12345...102030...


National Security Agency – Wikipedia

National Security Agency

Seal of the National Security Agency

Flag of the National Security Agency

The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence. The NSA is responsible for global monitoring, collection, and processing of information and data for foreign intelligence and counterintelligence purposes, specializing in a discipline known as signals intelligence (SIGINT). The NSA is also tasked with the protection of U.S. communications networks and information systems.[8][9] The NSA relies on a variety of measures to accomplish its mission, the majority of which are clandestine.[10]

Originating as a unit to decipher coded communications in World War II, it was officially formed as the NSA by President Harry S. Truman in 1952. Since then, it has become the largest of the U.S. intelligence organizations in terms of personnel and budget.[6][11] The NSA currently conducts worldwide mass data collection and has been known to physically bug electronic systems as one method to this end.[12] The NSA has also been alleged to have been behind such attack software as Stuxnet, which severely damaged Iran’s nuclear program.[13][14] The NSA, alongside the Central Intelligence Agency (CIA), maintains a physical presence in many countries across the globe; the CIA/NSA joint Special Collection Service (a highly classified intelligence team) inserts eavesdropping devices in high value targets (such as Presidential palaces or embassies). SCS collection tactics allegedly encompass “close surveillance, burglary, wiretapping, [and] breaking and entering”.[15][16]

Unlike the CIA and the Defense Intelligence Agency (DIA), both of which specialize primarily in foreign human espionage, the NSA does not publicly conduct human-source intelligence gathering. The NSA is entrusted with providing assistance to, and the coordination of, SIGINT elements for other government organizations – which are prevented by law from engaging in such activities on their own.[17] As part of these responsibilities, the agency has a co-located organization called the Central Security Service (CSS), which facilitates cooperation between the NSA and other U.S. defense cryptanalysis components. To further ensure streamlined communication between the signals intelligence community divisions, the NSA Director simultaneously serves as the Commander of the United States Cyber Command and as Chief of the Central Security Service.

The NSA’s actions have been a matter of political controversy on several occasions, including its spying on anti-Vietnam-war leaders and the agency’s participation in economic espionage. In 2013, the NSA had many of its secret surveillance programs revealed to the public by Edward Snowden, a former NSA contractor. According to the leaked documents, the NSA intercepts and stores the communications of over a billion people worldwide, including United States citizens. The documents also revealed the NSA tracks hundreds of millions of people’s movements using cellphones metadata. Internationally, research has pointed to the NSA’s ability to surveil the domestic Internet traffic of foreign countries through “boomerang routing”.[18]

The origins of the National Security Agency can be traced back to April 28, 1917, three weeks after the U.S. Congress declared war on Germany in World War I. A code and cipher decryption unit was established as the Cable and Telegraph Section which was also known as the Cipher Bureau.[19] It was headquartered in Washington, D.C. and was part of the war effort under the executive branch without direct Congressional authorization. During the course of the war it was relocated in the army’s organizational chart several times. On July 5, 1917, Herbert O. Yardley was assigned to head the unit. At that point, the unit consisted of Yardley and two civilian clerks. It absorbed the navy’s Cryptanalysis functions in July 1918. World War I ended on November 11, 1918, and the army cryptographic section of Military Intelligence (MI-8) moved to New York City on May 20, 1919, where it continued intelligence activities as the Code Compilation Company under the direction of Yardley.[20][21]

After the disbandment of the U.S. Army cryptographic section of military intelligence, known as MI-8, in 1919, the U.S. government created the Cipher Bureau, also known as Black Chamber. The Black Chamber was the United States’ first peacetime cryptanalytic organization.[22] Jointly funded by the Army and the State Department, the Cipher Bureau was disguised as a New York City commercial code company; it actually produced and sold such codes for business use. Its true mission, however, was to break the communications (chiefly diplomatic) of other nations. Its most notable known success was at the Washington Naval Conference, during which it aided American negotiators considerably by providing them with the decrypted traffic of many of the conference delegations, most notably the Japanese. The Black Chamber successfully persuaded Western Union, the largest U.S. telegram company at the time, as well as several other communications companies to illegally give the Black Chamber access to cable traffic of foreign embassies and consulates.[23] Soon, these companies publicly discontinued their collaboration.

Despite the Chamber’s initial successes, it was shut down in 1929 by U.S. Secretary of State Henry L. Stimson, who defended his decision by stating, “Gentlemen do not read each other’s mail”.[24]

During World War II, the Signal Intelligence Service (SIS) was created to intercept and decipher the communications of the Axis powers.[25] When the war ended, the SIS was reorganized as the Army Security Agency (ASA), and it was placed under the leadership of the Director of Military Intelligence.[25]

On May 20, 1949, all cryptologic activities were centralized under a national organization called the Armed Forces Security Agency (AFSA).[25] This organization was originally established within the U.S. Department of Defense under the command of the Joint Chiefs of Staff.[26] The AFSA was tasked to direct Department of Defense communications and electronic intelligence activities, except those of U.S. military intelligence units.[26] However, the AFSA was unable to centralize communications intelligence and failed to coordinate with civilian agencies that shared its interests such as the Department of State, Central Intelligence Agency (CIA) and the Federal Bureau of Investigation (FBI).[26] In December 1951, President Harry S. Truman ordered a panel to investigate how AFSA had failed to achieve its goals. The results of the investigation led to improvements and its redesignation as the National Security Agency.[27]

The agency was formally established by Truman in a memorandum of October 24, 1952, that revised National Security Council Intelligence Directive (NSCID) 9.[28] Since President Truman’s memo was a classified document,[28] the existence of the NSA was not known to the public at that time. Due to its ultra-secrecy the U.S. intelligence community referred to the NSA as “No Such Agency”.[29]

In the 1960s, the NSA played a key role in expanding U.S. commitment to the Vietnam War by providing evidence of a North Vietnamese attack on the American destroyer USSMaddox during the Gulf of Tonkin incident.[30]

A secret operation, code-named “MINARET”, was set up by the NSA to monitor the phone communications of Senators Frank Church and Howard Baker, as well as major civil rights leaders, including Martin Luther King, Jr., and prominent U.S. journalists and athletes who criticized the Vietnam War.[31] However, the project turned out to be controversial, and an internal review by the NSA concluded that its Minaret program was “disreputable if not outright illegal”.[31]

The NSA mounted a major effort to secure tactical communications among U.S. forces during the war with mixed success. The NESTOR family of compatible secure voice systems it developed was widely deployed during the Vietnam War, with about 30,000 NESTOR sets produced. However a variety of technical and operational problems limited their use, allowing the North Vietnamese to exploit and intercept U.S. communications.[32]:Vol I, p.79

In the aftermath of the Watergate scandal, a congressional hearing in 1975 led by Sen. Frank Church[33] revealed that the NSA, in collaboration with Britain’s SIGINT intelligence agency Government Communications Headquarters (GCHQ), had routinely intercepted the international communications of prominent anti-Vietnam war leaders such as Jane Fonda and Dr. Benjamin Spock.[34] The Agency tracked these individuals in a secret filing system that was destroyed in 1974.[35]Following the resignation of President Richard Nixon, there were several investigations of suspected misuse of FBI, CIA and NSA facilities.[36] Senator Frank Church uncovered previously unknown activity,[36] such as a CIA plot (ordered by the administration of President John F. Kennedy) to assassinate Fidel Castro.[37] The investigation also uncovered NSA’s wiretaps on targeted U.S. citizens.[38]

After the Church Committee hearings, the Foreign Intelligence Surveillance Act of 1978 was passed into law. This was designed to limit the practice of mass surveillance in the United States.[36]

In 1986, the NSA intercepted the communications of the Libyan government during the immediate aftermath of the Berlin discotheque bombing. The White House asserted that the NSA interception had provided “irrefutable” evidence that Libya was behind the bombing, which U.S. President Ronald Reagan cited as a justification for the 1986 United States bombing of Libya.[39][40]

In 1999, a multi-year investigation by the European Parliament highlighted the NSA’s role in economic espionage in a report entitled ‘Development of Surveillance Technology and Risk of Abuse of Economic Information’.[41] That year, the NSA founded the NSA Hall of Honor, a memorial at the National Cryptologic Museum in Fort Meade, Maryland.[42] The memorial is a, “tribute to the pioneers and heroes who have made significant and long-lasting contributions to American cryptology”.[42] NSA employees must be retired for more than fifteen years to qualify for the memorial.[42]

NSA’s infrastructure deteriorated in the 1990s as defense budget cuts resulted in maintenance deferrals. On January 24, 2000, NSA headquarters suffered a total network outage for three days caused by an overloaded network. Incoming traffic was successfully stored on agency servers, but it could not be directed and processed. The agency carried out emergency repairs at a cost of $3 million to get the system running again. (Some incoming traffic was also directed instead to Britain’s GCHQ for the time being.) Director Michael Hayden called the outage a “wake-up call” for the need to invest in the agency’s infrastructure.[43]

In the 1990s the defensive arm of the NSA the Information Assurance Directorate (IAD) started working more openly; the first public technical talk by an NSA scientist at a major cryptography conference was J. Solinas’ presentation onefficient Elliptic Curve Cryptography algorithms at Crypto 1997.[44] The IAD’s cooperative approach to academia and industry culminated in its support for a transparent process for replacing the outdated Data Encryption Standard (DES) by an Advanced Encryption Standard (AES). Cybersecurity policy expert Susan Landau attributes the NSA’s harmonious collaboration with industry and academia in the selection of the AES in 2000 and the Agency’s support for the choice of a strong encryption algorithm designed by Europeans rather than by Americans to Brian Snow, who was the Technical Director of IAD and represented the NSA as cochairman of the Technical Working Group for the AES competition, and Michael Jacobs, who headed IAD at the time.[45]:75

After the terrorist attacks of 11 September 2001, the NSA believed that it had public support for a dramatic expansion of its surveillance activities.[46] According to Neal Koblitz and Alfred Menezes, the period when the NSA was a trusted partner with academia and industry in the development of cryptographic standards started to come to an end when, as part of the change in the NSA in the post-September 11 era, Snow was replaced as Technical Director, Jacobs retired, and IAD could no longer effectively oppose proposed actions by the offensive arm of the NSA.[47]

In the aftermath of the September 11 attacks, the NSA created new IT systems to deal with the flood of information from new technologies like the Internet and cellphones. ThinThread contained advanced data mining capabilities. It also had a “privacy mechanism”; surveillance was stored encrypted; decryption required a warrant. The research done under this program may have contributed to the technology used in later systems. ThinThread was cancelled when Michael Hayden chose Trailblazer, which did not include ThinThread’s privacy system.[48]

Trailblazer Project ramped up in 2002 and was worked on by Science Applications International Corporation (SAIC), Boeing, Computer Sciences Corporation, IBM, and Litton Industries. Some NSA whistleblowers complained internally about major problems surrounding Trailblazer. This led to investigations by Congress and the NSA and DoD Inspectors General. The project was cancelled in early 2004.

Turbulence started in 2005. It was developed in small, inexpensive “test” pieces, rather than one grand plan like Trailblazer. It also included offensive cyber-warfare capabilities, like injecting malware into remote computers. Congress criticized Turbulence in 2007 for having similar bureaucratic problems as Trailblazer.[49] It was to be a realization of information processing at higher speeds in cyberspace.[50]

The massive extent of the NSA’s spying, both foreign and domestic, was revealed to the public in a series of detailed disclosures of internal NSA documents beginning in June 2013. Most of the disclosures were leaked by former NSA contractor, Edward Snowden.

NSA’s eavesdropping mission includes radio broadcasting, both from various organizations and individuals, the Internet, telephone calls, and other intercepted forms of communication. Its secure communications mission includes military, diplomatic, and all other sensitive, confidential or secret government communications.[51]

According to a 2010 article in The Washington Post, “[e]very day, collection systems at the National Security Agency intercept and store 1.7billion e-mails, phone calls and other types of communications. The NSA sorts a fraction of those into 70 separate databases.”[52]

Because of its listening task, NSA/CSS has been heavily involved in cryptanalytic research, continuing the work of predecessor agencies which had broken many World War II codes and ciphers (see, for instance, Purple, Venona project, and JN-25).

In 2004, NSA Central Security Service and the National Cyber Security Division of the Department of Homeland Security (DHS) agreed to expand NSA Centers of Academic Excellence in Information Assurance Education Program.[53]

As part of the National Security Presidential Directive 54/Homeland Security Presidential Directive 23 (NSPD 54), signed on January 8, 2008, by President Bush, the NSA became the lead agency to monitor and protect all of the federal government’s computer networks from cyber-terrorism.[9]

In the United States, at least since 2001,[54] there has been legal controversy over what signal intelligence can be used for and how much freedom the National Security Agency has to use signal intelligence.[55] The government has made, in 2015, slight changes in how it uses and collects certain types of data,[56] specifically phone records.

On December 16, 2005, The New York Times reported that, under White House pressure and with an executive order from President George W. Bush, the National Security Agency, in an attempt to thwart terrorism, had been tapping phone calls made to persons outside the country, without obtaining warrants from the United States Foreign Intelligence Surveillance Court, a secret court created for that purpose under the Foreign Intelligence Surveillance Act (FISA).[57]

One such surveillance program, authorized by the U.S. Signals Intelligence Directive 18 of President George Bush, was the Highlander Project undertaken for the National Security Agency by the U.S. Army 513th Military Intelligence Brigade. NSA relayed telephone (including cell phone) conversations obtained from ground, airborne, and satellite monitoring stations to various U.S. Army Signal Intelligence Officers, including the 201st Military Intelligence Battalion. Conversations of citizens of the U.S. were intercepted, along with those of other nations.[58]

Proponents of the surveillance program claim that the President has executive authority to order such action, arguing that laws such as FISA are overridden by the President’s Constitutional powers. In addition, some argued that FISA was implicitly overridden by a subsequent statute, the Authorization for Use of Military Force, although the Supreme Court’s ruling in Hamdan v. Rumsfeld deprecates this view. In the August 2006 case ACLU v. NSA, U.S. District Court Judge Anna Diggs Taylor concluded that NSA’s warrantless surveillance program was both illegal and unconstitutional. On July 6, 2007, the 6th Circuit Court of Appeals vacated the decision on the grounds that the ACLU lacked standing to bring the suit.[59]

On January 17, 2006, the Center for Constitutional Rights filed a lawsuit, CCR v. Bush, against the George W. Bush Presidency. The lawsuit challenged the National Security Agency’s (NSA’s) surveillance of people within the U.S., including the interception of CCR emails without securing a warrant first.[60][61]

In September 2008, the Electronic Frontier Foundation (EFF) filed a class action lawsuit against the NSA and several high-ranking officials of the Bush administration,[62] charging an “illegal and unconstitutional program of dragnet communications surveillance,”[63] based on documentation provided by former AT&T technician Mark Klein.[64]

As a result of the USA Freedom Act passed by Congress in June 2015, the NSA had to shut down its bulk phone surveillance program on November 29 of the same year. The USA Freedom Act forbids the NSA to collect metadata and content of phone calls unless it has a warrant for terrorism investigation. In that case the agency has to ask the telecom companies for the record, which will only be kept for six months.

In May 2008, Mark Klein, a former AT&T employee, alleged that his company had cooperated with NSA in installing Narus hardware to replace the FBI Carnivore program, to monitor network communications including traffic between U.S. citizens.[65]

NSA was reported in 2008 to use its computing capability to analyze “transactional” data that it regularly acquires from other government agencies, which gather it under their own jurisdictional authorities. As part of this effort, NSA now monitors huge volumes of records of domestic email data, web addresses from Internet searches, bank transfers, credit-card transactions, travel records, and telephone data, according to current and former intelligence officials interviewed by The Wall Street Journal. The sender, recipient, and subject line of emails can be included, but the content of the messages or of phone calls are not.[66]

A 2013 advisory group for the Obama administration, seeking to reform NSA spying programs following the revelations of documents released by Edward J. Snowden.[67] mentioned in ‘Recommendation 30’ on page 37, “…that the National Security Council staff should manage an interagency process to review on a regular basis the activities of the US Government regarding attacks that exploit a previously unknown vulnerability in a computer application.” Retired cyber security expert Richard A. Clarke was a group member and stated on April 11 that NSA had no advance knowledge of Heartbleed.[68]

In August 2013 it was revealed that a 2005 IRS training document showed that NSA intelligence intercepts and wiretaps, both foreign and domestic, were being supplied to the Drug Enforcement Administration (DEA) and Internal Revenue Service (IRS) and were illegally used to launch criminal investigations of US citizens. Law enforcement agents were directed to conceal how the investigations began and recreate an apparently legal investigative trail by re-obtaining the same evidence by other means.[69][70]

In the months leading to April 2009, the NSA intercepted the communications of U.S. citizens, including a Congressman, although the Justice Department believed that the interception was unintentional. The Justice Department then took action to correct the issues and bring the program into compliance with existing laws.[71] United States Attorney General Eric Holder resumed the program according to his understanding of the Foreign Intelligence Surveillance Act amendment of 2008, without explaining what had occurred.[72]

Polls conducted in June 2013 found divided results among Americans regarding NSA’s secret data collection.[73] Rasmussen Reports found that 59% of Americans disapprove,[74] Gallup found that 53% disapprove,[75] and Pew found that 56% are in favor of NSA data collection.[76]

On April 25, 2013, the NSA obtained a court order requiring Verizon’s Business Network Services to provide metadata on all calls in its system to the NSA “on an ongoing daily basis” for a three-month period, as reported by The Guardian on June 6, 2013. This information includes “the numbers of both parties on a call… location data, call duration, unique identifiers, and the time and duration of all calls” but not “[t]he contents of the conversation itself”. The order relies on the so-called “business records” provision of the Patriot Act.[77][78]

In August 2013, following the Snowden leaks, new details about the NSA’s data mining activity were revealed. Reportedly, the majority of emails into or out of the United States are captured at “selected communications links” and automatically analyzed for keywords or other “selectors”. Emails that do not match are deleted.[79]

The utility of such a massive metadata collection in preventing terrorist attacks is disputed. Many studies reveal the dragnet like system to be ineffective. One such report, released by the New America Foundation concluded that after an analysis of 225 terrorism cases, the NSA “had no discernible impact on preventing acts of terrorism.”[80]

Defenders of the program said that while metadata alone can’t provide all the information necessary to prevent an attack, it assures the ability to “connect the dots”[81] between suspect foreign numbers and domestic numbers with a speed only the NSA’s software is capable of. One benefit of this is quickly being able to determine the difference between suspicious activity and real threats.[citation needed] As an example, NSA director General Keith B. Alexander mentioned at the annual Cybersecurity Summit in 2013, that metadata analysis of domestic phone call records after the Boston Marathon bombing helped determine that rumors of a follow-up attack in New York were baseless.[81]

In addition to doubts about its effectiveness, many people argue that the collection of metadata is an unconstitutional invasion of privacy. As of 2015[update], the collection process remains legal and grounded in the ruling from Smith v. Maryland (1979). A prominent opponent of the data collection and its legality is U.S. District Judge Richard J. Leon, who issued a report in 2013[82] in which he stated:”I cannot imagine a more ‘indiscriminate’ and ‘arbitrary invasion’ than this systematic and high tech collection and retention of personal data on virtually every single citizen for purposes of querying and analyzing it without prior judicial approval…Surely, such a program infringes on ‘that degree of privacy’ that the founders enshrined in the Fourth Amendment”.

