sell your data to the NSA and other agencies.
To be sure, no one should expect a bunch of engineers and their lawyers to turn into privacy warriors. What we could have done without was the industry’s pearl-clutching when the eavesdropping was finally revealed: the insistence (with eerily similar wording) that “we have never heard of PRISM”; the Captain Renault-like shock—shock!—to discover that data mining was going on here. Only after it became undeniably clear that they had known and had cooperated did they duly hurl indignation at the NSA and the FISA court that approved the data demands. Heartfelt? Maybe. But it also served a branding purpose: Wait! Don’t unfriend us! Kittens!
O hai, check out Mark Zuckerberg at this year’s TechCrunch conference: The NSA really “blew it,” he said, by insisting that its spying was mostly directed at foreigners. “Like, oh, wonderful, that’s really going to inspire confidence in American internet companies. I thought that was really bad.” Shorter: What matters is how quickly Facebook can achieve total world domination.
Maybe the biggest upside to l’affaire Snowden is that Americans are starting to wise up. “Advertisers” rank barely behind “hackers or criminals” on the list of entities that internet users say they don’t want to be tracked by (followed by “people from your past”). A solid majority say it’s very important to control access to their email, downloads, and location data. Perhaps that’s why, outside the more sycophantic crevices of the tech press, the new iPhone’s biometric capability was not greeted with the unadulterated exultation of the pre-PRISM era.
The truth is, for too long we’ve been content to play with our gadgets and let the geekpreneurs figure out the rest. But that’s not their job; change-the-world blather notwithstanding, their job is to make money. That leaves the hard stuff—like how much privacy we’ll trade for either convenience or security—in someone else’s hands: ours. It’s our responsibility to take charge of our online behavior (posting Carlos Dangerrific selfies? So long as you want your boss, and your high school nemesis, to see ’em), and, more urgently, it’s our job to prod our elected representatives to take on the intelligence agencies and their private-sector pals.
The NSA was able to do what it did because, post-9/11, “with us or against us” absolutism cowed any critics of its expanding dragnet. Facebook does what it does because, unlike Europe—where both privacy and the ability to know what companies have on you are codified as fundamental rights—we haven’t been conditioned to see Orwellian overreach in every algorithm. That is now changing, and both the NSA and Mark Zuckerberg will have to accept it. The social norm is evolving.
—By Monika Bauerlein and Clara Jeffery | November/December 2013 Issue
Find this story at November/December 2013
Copyright ©2014 Mother Jones and the Foundation for National Progress.
EXCLUSIVE: EMAILS REVEAL CLOSE GOOGLE RELATIONSHIP WITH NSA (2014)
May 19, 2014
National Security Agency head and Internet giant’s executives have coordinated through high-level policy discussions
Email exchanges between National Security Agency Director Gen. Keith Alexander and Google executives Sergey Brin and Eric Schmidt suggest a far cozier working relationship between some tech firms and the U.S. government than was implied by Silicon Valley brass after last year’s revelations about NSA spying.
Disclosures by former NSA contractor Edward Snowden about the agency’s vast capability for spying on Americans’ electronic communications prompted a number of tech executives whose firms cooperated with the government to insist they had done so only when compelled by a court of law.
But Al Jazeera has obtained two sets of email communications dating from a year before Snowden became a household name that suggest not all cooperation was under pressure.
On the morning of June 28, 2012, an email from Alexander invited Schmidt to attend a four-hour-long “classified threat briefing” on Aug. 8 at a “secure facility in proximity to the San Jose, CA airport.”
“The meeting discussion will be topic-specific, and decision-oriented, with a focus on Mobility Threats and Security,” Alexander wrote in the email, obtained under a Freedom of Information Act (FOIA) request, the first of dozens of communications between the NSA chief and Silicon Valley executives that the agency plans to turn over.
Alexander, Schmidt and other industry executives met earlier in the month, according to the email. But Alexander wanted another meeting with Schmidt and “a small group of CEOs” later that summer because the government needed Silicon Valley’s help.
“About six months ago, we began focusing on the security of mobility devices,” Alexander wrote. “A group (primarily Google, Apple and Microsoft) recently came to agreement on a set of core security principles. When we reach this point in our projects we schedule a classified briefing for the CEOs of key companies to provide them a brief on the specific threats we believe can be mitigated and to seek their commitment for their organization to move ahead … Google’s participation in refinement, engineering and deployment of the solutions will be essential.”
Jennifer Granick, director of civil liberties at Stanford Law School’s Center for Internet and Society, said she believes information sharing between industry and the government is “absolutely essential” but “at the same time, there is some risk to user privacy and to user security from the way the vulnerability disclosure is done.”
The challenge facing government and industry was to enhance security without compromising privacy, Granick said. The emails between Alexander and Google executives, she said, show “how informal information sharing has been happening within this vacuum where there hasn’t been a known, transparent, concrete, established methodology for getting security information into the right hands.”
The classified briefing cited by Alexander was part of a secretive government initiative known as the Enduring Security Framework (ESF), and his email provides some rare information about what the ESF entails, the identities of some participant tech firms and the threats they discussed.
The classified briefing cited by Alexander was part of a secretive government initiative known as the Enduring Security Framework (ESF), and his email provides some rare information about what the ESF entails, the identity of some participant tech firms and the threats they discussed.
Alexander explained that the deputy secretaries of the Department of Defense, Homeland Security and “18 US CEOs” launched the ESF in 2009 to “coordinate government/industry actions on important (generally classified) security issues that couldn’t be solved by individual actors alone.”
“For example, over the last 18 months, we (primarily Intel, AMD [Advanced Micro Devices], HP [Hewlett-Packard], Dell and Microsoft on the industry side) completed an effort to secure the BIOS of enterprise platforms to address a threat in that area.”
“BIOS” is an acronym for “basic input/output system,” the system software that initializes the hardware in a personal computer before the operating system starts up. NSA cyberdefense chief Debora Plunkett in December disclosed that the agency had thwarted a “BIOS plot” by a “nation-state,” identified as China, to brick U.S. computers. That plot, she said, could have destroyed the U.S. economy. “60 Minutes,” which broke the story, reported that the NSA worked with unnamed “computer manufacturers” to address the BIOS software vulnerability.
But some cybersecurity experts questioned the scenario outlined by Plunkett.
“There is probably some real event behind this, but it’s hard to tell, because we don’t have any details,” wrote Robert Graham, CEO of the penetration-testing firm Errata Security in Atlanta, on his blog in December. “It”s completely false in the message it is trying to convey. What comes out is gibberish, as any technical person can confirm.”
And by enlisting the NSA to shore up their defenses, those companies may have made themselves more vulnerable to the agency’s efforts to breach them for surveillance purposes.
“I think the public should be concerned about whether the NSA was really making its best efforts, as the emails claim, to help secure enterprise BIOS and mobile devices and not holding the best vulnerabilities close to their chest,” said Nate Cardozo, a staff attorney with the Electronic Frontier Foundation’s digital civil liberties team.
He doesn’t doubt that the NSA was trying to secure enterprise BIOS, but he suggested that the agency, for its own purposes, was “looking for weaknesses in the exact same products they’re trying to secure.”
The NSA “has no business helping Google secure its facilities from the Chinese and at the same time hacking in through the back doors and tapping the fiber connections between Google base centers,” Cardozo said. “The fact that it’s the same agency doing both of those things is in obvious contradiction and ridiculous.” He recommended dividing offensive and defensive functions between two agencies.
