Senate Intelligence Committee Hearing: The NSA Wants Unlimited Citizen and Business Data in National Database

…[NSA Director Keith] Alexander acknowledged that the NSA is interested in compiling the largest national database possible, and that there is no limit to the number of records that can be gathered. The storehouse holds billions of records, former officials have told The Washington Post.

“Is it the goal of the NSA to collect the phone records of all Americans?” Udall asked.

“I believe it is in the nation’s best interests to put all the phone records into a lockbox that we could search when the nation needs to do it, yes,” Alexander said.

 

The government has claimed the authority to gather the data under Section 215 of the USA Patriot Act, also known as the “business records” provision of the Foreign Intelligence Surveillance Act. The FISA court in 2006 agreed that the government could use that statute to order phone companies to hand over “all call detail records” daily to the NSA.

 

Asked by Udall if that statute gave NSA the authority to collect other data — such as utility bills — Deputy Attorney General James M. Cole offered a qualified answer. “It’s given them the authority to collect other bulk records if they can show that it is necessary to find something relevant to a foreign intelligence investigation of particular types. . . . It’s not just all bulk records. But it’s also not no business records. It’s all dependent on the purpose.”

 

 

[Sen. Ron Wyden (D-Oregon)], Udall and other lawmakers have introduced reform legislation that would, among other things, end the phone records collection, while allowing for a more limited program.

On Thursday, Wyden accused U.S. officials of not being more forthcoming about intelligence-collection programs.

“The leadership of your agencies built an intelligence-collection system that repeatedly deceived the American people,” he said. “Time and time again, the American people were told one thing about domestic surveillance in public forums while government agencies did something else in private.”

 

http://www.washingtonpost.com/world/national-security/nsa-leaks-extremely-damaging-national-intelligence-director-tells-senate-hearing/2013/09/26/a01b4e08-26d3-11e3-b75d-5b7f66349852_story.html

 

Wyden infamously showed down with Clapper earlier this year when he asked the lawmaker if the intelligence community collects information on millions of Americans. Clapper responded “not wittingly,” then later apologized to Committe Chairwoman Dianne Feinstein (D-California) for his “clearly erroneous” remark after Snowden’s leaks suggested otherwise only weeks later.

“So that he would be prepared to answer, I sent the question to Director Clapper’s office a day in advance. After the hearing was over, my staff and I gave his office a chance to amend his answer,” Wyden told the Washington Post after the March meeting. “Now public hearings are needed to address the recent disclosures, and the American people have the right to expect straight answers from the intelligence leadership to the questions asked by their representatives.”

On Thursday, Alexander phrased questioning directed at Gen. Alexander in an attempt to determine if the NSA collected information from cell phone towers that could be used to locate customers. Alexander decline to provide a straight answer during an unclassified hearing.

 

“If you’re responding to my question by not answering it because you think thats a classified matter, that is certainly your right,” said Wyden. “ We will continue to explore that because I believe that is something the American people deserve to know.”

 

http://rt.com/usa/fisa-hearing-nsa-surveillance-410/

Related articles

• Is the NSA collecting cell phone location data? (tv.msnbc.com)
• Intelligence agencies want ‘all the phone records,’ defend surveillance programs (patriotnetdaily.com)
• The NSA Doesn’t Deny Having Collected Our Phone Location Data (theatlanticwire.com)
• Sen. Ron Wyden: NSA ‘repeatedly deceived the American people’ | Glenn Greenwald (theguardian.com)
• US intelligence chiefs urge Congress to preserve surveillance programs (theguardian.com)
• Senate Bill Would Eliminate Mass Collection Of Phone Records, Reform FISA Court (infiniteunknown.net)
• In new bill, four senators attack NSA’s bulk data collection (arstechnica.com)
• U.S. officials dodge questions on scope of surveillance (wikileaks-forum.com)
• NSA Director Supports Putting All Americans’ Phone Records in ‘Lockbox’ (dissenter.firedoglake.com)
• NSA defender Feinstein bows to growing pressure, says she’ll offer bill to limit surveillance programs (mcclatchydc.com)

DigiCert Announces Certificate Transparency Support

LEHI, UT–(Marketwired – September 24, 2013) – DigiCert, Inc., a leading global authentication and encryption provider, announced today that it is the first Certificate Authority (CA) to implement Certificate Transparency (CT). DigiCert has been working with Google to pilot CT for more than a year and will begin adding SSL Certificates to a public CT log by the end of October.

DigiCert welcomes CT as an important step toward enhancing online trust. For several months, DigiCert has been working with Google engineers to test Google’s code, provide feedback on proposed CT implementations, and build CT support into the company’s systems. This initiative aligns with DigiCert’s focus to improve online trust — including tight internal security controls, development and adoption of the CA/Browser Forum Baseline Requirements and Network Security Guidelines, and participation in various industry bodies that are focused on security and trust standards.

http://finance.yahoo.com/news/digicert-announces-certificate-transparency-support-180554567.html

Google’s Certificate Transparency project fixes several structural flaws in the SSL certificate system, which is the main cryptographic system that underlies all HTTPS connections. These flaws weaken the reliability and effectiveness of encrypted Internet connections and can compromise critical TLS/SSL mechanisms, including domain validation, end-to-end encryption, and the chains of trust set up by certificate authorities. If left unchecked, these flaws can facilitate a wide range of security attacks, such as website spoofing, server impersonation, and man-in-the-middle attacks.

Certificate Transparency helps eliminate these flaws by providing an open framework for monitoring and auditing SSL certificates in nearly real time. Specifically, Certificate Transparency makes it possible to detect SSL certificates that have been mistakenly issued by a certificate authority or maliciously acquired from an otherwise unimpeachable certificate authority. It also makes it possible to identify certificate authorities that have gone rogue and are maliciously issuing certificates.

Because it is an open and public framework, anyone can build or access the basic components that drive Certificate Transparency. This is particularly beneficial to Internet security stakeholders, such as domain owners, certificate authorities, and browser manufacturers, who have a vested interest in maintaining the health and integrity of the SSL certificate system.

 http://www.certificate-transparency.org/

Related articles

• DigiCert Announces Certificate Transparency Support (darkreading.com)
• DigiNotar certificate fraud addressed with Snow Leopard and Lion updates (reviews.cnet.com)
• Behind the padlock: How secure Web connections work (nbcnews.com)
• How The NSA Bypasses Online Encryption (bauer-power.net)
• HTTPS url with port number not working on iOS (stackoverflow.com)