As of May 7, 2015, the U.S. Court of Appeals for the Second Circuit ruled that the interpretation of Section 215 of the Patriot Act was wrong and that the NSA program that has been collecting Americans’ phone records in bulk is illegal.[83] It stated that Section 215 cannot be clearly interpreted to allow government to collect national phone data and, as a result, expired on June 1, 2015. This ruling “is the first time a higher-level court in the regular judicial system has reviewed the N.S.A. phone records program.”[84] The replacement law known as the USA Freedom Act, which will enable the NSA to continue to have bulk access to citizens’ metadata but with the stipulation that the data will now be stored by the companies themselves.[84] This change will not have any effect on other Agency procedures – outside of metadata collection – which have purportedly challenged Americans’ Fourth Amendment rights;,[85] including Upstream collection, a mass of techniques used by the Agency to collect and store American’s data/communications directly from the Internet backbone.[86]

Under the Upstream program, the NSA paid telecommunications companies between 9 and 95 million dollars in order to collect data from them.[87] While companies such as Google and Yahoo! claim that they do not provide “direct access” from their servers to the NSA unless under a court order,[88] the NSA had access to emails, phone calls and cellular data users.[89] Under this new ruling, telecommunications companies maintain bulk user metadata on their servers for at least 18 months, to be provided upon request to the NSA.[84] This ruling made the mass storage of specific phone records at NSA datacenters illegal, but it did not rule on Section 215’s constitutionality.[84]

In a declassified document it was revealed that 17,835 phone lines were on an improperly permitted “alert list” from 2006 to 2009 in breach of compliance, which tagged these phone lines for daily monitoring.[90][91][92] Eleven percent of these monitored phone lines met the agency’s legal standard for “reasonably articulable suspicion” (RAS).[90][93]The NSA tracks the locations of hundreds of millions of cellphones per day, allowing it to map people’s movements and relationships in detail.[94] The NSA has been reported to have access to all communications made via Google, Microsoft, Facebook, Yahoo, YouTube, AOL, Skype, Apple and Paltalk,[95] and collects hundreds of millions of contact lists from personal email and instant messaging accounts each year.[96] It has also managed to weaken much of the encryption used on the Internet (by collaborating with, coercing or otherwise infiltrating numerous technology companies to leave “backdoors” into their systems), so that the majority of encryption is inadvertently vulnerable to different forms of attack.[97][98]

Domestically, the NSA has been proven to collect and store metadata records of phone calls,[99] including over 120 million US Verizon subscribers,[100] as well as intercept vast amounts of communications via the internet (Upstream).[95] The government’s legal standing had been to rely on a secret interpretation of the Patriot Act whereby the entirety of US communications may be considered “relevant” to a terrorism investigation if it is expected that even a tiny minority may relate to terrorism.[101] The NSA also supplies foreign intercepts to the DEA, IRS and other law enforcement agencies, who use these to initiate criminal investigations. Federal agents are then instructed to “recreate” the investigative trail via parallel construction.[102]

The NSA also spies on influential Muslims to obtain information that could be used to discredit them, such as their use of pornography. The targets, both domestic and abroad, are not suspected of any crime but hold religious or political views deemed “radical” by the NSA.[103]

According to a report in The Washington Post in July 2014, relying on information provided by Snowden, 90% of those placed under surveillance in the U.S. are ordinary Americans, and are not the intended targets. The newspaper said it had examined documents including emails, text messages, and online accounts that support the claim.[104]

Despite White House claims that these programs have congressional oversight, many members of Congress were unaware of the existence of these NSA programs or the secret interpretation of the Patriot Act, and have consistently been denied access to basic information about them.[105] The United States Foreign Intelligence Surveillance Court, the secret court charged with regulating the NSA’s activities is, according to its chief judge, incapable of investigating or verifying how often the NSA breaks even its own secret rules.[106]It has since been reported that the NSA violated its own rules on data access thousands of times a year, many of these violations involving large-scale data interceptions.[107] NSA officers have even used data intercepts to spy on love interests;[108] “most of the NSA violations were self-reported, and each instance resulted in administrative action of termination.”[109]

The NSA has “generally disregarded the special rules for disseminating United States person information” by illegally sharing its intercepts with other law enforcement agencies.[110] A March 2009 FISA Court opinion, which the court released, states that protocols restricting data queries had been “so frequently and systemically violated that it can be fairly said that this critical element of the overall … regime has never functioned effectively.”[111][112] In 2011 the same court noted that the “volume and nature” of the NSA’s bulk foreign Internet intercepts was “fundamentally different from what the court had been led to believe”.[110] Email contact lists (including those of US citizens) are collected at numerous foreign locations to work around the illegality of doing so on US soil.[96]

Legal opinions on the NSA’s bulk collection program have differed. In mid-December 2013, U.S. District Judge Richard Leon ruled that the “almost-Orwellian” program likely violates the Constitution, and wrote, “I cannot imagine a more ‘indiscriminate’ and ‘arbitrary invasion’ than this systematic and high-tech collection and retention of personal data on virtually every single citizen for purposes of querying and analyzing it without prior judicial approval. Surely, such a program infringes on ‘that degree of privacy’ that the Founders enshrined in the Fourth Amendment. Indeed, I have little doubt that the author of our Constitution, James Madison, who cautioned us to beware ‘the abridgement of freedom of the people by gradual and silent encroachments by those in power,’ would be aghast.”[113]

Later that month, U.S. District Judge William Pauley ruled that the NSA’s collection of telephone records is legal and valuable in the fight against terrorism. In his opinion, he wrote, “a bulk telephony metadata collection program [is] a wide net that could find and isolate gossamer contacts among suspected terrorists in an ocean of seemingly disconnected data” and noted that a similar collection of data prior to 9/11 might have prevented the attack.[114]

At a March 2013 Senate Intelligence Committee hearing, Senator Ron Wyden asked Director of National Intelligence James Clapper, “does the NSA collect any type of data at all on millions or hundreds of millions of Americans?” Clapper replied “No, sir. … Not wittingly. There are cases where they could inadvertently perhaps collect, but not wittingly.”[115] This statement came under scrutiny months later, in June 2013, details of the PRISM surveillance program were published, showing that “the NSA apparently can gain access to the servers of nine Internet companies for a wide range of digital data.”[115] Wyden said that Clapper had failed to give a “straight answer” in his testimony. Clapper, in response to criticism, said, “I responded in what I thought was the most truthful, or least untruthful manner.” Clapper added, “There are honest differences on the semantics of what — when someone says collection to me, that has a specific meaning, which may have a different meaning to him.”[115]

NSA whistler-blower Edward Snowden additionally revealed the existence of XKeyscore, a top secret NSA program that allows the agency to search vast databases of “the metadata as well as the content of emails and other internet activity, such as browser history,” with capability to search by “name, telephone number, IP address, keywords, the language in which the internet activity was conducted or the type of browser used.”[116] XKeyscore “provides the technological capability, if not the legal authority, to target even US persons for extensive electronic surveillance without a warrant provided that some identifying information, such as their email or IP address, is known to the analyst.”[116]

Regarding the necessity of these NSA programs, Alexander stated on June 27 that the NSA’s bulk phone and Internet intercepts had been instrumental in preventing 54 terrorist “events”, including 13 in the US, and in all but one of these cases had provided the initial tip to “unravel the threat stream”.[117] On July 31 NSA Deputy Director John Inglis conceded to the Senate that these intercepts had not been vital in stopping any terrorist attacks, but were “close” to vital in identifying and convicting four San Diego men for sending US$8,930 to Al-Shabaab, a militia that conducts terrorism in Somalia.[118][119][120]

The U.S. government has aggressively sought to dismiss and challenge Fourth Amendment cases raised against it, and has granted retroactive immunity to ISPs and telecoms participating in domestic surveillance.[121][122]The U.S. military has acknowledged blocking access to parts of The Guardian website for thousands of defense personnel across the country,[123][124] and blocking the entire Guardian website for personnel stationed throughout Afghanistan, the Middle East, and South Asia.[125]

An October 2014 United Nations report condemned mass surveillance by the United States and other countries as violating multiple international treaties and conventions that guarantee core privacy rights.[126]

In 2015, the Wikimedia Foundation and several other plaintiffs filed suit against the NSA, Wikimedia Foundation v. NSA, for the violation of their user’s First and Fourth Amendment rights by the Agency’s mass surveillance programs like Upstream.[127] The suit was initially dismissed, but was later found to have plausible and legal standing to its complaints by the US Court of Appeals for the Fourth Circuit and was remanded. The case is currently awaiting further proceedings at the United States District Court for the District of Maryland.[128]

An exploit, EternalBlue, which is believed to have been created by the NSA, was used in the unprecedented worldwide WannaCry ransomware attack in May 2017. The exploit had been leaked online by a hacking group, The Shadow Brokers, nearly a month prior to the attack. A number of experts have pointed the finger at the NSA’s non-disclosure of the underlying vulnerability, and their loss of control over the EternalBlue attack tool that exploited it. Edward Snowden said that if the NSA had “privately disclosed the flaw used to attack hospitals when they found it, not when they lost it, [the attack] might not have happened”.[129] Wikipedia co-founder, Jimmy Wales, stated that he joined “with Microsoft and the other leaders of the industry in saying this is a huge screw-up by the government … the moment the NSA found it, they should have notified Microsoft so they could quietly issue a patch and really chivvy people along, long before it became a huge problem.”[130]

Operations by the National Security Agency can be divided in three types:

“Echelon” was created in the incubator of the Cold War.[131] Today it is a legacy system, and several NSA stations are closing.[132]

NSA/CSS, in combination with the equivalent agencies in the United Kingdom (Government Communications Headquarters), Canada (Communications Security Establishment), Australia (Defence Signals Directorate), and New Zealand (Government Communications Security Bureau), otherwise known as the UKUSA group,[133] was reported to be in command of the operation of the so-called ECHELON system. Its capabilities were suspected to include the ability to monitor a large proportion of the world’s transmitted civilian telephone, fax and data traffic.[134]

During the early 1970s, the first of what became more than eight large satellite communications dishes were installed at Menwith Hill.[135] Investigative journalist Duncan Campbell reported in 1988 on the “ECHELON” surveillance program, an extension of the UKUSA Agreement on global signals intelligence SIGINT, and detailed how the eavesdropping operations worked.[136] On November 3, 1999 the BBC reported that they had confirmation from the Australian Government of the existence of a powerful “global spying network” code-named Echelon, that could “eavesdrop on every single phone call, fax or e-mail, anywhere on the planet” with Britain and the United States as the chief protagonists. They confirmed that Menwith Hill was “linked directly to the headquarters of the US National Security Agency (NSA) at Fort Meade in Maryland”.[137]

NSA’s United States Signals Intelligence Directive 18 (USSID 18) strictly prohibited the interception or collection of information about “… U.S. persons, entities, corporations or organizations….” without explicit written legal permission from the United States Attorney General when the subject is located abroad, or the Foreign Intelligence Surveillance Court when within U.S. borders. Alleged Echelon-related activities, including its use for motives other than national security, including political and industrial espionage, received criticism from countries outside the UKUSA alliance.[138][139]

The NSA was also involved in planning to blackmail people with “SEXINT”, intelligence gained about a potential target’s sexual activity and preferences. Those targeted had not committed any apparent crime nor were they charged with one.[140]

In order to support its facial recognition program, the NSA is intercepting “millions of images per day”.[141]

The Real Time Regional Gateway is a data collection program introduced in 2005 in Iraq by NSA during the Iraq War that consisted of gathering all electronic communication, storing it, then searching and otherwise analyzing it. It was effective in providing information about Iraqi insurgents who had eluded less comprehensive techniques.[142] This “collect it all” strategy introduced by NSA director, Keith B. Alexander, is believed by Glenn Greenwald of The Guardian to be the model for the comprehensive worldwide mass archiving of communications which NSA is engaged in as of 2013.[143]

A dedicated unit of the NSA locates targets for the CIA for extrajudicial assassination in the Middle East.[144] The NSA has also spied extensively on the European Union, the United Nations and numerous governments including allies and trading partners in Europe, South America and Asia.[145][146]

In June 2015, WikiLeaks published documents showing that NSA spied on French companies.[147]

In July 2015, WikiLeaks published documents showing that NSA spied on federal German ministries since the 1990s.[148][149] Even Germany’s Chancellor Angela Merkel’s cellphones and phone of her predecessors had been intercepted.[150]

Edward Snowden revealed in June 2013 that between February 8 and March 8, 2013, the NSA collected about 124.8billion telephone data items and 97.1billion computer data items throughout the world, as was displayed in charts from an internal NSA tool codenamed Boundless Informant. Initially, it was reported that some of these data reflected eavesdropping on citizens in countries like Germany, Spain and France,[151] but later on, it became clear that those data were collected by European agencies during military missions abroad and were subsequently shared with NSA.

In 2013, reporters uncovered a secret memo that claims the NSA created and pushed for the adoption of the Dual EC DRBG encryption standard that contained built-in vulnerabilities in 2006 to the United States National Institute of Standards and Technology (NIST), and the International Organization for Standardization (aka ISO).[152][153] This memo appears to give credence to previous speculation by cryptographers at Microsoft Research.[154] Edward Snowden claims that the NSA often bypasses encryption altogether by lifting information before it is encrypted or after it is decrypted.[153]

XKeyscore rules (as specified in a file xkeyscorerules100.txt, sourced by German TV stations NDR and WDR, who claim to have excerpts from its source code) reveal that the NSA tracks users of privacy-enhancing software tools, including Tor; an anonymous email service provided by the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) in Cambridge, Massachusetts; and readers of the Linux Journal.[155][156]

Linus Torvalds, the founder of Linux kernel, joked during a LinuxCon keynote on September 18, 2013, that the NSA, who are the founder of SELinux, wanted a backdoor in the kernel.[157] However, later, Linus’ father, a Member of the European Parliament (MEP), revealed that the NSA actually did this.[158]

When my oldest son was asked the same question: “Has he been approached by the NSA about backdoors?” he said “No”, but at the same time he nodded. Then he was sort of in the legal free. He had given the right answer, everybody understood that the NSA had approached him.