The government has asked for Silicon Valley’s help. Adam Berry / Getty Images
Two weeks after the “60 Minutes” broadcast, the German magazine Der Spiegel, citing documents obtained by Snowden, reported that the NSA inserted back doors into BIOS, doing exactly what Plunkett accused a nation-state of doing during her interview.
Google’s Schmidt was unable to attend to the mobility security meeting in San Jose in August 2012.
“General Keith.. so great to see you.. !” Schmidt wrote. “I’m unlikely to be in California that week so I’m sorry I can’t attend (will be on the east coast). Would love to see you another time. Thank you !” Since the Snowden disclosures, Schmidt has been critical of the NSA and said its surveillance programs may be illegal.
Army Gen. Martin E. Dempsey, chairman of the Joint Chiefs of Staff, did attend that briefing. Foreign Policy reported a month later that Dempsey and other government officials — no mention of Alexander — were in Silicon Valley “picking the brains of leaders throughout the valley and discussing the need to quickly share information on cyber threats.” Foreign Policy noted that the Silicon Valley executives in attendance belonged to the ESF. The story did not say mobility threats and security was the top agenda item along with a classified threat briefing.
A week after the gathering, Dempsey said during a Pentagon press briefing, “I was in Silicon Valley recently, for about a week, to discuss vulnerabilities and opportunities in cyber with industry leaders … They agreed — we all agreed on the need to share threat information at network speed.”
Google co-founder Sergey Brin attended previous meetings of the ESF group but because of a scheduling conflict, according to Alexander’s email, he also could not attend the Aug. 8 briefing in San Jose, and it’s unknown if someone else from Google was sent.
A few months earlier, Alexander had emailed Brin to thank him for Google’s participation in the ESF.
“I see ESF’s work as critical to the nation’s progress against the threat in cyberspace and really appreciate Vint Cerf [Google’s vice president and chief Internet evangelist], Eric Grosse [vice president of security engineering] and Adrian Ludwig’s [lead engineer for Android security] contributions to these efforts during the past year,” Alexander wrote in a Jan. 13, 2012, email.
“You recently received an invitation to the ESF Executive Steering Group meeting, which will be held on January 19, 2012. The meeting is an opportunity to recognize our 2012 accomplishments and set direction for the year to come. We will be discussing ESF’s goals and specific targets for 2012. We will also discuss some of the threats we see and what we are doing to mitigate those threats … Your insights, as a key member of the Defense Industrial Base, are valuable to ensure ESF’s efforts have measurable impact.”
A Google representative declined to answer specific questions about Brin’s and Schmidt’s relationship with Alexander or about Google’s work with the government.
“We work really hard to protect our users from cyberattacks, and we always talk to experts — including in the U.S. government — so we stay ahead of the game,” the representative said in a statement to Al Jazeera. “It’s why Sergey attended this NSA conference.”
Brin responded to Alexander the following day even though the head of the NSA didn’t use the appropriate email address when contacting the co-chairman.
“Hi Keith, looking forward to seeing you next week. FYI, my best email address to use is [redacted],” Brin wrote. “The one your email went to — firstname.lastname@example.org — I don’t really check.”
May 6, 2014 5:00AM ET
by Jason Leopold @JasonLeopold
Find this story at 6 May 2014
© 2014 Al Jazeera America, LLC.
US tech giants knew of NSA data collection, agency’s top lawyer insists (2014)
May 19, 2014
NSA general counsel Rajesh De says big tech companies like Yahoo and Google provided ‘full assistance’ in legally mandated collection of data
The senior lawyer for the National Security Agency stated on Wednesday that US technology companies were fully aware of the surveillance agency’s widespread collection of data.
Rajesh De, the NSA general counsel, said all communications content and associated metadata harvested by the NSA under a 2008 surveillance law occurred with the knowledge of the companies – both for the internet collection program known as Prism and for the so-called “upstream” collection of communications moving across the internet.
Asked during a Wednesday hearing of the US government’s institutional privacy watchdog if collection under the law, known as Section 702 or the Fisa Amendments Act, occurred with the “full knowledge and assistance of any company from which information is obtained,” De replied: “Yes.”
When the Guardian and the Washington Post broke the Prism story in June, thanks to documents leaked by whistleblower Edward Snowden, nearly all the companies listed as participating in the program – Yahoo, Apple, Google, Microsoft, Facebook and AOL – claimed they did not know about a surveillance practice described as giving NSA vast access to their customers’ data. Some, like Apple, said they had “never heard” the term Prism.
De explained: “Prism was an internal government term that as the result of leaks became the public term,” De said. “Collection under this program was a compulsory legal process, that any recipient company would receive.”
After the hearing, De added that service providers also know and receive legal compulsions surrounding NSA’s harvesting of communications data not from companies but directly in transit across the internet under 702 authority.
The disclosure of Prism resulted in a cataclysm in technology circles, with tech giants launching extensive PR campaigns to reassure their customers of data security and successfully pressing the Obama administration to allow them greater leeway to disclose the volume and type of data requests served to them by the government.
Last week, Facebook founder Mark Zuckerberg said he had called US president Barack Obama to voice concern about “the damage the government is creating for all our future.” There was no immediate response from the tech companies to De’s comments on Wednesday.
It is unclear what sort of legal process the government serves on a company to compel communications content and metadata access under Prism or through upstream collection. Documents leaked from Snowden indicate that the NSA possesses unmediated access to the company data.
The secret Fisa court overseeing US surveillance for the purposes of producing foreign intelligence issues annual authorisations blessing NSA’s targeting and associated procedures under Section 702.After winning a transparency battle with the administration in the Fisa court earlier this year, the companies are now permitted to disclose the range of Fisa orders they receive, in bands of 1,000, which presumably include orders under 702.
Passed in 2008, Section 702 retroactively gave cover of law to a post-9/11 effort permitting the NSA to collect phone, email, internet and other communications content when one party to the communication is reasonably believed to be a non-American outside the United States. The NSA stores Prism data for five years and communications taken directly from the internet for two years.
While Section 702 forbids the intentional targeting of Americans or people inside the United States – a practice known as “reverse targeting” – significant amounts of Americans’ phone calls and emails are swept up in the process of collection.
In 2011, according to a now-declassified Fisa court ruling, the NSA was found to have collected tens of thousands of emails between Americans, which a judge on the court considered a violation of the US constitution and which the NSA says it is technologically incapable of fixing.
Renewed in December 2012 over the objections of senate intelligence committee members Ron Wyden and Mark Udall, Section 702 also permits NSA analysts to search through the collected communications for identifying information about Americans, an amendment to so-called “minimisation” rules revealed by the Guardian in August and termed the “backdoor search loophole” by Wyden.
De and his administration colleagues, testifying before the Privacy and Civil Liberties Oversight Board, strongly rejected suggestions by the panel that a court authorise searches for Americans’ information inside the 702 databases. “If you have to go back to court every time you look at the information in your custody, you can imagine that would be quite burdensome,” deputy assistant attorney general Brad Wiegmann told the board.
De argued that once the Fisa court permits the collection annually, analysts ought to be free to comb through it, and stated that there were sufficient privacy safeguards for Americans after collection and querying had occurred. “That information is at the government’s disposal to review in the first instance,” De said.
De also stated that the NSA is not permitted to search for Americans’ data from communications taken directly off the internet, citing greater risks to privacy.
Section 702 is not the only legal authority the US government possesses to harvest data transiting the internet.
Neither De nor any other US official discussed data taken from the internet under different legal authorities. Different documents Snowden disclosed, published by the Washington Post, indicated that NSA takes data as it transits between Yahoo and Google data centers, an activity reportedly conducted not under Section 702 but under a seminal executive order known as 12333.
