Guardian, The

US intelligence chiefs have confirmed that the National Security Agency has used a "backdoor" in surveillance law to perform warrantless searches on Americans’ communications.

The NSA's collection programs are ostensibly targeted at foreigners, but in August the Guardian revealed a secret rule change allowing NSA analysts to search for Americans' details within the databases. Now, in a letter to Sen Ron Wyden (D-OR) of the Senate Intelligence Committee, the director of national intelligence, James Clapper, has confirmed for the first time this backdoor had been used in practice to search for data related to “US persons.”

“There have been queries, using US person identifiers, of communications lawfully acquired to obtain foreign intelligence targeting non-US persons reasonably believed to be located outside the United States,” Clapper wrote in the letter. “These queries were performed pursuant to minimization procedures approved by the FISA [Foreign Intelligence Surveillance Act] court and consistent with the statute and the fourth amendment.”

The legal authority to perform the searches, revealed in top-secret NSA documents provided to the Guardian by Edward Snowden, was denounced by Sen Wyden as a “backdoor search loophole.” Clapper did not disclose how many such searches had been performed by the NSA.

Microsoft is not unique in claiming the right to read users' emails -- Apple, Yahoo and Google all reserve that right as well.

The broad rights e-mail providers claim for themselves has come to light following Microsoft's admission that it read a journalist's Hotmail account in an attempt to track down the source of an internal leak. But most webmail services claim the right to read users' email if they believe that such access is necessary to protect their property. But other major email providers reserve exactly the same rights.

Yahoo requires users to "acknowledge, consent and agree that Yahoo may access… your account information and Content… in a good faith belief that such access… is reasonably necessary to… protect the rights… of Yahoo." Google's terms require the user to "acknowledge and agree that Google may access… your account information and any Content associated with that account… in a good faith belief that such access… is reasonably necessary to… protect against imminent harm to the… property… of Google". Apple "may, without liability to you, access… your Account information and Content… if we have a good faith belief that such access… is reasonably necessary to… protect the… property… of Apple".

The senior lawyer for the National Security Agency stated that US technology companies were fully aware of the surveillance agency’s widespread collection of data.

Rajesh De, the NSA general counsel, said all communications content and associated metadata harvested by the NSA under a 2008 surveillance law occurred with the knowledge of the companies -- both for the Internet collection program known as Prism and for the so-called “upstream” collection of communications moving across the Internet.

Asked during a hearing of the US government’s institutional privacy watchdog if collection under the law, known as Section 702 or the FISA Amendments Act, occurred with the “full knowledge and assistance of any company from which information is obtained,” De replied: “Yes.” De explained: “Prism was an internal government term that as the result of leaks became the public term,” De said. “Collection under this program was a compulsory legal process that any recipient company would receive.”

After the hearing, De added that service providers also know and receive legal compulsions surrounding NSA’s harvesting of communications data not from companies but directly in transit across the Internet under 702 authority.

Tumblr is one of the centerpieces of the intelligence community’s attempts at rebranding in the wake of what it considers a crisis wrought by Edward Snowden: a web clearinghouse of formerly classified documents related to the National Security Agency’s sweeping surveillance authorities, an exercise in transparency.

But the documents on the site are most often presented without a critical disclosure. While statements accompanying them refer to decisions by director James Clapper and other administration officials to release the surveillance-related information, nearly all the instances of such declassification – eight out of 12 – came to be published only after the government lost transparency cases, a fact that the Tumblr, known as IC On The Record, most often omits or obscures.

Warnings that phone call “metadata” can betray detailed information about your life has been confirmed by research at Stanford University.

Researchers there successfully identified a cannabis cultivator, multiple sclerosis sufferer and a visitor to an abortion clinic using nothing more than the timing and destination of their phone calls. Jonathan Mayer and Patrick Mutchler, the researchers behind the finding, used data gleaned from 546 volunteers to assess the extent to which information about who they had called and when revealed personally sensitive information.

The research aimed to answer questions raised by the NSA wiretapping revelations, where it was revealed that the US intelligence agency collects metadata -- but not content -- of millions of phone calls on mobile networks.

Australia’s privacy commissioner says reforms are needed to ensure law enforcement agencies act proportionately when they access people’s private communications.

The commissioner has joined Australia’s intelligence watchdog, the Inspector General of Intelligence and Security, in flagging potential adjustments to the surveillance regime to ensure agencies strike the correct balance between protecting consumer privacy and conducting necessary investigations to prevent crimes.