IBM Notes was the first widely adopted software product to use public key cryptography for clientserver and serverserver authentication and for encryption of data. Until US laws regulating encryption were changed in 2000, IBM and Lotus were prohibited from exporting versions of Notes that supported symmetric encryption keys that were longer than 40 bits. In 1997, Lotus negotiated an agreement with the NSA that allowed export of a version that supported stronger keys with 64 bits, but 24 of the bits were encrypted with a special key and included in the message to provide a “workload reduction factor” for the NSA. This strengthened the protection for users of Notes outside the US against private-sector industrial espionage, but not against spying by the US government.[160][161]

While it is assumed that foreign transmissions terminating in the U.S. (such as a non-U.S. citizen accessing a U.S. website) subject non-U.S. citizens to NSA surveillance, recent research into boomerang routing has raised new concerns about the NSA’s ability to surveil the domestic Internet traffic of foreign countries.[18] Boomerang routing occurs when an Internet transmission that originates and terminates in a single country transits another. Research at the University of Toronto has suggested that approximately 25% of Canadian domestic traffic may be subject to NSA surveillance activities as a result of the boomerang routing of Canadian Internet service providers.[18]

Intercepted packages are opened carefully by NSA employees

A “load station” implanting a beacon

A document included in NSA files released with Glenn Greenwald’s book No Place to Hide details how the agency’s Tailored Access Operations (TAO) and other NSA units gain access to hardware. They intercept routers, servers and other network hardware being shipped to organizations targeted for surveillance and install covert implant firmware onto them before they are delivered. This was described by an NSA manager as “some of the most productive operations in TAO because they preposition access points into hard target networks around the world.”[162]

Computers seized by the NSA due to interdiction are often modified with a physical device known as Cottonmouth.[163] Cottonmouth is a device that can be inserted in the USB port of a computer in order to establish remote access to the targeted machine. According to NSA’s Tailored Access Operations (TAO) group implant catalog, after implanting Cottonmouth, the NSA can establish a network bridge “that allows the NSA to load exploit software onto modified computers as well as allowing the NSA to relay commands and data between hardware and software implants.”[164]

NSA’s mission, as set forth in Executive Order 12333 in 1981, is to collect information that constitutes “foreign intelligence or counterintelligence” while not “acquiring information concerning the domestic activities of United States persons”. NSA has declared that it relies on the FBI to collect information on foreign intelligence activities within the borders of the United States, while confining its own activities within the United States to the embassies and missions of foreign nations.[165]The appearance of a ‘Domestic Surveillance Directorate’ of the NSA was soon exposed as a hoax in 2013.[166][167]

NSA’s domestic surveillance activities are limited by the requirements imposed by the Fourth Amendment to the U.S. Constitution. The Foreign Intelligence Surveillance Court for example held in October 2011, citing multiple Supreme Court precedents, that the Fourth Amendment prohibitions against unreasonable searches and seizures applies to the contents of all communications, whatever the means, because “a person’s private communications are akin to personal papers.”[168] However, these protections do not apply to non-U.S. persons located outside of U.S. borders, so the NSA’s foreign surveillance efforts are subject to far fewer limitations under U.S. law.[169] The specific requirements for domestic surveillance operations are contained in the Foreign Intelligence Surveillance Act of 1978 (FISA), which does not extend protection to non-U.S. citizens located outside of U.S. territory.[169]

George W. Bush, president during the 9/11 terrorist attacks, approved the Patriot Act shortly after the attacks to take anti-terrorist security measures. Title 1, 2, and 9 specifically authorized measures that would be taken by the NSA. These titles granted enhanced domestic security against terrorism, surveillance procedures, and improved intelligence, respectively. On March 10, 2004, there was a debate between President Bush and White House Counsel Alberto Gonzales, Attorney General John Ashcroft, and Acting Attorney General James Comey. The Attorneys General were unsure if the NSA’s programs could be considered constitutional. They threatened to resign over the matter, but ultimately the NSA’s programs continued.[170] On March 11, 2004, President Bush signed a new authorization for mass surveillance of Internet records, in addition to the surveillance of phone records. This allowed the president to be able to override laws such as the Foreign Intelligence Surveillance Act, which protected civilians from mass surveillance. In addition to this, President Bush also signed that the measures of mass surveillance were also retroactively in place.[171]

Under the PRISM program, which started in 2007,[172][173] NSA gathers Internet communications from foreign targets from nine major U.S. Internet-based communication service providers: Microsoft,[174] Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube and Apple. Data gathered include email, video and voice chat, videos, photos, VoIP chats such as Skype, and file transfers.

Former NSA director General Keith Alexander claimed that in September 2009 the NSA prevented Najibullah Zazi and his friends from carrying out a terrorist attack.[175] However, this claim has been debunked and no evidence has been presented demonstrating that the NSA has ever been instrumental in preventing a terrorist attack.[176][177][178][179]

Besides the more traditional ways of eavesdropping in order to collect signals intelligence, NSA is also engaged in hacking computers, smartphones and their networks. These operations are conducted by the Tailored Access Operations (TAO) division, which has been active since at least circa 1998.[180]

According to the Foreign Policy magazine, “… the Office of Tailored Access Operations, or TAO, has successfully penetrated Chinese computer and telecommunications systems for almost 15 years, generating some of the best and most reliable intelligence information about what is going on inside the People’s Republic of China.”[181][182]

In an interview with Wired magazine, Edward Snowden said the Tailored Access Operations division accidentally caused Syria’s internet blackout in 2012.[183]

The NSA is led by the Director of the National Security Agency (DIRNSA), who also serves as Chief of the Central Security Service (CHCSS) and Commander of the United States Cyber Command (USCYBERCOM) and is the highest-ranking military official of these organizations. He is assisted by a Deputy Director, who is the highest-ranking civilian within the NSA/CSS.

NSA also has an Inspector General, head of the Office of the Inspector General (OIG), a General Counsel, head of the Office of the General Counsel (OGC) and a Director of Compliance, who is head of the Office of the Director of Compliance (ODOC).[184]

Unlike other intelligence organizations such as CIA or DIA, NSA has always been particularly reticent concerning its internal organizational structure.

Visit link:

National Security Agency – Wikipedia

Posted in NSA

NSA – What does NSA stand for? The Free Dictionary

AcronymDefinitionNSANational Security Agency (US government)NSANaval Support ActivityNSANational Speakers AssociationNSANo Strings AttachedNSANetwork Security Appliance (Sonicwall)NSANotary Signing AgentNSANational Security AdvisorNSANot Seasonally AdjustedNSANational Security ArchiveNSANational Security ActNSANational Society of AccountantsNSANational Sheriffs’ Association (Alexandria, VA, USA)NSANational Security AffairsNSANo Sugar AddedNSANational Stuttering AssociationNSANational Stroke AssociationNSANetwork Spinal AnalysisNSANational Spiritual Assembly (Institution of the Baha’i Faith)NSANorwegian Shipowners AssociationNSANorth Slope of AlaskaNSANational Sheep Association (Malvern, Worcestershire, UK)NSANational Safety AssociatesNSANon-State Actor (international relations)NSANational Scrabble AssociationNSANational Student AssociationNSANorth Star AcademyNSANew Saint Andrews College (Moscow, Idaho)NSANational Sunflower AssociationNSANational Stone Association (Washington, DC)NSANational Stereoscopic AssociationNSANegative Security AssurancesNSANational Steeplechase AssociationNSANational Sound ArchiveNSANational Security AreaNSANATO Standardization AgencyNSANational Smokers AllianceNSANebraska Statewide ArboretumNSANegotiated Service Agreement (US postal service)NSANational Security Agents (gaming clan)NSANon-Standard AnalysisNSANational Seniors Australia (est. 1976)NSANuclear Science AbstractsNSANormalized Site AttenuationNSANashville School of the Arts (Tennessee)NSANational Storytelling AssociationNSANational Slag Association (Alexandria, VA)NSANorthern Study AreaNSANavy Support ActivityNSANational Skateboard AssociationNSANoise Sensitive AreaNSANikkei Stock AverageNSANational Shipping AuthorityNSANational School of Administration (China)NSANon-surgical Sperm AspirationNSANew Statistical Account (Reports on the conditions of Scotland, with reports on each parish, in the 1830s)NSANunavut Settlement AreaNSANational Supers Agency (fictional from the movie The Incredibles)NSANational Safety AssociationNSANational Security Anarchists (hacker group)NSANational Sprint Association (UK)NSANatuurwetenschappelijke Studievereniging Amsterdam (University of Amsterdam Physics Department student organization)NSANebraska Soybean AssociationNSANaperville Soccer AssociationNSANo Smoking AreaNSANational Softball Association, Inc.NSANorcross Soccer Association (Georgia)NSANaval Supervising ActivityNSANational Singles Association (Atlanta, Georgia)NSANavy Stock AccountNSANight Stalker AssociationNSANational Success AssociationNSANational Shuffleboard AssociationNSANational Software AllianceNSANo Significant Abnormalities (disease assessment)NSANorthern Slope of AlaskaNSANational Service Alliance, LLCNSANon Semi Auto (concealed handgun license; Texas)NSANon Standard Area (of a database)NSANantucket Shellfish Association (Nantucket, MA)NSANational Standard ApplicationNSANational Scout AssociationNSANarrow-Slot ApproximationNSANational Sentinel AuditNSANet Sales AreaNSANode Switching AssemblyNSANuclear Support AgencyNSANetwork Search AlgorithmNSANaval Systems AnalysisNSANikkei Student AssociationNSANet Sellable Area (real estate)NSANeutron Source AssemblyNSANetwork South Australia (Adelaide, Australia)NSANichiren Shosu of AmericaNSANet Server AssistantNSANorwegian Security ActNSANabelschnurarterie (German: Umbilical Cord Artery)NSANarrow Slot ApertureNSANikkei Siam Aluminium Limited (Pathumtani, Thailand)NSANordic Securities Association (est. 2008)NSANetwork Supported Account (Cisco)NSANational Space AgencyNSANon-Standard Auto (insurance)NSANon-Self-AlignedNSANetwork Storage Appliance (computing)NSANeed Special AssistanceNSANational Supervisory Authority (EU)NSANaczelny Sad Administracyjny (Polish: Supreme Administrative Court)

See the original post here:

NSA – What does NSA stand for? The Free Dictionary

Posted in NSA

National Security Agency – Wikipedia

National Security Agency

Seal of the National Security Agency

Flag of the National Security Agency

The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence. The NSA is responsible for global monitoring, collection, and processing of information and data for foreign intelligence and counterintelligence purposes, specializing in a discipline known as signals intelligence (SIGINT). The NSA is also tasked with the protection of U.S. communications networks and information systems.[8][9] The NSA relies on a variety of measures to accomplish its mission, the majority of which are clandestine.[10]

Originating as a unit to decipher coded communications in World War II, it was officially formed as the NSA by President Harry S. Truman in 1952. Since then, it has become the largest of the U.S. intelligence organizations in terms of personnel and budget.[6][11] The NSA currently conducts worldwide mass data collection and has been known to physically bug electronic systems as one method to this end.[12] The NSA has also been alleged to have been behind such attack software as Stuxnet, which severely damaged Iran’s nuclear program.[13][14] The NSA, alongside the Central Intelligence Agency (CIA), maintains a physical presence in many countries across the globe; the CIA/NSA joint Special Collection Service (a highly classified intelligence team) inserts eavesdropping devices in high value targets (such as Presidential palaces or embassies). SCS collection tactics allegedly encompass “close surveillance, burglary, wiretapping, [and] breaking and entering”.[15][16]

Unlike the CIA and the Defense Intelligence Agency (DIA), both of which specialize primarily in foreign human espionage, the NSA does not publicly conduct human-source intelligence gathering. The NSA is entrusted with providing assistance to, and the coordination of, SIGINT elements for other government organizations – which are prevented by law from engaging in such activities on their own.[17] As part of these responsibilities, the agency has a co-located organization called the Central Security Service (CSS), which facilitates cooperation between the NSA and other U.S. defense cryptanalysis components. To further ensure streamlined communication between the signals intelligence community divisions, the NSA Director simultaneously serves as the Commander of the United States Cyber Command and as Chief of the Central Security Service.

The NSA’s actions have been a matter of political controversy on several occasions, including its spying on anti-Vietnam-war leaders and the agency’s participation in economic espionage. In 2013, the NSA had many of its secret surveillance programs revealed to the public by Edward Snowden, a former NSA contractor. According to the leaked documents, the NSA intercepts and stores the communications of over a billion people worldwide, including United States citizens. The documents also revealed the NSA tracks hundreds of millions of people’s movements using cellphones metadata. Internationally, research has pointed to the NSA’s ability to surveil the domestic Internet traffic of foreign countries through “boomerang routing”.[18]

The origins of the National Security Agency can be traced back to April 28, 1917, three weeks after the U.S. Congress declared war on Germany in World War I. A code and cipher decryption unit was established as the Cable and Telegraph Section which was also known as the Cipher Bureau.[19] It was headquartered in Washington, D.C. and was part of the war effort under the executive branch without direct Congressional authorization. During the course of the war it was relocated in the army’s organizational chart several times. On July 5, 1917, Herbert O. Yardley was assigned to head the unit. At that point, the unit consisted of Yardley and two civilian clerks. It absorbed the navy’s Cryptanalysis functions in July 1918. World War I ended on November 11, 1918, and the army cryptographic section of Military Intelligence (MI-8) moved to New York City on May 20, 1919, where it continued intelligence activities as the Code Compilation Company under the direction of Yardley.[20][21]

After the disbandment of the U.S. Army cryptographic section of military intelligence, known as MI-8, in 1919, the U.S. government created the Cipher Bureau, also known as Black Chamber. The Black Chamber was the United States’ first peacetime cryptanalytic organization.[22] Jointly funded by the Army and the State Department, the Cipher Bureau was disguised as a New York City commercial code company; it actually produced and sold such codes for business use. Its true mission, however, was to break the communications (chiefly diplomatic) of other nations. Its most notable known success was at the Washington Naval Conference, during which it aided American negotiators considerably by providing them with the decrypted traffic of many of the conference delegations, most notably the Japanese. The Black Chamber successfully persuaded Western Union, the largest U.S. telegram company at the time, as well as several other communications companies to illegally give the Black Chamber access to cable traffic of foreign embassies and consulates.[23] Soon, these companies publicly discontinued their collaboration.

Despite the Chamber’s initial successes, it was shut down in 1929 by U.S. Secretary of State Henry L. Stimson, who defended his decision by stating, “Gentlemen do not read each other’s mail”.[24]

During World War II, the Signal Intelligence Service (SIS) was created to intercept and decipher the communications of the Axis powers.[25] When the war ended, the SIS was reorganized as the Army Security Agency (ASA), and it was placed under the leadership of the Director of Military Intelligence.[25]

On May 20, 1949, all cryptologic activities were centralized under a national organization called the Armed Forces Security Agency (AFSA).[25] This organization was originally established within the U.S. Department of Defense under the command of the Joint Chiefs of Staff.[26] The AFSA was tasked to direct Department of Defense communications and electronic intelligence activities, except those of U.S. military intelligence units.[26] However, the AFSA was unable to centralize communications intelligence and failed to coordinate with civilian agencies that shared its interests such as the Department of State, Central Intelligence Agency (CIA) and the Federal Bureau of Investigation (FBI).[26] In December 1951, President Harry S. Truman ordered a panel to investigate how AFSA had failed to achieve its goals. The results of the investigation led to improvements and its redesignation as the National Security Agency.[27]

The agency was formally established by Truman in a memorandum of October 24, 1952, that revised National Security Council Intelligence Directive (NSCID) 9.[28] Since President Truman’s memo was a classified document,[28] the existence of the NSA was not known to the public at that time. Due to its ultra-secrecy the U.S. intelligence community referred to the NSA as “No Such Agency”.[29]

In the 1960s, the NSA played a key role in expanding U.S. commitment to the Vietnam War by providing evidence of a North Vietnamese attack on the American destroyer USSMaddox during the Gulf of Tonkin incident.[30]

A secret operation, code-named “MINARET”, was set up by the NSA to monitor the phone communications of Senators Frank Church and Howard Baker, as well as major civil rights leaders, including Martin Luther King, Jr., and prominent U.S. journalists and athletes who criticized the Vietnam War.[31] However, the project turned out to be controversial, and an internal review by the NSA concluded that its Minaret program was “disreputable if not outright illegal”.[31]

The NSA mounted a major effort to secure tactical communications among U.S. forces during the war with mixed success. The NESTOR family of compatible secure voice systems it developed was widely deployed during the Vietnam War, with about 30,000 NESTOR sets produced. However a variety of technical and operational problems limited their use, allowing the North Vietnamese to exploit and intercept U.S. communications.[32]:Vol I, p.79

In the aftermath of the Watergate scandal, a congressional hearing in 1975 led by Sen. Frank Church[33] revealed that the NSA, in collaboration with Britain’s SIGINT intelligence agency Government Communications Headquarters (GCHQ), had routinely intercepted the international communications of prominent anti-Vietnam war leaders such as Jane Fonda and Dr. Benjamin Spock.[34] The Agency tracked these individuals in a secret filing system that was destroyed in 1974.[35]Following the resignation of President Richard Nixon, there were several investigations of suspected misuse of FBI, CIA and NSA facilities.[36] Senator Frank Church uncovered previously unknown activity,[36] such as a CIA plot (ordered by the administration of President John F. Kennedy) to assassinate Fidel Castro.[37] The investigation also uncovered NSA’s wiretaps on targeted U.S. citizens.[38]

After the Church Committee hearings, the Foreign Intelligence Surveillance Act of 1978 was passed into law. This was designed to limit the practice of mass surveillance in the United States.[36]

In 1986, the NSA intercepted the communications of the Libyan government during the immediate aftermath of the Berlin discotheque bombing. The White House asserted that the NSA interception had provided “irrefutable” evidence that Libya was behind the bombing, which U.S. President Ronald Reagan cited as a justification for the 1986 United States bombing of Libya.[39][40]

In 1999, a multi-year investigation by the European Parliament highlighted the NSA’s role in economic espionage in a report entitled ‘Development of Surveillance Technology and Risk of Abuse of Economic Information’.[41] That year, the NSA founded the NSA Hall of Honor, a memorial at the National Cryptologic Museum in Fort Meade, Maryland.[42] The memorial is a, “tribute to the pioneers and heroes who have made significant and long-lasting contributions to American cryptology”.[42] NSA employees must be retired for more than fifteen years to qualify for the memorial.[42]

NSA’s infrastructure deteriorated in the 1990s as defense budget cuts resulted in maintenance deferrals. On January 24, 2000, NSA headquarters suffered a total network outage for three days caused by an overloaded network. Incoming traffic was successfully stored on agency servers, but it could not be directed and processed. The agency carried out emergency repairs at a cost of $3 million to get the system running again. (Some incoming traffic was also directed instead to Britain’s GCHQ for the time being.) Director Michael Hayden called the outage a “wake-up call” for the need to invest in the agency’s infrastructure.[43]

In the 1990s the defensive arm of the NSA the Information Assurance Directorate (IAD) started working more openly; the first public technical talk by an NSA scientist at a major cryptography conference was J. Solinas’ presentation onefficient Elliptic Curve Cryptography algorithms at Crypto 1997.[44] The IAD’s cooperative approach to academia and industry culminated in its support for a transparent process for replacing the outdated Data Encryption Standard (DES) by an Advanced Encryption Standard (AES). Cybersecurity policy expert Susan Landau attributes the NSA’s harmonious collaboration with industry and academia in the selection of the AES in 2000 and the Agency’s support for the choice of a strong encryption algorithm designed by Europeans rather than by Americans to Brian Snow, who was the Technical Director of IAD and represented the NSA as cochairman of the Technical Working Group for the AES competition, and Michael Jacobs, who headed IAD at the time.[45]:75

After the terrorist attacks of 11 September 2001, the NSA believed that it had public support for a dramatic expansion of its surveillance activities.[46] According to Neal Koblitz and Alfred Menezes, the period when the NSA was a trusted partner with academia and industry in the development of cryptographic standards started to come to an end when, as part of the change in the NSA in the post-September 11 era, Snow was replaced as Technical Director, Jacobs retired, and IAD could no longer effectively oppose proposed actions by the offensive arm of the NSA.[47]

In the aftermath of the September 11 attacks, the NSA created new IT systems to deal with the flood of information from new technologies like the Internet and cellphones. ThinThread contained advanced data mining capabilities. It also had a “privacy mechanism”; surveillance was stored encrypted; decryption required a warrant. The research done under this program may have contributed to the technology used in later systems. ThinThread was cancelled when Michael Hayden chose Trailblazer, which did not include ThinThread’s privacy system.[48]

Trailblazer Project ramped up in 2002 and was worked on by Science Applications International Corporation (SAIC), Boeing, Computer Sciences Corporation, IBM, and Litton Industries. Some NSA whistleblowers complained internally about major problems surrounding Trailblazer. This led to investigations by Congress and the NSA and DoD Inspectors General. The project was cancelled in early 2004.