De and his administration colleagues were quick to answer the board that companies were aware of the government’s collection of data under 702, which Robert Litt, general counsel for the director of national intelligence, told the board was “one of the most valuable collection tools that we have.”
“All 702 collection is pursuant to court directives, so they have to know,” De reiterated to the Guardian.
• This article was amended on 20 March 2014 to remove statements in the original that the testimony by Rajesh De contradicted denials by technology companies about their knowledge of NSA data collection. It was also updated to clarify that the companies challenged the secrecy surrounding Section 702 orders. Other minor clarifications were also made.
Spencer Ackerman in Washington
theguardian.com, Wednesday 19 March 2014 18.40 GMT
Find this story at 19 March 2014
© 2014 Guardian News and Media Limited or its affiliated companies. All rights reserved.
Apple, Google and AT&T meet Obama to discuss NSA surveillance concerns (2013)
May 19, 2014
Silicon Valley companies concerned at effect on business as revelations over US government spying spread more widely
Barack Obama hosted a summit on government surveillance and digital privacy attended by Apple chief executive Tim Cook, Google vice-president Vint Cerf and the boss of US telecoms network AT&T on Thursday.
The US president attended in person, sources told the Politico blog, as did other technology company executives. Additional attendees included representatives of the Center for Democracy and Technology and Gigi Sohn, leader of internet campaign group Public Knowledge.
The meeting was apparently prompted by growing concerns among US technology companies that revelations from the Guardian and others about the extent and depth of surveillance by the National Security Agency, and the companies’ obligation to allow access to data under secret court rules, could be damaging their reputation and commercial interests abroad.
The gathering followed a closed-doors meeting earlier this week with Obama’s chief of staff Denis McDonough and general counsel Kathy Ruemmler at the White House.
On the agenda at Tuesday’s meeting were the surveillance activities of the NSA, commercial privacy issues and the online tracking of consumers.
“This is one of a number of discussions the administration is having with experts and stakeholders in response to the president’s directive to have a national dialogue about how to best protect privacy in a digital era, including how to respect privacy while defending our national security,” one official told Politico.
McDonough and Ruemmler met members of the Information Technology Industry Council, TechNet and Tech America, which represent a range of companies from defence contractors to digital giants Facebook, Google and Microsoft.
Campaigners including the American Civil Liberties Union and the Electronic Privacy information Center were also present, Politico’s Tony Romm reported.
The Guardian’s revelations about the breadth of the NSA’s access to data, particularly relating to foreign individuals, has created PR problems for US companies. Apple has set its sights on China as a huge potential growth market, but if people there fear eavesdropping by the US government it could harm sales. And Google stands to lose business in cloud computing to European rivals if customers fear similar eavesdropping. Cloud computing companies have estimated they could lose billions of dollars of business as a result.
The White House is also battling to respond to growing unrest over surveillance of citizens by the state and the vast caches of data many digital giants are now storing about individual consumers.
Obama has promised more public debate about the country’s counterterrorism activities and privacy safeguards in general amid signs of widespread support for NSA whistleblower Edward Snowden, but officials have so far declined to provide details about this week’s technology summits.
The meetings came as a wave of Americans posted messages of support to the former security contractor, whose leaks exposed the extent of government sponsored surveillance in the US and Europe.
A website launched by the digital rights group Fight for the Future on Wednesday has attracted more than 10,000 posts expressing support for Snowden’s actions. Billed as an exercise to put faces to statistics, the website features a combination of photographs of individuals holding up signs and written words of support.
In June, Reuters/Ipsos found 31% of respondents believed Snowden was a patriot, while 23% thought he was a traitor. Another 46% said they did not know. Gallup found in June that 53% of respondents disapproved of government snooping programmes, while just 37% approved and 10% had no opinion.
In a statement, Fight for the Future cofounder Tiffiniy Cheng said: “We’ve seen an unbelievable response already – the messages keep streaming in. The government reads the same polls that we do. They know that Snowden has the public’s support. But now we’re adding faces to those statistics. As someone who volunteered and worked for Obama’s election, I feel totally burned by the president’s civil liberties and human rights records. If he truly cares about representing the American people, he should turn his attention to shutting down the NSA’s illegal surveillance programs, and leave Mr Snowden alone.”
The website was launched shortly before Obama pulled out of a presidential meeting with Russia’s leader Vladimir Putin in Moscow next month. This followed Russia’s decision to grant Snowden asylum.
theguardian.com, Friday 9 August 2013 17.37 BST
Find this story at 9 August 2013
© 2014 Guardian News and Media Limited or its affiliated companies. All rights reserved.
Microsoft handed the NSA access to encrypted messages (2013)
May 19, 2014
• Secret files show scale of Silicon Valley co-operation on Prism
• Outlook.com encryption unlocked even before official launch
• Skype worked to enable Prism collection of video calls
• Company says it is legally compelled to comply
Microsoft has collaborated closely with US intelligence services to allow users’ communications to be intercepted, including helping the National Security Agency to circumvent the company’s own encryption, according to top-secret documents obtained by the Guardian.
The files provided by Edward Snowden illustrate the scale of co-operation between Silicon Valley and the intelligence agencies over the last three years. They also shed new light on the workings of the top-secret Prism program, which was disclosed by the Guardian and the Washington Post last month.
The documents show that:
• Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal;
• The agency already had pre-encryption stage access to email on Outlook.com, including Hotmail;
• The company worked with the FBI this year to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide;
• Microsoft also worked with the FBI’s Data Intercept Unit to “understand” potential issues with a feature in Outlook.com that allows users to create email aliases;
• In July last year, nine months after Microsoft bought Skype, the NSA boasted that a new capability had tripled the amount of Skype video calls being collected through Prism;
• Material collected through Prism is routinely shared with the FBI and CIA, with one NSA document describing the program as a “team sport”.
The latest NSA revelations further expose the tensions between Silicon Valley and the Obama administration. All the major tech firms are lobbying the government to allow them to disclose more fully the extent and nature of their co-operation with the NSA to meet their customers’ privacy concerns. Privately, tech executives are at pains to distance themselves from claims of collaboration and teamwork given by the NSA documents, and insist the process is driven by legal compulsion.
In a statement, Microsoft said: “When we upgrade or update products we aren’t absolved from the need to comply with existing or future lawful demands.” The company reiterated its argument that it provides customer data “only in response to government demands and we only ever comply with orders for requests about specific accounts or identifiers”.
In June, the Guardian revealed that the NSA claimed to have “direct access” through the Prism program to the systems of many major internet companies, including Microsoft, Skype, Apple, Google, Facebook and Yahoo.
Blanket orders from the secret surveillance court allow these communications to be collected without an individual warrant if the NSA operative has a 51% belief that the target is not a US citizen and is not on US soil at the time. Targeting US citizens does require an individual warrant, but the NSA is able to collect Americans’ communications without a warrant if the target is a foreign national located overseas.
Since Prism’s existence became public, Microsoft and the other companies listed on the NSA documents as providers have denied all knowledge of the program and insisted that the intelligence agencies do not have back doors into their systems.
Microsoft’s latest marketing campaign, launched in April, emphasizes its commitment to privacy with the slogan: “Your privacy is our priority.”
But internal NSA newsletters, marked top secret, suggest the co-operation between the intelligence community and the companies is deep and ongoing.
The latest documents come from the NSA’s Special Source Operations (SSO) division, described by Snowden as the “crown jewel” of the agency. It is responsible for all programs aimed at US communications systems through corporate partnerships such as Prism.
The files show that the NSA became concerned about the interception of encrypted chats on Microsoft’s Outlook.com portal from the moment the company began testing the service in July last year.