“There is a clear public interest in allowing law enforcement and intelligence agencies to access communications where it is necessary for the prevention of serious and organized crime and threats to Australia’s national security,” the privacy commissioner, Timothy Pilgrim, says in a new submission to the Senate. “However, by their very nature such activities will require access to the private communications of individuals. Such accesses should be proportional to the risk they seek to address.”

Pilgrim says current proportionality tests in legislation allowing people’s communications to be intercepted should be re-examined, and government could also consider reducing the number of agencies able to access private telecommunications data. He adds that there is merit in considering changes that would make the current regulatory approaches to handling personal data less fragmented.

[Commentary] The Internet has presented journalists with an extraordinary opportunity to remake their own profession. And the rhetoric of the new wave of creativity in journalism is spattered with words that denote transformation.

But the new micro-institutions of journalism already bear the hallmarks of the restrictive heritage they abandoned with such glee. At the risk of being the old bat in the back, allow me to quote Faye Dunaway’s character from Network: “Look, all I’m saying is if you’re going to hustle, at least do it right.”

Of the many others who have eloped from the portals of the industrial presses to big, shiny and new things (as in, not Yahoo or The Information), the sole female top editor or founder is Kara Swisher at Re/code. And she is running that technology site collaboratively with a man, Walt Mossberg. At First Look, behind-the-scenes Laura Poitras is one of two main female names on a virtual masthead that just added John Cook from Gawker (to run Greenwald’s magazine) to join Matt Taibbi of Rolling Stone (to lead his own).

It is not just the four new (and still exciting) breakout projects: Vice, Quartz, Buzzfeed, Politico, Grantland -- these, too, are led by white men, and filled with more of them. It is as if Arianna Huffington never happened. Or as if diversity of leadership and ownership did not really matter, as long as the data-driven, responsively designed new news becomes a radical and successful enough departure from the drab anecdote laden guff put out by those other men.

[Bell is director of the Tow Center for Digital Journalism at Columbia's Graduate School of Journalism.]

The inventor of the World Wide Web believes an online "Magna Carta" is needed to protect and enshrine the independence of the medium he created and the rights of its users worldwide.

Sir Tim Berners-Lee told the Guardian the web had come under increasing attack from governments and corporate influence and that new rules were needed to protect the "open, neutral" system. Speaking exactly 25 years after he wrote the first draft of the first proposal for what would become the World Wide Web, the computer scientist said: "We need a global constitution -- a bill of rights." Berners-Lee's Magna Carta plan is to be taken up as part of an initiative called "the web we want", which calls on people to generate a digital bill of rights in each country -- a statement of principles he hopes will be supported by public institutions, government officials and corporations. "Unless we have an open, neutral Internet we can rely on without worrying about what's happening at the back door, we can't have open government, good democracy, good healthcare, connected communities and diversity of culture."

Principles of privacy, free speech and responsible anonymity would be explored in the Magna Carta scheme. Berners-Lee also spoke out strongly in favor of changing a key and controversial element of Internet governance that would remove a small but symbolic piece of US control. The US has clung on to the Internet Assigned Numbers Authority (IANA) contract, which controls the dominant database of all domain names, but has faced increased pressure post-Snowden.

He said: "The removal of the explicit link to the US department of commerce is long overdue. The US can't have a global place in the running of something which is so non-national. There is huge momentum towards that uncoupling but it is right that we keep a multi-stakeholder approach, and one where governments and companies are both kept at arm's length."

[Commentary] “You are the firefighters,” National Security Agency whistleblower Edward Snowden told a tech savvy audience, during my conversation with him at the South by Southwest festival. “The people in Austin are the ones who can protect our rights through technical standards.”

Ed’s comments were a call to arms for the tech community to protect its users from indiscriminate mass surveillance by the NSA and the insecurity it creates. Over the past few years, and even more so after Ed’s revelations, Silicon Valley companies have begun to enable -- by default -- basic security features, such as the use of HTTPS encryption to protect data as it is transmitted from their customers’ to the companies’ servers. While HTTPS encryption by default is a great start, isn’t enough. The tech companies must offer apps and services that are safe and secure by default.

• Disable data, all the way. Far too often, security is an opt-in feature that few regular people will even know about, much less seek out and enable.
• Limit collection, move up storage deadlines. As Ed stressed, tech companies can also begin to limit the data they collect from their customers and only store it for as long as it’s needed for genuine business purposes -- and not one second longer.
• Rethink our relationship with tech companies. We, the everyday consumers, must make privacy and security profitable. If we want these companies to put our interests first, we must pay for the services that they provide us. We must demand that those products preserve privacy -- again, by default. Until this business model changes, the services that are made for the mass market will remain insecure, vulnerable and optimized for data collection.

[Soghoian is principal technologist for the American Civil Liberties Union]

[March 11]