Turbulence started in 2005. It was developed in small, inexpensive “test” pieces, rather than one grand plan like Trailblazer. It also included offensive cyber-warfare capabilities, like injecting malware into remote computers. Congress criticized Turbulence in 2007 for having similar bureaucratic problems as Trailblazer.[49] It was to be a realization of information processing at higher speeds in cyberspace.[50]

The massive extent of the NSA’s spying, both foreign and domestic, was revealed to the public in a series of detailed disclosures of internal NSA documents beginning in June 2013. Most of the disclosures were leaked by former NSA contractor, Edward Snowden.

NSA’s eavesdropping mission includes radio broadcasting, both from various organizations and individuals, the Internet, telephone calls, and other intercepted forms of communication. Its secure communications mission includes military, diplomatic, and all other sensitive, confidential or secret government communications.[51]

According to a 2010 article in The Washington Post, “[e]very day, collection systems at the National Security Agency intercept and store 1.7billion e-mails, phone calls and other types of communications. The NSA sorts a fraction of those into 70 separate databases.”[52]

Because of its listening task, NSA/CSS has been heavily involved in cryptanalytic research, continuing the work of predecessor agencies which had broken many World War II codes and ciphers (see, for instance, Purple, Venona project, and JN-25).

In 2004, NSA Central Security Service and the National Cyber Security Division of the Department of Homeland Security (DHS) agreed to expand NSA Centers of Academic Excellence in Information Assurance Education Program.[53]

As part of the National Security Presidential Directive 54/Homeland Security Presidential Directive 23 (NSPD 54), signed on January 8, 2008, by President Bush, the NSA became the lead agency to monitor and protect all of the federal government’s computer networks from cyber-terrorism.[9]

In the United States, at least since 2001,[54] there has been legal controversy over what signal intelligence can be used for and how much freedom the National Security Agency has to use signal intelligence.[55] The government has made, in 2015, slight changes in how it uses and collects certain types of data,[56] specifically phone records.

On December 16, 2005, The New York Times reported that, under White House pressure and with an executive order from President George W. Bush, the National Security Agency, in an attempt to thwart terrorism, had been tapping phone calls made to persons outside the country, without obtaining warrants from the United States Foreign Intelligence Surveillance Court, a secret court created for that purpose under the Foreign Intelligence Surveillance Act (FISA).[57]

One such surveillance program, authorized by the U.S. Signals Intelligence Directive 18 of President George Bush, was the Highlander Project undertaken for the National Security Agency by the U.S. Army 513th Military Intelligence Brigade. NSA relayed telephone (including cell phone) conversations obtained from ground, airborne, and satellite monitoring stations to various U.S. Army Signal Intelligence Officers, including the 201st Military Intelligence Battalion. Conversations of citizens of the U.S. were intercepted, along with those of other nations.[58]

Proponents of the surveillance program claim that the President has executive authority to order such action, arguing that laws such as FISA are overridden by the President’s Constitutional powers. In addition, some argued that FISA was implicitly overridden by a subsequent statute, the Authorization for Use of Military Force, although the Supreme Court’s ruling in Hamdan v. Rumsfeld deprecates this view. In the August 2006 case ACLU v. NSA, U.S. District Court Judge Anna Diggs Taylor concluded that NSA’s warrantless surveillance program was both illegal and unconstitutional. On July 6, 2007, the 6th Circuit Court of Appeals vacated the decision on the grounds that the ACLU lacked standing to bring the suit.[59]

On January 17, 2006, the Center for Constitutional Rights filed a lawsuit, CCR v. Bush, against the George W. Bush Presidency. The lawsuit challenged the National Security Agency’s (NSA’s) surveillance of people within the U.S., including the interception of CCR emails without securing a warrant first.[60][61]

In September 2008, the Electronic Frontier Foundation (EFF) filed a class action lawsuit against the NSA and several high-ranking officials of the Bush administration,[62] charging an “illegal and unconstitutional program of dragnet communications surveillance,”[63] based on documentation provided by former AT&T technician Mark Klein.[64]

As a result of the USA Freedom Act passed by Congress in June 2015, the NSA had to shut down its bulk phone surveillance program on November 29 of the same year. The USA Freedom Act forbids the NSA to collect metadata and content of phone calls unless it has a warrant for terrorism investigation. In that case the agency has to ask the telecom companies for the record, which will only be kept for six months.

In May 2008, Mark Klein, a former AT&T employee, alleged that his company had cooperated with NSA in installing Narus hardware to replace the FBI Carnivore program, to monitor network communications including traffic between U.S. citizens.[65]

NSA was reported in 2008 to use its computing capability to analyze “transactional” data that it regularly acquires from other government agencies, which gather it under their own jurisdictional authorities. As part of this effort, NSA now monitors huge volumes of records of domestic email data, web addresses from Internet searches, bank transfers, credit-card transactions, travel records, and telephone data, according to current and former intelligence officials interviewed by The Wall Street Journal. The sender, recipient, and subject line of emails can be included, but the content of the messages or of phone calls are not.[66]

A 2013 advisory group for the Obama administration, seeking to reform NSA spying programs following the revelations of documents released by Edward J. Snowden.[67] mentioned in ‘Recommendation 30’ on page 37, “…that the National Security Council staff should manage an interagency process to review on a regular basis the activities of the US Government regarding attacks that exploit a previously unknown vulnerability in a computer application.” Retired cyber security expert Richard A. Clarke was a group member and stated on April 11 that NSA had no advance knowledge of Heartbleed.[68]

In August 2013 it was revealed that a 2005 IRS training document showed that NSA intelligence intercepts and wiretaps, both foreign and domestic, were being supplied to the Drug Enforcement Administration (DEA) and Internal Revenue Service (IRS) and were illegally used to launch criminal investigations of US citizens. Law enforcement agents were directed to conceal how the investigations began and recreate an apparently legal investigative trail by re-obtaining the same evidence by other means.[69][70]

In the months leading to April 2009, the NSA intercepted the communications of U.S. citizens, including a Congressman, although the Justice Department believed that the interception was unintentional. The Justice Department then took action to correct the issues and bring the program into compliance with existing laws.[71] United States Attorney General Eric Holder resumed the program according to his understanding of the Foreign Intelligence Surveillance Act amendment of 2008, without explaining what had occurred.[72]

Polls conducted in June 2013 found divided results among Americans regarding NSA’s secret data collection.[73] Rasmussen Reports found that 59% of Americans disapprove,[74] Gallup found that 53% disapprove,[75] and Pew found that 56% are in favor of NSA data collection.[76]

On April 25, 2013, the NSA obtained a court order requiring Verizon’s Business Network Services to provide metadata on all calls in its system to the NSA “on an ongoing daily basis” for a three-month period, as reported by The Guardian on June 6, 2013. This information includes “the numbers of both parties on a call… location data, call duration, unique identifiers, and the time and duration of all calls” but not “[t]he contents of the conversation itself”. The order relies on the so-called “business records” provision of the Patriot Act.[77][78]

In August 2013, following the Snowden leaks, new details about the NSA’s data mining activity were revealed. Reportedly, the majority of emails into or out of the United States are captured at “selected communications links” and automatically analyzed for keywords or other “selectors”. Emails that do not match are deleted.[79]

The utility of such a massive metadata collection in preventing terrorist attacks is disputed. Many studies reveal the dragnet like system to be ineffective. One such report, released by the New America Foundation concluded that after an analysis of 225 terrorism cases, the NSA “had no discernible impact on preventing acts of terrorism.”[80]

Defenders of the program said that while metadata alone can’t provide all the information necessary to prevent an attack, it assures the ability to “connect the dots”[81] between suspect foreign numbers and domestic numbers with a speed only the NSA’s software is capable of. One benefit of this is quickly being able to determine the difference between suspicious activity and real threats.[citation needed] As an example, NSA director General Keith B. Alexander mentioned at the annual Cybersecurity Summit in 2013, that metadata analysis of domestic phone call records after the Boston Marathon bombing helped determine that rumors of a follow-up attack in New York were baseless.[81]

In addition to doubts about its effectiveness, many people argue that the collection of metadata is an unconstitutional invasion of privacy. As of 2015[update], the collection process remains legal and grounded in the ruling from Smith v. Maryland (1979). A prominent opponent of the data collection and its legality is U.S. District Judge Richard J. Leon, who issued a report in 2013[82] in which he stated:”I cannot imagine a more ‘indiscriminate’ and ‘arbitrary invasion’ than this systematic and high tech collection and retention of personal data on virtually every single citizen for purposes of querying and analyzing it without prior judicial approval…Surely, such a program infringes on ‘that degree of privacy’ that the founders enshrined in the Fourth Amendment”.

As of May 7, 2015, the U.S. Court of Appeals for the Second Circuit ruled that the interpretation of Section 215 of the Patriot Act was wrong and that the NSA program that has been collecting Americans’ phone records in bulk is illegal.[83] It stated that Section 215 cannot be clearly interpreted to allow government to collect national phone data and, as a result, expired on June 1, 2015. This ruling “is the first time a higher-level court in the regular judicial system has reviewed the N.S.A. phone records program.”[84] The replacement law known as the USA Freedom Act, which will enable the NSA to continue to have bulk access to citizens’ metadata but with the stipulation that the data will now be stored by the companies themselves.[84] This change will not have any effect on other Agency procedures – outside of metadata collection – which have purportedly challenged Americans’ Fourth Amendment rights;,[85] including Upstream collection, a mass of techniques used by the Agency to collect and store American’s data/communications directly from the Internet backbone.[86]

Under the Upstream program, the NSA paid telecommunications companies between 9 and 95 million dollars in order to collect data from them.[87] While companies such as Google and Yahoo! claim that they do not provide “direct access” from their servers to the NSA unless under a court order,[88] the NSA had access to emails, phone calls and cellular data users.[89] Under this new ruling, telecommunications companies maintain bulk user metadata on their servers for at least 18 months, to be provided upon request to the NSA.[84] This ruling made the mass storage of specific phone records at NSA datacenters illegal, but it did not rule on Section 215’s constitutionality.[84]

In a declassified document it was revealed that 17,835 phone lines were on an improperly permitted “alert list” from 2006 to 2009 in breach of compliance, which tagged these phone lines for daily monitoring.[90][91][92] Eleven percent of these monitored phone lines met the agency’s legal standard for “reasonably articulable suspicion” (RAS).[90][93]The NSA tracks the locations of hundreds of millions of cellphones per day, allowing it to map people’s movements and relationships in detail.[94] The NSA has been reported to have access to all communications made via Google, Microsoft, Facebook, Yahoo, YouTube, AOL, Skype, Apple and Paltalk,[95] and collects hundreds of millions of contact lists from personal email and instant messaging accounts each year.[96] It has also managed to weaken much of the encryption used on the Internet (by collaborating with, coercing or otherwise infiltrating numerous technology companies to leave “backdoors” into their systems), so that the majority of encryption is inadvertently vulnerable to different forms of attack.[97][98]

Domestically, the NSA has been proven to collect and store metadata records of phone calls,[99] including over 120 million US Verizon subscribers,[100] as well as intercept vast amounts of communications via the internet (Upstream).[95] The government’s legal standing had been to rely on a secret interpretation of the Patriot Act whereby the entirety of US communications may be considered “relevant” to a terrorism investigation if it is expected that even a tiny minority may relate to terrorism.[101] The NSA also supplies foreign intercepts to the DEA, IRS and other law enforcement agencies, who use these to initiate criminal investigations. Federal agents are then instructed to “recreate” the investigative trail via parallel construction.[102]

The NSA also spies on influential Muslims to obtain information that could be used to discredit them, such as their use of pornography. The targets, both domestic and abroad, are not suspected of any crime but hold religious or political views deemed “radical” by the NSA.[103]

According to a report in The Washington Post in July 2014, relying on information provided by Snowden, 90% of those placed under surveillance in the U.S. are ordinary Americans, and are not the intended targets. The newspaper said it had examined documents including emails, text messages, and online accounts that support the claim.[104]

Despite White House claims that these programs have congressional oversight, many members of Congress were unaware of the existence of these NSA programs or the secret interpretation of the Patriot Act, and have consistently been denied access to basic information about them.[105] The United States Foreign Intelligence Surveillance Court, the secret court charged with regulating the NSA’s activities is, according to its chief judge, incapable of investigating or verifying how often the NSA breaks even its own secret rules.[106]It has since been reported that the NSA violated its own rules on data access thousands of times a year, many of these violations involving large-scale data interceptions.[107] NSA officers have even used data intercepts to spy on love interests;[108] “most of the NSA violations were self-reported, and each instance resulted in administrative action of termination.”[109]

The NSA has “generally disregarded the special rules for disseminating United States person information” by illegally sharing its intercepts with other law enforcement agencies.[110] A March 2009 FISA Court opinion, which the court released, states that protocols restricting data queries had been “so frequently and systemically violated that it can be fairly said that this critical element of the overall … regime has never functioned effectively.”[111][112] In 2011 the same court noted that the “volume and nature” of the NSA’s bulk foreign Internet intercepts was “fundamentally different from what the court had been led to believe”.[110] Email contact lists (including those of US citizens) are collected at numerous foreign locations to work around the illegality of doing so on US soil.[96]

Legal opinions on the NSA’s bulk collection program have differed. In mid-December 2013, U.S. District Judge Richard Leon ruled that the “almost-Orwellian” program likely violates the Constitution, and wrote, “I cannot imagine a more ‘indiscriminate’ and ‘arbitrary invasion’ than this systematic and high-tech collection and retention of personal data on virtually every single citizen for purposes of querying and analyzing it without prior judicial approval. Surely, such a program infringes on ‘that degree of privacy’ that the Founders enshrined in the Fourth Amendment. Indeed, I have little doubt that the author of our Constitution, James Madison, who cautioned us to beware ‘the abridgement of freedom of the people by gradual and silent encroachments by those in power,’ would be aghast.”[113]

Later that month, U.S. District Judge William Pauley ruled that the NSA’s collection of telephone records is legal and valuable in the fight against terrorism. In his opinion, he wrote, “a bulk telephony metadata collection program [is] a wide net that could find and isolate gossamer contacts among suspected terrorists in an ocean of seemingly disconnected data” and noted that a similar collection of data prior to 9/11 might have prevented the attack.[114]

At a March 2013 Senate Intelligence Committee hearing, Senator Ron Wyden asked Director of National Intelligence James Clapper, “does the NSA collect any type of data at all on millions or hundreds of millions of Americans?” Clapper replied “No, sir. … Not wittingly. There are cases where they could inadvertently perhaps collect, but not wittingly.”[115] This statement came under scrutiny months later, in June 2013, details of the PRISM surveillance program were published, showing that “the NSA apparently can gain access to the servers of nine Internet companies for a wide range of digital data.”[115] Wyden said that Clapper had failed to give a “straight answer” in his testimony. Clapper, in response to criticism, said, “I responded in what I thought was the most truthful, or least untruthful manner.” Clapper added, “There are honest differences on the semantics of what — when someone says collection to me, that has a specific meaning, which may have a different meaning to him.”[115]