Within five months, the documents explain, Microsoft and the FBI had come up with a solution that allowed the NSA to circumvent encryption on Outlook.com chats
A newsletter entry dated 26 December 2012 states: “MS [Microsoft], working with the FBI, developed a surveillance capability to deal” with the issue. “These solutions were successfully tested and went live 12 Dec 2012.”
Two months later, in February this year, Microsoft officially launched the Outlook.com portal.
Another newsletter entry stated that NSA already had pre-encryption access to Outlook email. “For Prism collection against Hotmail, Live, and Outlook.com emails will be unaffected because Prism collects this data prior to encryption.”
Microsoft’s co-operation was not limited to Outlook.com. An entry dated 8 April 2013 describes how the company worked “for many months” with the FBI – which acts as the liaison between the intelligence agencies and Silicon Valley on Prism – to allow Prism access without separate authorization to its cloud storage service SkyDrive.
The document describes how this access “means that analysts will no longer have to make a special request to SSO for this – a process step that many analysts may not have known about”.
The NSA explained that “this new capability will result in a much more complete and timely collection response”. It continued: “This success is the result of the FBI working for many months with Microsoft to get this tasking and collection solution established.”
A separate entry identified another area for collaboration. “The FBI Data Intercept Technology Unit (DITU) team is working with Microsoft to understand an additional feature in Outlook.com which allows users to create email aliases, which may affect our tasking processes.”
The NSA has devoted substantial efforts in the last two years to work with Microsoft to ensure increased access to Skype, which has an estimated 663 million global users.
One document boasts that Prism monitoring of Skype video production has roughly tripled since a new capability was added on 14 July 2012. “The audio portions of these sessions have been processed correctly all along, but without the accompanying video. Now, analysts will have the complete ‘picture’,” it says.
Eight months before being bought by Microsoft, Skype joined the Prism program in February 2011.
According to the NSA documents, work had begun on smoothly integrating Skype into Prism in November 2010, but it was not until 4 February 2011 that the company was served with a directive to comply signed by the attorney general.
The NSA was able to start tasking Skype communications the following day, and collection began on 6 February. “Feedback indicated that a collected Skype call was very clear and the metadata looked complete,” the document stated, praising the co-operation between NSA teams and the FBI. “Collaborative teamwork was the key to the successful addition of another provider to the Prism system.”
ACLU technology expert Chris Soghoian said the revelations would surprise many Skype users. “In the past, Skype made affirmative promises to users about their inability to perform wiretaps,” he said. “It’s hard to square Microsoft’s secret collaboration with the NSA with its high-profile efforts to compete on privacy with Google.”
The information the NSA collects from Prism is routinely shared with both the FBI and CIA. A 3 August 2012 newsletter describes how the NSA has recently expanded sharing with the other two agencies.
The NSA, the entry reveals, has even automated the sharing of aspects of Prism, using software that “enables our partners to see which selectors [search terms] the National Security Agency has tasked to Prism”.
The document continues: “The FBI and CIA then can request a copy of Prism collection of any selector…” As a result, the author notes: “these two activities underscore the point that Prism is a team sport!”
In its statement to the Guardian, Microsoft said:
We have clear principles which guide the response across our entire company to government demands for customer information for both law enforcement and national security issues. First, we take our commitments to our customers and to compliance with applicable law very seriously, so we provide customer data only in response to legal processes.
Second, our compliance team examines all demands very closely, and we reject them if we believe they aren’t valid. Third, we only ever comply with orders about specific accounts or identifiers, and we would not respond to the kind of blanket orders discussed in the press over the past few weeks, as the volumes documented in our most recent disclosure clearly illustrate.
Finally when we upgrade or update products legal obligations may in some circumstances require that we maintain the ability to provide information in response to a law enforcement or national security request. There are aspects of this debate that we wish we were able to discuss more freely. That’s why we’ve argued for additional transparency that would help everyone understand and debate these important issues.
In a joint statement, Shawn Turner, spokesman for the director of National Intelligence, and Judith Emmel, spokeswoman for the NSA, said:
The articles describe court-ordered surveillance – and a US company’s efforts to comply with these legally mandated requirements. The US operates its programs under a strict oversight regime, with careful monitoring by the courts, Congress and the Director of National Intelligence. Not all countries have equivalent oversight requirements to protect civil liberties and privacy.
They added: “In practice, US companies put energy, focus and commitment into consistently protecting the privacy of their customers around the world, while meeting their obligations under the laws of the US and other countries in which they operate.”
• This article was amended on 11 July 2013 to reflect information from Microsoft that it did not make any changes to Skype to allow Prism collection on or around July 2012.
Glenn Greenwald, Ewen MacAskill, Laura Poitras, Spencer Ackerman and Dominic Rushe
The Guardian, Friday 12 July 2013
Find this story at 12 July 2013
© 2014 Guardian News and Media Limited or its affiliated companies. All rights reserved.
Microsoft soll seit Jahren mit US-Ermittlern kooperieren (2013)
May 19, 2014
Microsoft arbeitet angeblich intensiv mit US-Geheimdiensten zusammen. Nach Informationen, die Edward Snowden dem “Guardian” zugespielt hat, soll der Konzern den Ermittlern Zugang zu E-Mails und Skype-Gesprächen gewährt und sogar die firmeneigene Verschlüsselung ausgehebelt haben.
Hamburg/London – Edward Snowden hat mit seinen Enthüllungen über die globale Datenschnüffelei der US-Geheimdienste nicht nur die amerikanische Politik in helle Aufregung versetzt, sondern auch die dortige IT-Branche. Giganten wie Facebook, Apple, Google und Microsoft haben bisher versucht, den Eindruck zu erwecken, ihre Zusammenarbeit mit den US-Behörden beschränke sich auf das Nötigste.
Jetzt aber berichtet der britische “Guardian”, wie Microsoft mit den Ermittlern kooperiert. Demnach zeigen Informationen von Snowden, dass das Unternehmen seit drei Jahren intensiv mit US-Geheimdiensten zusammenarbeitet.
Die National Security Agency (NSA) habe etwa die Sorge geäußert, Web-Chats auf dem neuen Outlook.com-Portal nicht mitlesen zu können. Microsoft habe daraufhin der NSA geholfen, die konzerneigene Verschlüsselungstechnik zu umgehen. Dieses Vorgehen soll sich dem Bericht zufolge nicht auf die Web-Chats beschränkt haben: Die NSA soll auch Zugang zu E-Mails auf Outlook.com und Hotmail trotz der Verschlüsselung gehabt haben.
Auch der Internettelefoniedienst Skype, den Microsoft im Oktober 2011 gekauft hat, geriet ins Visier der NSA: Laut “Guardian” hat die Firma Geheimdiensten ermöglicht, im Rahmen des “Prism”-Überwachungsprogramms sowohl Video- als auch Audio-Unterhaltungen mitzuschneiden.
Microsoft begründete sein Vorgehen mit rechtlichen Zwängen: “Wenn wir Produkte verbessern, müssen wir uns weiterhin Anfragen beugen, die mit dem Gesetz in Einklang sind.” Das Unternehmen betonte, dass es Kundendaten nur auf Anfrage der Regierung herausgebe – und auch das nur, wenn es um spezifische Konten oder Nutzer gehe.
Spannungen zwischen Silicon Valley und Obama-Regierung
Aus den Unterlagen geht laut “Guardian” hervor, dass das durch “Prism” gesammelte Material routinemäßig an das FBI und den US-Auslandsgeheimdienst CIA geht. In einem NSA-Dokument sei von einem “Mannschaftssport” die Rede.
Die neuen Informationen zeigen nach Angaben des “Guardian” auch, dass es Spannungen zwischen dem Silicon Valley, Standort zahlreicher Computerunternehmen, und der Regierung von US-Präsident Barack Obama gibt. Alle großen Technologiefirmen drängten die US-Regierung, ihnen zu erlauben, das Ausmaß der Zusammenarbeit mit den Behörden öffentlich zu machen, um den Datenschutzbedenken ihrer Kunden gerecht zu werden.
11. Juli 2013, 23:34 Uhr
Find this story at 11 July 2013
© SPIEGEL ONLINE 2013
Vale and Belo Monte suspected of spying
March 21, 2014
Rio de Janeiro-Paris-Geneva, February 14, 2014. Today, FIDH and OMCT presented the press with evidence that Vale and the Belo Monte Consortium have been spying on civil society. The two human rights groups have called upon the Brazilian judicial authorities to take whatever actions are necessary to bring these facts to light and take punitive action against those responsible.
In light of the Brazilian government’s lukewarm reaction to allegations of illegal espionage by transnational corporations targeting civil society organisations and movements, FIDH and OMCT, within the framework of the Observatory for the Protection of Human Rights Defenders, conducted an investigation in Brazil from February 9 to 14, 2014.
The investigation included interviews with victims, persons working for social organisations, government and judicial representatives, members of Parliament, and executives working for the Belo Monte Consortium, and the National Development Bank (Banco Nacional do Desenvolvimento – BNDES).
The testimony and documents obtained during the investigation appear to substantiate claims that Vale and Belo Monte have been engaged in acts of corruption, that they illegally obtained confidential information and access to databases, made illegal recordings, were involved in identity theft, and conducted unfounded employee dismissals. These offences have been perpetrated with the complicity of State agents. Documents have been unearthed that substantiate both the bribing of State agents and possible assistance provided by the Brazilian Intelligence Agency (Agência Brasileira de Inteligência – ABIN) to Belo Monte, whilst Vale worked with retired ABIN agents. Both companies are found have targeted persons and NGOs believed to be potential barriers to the companies’ activities.
Delegates from the fact-finding mission have criticised the State’s lack of progress in investigating these offences, which were reported to the State Prosecutor in March 2013. The persons heading the mission also called upon President Dilma Roussef to be consistent by applying the same standards to this case as those applied in the Snowden case.
The head of the Observatory mission, Jimena Reyes, Head of FIDH’s Americas Desk, stated that: “[…] the spying activities conducted by multinational corporations on social movements in Brazil raises serious questions about human rights respect by companies. These activities undermine freedom of expression and the right to protest, which form one of the fundamental pillars of a democratic state”.
Alexandre Faro, a lawyer and one of the mission delegates explained that: “[…] the lack of regulations on private intelligence activities conducted by corporations facilitates the perpetration of abuses against civil society”. He went on to state that, “the power held by multi-national corporations calls for a strong legal and judicial system to act as a counterbalance and stop any further excesses of this nature”.
A report on the fact-finding mission will be published in the coming months. It will provide a detailed account of the mission’s findings and recommendations, and will be presented to the Brazilian Government, non-governmental actors, international organisations, diplomatic representations, and to national, regional and international human rights protection entities.
18 February 2014
Find this story at 18 February 2014
Report on mining and steel industry in Brazil
COPYRIGHT © 2014 – FIDH – WORLDWIDE HUMAN RIGHTS MOVEMENT
Brazil Accused of Spying on Belo Monte Dam Opponents
March 21, 2014
An activist collective opposed to the construction of the controversial Belo Monte hydroelectric dam [en] on the Xingu River in northern Brazil uncovered a spy in its midst [en] who confessed to infiltrating the group allegedly at the behest of the dam company and Brazil’s federal intelligence agency.
The Movimento Xingu Vivo Para Sempre (Xingu Alive Forever Movement), a collective of organisations, social movements, and environmentalists in the region of Altamira, Pará that are against the power plant there, which is currently under construction, discovered the mole during an annual planning meeting on February 24, 2013.
According to the report on its website, the group found that “one participant, Antonio, who had recently integrated into the movement, was recording the meeting with a spy pen”:
Em dezembro [de 2012], segundo o depoente, ele passou a espionar o Xingu Vivo, onde se infiltrou em função da amizade de sua família com a coordenadora do movimento, Antonia Melo. Neste período, acompanhou reuniões e monitorou participantes do movimento, enviando fotos e relatos para o funcionário do CCBM [Consórcio Construtor de Belo Monte], Peter Tavares.
Foi Tavares que, segundo Antonio, lhe deu a caneta para gravar as discussões do planejamento do movimento Xingu Vivo. O espião também relatou que este material seria analisado pela inteligência da CCBM, e que, para isso, contaria com a participação da ABIN (Agência Brasileira de Inteligência), que estaria mandando um agente para Altamira esta semana.
In December , according to the man, he began to spy on Xingu Vivo, which he infiltrated based on his family’s friendship with the coordinator of the movement, Antonia Melo. During this period, he followed meetings and monitored the movement’s participants, sending photos and reports to Belo Monte’s Consortium Builder (CCBM) employee Peter Tavares.
Tavares was the one who, according to Antonio, gave him the pen to record Xingu Vivo’s planning discussions. The spy also reported that this material would be analyzed by the CCBM’s intelligence, and for that he’d count on the participation of the Brazilian Intelligence Agency (ABIN), which would be sending an agent to Altamira [that] week.
In his statement, recorded by Xingu Vivo, the CCBM spy confesses that he received 5,000 Brazilian reais (2,532 US dollars) to pass information to the agency about the movement’s activities:
The movement asked federal prosecutors to assure the spy’s safety and of the members of the Xingu Vivo, who say they feel “in a situation of risk and under threat”, besides asking for the investigation of the complaints.
In a brief statement [.pdf], ABIN denied any involvement in the espionage in conjunction with the CCBM. CCBM has not released any statement.
ABIN, established in 1999 as an instrument of the federal government, was appointed as the successor of the National Intelligence Service, an agency that actively spied on popular and labor organisation during the Brazilian military dictatorship from 1964-1985 in order for them to be better controlled or even crushed.
Greve em Belo Monte – novembro de 2012. “Mais de 17 mil operários trabalham na construção da hidrelétrica de Belo Monte, numa obra com custo estimado de R$ 25 bilhões”. Foto de Altamiro Borges (CC BY 3.0)
Strike in Belo Monte – November 2012. “More than 17 thousand laborers working n the construction of the Belo Monte Dam, a project estimated to cost R$ 25 billion”. Photo by Altamiro Borges (CC BY 3.0)
The agency has had its eye on Xingu Vivo in the past. In June 2011, ABIN published a report on the collective, saying that the organisation “has received support from foreigners and international NGOs whose activities in the country are partly financed by international organizations and foreign governments”. The movement’s response to the report was cited by the humanities research institute Humanitas Unisinos, from the University of Vale do Rio dos Sinos, in the state of Rio Grande do Sul:
O relatório sigiloso da Abin é “patético” porque as verdades que ele arrola “são mais do que públicas”. Estão no sítio web do Movimento que são seus parceiros e apoiadores. “Não precisava o governo gastar dinheiro dos contribuintes com essa “investigação’”, diz nota do Xingu Vivo. “Constrangedoras, porém, são as mentiras pelas quais o contribuinte também paga”, agrega. O Movimento desafia a Abin a comprovar que recebe apoio de governos.