NSA whistler-blower Edward Snowden additionally revealed the existence of XKeyscore, a top secret NSA program that allows the agency to search vast databases of “the metadata as well as the content of emails and other internet activity, such as browser history,” with capability to search by “name, telephone number, IP address, keywords, the language in which the internet activity was conducted or the type of browser used.”[116] XKeyscore “provides the technological capability, if not the legal authority, to target even US persons for extensive electronic surveillance without a warrant provided that some identifying information, such as their email or IP address, is known to the analyst.”[116]

Regarding the necessity of these NSA programs, Alexander stated on June 27 that the NSA’s bulk phone and Internet intercepts had been instrumental in preventing 54 terrorist “events”, including 13 in the US, and in all but one of these cases had provided the initial tip to “unravel the threat stream”.[117] On July 31 NSA Deputy Director John Inglis conceded to the Senate that these intercepts had not been vital in stopping any terrorist attacks, but were “close” to vital in identifying and convicting four San Diego men for sending US$8,930 to Al-Shabaab, a militia that conducts terrorism in Somalia.[118][119][120]

The U.S. government has aggressively sought to dismiss and challenge Fourth Amendment cases raised against it, and has granted retroactive immunity to ISPs and telecoms participating in domestic surveillance.[121][122]The U.S. military has acknowledged blocking access to parts of The Guardian website for thousands of defense personnel across the country,[123][124] and blocking the entire Guardian website for personnel stationed throughout Afghanistan, the Middle East, and South Asia.[125]

An October 2014 United Nations report condemned mass surveillance by the United States and other countries as violating multiple international treaties and conventions that guarantee core privacy rights.[126]

In 2015, the Wikimedia Foundation and several other plaintiffs filed suit against the NSA, Wikimedia Foundation v. NSA, for the violation of their user’s First and Fourth Amendment rights by the Agency’s mass surveillance programs like Upstream.[127] The suit was initially dismissed, but was later found to have plausible and legal standing to its complaints by the US Court of Appeals for the Fourth Circuit and was remanded. The case is currently awaiting further proceedings at the United States District Court for the District of Maryland.[128]

An exploit, EternalBlue, which is believed to have been created by the NSA, was used in the unprecedented worldwide WannaCry ransomware attack in May 2017. The exploit had been leaked online by a hacking group, The Shadow Brokers, nearly a month prior to the attack. A number of experts have pointed the finger at the NSA’s non-disclosure of the underlying vulnerability, and their loss of control over the EternalBlue attack tool that exploited it. Edward Snowden said that if the NSA had “privately disclosed the flaw used to attack hospitals when they found it, not when they lost it, [the attack] might not have happened”.[129] Wikipedia co-founder, Jimmy Wales, stated that he joined “with Microsoft and the other leaders of the industry in saying this is a huge screw-up by the government … the moment the NSA found it, they should have notified Microsoft so they could quietly issue a patch and really chivvy people along, long before it became a huge problem.”[130]

Operations by the National Security Agency can be divided in three types:

“Echelon” was created in the incubator of the Cold War.[131] Today it is a legacy system, and several NSA stations are closing.[132]

NSA/CSS, in combination with the equivalent agencies in the United Kingdom (Government Communications Headquarters), Canada (Communications Security Establishment), Australia (Defence Signals Directorate), and New Zealand (Government Communications Security Bureau), otherwise known as the UKUSA group,[133] was reported to be in command of the operation of the so-called ECHELON system. Its capabilities were suspected to include the ability to monitor a large proportion of the world’s transmitted civilian telephone, fax and data traffic.[134]

During the early 1970s, the first of what became more than eight large satellite communications dishes were installed at Menwith Hill.[135] Investigative journalist Duncan Campbell reported in 1988 on the “ECHELON” surveillance program, an extension of the UKUSA Agreement on global signals intelligence SIGINT, and detailed how the eavesdropping operations worked.[136] On November 3, 1999 the BBC reported that they had confirmation from the Australian Government of the existence of a powerful “global spying network” code-named Echelon, that could “eavesdrop on every single phone call, fax or e-mail, anywhere on the planet” with Britain and the United States as the chief protagonists. They confirmed that Menwith Hill was “linked directly to the headquarters of the US National Security Agency (NSA) at Fort Meade in Maryland”.[137]

NSA’s United States Signals Intelligence Directive 18 (USSID 18) strictly prohibited the interception or collection of information about “… U.S. persons, entities, corporations or organizations….” without explicit written legal permission from the United States Attorney General when the subject is located abroad, or the Foreign Intelligence Surveillance Court when within U.S. borders. Alleged Echelon-related activities, including its use for motives other than national security, including political and industrial espionage, received criticism from countries outside the UKUSA alliance.[138][139]

The NSA was also involved in planning to blackmail people with “SEXINT”, intelligence gained about a potential target’s sexual activity and preferences. Those targeted had not committed any apparent crime nor were they charged with one.[140]

In order to support its facial recognition program, the NSA is intercepting “millions of images per day”.[141]

The Real Time Regional Gateway is a data collection program introduced in 2005 in Iraq by NSA during the Iraq War that consisted of gathering all electronic communication, storing it, then searching and otherwise analyzing it. It was effective in providing information about Iraqi insurgents who had eluded less comprehensive techniques.[142] This “collect it all” strategy introduced by NSA director, Keith B. Alexander, is believed by Glenn Greenwald of The Guardian to be the model for the comprehensive worldwide mass archiving of communications which NSA is engaged in as of 2013.[143]

A dedicated unit of the NSA locates targets for the CIA for extrajudicial assassination in the Middle East.[144] The NSA has also spied extensively on the European Union, the United Nations and numerous governments including allies and trading partners in Europe, South America and Asia.[145][146]

In June 2015, WikiLeaks published documents showing that NSA spied on French companies.[147]

In July 2015, WikiLeaks published documents showing that NSA spied on federal German ministries since the 1990s.[148][149] Even Germany’s Chancellor Angela Merkel’s cellphones and phone of her predecessors had been intercepted.[150]

Edward Snowden revealed in June 2013 that between February 8 and March 8, 2013, the NSA collected about 124.8billion telephone data items and 97.1billion computer data items throughout the world, as was displayed in charts from an internal NSA tool codenamed Boundless Informant. Initially, it was reported that some of these data reflected eavesdropping on citizens in countries like Germany, Spain and France,[151] but later on, it became clear that those data were collected by European agencies during military missions abroad and were subsequently shared with NSA.

In 2013, reporters uncovered a secret memo that claims the NSA created and pushed for the adoption of the Dual EC DRBG encryption standard that contained built-in vulnerabilities in 2006 to the United States National Institute of Standards and Technology (NIST), and the International Organization for Standardization (aka ISO).[152][153] This memo appears to give credence to previous speculation by cryptographers at Microsoft Research.[154] Edward Snowden claims that the NSA often bypasses encryption altogether by lifting information before it is encrypted or after it is decrypted.[153]

XKeyscore rules (as specified in a file xkeyscorerules100.txt, sourced by German TV stations NDR and WDR, who claim to have excerpts from its source code) reveal that the NSA tracks users of privacy-enhancing software tools, including Tor; an anonymous email service provided by the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) in Cambridge, Massachusetts; and readers of the Linux Journal.[155][156]

Linus Torvalds, the founder of Linux kernel, joked during a LinuxCon keynote on September 18, 2013, that the NSA, who are the founder of SELinux, wanted a backdoor in the kernel.[157] However, later, Linus’ father, a Member of the European Parliament (MEP), revealed that the NSA actually did this.[158]

When my oldest son was asked the same question: “Has he been approached by the NSA about backdoors?” he said “No”, but at the same time he nodded. Then he was sort of in the legal free. He had given the right answer, everybody understood that the NSA had approached him.

IBM Notes was the first widely adopted software product to use public key cryptography for clientserver and serverserver authentication and for encryption of data. Until US laws regulating encryption were changed in 2000, IBM and Lotus were prohibited from exporting versions of Notes that supported symmetric encryption keys that were longer than 40 bits. In 1997, Lotus negotiated an agreement with the NSA that allowed export of a version that supported stronger keys with 64 bits, but 24 of the bits were encrypted with a special key and included in the message to provide a “workload reduction factor” for the NSA. This strengthened the protection for users of Notes outside the US against private-sector industrial espionage, but not against spying by the US government.[160][161]

While it is assumed that foreign transmissions terminating in the U.S. (such as a non-U.S. citizen accessing a U.S. website) subject non-U.S. citizens to NSA surveillance, recent research into boomerang routing has raised new concerns about the NSA’s ability to surveil the domestic Internet traffic of foreign countries.[18] Boomerang routing occurs when an Internet transmission that originates and terminates in a single country transits another. Research at the University of Toronto has suggested that approximately 25% of Canadian domestic traffic may be subject to NSA surveillance activities as a result of the boomerang routing of Canadian Internet service providers.[18]

Intercepted packages are opened carefully by NSA employees

A “load station” implanting a beacon

A document included in NSA files released with Glenn Greenwald’s book No Place to Hide details how the agency’s Tailored Access Operations (TAO) and other NSA units gain access to hardware. They intercept routers, servers and other network hardware being shipped to organizations targeted for surveillance and install covert implant firmware onto them before they are delivered. This was described by an NSA manager as “some of the most productive operations in TAO because they preposition access points into hard target networks around the world.”[162]

Computers seized by the NSA due to interdiction are often modified with a physical device known as Cottonmouth.[163] Cottonmouth is a device that can be inserted in the USB port of a computer in order to establish remote access to the targeted machine. According to NSA’s Tailored Access Operations (TAO) group implant catalog, after implanting Cottonmouth, the NSA can establish Bridging (networking) “that allows the NSA to load exploit software onto modified computers as well as allowing the NSA to relay commands and data between hardware and software implants.”[164]

NSA’s mission, as set forth in Executive Order 12333 in 1981, is to collect information that constitutes “foreign intelligence or counterintelligence” while not “acquiring information concerning the domestic activities of United States persons”. NSA has declared that it relies on the FBI to collect information on foreign intelligence activities within the borders of the United States, while confining its own activities within the United States to the embassies and missions of foreign nations.[165]The appearance of a ‘Domestic Surveillance Directorate’ of the NSA was soon exposed as a hoax in 2013.[166][167]

NSA’s domestic surveillance activities are limited by the requirements imposed by the Fourth Amendment to the U.S. Constitution. The Foreign Intelligence Surveillance Court for example held in October 2011, citing multiple Supreme Court precedents, that the Fourth Amendment prohibitions against unreasonable searches and seizures applies to the contents of all communications, whatever the means, because “a person’s private communications are akin to personal papers.”[168] However, these protections do not apply to non-U.S. persons located outside of U.S. borders, so the NSA’s foreign surveillance efforts are subject to far fewer limitations under U.S. law.[169] The specific requirements for domestic surveillance operations are contained in the Foreign Intelligence Surveillance Act of 1978 (FISA), which does not extend protection to non-U.S. citizens located outside of U.S. territory.[169]

George W. Bush, president during the 9/11 terrorist attacks, approved the Patriot Act shortly after the attacks to take anti-terrorist security measures. Title 1, 2, and 9 specifically authorized measures that would be taken by the NSA. These titles granted enhanced domestic security against terrorism, surveillance procedures, and improved intelligence, respectively. On March 10, 2004, there was a debate between President Bush and White House Counsel Alberto Gonzales, Attorney General John Ashcroft, and Acting Attorney General James Comey. The Attorneys General were unsure if the NSA’s programs could be considered constitutional. They threatened to resign over the matter, but ultimately the NSA’s programs continued.[170] On March 11, 2004, President Bush signed a new authorization for mass surveillance of Internet records, in addition to the surveillance of phone records. This allowed the president to be able to override laws such as the Foreign Intelligence Surveillance Act, which protected civilians from mass surveillance. In addition to this, President Bush also signed that the measures of mass surveillance were also retroactively in place.[171]

Under the PRISM program, which started in 2007,[172][173] NSA gathers Internet communications from foreign targets from nine major U.S. Internet-based communication service providers: Microsoft,[174] Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube and Apple. Data gathered include email, video and voice chat, videos, photos, VoIP chats such as Skype, and file transfers.

Former NSA director General Keith Alexander claimed that in September 2009 the NSA prevented Najibullah Zazi and his friends from carrying out a terrorist attack.[175] However, this claim has been debunked and no evidence has been presented demonstrating that the NSA has ever been instrumental in preventing a terrorist attack.[176][177][178][179]

Besides the more traditional ways of eavesdropping in order to collect signals intelligence, NSA is also engaged in hacking computers, smartphones and their networks. These operations are conducted by the Tailored Access Operations (TAO) division, which has been active since at least circa 1998.[180]

According to the Foreign Policy magazine, “… the Office of Tailored Access Operations, or TAO, has successfully penetrated Chinese computer and telecommunications systems for almost 15 years, generating some of the best and most reliable intelligence information about what is going on inside the People’s Republic of China.”[181][182]

In an interview with Wired magazine, Edward Snowden said the Tailored Access Operations division accidentally caused Syria’s internet blackout in 2012.[183]

The NSA is led by the Director of the National Security Agency (DIRNSA), who also serves as Chief of the Central Security Service (CHCSS) and Commander of the United States Cyber Command (USCYBERCOM) and is the highest-ranking military official of these organizations. He is assisted by a Deputy Director, who is the highest-ranking civilian within the NSA/CSS.

NSA also has an Inspector General, head of the Office of the Inspector General (OIG), a General Counsel, head of the Office of the General Counsel (OGC) and a Director of Compliance, who is head of the Office of the Director of Compliance (ODOC).[184]

Unlike other intelligence organizations such as CIA or DIA, NSA has always been particularly reticent concerning its internal organizational structure.

Read the original here:

National Security Agency – Wikipedia

Posted in NSA

Edward Snowden – Wikipedia

Edward Joseph Snowden (born June 21, 1983) is an American computer professional, former Central Intelligence Agency (CIA) employee, and former contractor for the United States government who copied and leaked classified information from the National Security Agency (NSA) in 2013 without authorization. His disclosures revealed numerous global surveillance programs, many run by the NSA and the Five Eyes Intelligence Alliance with the cooperation of telecommunication companies and European governments.

In 2013, Snowden was hired by an NSA contractor, Booz Allen Hamilton, after previous employment with Dell and the CIA.[1] On May 20, 2013, Snowden flew to Hong Kong after leaving his job at an NSA facility in Hawaii, and in early June he revealed thousands of classified NSA documents to journalists Glenn Greenwald, Laura Poitras, and Ewen MacAskill. Snowden came to international attention after stories based on the material appeared in The Guardian and The Washington Post. Further disclosures were made by other publications including Der Spiegel and The New York Times.

On June 21, 2013, the U.S. Department of Justice unsealed charges against Snowden of two counts of violating the Espionage Act of 1917 and theft of government property[2] following which the Department of State revoked his passport.[3] Two days later, he flew into Moscow’s Sheremetyevo Airport, but Russian authorities noted that his U.S. passport had been cancelled and he was restricted to the airport terminal for over one month. Russia ultimately granted him right of asylum for one year, and repeated extensions have permitted him to stay at least until 2020. In early 2016, he became the president of the Freedom of the Press Foundation, an organization that aims to protect journalists from hacking and government surveillance.[4] As of 2017 he was living in an undisclosed location in Moscow.[5]

A subject of controversy, Snowden has been variously called a hero, a whistleblower, a dissident, a traitor, and a patriot. His disclosures have fueled debates over mass surveillance, government secrecy, and the balance between national security and information privacy.