The confidential ABIN report is “pathetic” because the truths which it lists “are more than public.” They are [stated] on the website of the movement as its partners and supporters. “The government didn’t need to spend taxpayers money with this “investigation”, says the Xingu Vivo note. “Embarrassing, though, are the lies by which the taxpayer also pays”, adds. The movement challenges ABIN to prove that they receive support from governments.
Several organisations and social movements have signed a joint statement condemning ABIN and expressing solidarity with the Xingu Vivo movement.
Símbolo da ABIN.
The Workers’ Cause Party, in a statement released by Diário Liberdade on April 9, slammed the spying revelation:
A espionagem dos movimentos populares e sindicais não é exclusividade dos regimes militares. Em realidade, nunca foi erradicada, já que a “transição democrática” de 1985 manteve a maior parte dos privilégios dos militares e políticos ligados à ditadura. De uma só vez, a serviço dos empresários e do imperialismo, o governo do PT dá espaço para a ala direita da burguesia, que sempre esteve no comando dos órgãos de repressão, fazer o que bem entende contra o povo trabalhador.
The espionage of popular movements and unions is not unique to military regimes. In reality, it was never eradicated, as the “democratic transition” from 1985 retained most of the privileges of the military and politicians linked to the dictatorship. At one time, at the service of entrepreneurs and imperialism, the government of the Workers Party (PT) gave space to the right wing of the bourgeoisie, which has always been in control of the organs of repression, do what it pleases against working people.
Blogger Candido Cunha denounced that ABIN’s own website reports a standing agreement between the agency and Eletronorte, which is part of the Belo Monte’s Consortium Builder, since 2009:
Além do trabalho voltado a salvaguardar os conhecimentos de interesse estratégico para o Brasil, a Abin assessora a Eletronorte na elaboraração do planejamento estratégico de segurança para a proteção de suas infraestruturas críticas – instalações, serviços e bens que, se forem interrompidos ou destruídos, provocarão sério impacto social, econômico e/ou político.
In addition to the work aimed at safeguarding the knowledge of strategic interests for Brazil, Abin advises Eletronorte in the development of strategic security planning for the protection of their critical infrastructure – facilities, services and assets which, if disrupted or destroyed, would have serious social, economic and/or political impact.
Dock workers under surveillance
Porto de Suape Navio João Cândido. Foto de C.A.Müller (CC BY-SA)
Port of Suape, João Cândido ship. Photo by C.A.Müller (CC BY-SA)
But this is not the only construction site where opposition to governmental projects has allegedly come under surveillance by the Brazilian Intelligence Agency.
The agency faces allegations that it has also spied on workers at the port of Suape in the northeastern state of Pernambuco, in the city of Cabo de Santo Agostinho near Recife.
According to a report by Partido da Causa Operária (Working Cause Party), the espionage dates from March 2013 and aims to “investigate a possible strike by workers against the Provisional Measure of Ports, which would remove the power of state governments to bid new cargo terminals and reduce labor rights.”
The Provisional Measure of Ports, MP 595/12, a proposed Presidential act, provides for, according to various social movements, the privatization of Brazilian ports.
Blogger José Accioly republished a note by the Institutional Security Cabinet (GSI) – which coordinates ABIN’s investigations and responds to the Presidency of the Republic – rejecting the accusations that it was spying on the union movement of Suape. But secret documents from ABIN, obtained and published by Brazilian news website Estadão.com.br, confirmed that it was monitoring the unions.
Operation “Risk Management”, formally known as the Office “Mission Order 022/82 105″ of March 13, 2013, not only disavows the GSI, reporting that the espionage occurs in all 15 coastal Brazilian states and its ports in order to avoid strikes and negative reactions to the Provisional Measure of Ports.
Retired teacher and engineer Ossami Sakamori compared the mood of government opponents during the military dictatorship and the mood of those opposing the government today:
O clima que os opositores ao regime vivia, era o mesmo clima que os opositores do poder da República vive hoje. Não sabemos de onde virão as represálias, porque estamos sendo monitorados, sim. Os achincalhamentos que recebemos, via rede social é a parte visível do processo. O que temo são as ações desenvolvidos pelos órgãos de inteligências contra os opositores do regime de hoje, pelos agentes invisíveis aos olhos do cidadão comum.
The climate that opponents of the regime lived through, was the same as opponents of the Republic’s power experience today. We do not know where the retaliation will come from because we are being monitored, yes. The mockeries we receive via social network is the visible part of the process. What I fear are the actions undertaken by intelligence agencies against opponents of the regime today, by the agents invisible to the eyes of the average citizen.
Several political parties, including the Democratic Labour Party (PDT), the Brazilian Socialist Party (PSB) and the Brazilian Social Democracy Party (PSDB), said they will “summon the minister of the Institutional Security Office, General Jose Elito Carvalho Siqueira, and the director of the Brazilian Intelligence Agency, Wilson Roberto Trezza, to give explanations to the House of Representatives Working Committee the agency’s monitoring and intimidation of the union movement.”
Even employees of ABIN, represented by the National Association for Intelligence Officers (Aofi), reported in a note that they feel uncomfortable with the focus put on spying on social movements under General José Elito. The union Força Sindical issued a statement declaring it unacceptable that a party with its origins in the labor movement can use “organs of repression” against these workers.
Written by Raphael Tsavkko Garcia Translated by Raphael Tsavkko Garcia
Translation posted 18 April 2013 8:00 GMT
Find this story at 18 April 2013
Creative Commons License
The war on democracy; How corporations and spy agencies use “security” to defend profiteering and crush activism
December 3, 2013
A stunning new report compiles extensive evidence showing how some of the world’s largest corporations have partnered with private intelligence firms and government intelligence agencies to spy on activist and nonprofit groups. Environmental activism is a prominent though not exclusive focus of these activities.
The report by the Center for Corporate Policy (CCP) in Washington DC titled Spooky Business: Corporate Espionage against Nonprofit Organizations draws on a wide range of public record evidence, including lawsuits and journalistic investigations. It paints a disturbing picture of a global corporate espionage programme that is out of control, with possibly as much as one in four activists being private spies.
The report argues that a key precondition for corporate espionage is that the nonprofit in question:
“… impairs or at least threatens a company’s assets or image sufficiently.”
One of the groups that has been targeted the most, and by a range of different corporations, is Greenpeace. In the 1990s, Greenpeace was tracked by private security firm Beckett Brown International (BBI) on behalf of the world’s largest chlorine producer, Dow Chemical, due to the environmental organisation’s campaigning against the use of chlorine to manufacture paper and plastics. The spying included:
“… pilfering documents from trash bins, attempting to plant undercover operatives within groups, casing offices, collecting phone records of activists, and penetrating confidential meetings.”
Other Greenpeace offices in France and Europe were hacked and spied on by French private intelligence firms at the behest of Électricité de France, the world’s largest operator of nuclear power plants, 85% owned by the French government.
Oil companies Shell and BP had also reportedly hired Hackluyt, a private investigative firm with “close links” to MI6, to infiltrate Greenpeace by planting an agent who “posed as a left -wing sympathiser and film maker.” His mission was to “betray plans of Greenpeace’s activities against oil giants,” including gathering “information about the movements of the motor vessel Greenpeace in the north Atlantic.”
The CCP report notes that:
“A diverse array of nonprofits have been targeted by espionage, including environmental, anti-war, public interest, consumer, food safety, pesticide reform, nursing home reform, gun control, social justice, animal rights and arms control groups.