Edward Joseph Snowden was born on June 21, 1983,[6] in Elizabeth City, North Carolina.[7] His maternal grandfather, Edward J. Barrett,[8][9] was a rear admiral in the U.S. Coast Guard who became a senior official with the FBI and was at the Pentagon in 2001 during the September 11 attacks.[10] Snowden’s father Lonnie was also an officer in the Coast Guard,[11] and his mother Elizabeth is a clerk at the U.S. District Court for the District of Maryland.[12][13][14][15][16] His older sister, Jessica, was a lawyer at the Federal Judicial Center in Washington, D.C. Edward Snowden said that he had expected to work for the federal government, as had the rest of his family.[17] His parents divorced in 2001,[18] and his father remarried.[19] Snowden scored above 145 on two separate IQ tests.[17]

In the early 1990s, while still in grade school, Snowden moved with his family to the area of Fort Meade, Maryland.[20] Mononucleosis caused him to miss high school for almost nine months.[17] Rather than returning to school, he passed the GED test[21] and took classes at Anne Arundel Community College.[14] Although Snowden had no undergraduate college degree,[22] he worked online toward a master’s degree at the University of Liverpool, England, in 2011.[23] He was interested in Japanese popular culture, had studied the Japanese language,[24] and worked for an anime company that had a resident office in the U.S.[25][26] He also said he had a basic understanding of Mandarin Chinese and was deeply interested in martial arts. At age 20, he listed Buddhism as his religion on a military recruitment form, noting that the choice of agnostic was “strangely absent.”[27]

Snowden has said that in the 2008 presidential election, he voted for a third-party candidate, though he “believed in Obama’s promises.” Following the election, he believed President Barack Obama was continuing policies espoused by George W. Bush.[28]

In accounts published in June 2013, interviewers noted that Snowden’s laptop displayed stickers supporting Internet freedom organizations including the Electronic Frontier Foundation (EFF) and the Tor Project.[21] A week after publication of his leaks began, Ars Technica confirmed that Snowden had been an active participant at the site’s online forum from 2001 through May 2012, discussing a variety of topics under the pseudonym “TheTrueHOOHA.”[29] In a January 2009 entry, TheTrueHOOHA exhibited strong support for the U.S. security state apparatus and said leakers of classified information “should be shot in the balls.”[30] However, Snowden disliked Obama’s CIA director appointment of Leon Panetta, saying “Obama just named a fucking politician to run the CIA.”[31] Snowden was also offended by a possible ban on assault weapons, writing “Me and all my lunatic, gun-toting NRA compatriots would be on the steps of Congress before the C-Span feed finished.”[31] Snowden disliked Obama’s economic policies, was against Social Security, and favored Ron Paul’s call for a return to the gold standard.[31] In 2014, Snowden supported a basic income.[32]

Feeling a duty to fight in the Iraq War to help free oppressed people,[21] Snowden enlisted in the United States Army Reserve on May 7, 2004 and became a Special Forces candidate through its 18X enlistment option.[33] He did not complete the training.[6] After breaking both legs in a training accident,[34] he was discharged on September 28, 2004.[35]

Snowden was then employed for less than a year in 2005 as a security guard at the University of Maryland’s Center for Advanced Study of Language, a research center sponsored by the National Security Agency (NSA).[36] According to the University this is not a classified facility,[37] though it is heavily guarded.[38] In June 2014, Snowden told Wired that his job as a security guard required a high-level security clearance, for which he passed a polygraph exam and underwent a stringent background check.[17]

After attending a 2006 job-fair focused on intelligence agencies, Snowden accepted an offer for a position at the CIA.[17][39] The Agency assigned him to the global communications division at CIA headquarters in Langley, Virginia.[17]

In May 2006, Snowden wrote in Ars Technica that he had no trouble getting work because he was a “computer wizard”.[27] After distinguishing himself as a junior employee on the top computer-team, Snowden was sent to the CIA’s secret school for technology specialists, where he lived in a hotel for six months while studying and training full-time.[17]

In March 2007, the CIA stationed Snowden with diplomatic cover in Geneva, Switzerland, where he was responsible for maintaining computer-network security.[17][40] Assigned to the U.S. mission to the United Nations, Snowden received a diplomatic passport and a four-bedroom apartment near Lake Geneva.[17] According to Greenwald, while there Snowden was “considered the top technical and cybersecurity expert” in that country and “was hand-picked by the CIA to support the president at the 2008 NATO summit in Romania”.[41] Snowden described his CIA experience in Geneva as formative, stating that the CIA deliberately got a Swiss banker drunk and encouraged him to drive home. Snowden said that when the latter was arrested, a CIA operative offered to help in exchange for the banker becoming an informant.[42] Ueli Maurer, President of the Swiss Confederation for the year 2013, in June of that year publicly disputed Snowden’s claims. “This would mean that the CIA successfully bribed the Geneva police and judiciary. With all due respect, I just can’t imagine it,” said Maurer.[43] In February 2009, Snowden resigned from the CIA.[44]

In 2009, Snowden began work as a contractee for Dell,[45] which manages computer systems for multiple government agencies. Assigned to an NSA facility at Yokota Air Base near Tokyo, Snowden instructed top officials and military officers on how to defend their networks from Chinese hackers.[17] During his four years with Dell, he rose from supervising NSA computer system upgrades to working as what his rsum termed a “cyberstrategist” and an “expert in cyber counterintelligence” at several U.S. locations.[46] In 2011, he returned to Maryland, where he spent a year as lead technologist on Dell’s CIA account. In that capacity, he was consulted by the chiefs of the CIA’s technical branches, including the agency’s chief information officer and its chief technology officer.[17] U.S. officials and other sources familiar with the investigation said Snowden began downloading documents describing the government’s electronic spying programs while working for Dell in April 2012.[45] Investigators estimated that of the 50,000 to 200,000 documents Snowden gave to Greenwald and Poitras, most were copied by Snowden while working at Dell.[1]

In March 2012, Dell reassigned Snowden to Hawaii as lead technologist for the NSA’s information-sharing office.[17] At the time of his departure from the U.S. in May 2013, he had been employed for 15 months inside the NSA’s Hawaii regional operations center, which focuses on the electronic monitoring of China and North Korea,[1][47] the last three of which were with consulting firm Booz Allen Hamilton.[48] While intelligence officials have described his position there as a system administrator, Snowden has said he was an infrastructure analyst, which meant that his job was to look for new ways to break into Internet and telephone traffic around the world.[49] On March 15, 2013three days after what he later called his “breaking point” of “seeing the Director of National Intelligence, James Clapper, directly lie under oath to Congress”[50]Snowden quit his job at Dell.[51] Although he has said his career high annual salary was $200,000,[52] Snowden said he took a pay cut to work at Booz Allen,[53] where he sought employment in order to gather data and then release details of the NSA’s worldwide surveillance activity.[54] An anonymous source told Reuters that, while in Hawaii, Snowden may have persuaded 2025 co-workers to give him their logins credentials by telling them he needed them to do his job.[55] The NSA sent a memo to Congress saying that Snowden had tricked a fellow employee into sharing his personal public key infrastructure certificate to gain greater access to the NSA’s computer system.[56][57][58] Snowden disputed the memo,[59] saying in January 2014, “I never stole any passwords, nor did I trick an army of co-workers.”[60][61] Booz Allen terminated Snowden’s employment on June 10, 2013, one month after he had left the country.[62]

A former NSA co-worker said that although the NSA was full of smart people, Snowden was a “genius among geniuses” who created a widely implemented backup system for the NSA and often pointed out security flaws to the agency. The former colleague said Snowden was given full administrator privileges with virtually unlimited access to NSA data. Snowden was offered a position on the NSA’s elite team of hackers, Tailored Access Operations, but turned it down to join Booz Allen.[63] An anonymous source later said that Booz Allen’s hiring screeners found possible discrepancies in Snowden’s resume but still decided to hire him.[22] Snowden’s rsum stated that he attended computer-related classes at Johns Hopkins University. A spokeswoman for Johns Hopkins said that the university did not find records to show that Snowden attended the university, and suggested that he may instead have attended Advanced Career Technologies, a private for-profit organization that operated as the Computer Career Institute at Johns Hopkins University.[22] The University of Maryland University College acknowledged that Snowden had attended a summer session at a UM campus in Asia. Snowden’s rsum stated that he estimated that he would receive a University of Liverpool computer security master’s degree in 2013. The university said that Snowden registered for an online master’s degree program in computer security in 2011 but was inactive as a student and had not completed the program.[22]

Snowden has said that he had told multiple employees and two supervisors about his concerns, but the NSA disputes his claim.[64] Snowden elaborated in January 2014, saying “[I] made tremendous efforts to report these programs to co-workers, supervisors, and anyone with the proper clearance who would listen. The reactions of those I told about the scale of the constitutional violations ranged from deeply concerned to appalled, but no one was willing to risk their jobs, families, and possibly even freedom to go through what [Thomas Andrews] Drake did.”[61][65] In March 2014, during testimony to the European Parliament, Snowden wrote that before revealing classified information he had reported “clearly problematic programs” to ten officials, who he said did nothing in response.[66] In a May 2014 interview, Snowden told NBC News that after bringing his concerns about the legality of the NSA spying programs to officials, he was told to stay silent on the matter. He asserted that the NSA had copies of emails he sent to their Office of General Counsel, oversight and compliance personnel broaching “concerns about the NSA’s interpretations of its legal authorities. I had raised these complaints not just officially in writing through email, but to my supervisors, to my colleagues, in more than one office.”[10]

In May 2014, U.S. officials released a single email that Snowden had written in April 2013 inquiring about legal authorities but said that they had found no other evidence that Snowden had expressed his concerns to someone in an oversight position.[67] In June 2014, the NSA said it had not been able to find any records of Snowden raising internal complaints about the agency’s operations.[68] That same month, Snowden explained that he himself has not produced the communiqus in question because of the ongoing nature of the dispute, disclosing for the first time that “I am working with the NSA in regard to these records and we’re going back and forth, so I don’t want to reveal everything that will come out.”[69]

In his May 2014 interview with NBC News, Snowden accused the U.S. government of trying to use one position here or there in his career to distract from the totality of his experience, downplaying him as a “low level analyst.” In his words, he was “trained as a spy in the traditional sense of the word in that I lived and worked undercover overseaspretending to work in a job that I’m notand even being assigned a name that was not mine.” He said he’d worked for the NSA undercover overseas, and for the DIA had developed sources and methods to keep information and people secure “in the most hostile and dangerous environments around the world. So when they say I’m a low-level systems administrator, that I don’t know what I’m talking about, I’d say it’s somewhat misleading.”[10] In a June interview with Globo TV, Snowden reiterated that he “was actually functioning at a very senior level.”[70] In a July interview with The Guardian, Snowden explained that, during his NSA career, “I began to move from merely overseeing these systems to actively directing their use. Many people dont understand that I was actually an analyst and I designated individuals and groups for targeting.”[71] Snowden subsequently told Wired that while at Dell in 2011, “I would sit down with the CIO of the CIA, the CTO of the CIA, the chiefs of all the technical branches. They would tell me their hardest technology problems, and it was my job to come up with a way to fix them.”[17]

Of his time as an NSA analyst, directing the work of others, Snowden recalled a moment when he and his colleagues began to have severe ethical doubts. Snowden said 18 to 22-year-old analysts were suddenly “thrust into a position of extraordinary responsibility, where they now have access to all your private records. In the course of their daily work, they stumble across something that is completely unrelated in any sort of necessary sensefor example, an intimate nude photo of someone in a sexually compromising situation. But they’re extremely attractive. So what do they do? They turn around in their chair and they show a co-worker … and sooner or later this person’s whole life has been seen by all of these other people.” As Snowden observed it, this behavior happened routinely every two months but was never reported, being considered one of the “fringe benefits” of the work.[72]

The exact size of Snowden’s disclosure is unknown,[73] but Australian officials have estimated 15,000 or more Australian intelligence files[74] and British officials estimate at least 58,000 British intelligence files.[75] NSA Director Keith Alexander initially estimated that Snowden had copied anywhere from 50,000 to 200,000 NSA documents.[76] Later estimates provided by U.S. officials were on the order of 1.7 million,[77] a number that originally came from Department of Defense talking points.[78] In July 2014, The Washington Post reported on a cache previously provided by Snowden from domestic NSA operations consisting of “roughly 160,000 intercepted e-mail and instant-message conversations, some of them hundreds of pages long, and 7,900 documents taken from more than 11,000 online accounts.”[79] A U.S. Defense Intelligence Agency report declassified in June 2015 said that Snowden took 900,000 Department of Defense files, more than he downloaded from the NSA.[78]

In March 2014, Army General Martin Dempsey, Chairman of the Joint Chiefs of Staff, told the House Armed Services Committee, “The vast majority of the documents that Snowden … exfiltrated from our highest levels of security … had nothing to do with exposing government oversight of domestic activities. The vast majority of those were related to our military capabilities, operations, tactics, techniques and procedures.”[80] When asked in a May 2014 interview to quantify the number of documents Snowden stole, retired NSA director Keith Alexander said there was no accurate way of counting what he took, but Snowden may have downloaded more than a million documents.[81]

According to Snowden, he did not indiscriminately turn over documents to journalists, stating that “I carefully evaluated every single document I disclosed to ensure that each was legitimately in the public interest. There are all sorts of documents that would have made a big impact that I didn’t turn over”[82] and that “I have to screen everything before releasing it to journalists … If I have time to go through this information, I would like to make it available to journalists in each country.”[54] Despite these measures, the improper redaction of a document by The New York Times resulted in the exposure of intelligence activity against al-Qaeda.[83]

In June 2014, the NSA’s recently installed director, U.S. Navy Admiral Michael S. Rogers, said that while some terrorist groups had altered their communications to avoid surveillance techniques revealed by Snowden, the damage done was not significant enough to conclude that “the sky is falling.”[84] Nevertheless, in February 2015, Rogers said that Snowden’s disclosures had a material impact on the NSA’s detection and evaluation of terrorist activities worldwide.[85]

On 14 June 2015, UK’s Sunday Times reported that Russian and Chinese intelligence services had decrypted more than 1 million classified files in the Snowden cache, forcing the UK’s MI6 intelligence agency to move agents out of live operations in hostile countries. Sir David Omand, a former director of the UK’s GCHQ intelligence gathering agency, described it as a huge strategic setback that was harming Britain, America, and their NATO allies. The Sunday Times said it was not clear whether Russia and China stole Snowden’s data or whether Snowden voluntarily handed it over to remain at liberty in Hong Kong and Moscow.[86][87] In April 2015 the Henry Jackson Society, a British neoconservative think tank, published a report claiming that Snowden’s intelligence leaks negatively impacted Britain’s ability to fight terrorism and organized crime.[88] Gus Hosein, executive director of Privacy International, criticized the report for, in his opinion, presuming that the public became concerned about privacy only after Snowden’s disclosures.[89]

Snowden’s decision to leak NSA documents developed gradually following his March 2007 posting as a technician to the Geneva CIA station.[90] Snowden first made contact with Glenn Greenwald, a journalist working at The Guardian, on December 1, 2012.[91][92] He contacted Greenwald anonymously as “Cincinnatus”[93] and said he had sensitive documents that he would like to share.[94] Greenwald found the measures that the source asked him to take to secure their communications, such as encrypting email, too annoying to employ. Snowden then contacted documentary filmmaker Laura Poitras in January 2013.[95] According to Poitras, Snowden chose to contact her after seeing her New York Times article about NSA whistleblower William Binney.[96] What originally attracted Snowden to both Greenwald and Poitras was a Salon article written by Greenwald detailing how Poitras’ controversial films had made her a target of the government.[94]

Greenwald began working with Snowden in either February[97] or April 2013, after Poitras asked Greenwald to meet her in New York City, at which point Snowden began providing documents to them.[91] Barton Gellman, writing for The Washington Post, says his first direct contact was on May 16, 2013.[98] According to Gellman, Snowden approached Greenwald after the Post declined to guarantee publication within 72 hours of all 41 PowerPoint slides that Snowden had leaked exposing the PRISM electronic data mining program, and to publish online an encrypted code allowing Snowden to later prove that he was the source.[98]

Snowden communicated using encrypted email,[95] and going by the codename “Verax”. He asked not to be quoted at length for fear of identification by stylometry.[98]

According to Gellman, prior to their first meeting in person, Snowden wrote, “I understand that I will be made to suffer for my actions, and that the return of this information to the public marks my end.”[98] Snowden also told Gellman that until the articles were published, the journalists working with him would also be at mortal risk from the United States Intelligence Community “if they think you are the single point of failure that could stop this disclosure and make them the sole owner of this information.”[98]

In May 2013, Snowden was permitted temporary leave from his position at the NSA in Hawaii, on the pretext of receiving treatment for his epilepsy.[21] In mid-May, Snowden gave an electronic interview to Poitras and Jacob Appelbaum which was published weeks later by Der Spiegel.[99]

After disclosing the copied documents, Snowden promised that nothing would stop subsequent disclosures. In June 2013, he said, “All I can say right now is the US government is not going to be able to cover this up by jailing or murdering me. Truth is coming, and it cannot be stopped.”[100]

On May 20, 2013, Snowden flew to Hong Kong,[82] where he was staying when the initial articles based on the leaked documents were published,[101] beginning with The Guardian on June 5.[102] Greenwald later said Snowden disclosed 9,000 to 10,000 documents.[103]

Within months, documents had been obtained and published by media outlets worldwide, most notably The Guardian (Britain), Der Spiegel (Germany), The Washington Post and The New York Times (U.S.), O Globo (Brazil), Le Monde (France), and similar outlets in Sweden, Canada, Italy, Netherlands, Norway, Spain, and Australia.[104] In 2014, NBC broke its first story based on the leaked documents.[105] In February 2014, for reporting based on Snowden’s leaks, journalists Glenn Greenwald, Laura Poitras, Barton Gellman and The Guardians Ewen MacAskill were honored as co-recipients of the 2013 George Polk Award, which they dedicated to Snowden.[106] The NSA reporting by these journalists also earned The Guardian and The Washington Post the 2014 Pulitzer Prize for Public Service[107] for exposing the “widespread surveillance” and for helping to spark a “huge public debate about the extent of the government’s spying”. The Guardian’s chief editor, Alan Rusbridger, credited Snowden for having performed a public service.[108]

The ongoing publication of leaked documents has revealed previously unknown details of a global surveillance apparatus run by the United States’ NSA[111] in close cooperation with three of its Five Eyes partners: Australia’s ASD,[112] the UK’s GCHQ,[113] and Canada’s CSEC.[114]

On June 5, 2013, media reports documenting the existence and functions of classified surveillance programs and their scope began and continued throughout the entire year. The first program to be revealed was PRISM, which allows for court-approved direct access to Americans’ Google and Yahoo accounts, reported from both The Washington Post and The Guardian published one hour apart.[109][115][116] Barton Gellman of The Washington Post was the first journalist to report on Snowden’s documents. He said the U.S. government urged him not to specify by name which companies were involved, but Gellman decided that to name them “would make it real to Americans.”[117] Reports also revealed details of Tempora, a British black-ops surveillance program run by the NSA’s British partner, GCHQ.[115][118] The initial reports included details about NSA call database, Boundless Informant, and of a secret court order requiring Verizon to hand the NSA millions of Americans’ phone records daily,[119] the surveillance of French citizens’ phone and Internet records, and those of “high-profile individuals from the world of business or politics.”[120][121][122] XKeyscore, an analytical tool that allows for collection of “almost anything done on the internet,” was described by The Guardian as a program that shed light on one of Snowden’s most controversial statements: “I, sitting at my desk [could] wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email.”[123]

The NSA’s top-secret black budget, obtained from Snowden by The Washington Post, exposed the successes and failures of the 16 spy agencies comprising the U.S. intelligence community,[124] and revealed that the NSA was paying U.S. private tech companies for clandestine access to their communications networks.[125] The agencies were allotted $52 billion for the 2013 fiscal year.[126]

It was revealed that the NSA was harvesting millions of email and instant messaging contact lists,[127] searching email content,[128] tracking and mapping the location of cell phones,[129] undermining attempts at encryption via Bullrun[130][131] and that the agency was using cookies to piggyback on the same tools used by Internet advertisers “to pinpoint targets for government hacking and to bolster surveillance.”[132] The NSA was shown to be secretly accessing Yahoo and Google data centers to collect information from hundreds of millions of account holders worldwide by tapping undersea cables using the MUSCULAR surveillance program.[109][110]

The NSA, the CIA and GCHQ spied on users of Second Life, Xbox Live and World of Warcraft, and attempted to recruit would-be informants from the sites, according to documents revealed in December 2013.[133][134] Leaked documents showed NSA agents also spied on their own “love interests,” a practice NSA employees termed LOVEINT.[135][136] The NSA was shown to be tracking the online sexual activity of people they termed “radicalizers” in order to discredit them.[137] Following the revelation of Black Pearl, a program targeting private networks, the NSA was accused of extending beyond its primary mission of national security. The agency’s intelligence-gathering operations had targeted, among others, oil giant Petrobras, Brazil’s largest company.[138] The NSA and the GCHQ were also shown to be surveilling charities including UNICEF and Mdecins du Monde, as well as allies such as European Commissioner Joaqun Almunia and the Israeli Prime Minister.[139]

In October 2013, Glenn Greenwald said “the most shocking and significant stories are the ones we are still working on, and have yet to publish.”[140] In November, The Guardian’s editor-in-chief Alan Rusbridger said that only one percent of the documents had been published.[141] In December, Australia’s Minister for Defence David Johnston said his government assumed the worst was yet to come.[142]

By October 2013, Snowden’s disclosures had created tensions[143][144] between the U.S. and some of its close allies after they revealed that the U.S. had spied on Brazil, France, Mexico,[145] Britain,[146] China,[147] Germany,[148] and Spain,[149] as well as 35 world leaders,[150] most notably German Chancellor Angela Merkel, who said “spying among friends” was unacceptable[151] and compared the NSA with the Stasi.[152] Leaked documents published by Der Spiegel in 2014 appeared to show that the NSA had targeted 122 high-ranking leaders.[153]

An NSA mission statement titled “SIGINT Strategy 2012-2016” affirmed that the NSA had plans for continued expansion of surveillance activities. Their stated goal was to “dramatically increase mastery of the global network” and to acquire adversaries’ data from “anyone, anytime, anywhere.”[154] Leaked slides revealed in Greenwald’s book No Place to Hide, released in May 2014, showed that the NSA’s stated objective was to “Collect it All,” “Process it All,” “Exploit it All,” “Partner it All,” “Sniff it All” and “Know it All.”[155]

Snowden said in a January 2014 interview with German television that the NSA does not limit its data collection to national security issues, accusing the agency of conducting industrial espionage. Using the example of German company Siemens, he said, “If there’s information at Siemens that’s beneficial to US national interestseven if it doesn’t have anything to do with national securitythen they’ll take that information nevertheless.”[156] In the wake of Snowden’s revelations and in response to an inquiry from the Left Party, Germany’s domestic security agency Bundesamt fr Verfassungsschutz (BfV) investigated and found no concrete evidence that the U.S. conducted economic or industrial espionage in Germany.[157]

In February 2014, during testimony to the European Union, Snowden said of the remaining undisclosed programs, “I will leave the public interest determinations as to which of these may be safely disclosed to responsible journalists in coordination with government stakeholders.”[158]

In March 2014, documents disclosed by Glenn Greenwald writing for The Intercept showed the NSA, in cooperation with the GCHQ, has plans to infect millions of computers with malware using a program called TURBINE.[159] Revelations included information about QUANTUMHAND, a program through which the NSA set up a fake Facebook server to intercept connections.[159]

According to a report in The Washington Post in July 2014, relying on information furnished by Snowden, 90% of those placed under surveillance in the U.S. are ordinary Americans, and are not the intended targets. The newspaper said it had examined documents including emails, message texts, and online accounts, that support the claim.[160]

In an August 2014 interview, Snowden for the first time disclosed a cyberwarfare program in the works, codenamed MonsterMind, that would automate detection of a foreign cyberattack as it began and automatically fire back. “These attacks can be spoofed,” said Snowden. “You could have someone sitting in China, for example, making it appear that one of these attacks is originating in Russia. And then we end up shooting back at a Russian hospital. What happens next?”[17]

Snowden first contemplated leaking confidential documents around 2008 but held back, partly because he believed the newly elected Barack Obama might introduce reforms.[1] After the disclosures, his identity was made public by The Guardian at his request on June 9, 2013.[97] “I do not want to live in a world where everything I do and say is recorded,” he said. “My sole motive is to inform the public as to that which is done in their name and that which is done against them.”[161]

Snowden said he wanted to “embolden others to step forward” by demonstrating that “they can win.”[162] He also said that the system for reporting problems did not work. “You have to report wrongdoing to those most responsible for it.” He cited a lack of whistleblower protection for government contractors, the use of the 1917 Espionage Act to prosecute leakers, and his belief that had he used internal mechanisms to “sound the alarm,” his revelations “would have been buried forever.”[90][163]

In December 2013, upon learning that a U.S. federal judge had ruled the collection of U.S. phone metadata conducted by the NSA as likely unconstitutional, Snowden said, “I acted on my belief that the NSA’s mass surveillance programs would not withstand a constitutional challenge, and that the American public deserved a chance to see these issues determined by open courts … today, a secret program authorized by a secret court was, when exposed to the light of day, found to violate Americans’ rights.”[164]

In January 2014, Snowden said his “breaking point” was “seeing the Director of National Intelligence, James Clapper, directly lie under oath to Congress.”[50] This referred to testimony on March 12, 2013three months after Snowden first sought to share thousands of NSA documents with Greenwald,[91] and nine months after the NSA says Snowden made his first illegal downloads during the summer of 2012[1]in which Clapper denied to the U.S. Senate Select Committee on Intelligence that the NSA wittingly collects data on millions of Americans.[165] Snowden said, “There’s no saving an intelligence community that believes it can lie to the public and the legislators who need to be able to trust it and regulate its actions. Seeing that really meant for me there was no going back. Beyond that, it was the creeping realization that no one else was going to do this. The public had a right to know about these programs.”[166] In March 2014, Snowden said he had reported policy or legal issues related to spying programs to more than ten officials, but as a contractor had no legal avenue to pursue further whistleblowing.[167]

In May 2013, Snowden took a leave of absence, telling his supervisors he was returning to the mainland for epilepsy treatment, but instead left Hawaii for Hong Kong[168] where he arrived on May 20. Snowden told Guardian reporters in June that he had been in his room at the Mira Hotel since his arrival in the city, rarely going out. On June 10, correspondent Ewen MacAskill said Snowden had left his hotel only briefly three times since May 20.[169]

Snowden vowed to challenge any extradition attempt by the U.S. government, and engaged a Hong Kong-based Canadian human rights lawyer Robert Tibbo as a legal adviser.[1][170][171] Snowden told the South China Morning Post that he planned to remain in Hong Kong for as long as its government would permit.[172][173] Snowden also told the Post that “the United States government has committed a tremendous number of crimes against Hong Kong [and] the PRC as well,”[174] going on to identify Chinese Internet Protocol addresses that the NSA monitored and stating that the NSA collected text-message data for Hong Kong residents. Glenn Greenwald said Snowden was motivated by a need to “ingratiate himself to the people of Hong Kong and China.”[175]

After leaving the Mira Hotel, Snowden stayed in a cramped apartment with other refugees seeking asylum in Hong Kong, an arrangement set up by Tibbo to hide from the authorities.[176]The Russian newspaper Kommersant nevertheless reported that Snowden was living at the Russian consulate shortly before his departure from Hong Kong to Moscow.[177] Ben Wizner, a lawyer with the American Civil Liberties Union (ACLU) and legal adviser to Snowden, said in January 2014, “Every news organization in the world has been trying to confirm that story. They haven’t been able to, because it’s false.”[178] Likewise rejecting the Kommersant story was Anatoly Kucherena, who became Snowden’s lawyer in July 2013 when Snowden asked him for help in seeking temporary asylum in Russia.[179] Kucherena said Snowden did not communicate with Russian diplomats while he was in Hong Kong.[180][181] In early September 2013, however, Russian president Vladimir Putin said that, a few days before boarding a plane to Moscow, Snowden met in Hong Kong with Russian diplomatic representatives.[182]

On June 22 (18 days after publication of Snowden’s NSA documents began), officials revoked his U.S. passport.[183] On June 23, Snowden boarded the commercial Aeroflot flight SU213 to Moscow, accompanied by Sarah Harrison of WikiLeaks.[184][185] Hong Kong authorities said that Snowden had not been detained for the U.S. because the request had not fully complied with Hong Kong law,[186][187] and there was no legal basis to prevent Snowden from leaving.[188][189][Notes 1] On June 24, a U.S. State Department spokesman rejected the explanation of technical noncompliance, accusing the Hong Kong government of deliberately releasing a fugitive despite a valid arrest warrant and after having sufficient time to prohibit his travel.[192] That same day, Julian Assange said that WikiLeaks had paid for Snowden’s lodging in Hong Kong and his flight out.[193]

In October 2013, Snowden said that before flying to Moscow, he gave all the classified documents he had obtained to journalists he met in Hong Kong, and kept no copies for himself.[90] In January 2014, he told a German TV interviewer that he gave all of his information to American journalists reporting on American issues.[50] During his first American TV interview, in May 2014, Snowden said he had protected himself from Russian leverage by destroying the material he had been holding before landing in Moscow.[10]

On June 23, 2013, Snowden landed at Moscow’s Sheremetyevo Airport.[194] WikiLeaks said he was on a circuitous but safe route to asylum in Ecuador.[195] Snowden had a seat reserved to continue to Cuba[196] but did not board that onward flight, saying in a January 2014 interview that he intended to transit through Russia but was stopped en route. He asserted “a planeload of reporters documented the seat I was supposed to be in” when he was ticketed for Havana, but the U.S. cancelled his passport.[178] He said the U.S. wanted him to stay in Moscow so “they could say, ‘He’s a Russian spy.'”[197] Greenwald’s account differed on the point of Snowden being already ticketed. According to Greenwald, Snowden’s passport was valid when he departed Hong Kong but was revoked during the hours he was in transit to Moscow, preventing him from obtaining a ticket to leave Russia. Greenwald said Snowden was thus forced to stay in Moscow and seek asylum.[198]

According to one Russian report, Snowden planned to fly from Moscow through Havana to Latin America; however, Cuba told Moscow it would not allow the Aeroflot plane carrying Snowden to land.[199] Russian newspaper Kommersant reported that Cuba had a change of heart after receiving pressure from U.S. officials,[200] leaving him stuck in the transit zone because at the last minute Havana told officials in Moscow not to allow him on the flight.[201] The Washington Post contrasted this version with what it called “widespread speculation” that Russia never intended to let Snowden proceed.[202] Fidel Castro called claims that Cuba would have blocked Snowden’s entry a “lie” and a “libel.”[196] Describing Snowden’s arrival in Moscow as a surprise and likening it to “an unwanted Christmas gift,”[203] Russian president Putin said that Snowden remained in the transit area of Sheremetyevo Airport, had committed no crime in Russia, was free to leave and should do so.[204] Putin denied that Russia’s intelligence agencies had worked or were working with Snowden.[203]

Following Snowden’s arrival in Moscow, the White House expressed disappointment in Hong Kong’s decision to allow him to leave.[205][206][192] An anonymous U.S. official not authorized to discuss the matter told AP Snowden’s passport had been revoked before he left Hong Kong, but that a senior official in a country or airline could order subordinates to overlook the withdrawn passport.[207] U.S. Secretary of State John Kerry said that Snowden’s passport was cancelled “within two hours” of the charges against Snowden being made public[3] which was Friday, June 21.[2] In a July 1 statement, Snowden said, “Although I am convicted of nothing, [the U.S. government] has unilaterally revoked my passport, leaving me a stateless person. Without any judicial order, the administration now seeks to stop me exercising a basic right. A right that belongs to everybody. The right to seek asylum.”[208]

Four countries offered Snowden permanent asylum: Ecuador, Nicaragua, Bolivia, and Venezuela.[209] No direct flights between Moscow and Venezuela, Bolivia or Nicaragua existed, however, and the U.S. pressured countries along his route to hand him over. Snowden said in July 2013 that he decided to bid for asylum in Russia because he felt there was no safe way to reach Latin America.[210] Snowden said he remained in Russia because “when we were talking about possibilities for asylum in Latin America, the United States forced down the Bolivian President’s plane”, citing the Morales plane incident. On the issue, he said “some governments in Western European and North American states have demonstrated a willingness to act outside the law, and this behavior persists today. This unlawful threat makes it impossible for me to travel to Latin America and enjoy the asylum granted there in accordance with our shared rights.”[211] He said that he would travel from Russia if there was no interference from the U.S. government.[178]

Four months after Snowden received asylum in Russia, Julian Assange commented, “While Venezuela and Ecuador could protect him in the short term, over the long term there could be a change in government. In Russia, he’s safe, he’s well-regarded, and that is not likely to change. That was my advice to Snowden, that he would be physically safest in Russia.”[168] According to Snowden, “the CIA has a very powerful presence [in Latin America] and the governments and the security services there are relatively much less capable than, say, Russia…. they could have basically snatched me….”[212]

In an October 2014 interview with The Nation magazine, Snowden reiterated that he had originally intended to travel to Latin America: “A lot of people are still unaware that I never intended to end up in Russia.” According to Snowden, the U.S. government “waited until I departed Hong Kong to cancel my passport in order to trap me in Russia.” Snowden added, “If they really wanted to capture me, they would’ve allowed me to travel to Latin America, because the CIA can operate with impunity down there. They did not want that; they chose to keep me in Russia.”[213]

On July 1, 2013, president Evo Morales of Bolivia, who had been attending a conference in Russia, suggested during an interview with Russia Today that he would consider a request by Snowden for asylum.[214] The following day, Morales’ plane, en route to Bolivia, was rerouted to Austria and searched there, after France, Spain, and Italy denied access to their airspace.[215] U.S. officials had raised suspicions that Snowden may have been on board.[216] Morales blamed the U.S. for putting pressure on European countries, and said that the grounding of his plane was a violation of international law.[217]

In April 2015, Bolivia’s ambassador to Russia, Mara Luisa Ramos Urzagaste, accused Julian Assange of putting Morales’s life at risk by intentionally providing to the U.S. false rumors that Snowden was on Morales’ plane. Assange responded that the plan “was not completely honest, but we did consider that the final result would have justified our actions. The result was caused by the United States’ intervention. We can only regret what happened.”[218]

Snowden applied for political asylum to 21 countries.[219][220] A statement attributed to him contended that the U.S. administration, and specifically Vice President Joe Biden, had pressured the governments to refuse his asylum petitions. Biden had telephoned President Rafael Correa days prior to Snowden’s remarks, asking the Ecuadorian leader not to grant Snowden asylum.[221] Ecuador had initially offered Snowden a temporary travel document but later withdrew it,[222] and Correa later called the offer a mistake.[223]

In a July 1 statement published by WikiLeaks, Snowden accused the U.S. government of “using citizenship as a weapon” and using what he described as “old, bad tools of political aggression.” Citing Obama’s promise to not allow “wheeling and dealing” over the case, Snowden commented, “This kind of deception from a world leader is not justice, and neither is the extralegal penalty of exile.”[224] Several days later, WikiLeaks announced that Snowden had applied for asylum in six additional countries, but declined to name them, alleging attempted U.S. interference.[225]

After evaluating the law and Snowden’s situation, the French interior ministry rejected his request for asylum.[226] Poland refused to process his application because it did not conform to legal procedure.[227] Brazil’s Foreign Ministry said the government planned no response to Snowden’s asylum request. Germany and India rejected Snowden’s application outright, while Austria, Ecuador, Finland, Norway, Italy, the Netherlands, and Spain said he must be on their territory to apply.[228][229][230] In November 2014, Germany announced that Snowden had not renewed his previously denied request and was not being considered for asylum.[231] Glenn Greenwald later reported that Sigmar Gabriel, Vice-Chancellor of Germany, told him the U.S. government had threatened to stop sharing intelligence if Germany offered Snowden asylum or arranged for his travel there.[232]

Putin said on July 1, 2013, that if Snowden wanted to be granted asylum in Russia, he would be required to “stop his work aimed at harming our American partners.”[233] A spokesman for Putin subsequently said that Snowden had withdrawn his asylum application upon learning of the conditions.[234]

In a July 12 meeting at Sheremetyevo Airport with representatives of human rights organizations and lawyers, organized in part by the Russian government,[235] Snowden said he was accepting all offers of asylum that he had already received or would receive. He added that Venezuela’s grant of asylum formalized his asylee status, removing any basis for state interference with his right to asylum.[236] He also said he would request asylum in Russia until he resolved his travel problems.[237]Russian Federal Migration Service officials confirmed on July 16 that Snowden had submitted an application for temporary asylum.[238] On July 24, Kucherena said his client wanted to find work in Russia, travel and create a life for himself, and had already begun learning Russian.[239]

Amid media reports in early July 2013 attributed to U.S. administration sources that Obama’s one-on-one meeting with Putin, ahead of a G20 meeting in St Petersburg scheduled for September, was in doubt due to Snowden’s protracted sojourn in Russia,[240] top U.S. officials repeatedly made it clear to Moscow that Snowden should immediately be returned to the United States to face charges for the unauthorized leaking of classified information.[241][242][243] His Russian lawyer said Snowden needed asylum because he faced persecution by the U.S. government and feared “that he could be subjected to torture and capital punishment.”[244]

In a letter to Russian Minister of Justice Alexander Konovalov dated July 23, U.S. Attorney General Eric Holder repudiated Snowden’s claim to refugee status, and offered a limited validity passport good for direct return to the U.S.[245] He further asserted that Snowden would not be subject to torture or the death penalty, and would receive trial in a civilian court with proper legal counsel.[246] The same day, the Russian president’s spokesman reiterated that his government would not hand over Snowden, noting that Putin was not personally involved in the matter and that it was being handled through talks between the FBI and Russia’s FSB.[247]

On June 14, 2013, United States federal prosecutors filed a criminal complaint against Snowden, charging him with theft of government property and two counts of violating the Espionage Act of 1917 through unauthorized communication of national defense information and willful communication of classified communications intelligence information to an unauthorized person.[2][245] Each of the three charges carries a maximum possible prison term of ten years. The charge was initially secret and was unsealed a week later.