Many of the world’s largest corporations and their trade associations – including the US Chamber of Commerce, Walmart, Monsanto, Bank of America, Dow Chemical, Kraft, Coca-Cola, Chevron, Burger King, McDonald’s, Shell, BP, BAE, Sasol, Brown & Williamson and E.ON – have been linked to espionage or planned espionage against nonprofit organizations, activists and whistleblowers.”
Exploring other examples of this activity, the report notes that in Ecuador, after a lawsuit against Texaco triggering a $9.5 billion fine for spilling 350 million gallons of oil around Lago Agrio, the private investigations firm Kroll tried to hire journalist Mary Cuddehe as a “corporate spy” for Chevron, to undermine studies of the environmental health effects of the spill.
Referring to the work of US investigative reporter Jeremy Scahill, the report points out that the notorious defence contractor Blackwater, later renamed XE Services and now Academi, had sought to become “the intel arm” of Monsanto, the agricultural and biotechnology corporation associated with genetically modified foods. Blackwater was paid to “provide operatives to infiltrate activist groups organizing against the multinational biotech firm.”
In another case, the UK’s Camp for Climate Action, which supports the decommissioning of coal-fired plants, was infiltrated by private security firm Vericola on behalf of three energy companies, E.ON, Scottish Power, and Scottish Resources Group.
Reviewing emails released by Wikileaks from the Texas-based private intelligence firm Stratfor, the report shows how the firm reportedly “conducted espionage against human rights, animal rights and environmental groups, on behalf of companies such as Coca-Cola.” In one case, the emails suggest that Stratfor investigated People for the Ethical Treatment of Animals (PETA) at Coca-Cola’s request, and had access to a classified FBI investigation on PETA.
The report uncovers compelling evidence that much corporate espionage is facilitated by government agencies, particularly the FBI. The CCP report examines a September 2010 document from the Office of the Inspector General in the US Justice Department, which reviewed FBI investigations between 2001 and 2006. It concluded that:
“… the factual basis of opening some of the investigations of individuals affiliated with the groups was factually weak… In some cases, we also found that the FBI extended the duration of investigations involving advocacy groups or their members without adequate basis…. In some cases, the FBI classified some of its investigations relating to nonviolent civil disobedience under its ‘Acts of Terrorism’ classification.”
For instance, on an FBI investigation of Greenpeace, the Justice Department found that:
“… the FBI articulated little or no basis for suspecting a violation of any federal criminal statute… the FBI’s opening EC [electronic communication] did not articulate any basis to suspect that they were planning any federal crimes….We also found that the FBI kept this investigation open for over 3 years, long past the corporate shareholder meetings that the subjects were supposedly planning to disrupt… We concluded that the investigation was kept open ‘beyond the point at which its underlying justification no longer existed,’ which was inconsistent with the FBI’s Manual of Investigative and Operational Guidelines (MIOG).”
The FBI’s involvement in corporate espionage has been institutionalised through ‘InfraGard’, “a little-known partnership between private industry, the FBI and the Department of Homeland Security.” The partnership involves the participation of “more than 23,000 representatives of private industry,” including 350 of the Fortune 500 companies.
But it’s not just the FBI. According to the new report, “active-duty CIA operatives are allowed to sell their expertise to the highest bidder”, a policy that gives “financial firms and hedge funds access to the nation’s top-level intelligence talent. Little is known about the CIA’s moonlighting policy, or which corporations have hired current CIA operatives.”
The report concludes that, due to an extreme lack of oversight, government effectively tends to simply “rubber stamp” such intelligence outsourcing:
“In effect, corporations are now able to replicate in miniature the services of a private CIA, employing active-duty and retired officers from intelligence and/or law enforcement. Lawlessness committed by this private intelligence and law enforcement capacity, which appears to enjoy near impunity, is a threat to democracy and the rule of law. In essence, corporations are now able to hire a private law enforcement capacity – which is barely constrained by legal and ethical norms – and use it to subvert or destroy civic groups. This greatly erodes the capacity of the civic sector to countervail the tremendous power of corporate and wealthy elites.”
Gary Ruskin, author of the report, said:
“Corporate espionage against nonprofit organizations is an egregious abuse of corporate power that is subverting democracy. Who will rein in the forces of corporate lawlessness as they bear down upon nonprofit defenders of justice?”
That’s a good question. Ironically, many of the same companies spearheading the war on democracy are also at war with planet earth – just last week the Guardian revealed that 90 of some of the biggest corporations generate nearly two-thirds of greenhouse gas emissions and are thus overwhelmingly responsible for climate change.
Dr Nafeez Ahmed is executive director of the Institute for Policy Research & Development and author of A User’s Guide to the Crisis of Civilisation: And How to Save It among other books. Follow him on Twitter
Find this story at 28 November 2013
© 2013 Guardian News and Media Limited or its affiliated companies. All rights reserved.
Corporations increasingly spying on nonprofits, group says
December 3, 2013
Corporations are increasingly spying on nonprofit groups they view as potential threats with little fear of retribution, according to a new report by a corporate watchdog group.
The large companies employ former Central Intelligence Agency, National Security Agency, FBI, military and police officers to monitor and in some cases infiltrate groups that have been critical of them, according to the report by Essential Information, which was founded by Ralph Nader in the 1980s.
“Many different types of nonprofits have been targeted with espionage, including environmental, anti-war, public interest, consumer, food safety, pesticide reform, nursing-home reform, gun control, social justice, animal rights and arms control groups,” the report said.
Photos: Top 10 Southern California companies
The spying is problematic because some investigators violate laws — a French utility was fined about $2 million in 2011 for hacking the computers of Greenpeace France — while chilling groups that stand up for consumers, the report said.
“Corporate espionage against nonprofit organizations is an egregious abuse of corporate power that is subverting democracy,” said Gary Ruskin, the report’s author. “Who will rein in the forces of corporate lawlessness as they bear down upon nonprofit defenders of justice?”
Corporations and their trade associations have been linked to a wide variety of espionage tactics against nonprofit organizations, including posing as volunteers or journalists to obtain information about nonprofits’ activities, the report said.
“Many of these tactics are either highly unethical or illegal,” the report said.
Essential Information is a Washington-based nonprofit that promotes corporate accountability.
By Stuart Pfeifer
November 20, 2013, 1:25 p.m.
Find this story at 20 November 2013
Copyright 2013 http://www.latimes.com
Spooky Business: A New Report on Corporate Espionage Against Non-profits
November 27, 2013
Giant corporations are employing highly unethical or illegal tools of espionage against nonprofit organizations with near impunity, according to a new report by Essential Information. The report, titled Spooky Business, documents how corporations hire shady investigative firms staffed with former employees of the Central Intelligence Agency (CIA), National Security Agency (NSA), US military, Federal Bureau of Investigations (FBI), Secret Service and local police departments to target nonprofit organizations.
“Corporate espionage against nonprofit organizations is an egregious abuse of corporate power that is subverting democracy,” said Gary Ruskin, author of Spooky Business. “Who will rein in the forces of corporate lawlessness as they bear down upon nonprofit defenders of justice?”
Many of the world’s largest corporations and their trade associations — including the U.S. Chamber of Commerce, Walmart, Monsanto, Bank of America, Dow Chemical, Kraft, Coca-Cola, Chevron, Burger King, McDonald’s, Shell, BP, BAE, Sasol, Brown & Williamson and E.ON – have been linked to espionage or planned espionage against nonprofit organizations, activists and whistleblowers.
Many different types of nonprofit organizations have been targeted with corporate espionage, including environmental, anti-war, public interest, consumer, food safety, pesticide reform, nursing home reform, gun control, social justice, animal rights and arms control groups.
Corporations and their trade associations have been linked to a wide variety of espionage tactics against nonprofit organizations. The most prevalent tactic appears to be infiltration by posing a volunteer or journalist, to obtain information from a nonprofit. But corporations have been linked to many other human, physical and electronic espionage tactics against nonprofits. Many of these tactics are either highly unethical or illegal.
Founded in 1982 by Ralph Nader, Essential Information is a Washington, DC-based nonprofit, tax-exempt organization. It is involved in a variety of projects to promote corporate accountability, a more just economy, public health and a sustainable planet. It has published a bi-monthly magazine, books and reports, sponsored conferences, provided writers with grants to pursue investigations, published daily news summaries, operated clearinghouses that disseminate information to grassroots organizations in the United States and developing countries worldwide, and has hosted scores of conferences focusing on government and corporate accountability.
November 20, 2013 · by editor · in Corporate Espionage
Find the report at 20 November 2013
© 2013 Center for Corporate Policy
Spooky Business: U.S. Corporations Enlist Ex-Intelligence Agents to Spy on Nonprofit Groups (2013) nieuwere artikelen >>
November 27, 2013
A new report details how corporations are increasingly spying on nonprofit groups they regard as potential threats. The corporate watchdog organization Essential Information found a diverse groups of nonprofits have been targeted with espionage, including environmental, antiwar, public interest, consumer safety, pesticide reform, gun control, social justice, animal rights and arms control groups. The corporations carrying out the spying include the U.S. Chamber of Commerce, Wal-Mart, Monsanto, Bank of America, Dow Chemical, Kraft, Coca-Cola, Chevron, Burger King, McDonald’s, Shell, BP, and others. According to the report, these corporations employ former CIA, National Security Agency and FBI agents to engage in private surveillance work, which is often illegal in nature but rarely — if ever — prosecuted. We’re joined by Gary Ruskin, author of the report, “Spooky Business: Corporate Espionage Against Nonprofit Organizations,” and director of the Center for Corporate Policy, a project of Essential Information.
Click here to watch part 2 of this interview.
This is a rush transcript. Copy may not be in its final form.
AMY GOODMAN: As we turn to a new report detailing how corporations are increasingly spying on nonprofit groups that they regard as potential threats. The report’s called, “Spooky Business: Corporate Espionage Against Nonprofit Organizations.” It was released by the corporate watch group Essential Information. The report found a diverse group of nonprofits have been targeted with espionage, including environmental, antiwar, public interest, consumer safety, pesticide reform, gun control, social justice, animal rights, and arms control groups. The corporations carrying out the spying include the U.S. Chamber of Commerce, Wal-Mart, Monsanto, Bank of America, Dow Chemical, Kraft, Coca-Cola, Chevron, Burger King, McDonald’s, Shell, BP, and others. According to the report, these corporations employ former CIA, NSA and FBI agents to engage in private surveillance work which is often illegal in nature but rarely, if ever, prosecuted. For more we go to California where we’re joined by the report’s author, Gary Ruskin. He is the director of the Center for Corporate Policy, a project of Essential Information. Gary, Welcome back to Democracy Now! Explain what you found.
GARY RUSKIN: Thanks for having me on the show again, Amy. Yeah, we found a tremendous diversity of corporate espionage being conducted against a wide variety of civic groups across the country and the U.K., the case in Ecuador and in France as well. So what we found was a tremendous variety of use of different types of espionage tactics from dumpster diving to hiring investigators to pose as journalists or volunteers, to electronic espionage, information warfare, information operations hacking, electronic surveillance. And so this appears to be a growing phenomenon both here in the United States and maybe in other parts of the world as well. But our report is an effort to document something that’s very hard to know very much about. We aggregated 30 different cases of corporate espionage to try to talk about them, but really, each of the cases we have very fragmentary information. And so it’s hard to say — we have a, we have a part of an iceberg whether it’s the tip of the iceberg or the tippy tip of the iceberg, we don’t really know.
AMY GOODMAN: Gary, let’s got to — I want to go to 2010; Greenpeace files a federal lawsuit against Dow Chemical and Sasol North America for engaging in corporate espionage. The lawsuit alleged corporate spies stole thousands of confidential documents from Greenpeace, including campaign plans, employee records; phone records, donor and media lists. Democracy Now! spoke to Charlie Cray, the senior researcher with Greenpeace USA at the time. He explained what happened.
CHARLIE CRAY: BBI, the defunct private investigation firm hired subcontractors including off-duty police officers who went through Greenpeace’s trash to find useful documents on a regular basis. Over two years they did this almost twice a week on average. They also used subcontractors who had colleagues who attempted to infiltrate Greenpeace as volunteers. They cased the Greenpeace office looking for we don’t know what, but probably doing advanced scouting for people who would then intrude upon the property. We found a list of door codes, we found a folder that said “wiretap info,” which was empty. We know this company has sub-contracted with a company called Net Safe, which is a company that was made of former NSA officials skilled in computer hacking and things like that. So we really don’t know the full extent of this, but what we’ve seen is incredibly shocking. And our goal is to bring this out into the light of day and to stop it if it’s still going on.”
AMY GOODMAN: That was Charlie Cray, senior researcher with Greenpeace USA. Gary Ruskin, if you could responded to that and then talk about Wal-Mart and Up Against the Wall, the nonprofit organization?
GARY RUSKIN: The Greenpeace example is a great example of what corporate America can bring to bear, the lawlessness that they can bring to bear on nonprofit organizations like Greenpeace, like Peta, like Knowledge Ecology International, on Public Citizen and others. This was a tremendously diverse and powerful campaign of espionage that they targeted Greenpeace with. And so, you know, there are so many other examples in the report, but you mentioned Wal-Mart has a very large internal security operation and so we know of a case, for example, where they planted essentially a person with a bug in a meeting of people organizing about Wal-Mart and then as well they had a van that was able to surveil some other activities, protest activities as well. There are so many stories we can tell from the report. Another famous one was the largest operated nuclear power plants in the world; Electricite de France, caught with a copy of a Greenpeace hard drive on one of its contractor’s computers because they’d hacked into Greenpeace France. So there just so many stories we can tell.
AMY GOODMAN: So how does it go from spying to interrupting the activity of these organizations? And also if you could also talk about the spying on Occupy Wall Street.
GARY RUSKIN: Sure. Well, what we found in some of the cases is there are spies that actually, you know, actively participate in an organization. For example, one of the most famous cases was a woman who’s real name was Mary Lou Sapone, who went by a Mary McFate and was very active in gun control movement for quite a long time and ran for the National Board of Directors of a prominent gun control organization and worked with the Brady Campaign like. She was totally a spy. Another example was there was —
AMY GOODMAN: A spy for?
GARY RUSKIN: A spy probably for the NRA. And then there are other pretty well-known examples, like for example, there was a former congressman the late Congressmen Henry Hyde was also a bank director at a bank, he didn’t pay — the bank went belly up and he was the only bank director who did not pay the settlement for the bank going defunct. And he had a lawyer dispatch a journalist or someone who posed as a journalist to get information from the guy who uncovered so much of this Ron Dueling [SP].
AMY GOODMAN: Well Gary Ruskin, we are going to continue covering this issue, were going do part 2 of the interview and post it online at democracynow.org. Gary Ruskin is Director of The Center for Corporate Policy, a project of Essential Information. We’ll link to the report “Spooky Business: Corporate Espionage Against Nonprofit Organizations.”
The original content of this program is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 United States License. Please attribute legal copies of this work to democracynow.org. Some of the work(s) that this program incorporates, however, may be separately licensed. For further information or additional permissions, contact us.
Monday, November 25, 2013
Find this story at 25 November 2013