Snowden was asked in a January 2014 interview about returning to the U.S. to face the charges in court, as Obama had suggested a few days prior. Snowden explained why he rejected the request: “What he doesn’t say are that the crimes that he’s charged me with are crimes that don’t allow me to make my case. They don’t allow me to defend myself in an open court to the public and convince a jury that what I did was to their benefit. … So it’s, I would say, illustrative that the President would choose to say someone should face the music when he knows the music is a show trial.”[50][248] Snowden’s legal representative, Jesselyn Radack, wrote that “the Espionage Act effectively hinders a person from defending himself before a jury in an open court.” She said that the “arcane World War I law” was never meant to prosecute whistleblowers, but rather spies who sold secrets to enemies for profit.[249]

On June 23, 2013, Snowden landed at Moscow’s Sheremetyevo Airport aboard a commercial Aeroflot flight from Hong Kong.[250][184][251] On August 1, after 39 days in the transit section, he left the airport and was granted temporary asylum in Russia for one year.[252] A year later, his temporary asylum having expired, Snowden received a three-year residency permit allowing him to travel freely within Russia and to go abroad for up to three months. He was not granted permanent political asylum.[253] In January 2017, a spokesperson for the Russian foreign ministry wrote on Facebook that Snowden’s asylum, which was due to expire in 2017, was extended by “a couple more years.”[254][255] Snowden’s lawyer Anatoly Kucherena said the extension was valid until 2020.[256]

A subject of controversy, Snowden has been variously called a hero,[257][258][259] a whistleblower,[260][261][262][263] a dissident,[264] a patriot,[265][266][267] and a traitor.[268][269][270][271] Pentagon Papers leaker Daniel Ellsberg called Snowden’s release of NSA material the most significant leak in U.S. history.[272][273]

Numerous high-ranking current or former U.S. government officials reacted publicly to Snowden’s disclosures.

In the U.S., Snowden’s actions precipitated an intense debate on privacy and warrantless domestic surveillance.[287][288] President Obama was initially dismissive of Snowden, saying “I’m not going to be scrambling jets to get a 29-year-old hacker.”[289][290][291] In August 2013, Obama rejected the suggestion that Snowden was a patriot,[292] and in November said that “the benefit of the debate he generated was not worth the damage done, because there was another way of doing it.”[293]

In June 2013, U.S. Senator Bernie Sanders of Vermont wrote on his blog, “Love him or hate him, we all owe Snowden our thanks for forcing upon the nation an important debate. But the debate shouldn’t be about him. It should be about the gnawing questions his actions raised from the shadows.”[294]

Snowden said in December 2013 that he was “inspired by the global debate” ignited by the leaks and that NSA’s “culture of indiscriminate global espionage … is collapsing.”[295]

At the end of 2013, however, The Washington Post noted that the public debate and its offshoots had produced no meaningful change in policy, with the status quo continuing.[135]

In 2016, on The Axe Files podcast, former U.S. Attorney General Eric Holder said that Snowden “performed a public service by raising the debate that we engaged in and by the changes that we made.” Holder nevertheless said that Snowden’s actions were inappropriate and illegal.[296]

In September 2016, the bipartisan U.S. House Permanent Select Committee on Intelligence completed a review of the Snowden disclosures and said that the federal government would have to spend millions of dollars responding to the fallout from Snowden’s disclosures.[297] The report also said that “the public narrative popularized by Snowden and his allies is rife with falsehoods, exaggerations, and crucial omissions.”[298] The report was denounced by Washington Post reporter Barton Gellman, who called it “aggressively dishonest” and “contemptuous of fact.”[299]

In August 2013, President Obama said that he had called for a review of U.S. surveillance activities before Snowden had begun revealing details of the NSA’s operations,[292] and announced that he was directing DNI James Clapper “to establish a review group on intelligence and communications technologies.”[300][301] In December, the task force issued 46 recommendations that, if adopted, would subject the NSA to additional scrutiny by the courts, Congress, and the president, and would strip the NSA of the authority to infiltrate American computer systems using backdoors in hardware or software.[302] Panel member Geoffrey R. Stone said there was no evidence that the bulk collection of phone data had stopped any terror attacks.[303]

On June 6, 2013, in the wake of Snowden’s leaks, conservative public interest lawyer and Judicial Watch founder Larry Klayman filed a lawsuit claiming that the federal government had unlawfully collected metadata for his telephone calls and was harassing him. In Klayman v. Obama, Judge Richard J. Leon referred to the NSA’s “almost-Orwellian technology” and ruled the bulk telephony metadata program to be probably unconstitutional.[304] Snowden later described Judge Leon’s decision as vindication.[305]

On June 11, the ACLU filed a lawsuit against James Clapper, Director of National Intelligence, alleging that the NSA’s phone records program was unconstitutional. In December 2013, ten days after Judge Leon’s ruling, Judge William H. Pauley III came to the opposite conclusion. In ACLU v. Clapper, although acknowledging that privacy concerns are not trivial, Pauley found that the potential benefits of surveillance outweigh these considerations and ruled that the NSA’s collection of phone data is legal.[306]

Gary Schmitt, former staff director of the Senate Select Committee on Intelligence, wrote that “The two decisions have generated public confusion over the constitutionality of the NSA’s data collection programa kind of judicial ‘he-said, she-said’ standoff.”[307]

On May 7, 2015, in the case of ACLU v. Clapper, the United States Court of Appeals for the Second Circuit said that Section 215 of the Patriot Act did not authorize the NSA to collect Americans’ calling records in bulk, as exposed by Snowden in 2013. The decision voided U.S. District Judge William Pauley’s December 2013 finding that the NSA program was lawful, and remanded the case to him for further review. The appeals court did not rule on the constitutionality of the bulk surveillance, and declined to enjoin the program, noting the pending expiration of relevant parts of the Patriot Act. Circuit Judge Gerard E. Lynch wrote that, given the national security interests at stake, it was prudent to give Congress an opportunity to debate and decide the matter.[308]

On June 2, 2015, the U.S. Senate passed, and President Obama signed, the USA Freedom Act which restored in modified form several provisions of the Patriot Act that had expired the day before, while for the first time imposing some limits on the bulk collection of telecommunication data on U.S. citizens by American intelligence agencies. The new restrictions were widely seen as stemming from Snowden’s revelations.[309][310]

Hans-Georg Maaen, head of the Federal Office for the Protection of the Constitution, Germany’s domestic security agency, said that Snowden could have been working for the Russian government.[311] Snowden has rejected this insinuation.[312]

Crediting the Snowden leaks, the United Nations General Assembly unanimously adopted Resolution 68/167 in December 2013. The non-binding resolution denounced unwarranted digital surveillance and included a symbolic declaration of the right of all individuals to online privacy.[313][314][315]

Support for Snowden came from Latin American leaders including the Argentinian President Cristina Fernndez de Kirchner, Brazilian President Dilma Rousseff, Ecuadorian President Rafael Correa, Bolivian President Evo Morales, Venezuelan President Nicols Maduro, and Nicaraguan President Daniel Ortega.[316][317]

In an official report published in October 2015, the United Nations special rapporteur for the promotion and protection of the right to freedom of speech, Professor David Kaye, criticized the U.S. government’s harsh treatment of, and bringing criminal charges against, whistleblowers, including Edward Snowden. The report found that Snowden’s revelations were important for people everywhere and made “a deep and lasting impact on law, policy and politics.”[318][319] The European Parliament invited Snowden to make a pre-recorded video appearance to aid their NSA investigation.[320][321] Snowden gave written testimony in which he said that he was seeking asylum in the EU, but that he was told by European Parliamentarians that the U.S. would not allow EU partners to make such an offer.[322] He told the Parliament that the NSA was working with the security agencies of EU states to “get access to as much data of EU citizens as possible.”[323] The NSA’s Foreign Affairs Division, he claimed, lobbies the EU and other countries to change their laws, allowing for “everyone in the country” to be spied on legally.[324]

In July 2014, Navi Pillay, UN High Commissioner for Human Rights, told a news conference in Geneva that the U.S. should abandon its efforts to prosecute Snowden, since his leaks were in the public interest.[325]

Surveys conducted by news outlets and professional polling organizations found that American public opinion was divided on Snowden’s disclosures, and that those polled in Canada and Europe were more supportive of Snowden than respondents in the U.S.

For his global surveillance disclosures, Snowden has been honored by publications and organizations based in Europe and the United States. He was voted as The Guardian’s person of the year 2013, garnering four times the number of votes as any other candidate.[326]

In March 2014, Snowden spoke at the South by Southwest (SXSW) Interactive technology conference in Austin, Texas, in front of 3,500 attendees. He participated by teleconference carried over multiple routers running the Google Hangouts platform. On-stage moderators were Christopher Soghoian and Snowden’s legal counsel Wizner, both from the ACLU.[327] Snowden said that the NSA was “setting fire to the future of the internet,” and that the SXSW audience was “the firefighters.”[328][329][330] Attendees could use Twitter to send questions to Snowden, who answered one by saying that information gathered by corporations was much less dangerous than that gathered by a government agency, because “governments have the power to deprive you of your rights.”[328] Representative Mike Pompeo (R-KS) of the House Intelligence Committee, and later director of the CIA, had tried unsuccessfully to get the SXSW management to cancel Snowden’s appearance; instead, SXSW director Hugh Forrest said that the NSA was welcome to respond to Snowden at the 2015 conference.[328]

Later that month, Snowden appeared by teleconference at the TED conference in Vancouver, British Columbia. Represented on stage by a robot with a video screen, video camera, microphones and speakers, Snowden conversed with TED curator Chris Anderson, and told the attendees that online businesses should act quickly to encrypt their websites. He described the NSA’s PRISM program as the U.S. government using businesses to collect data for them, and that the NSA “intentionally misleads corporate partners” using, as an example, the Bullrun decryption program to create backdoor access.[331] Snowden said he would gladly return to the U.S. if given immunity from prosecution, but that he was more concerned about alerting the public about abuses of government authority.[331] Anderson invited Internet pioneer Tim Berners-Lee on stage to converse with Snowden, who said that he would support Berners-Lee’s concept of an “internet Magna Carta” to “encode our values in the structure of the internet.”[331][332]

On September 15, 2014, Snowden appeared via remote video link, along with Julian Assange, on Kim Dotcom’s Moment of Truth town hall meeting held in Auckland.[333] He made a similar video link appearance on February 2, 2015, along with Greenwald, as the keynote speaker at the World Affairs Conference at Upper Canada College in Toronto.[334]

In March 2015, while speaking at the FIFDH (international human rights film festival) he made a public appeal for Switzerland to grant him asylum, saying he would like to return to live in Geneva, where he once worked undercover for the Central Intelligence Agency.[335]

On November 10, 2015, Snowden appeared at the Newseum, via remote video link, for PEN American Center’s “Secret Sources: Whistleblowers, National Security and Free Expression,” event.[336]

In 2015, Snowden earned over $200,000 from digital speaking engagements in the U.S.[337]

More here:

Edward Snowden – Wikipedia

Posted in NSA

NSA | Define NSA at AcronymFinder

NSANational Security Agency (US government)NSANational Speakers AssociationNSANo Strings AttachedNSANaval Support ActivityNSANaczelny Sad Administracyjny (Polish: Supreme Administrative Court)NSANetwork Security Appliance (Sonicwall)NSANotary Signing AgentNSANational Security AdvisorNSANot Seasonally AdjustedNSANational Security ArchiveNSANational Security ActNSANon-Standard Auto (insurance)NSANational Society of AccountantsNSANational Sheriffs’ Association (Alexandria, VA, USA)NSANetwork Systems Administrator (various organizations)NSANational Security AffairsNSANational Snow Analyses (US NOAA)NSANational Sports Academy (various locations)NSANetwork Security AdministratorNSANetwork Storage Appliance (computing)NSANo Sugar AddedNSANational Space AgencyNSANational Stuttering AssociationNSANational Supervisory Authority (EU)NSANational Stroke AssociationNSANetwork Spinal AnalysisNSANational Spiritual Assembly (Institution of the Baha’i Faith)NSANational Survey of AdolescentsNSANorwegian Shipowners AssociationNSANorth Slope of AlaskaNSANational Sheep Association (Malvern, Worcestershire, UK)NSANew Small Airplane (Boeing)NSANational Safety AssociatesNSANational Scrabble AssociationNSANon-State Actor (international relations)NSANippon Surfing Association (Japan)NSANational Student AssociationNSANorth Star AcademyNSANeed Special AssistanceNSANational Smokejumper AssociationNSANew Saint Andrews College (Moscow, Idaho)NSANational Sunflower AssociationNSANetwork Security AgreementNSANew Student Ambassadors (various schools)NSANational Stone Association (Washington, DC)NSANative Speakers of ArabicNSANational Stereoscopic AssociationNSANegative Security AssurancesNSANational Steeplechase AssociationNSANational Sound ArchiveNSANational Security AreaNSANATO Standardization AgencyNSANational Smokers AllianceNSANebraska Statewide ArboretumNSANon Standard Ammunition (munitions)NSANational Statistical Authorities (EU)NSANordic Securities Association (est. 2008)NSANegotiated Service Agreement (US postal service)NSANational Security Agents (gaming clan)NSANo Secrets AssociationNSANon-Standard AnalysisNSANew Settlement Apartments (New York, NY)NSANeil Stewart Associates (UK)NSANational Seniors Australia (est. 1976)NSANuclear Science AbstractsNSANormalized Site AttenuationNSANashville School of the Arts (Tennessee)NSANational Storytelling AssociationNSANatural Systems AgricultureNSANetwork Simplex AlgorithmNSANational Slag Association (Alexandria, VA)NSANon-Self-AlignedNSANorthern Study AreaNSANavy Support ActivityNSANational Skateboard AssociationNSANoise Sensitive AreaNSANikkei Stock AverageNSANational Shipping AuthorityNSANational School of Administration (China)NSANon-surgical Sperm AspirationNSANunavut Settlement AreaNSANew Statistical Account (Reports on the conditions of Scotland, with reports on each parish, in the 1830s)NSANouvelle Substance Active (French: New Active Substance; Canada)NSANational Supers Agency (fictional from the movie The Incredibles)NSANational Safety AssociationNSANational Security Anarchists (hacker group)NSANational Sprint Association (UK)NSANatuurwetenschappelijke Studievereniging Amsterdam (University of Amsterdam Physics Department student organization)NSANebraska Soybean AssociationNSANational Scrapbooking AssociationNSANaperville Soccer AssociationNSANippon Software Industry Association (Japan)NSANo Smoking AreaNSANetwork Supported Account (Cisco)NSANever Standing AloneNSANippon Steel AustraliaNSANational Softball Association, Inc.NSANorcross Soccer Association (Georgia)NSANaval Supervising ActivityNSANational Singles Association (Atlanta, Georgia)NSANavy Stock AccountNSANight Stalker AssociationNSANational Success AssociationNSANational Shuffleboard AssociationNSANational Software AllianceNSANo Significant Abnormalities (disease assessment)NSANorthern Slope of AlaskaNSANational Service Alliance, LLCNSANon Semi Auto (concealed handgun license; Texas)NSANon Standard Area (of a database)NSANantucket Shellfish Association (Nantucket, MA)NSANational Scout AssociationNSANational Standard ApplicationNSANarrow-Slot ApproximationNSANational Sentinel AuditNSANet Sales AreaNSANode Switching AssemblyNSANikkei Student AssociationNSANetwork Search AlgorithmNSANuclear Support AgencyNSANaval Systems AnalysisNSANet Sellable Area (real estate)NSANational Sex AuthorityNSANetwork South Australia (Adelaide, Australia)NSANeutron Source AssemblyNSANichiren Shosu of AmericaNSANippon Supporters Association (Japan)NSANorwegian Security ActNSANet Server AssistantNSANabelschnurarterie (German: Umbilical Cord Artery)NSANarrow Slot ApertureNSANikkei Siam Aluminium Limited (Pathumtani, Thailand)

More:

NSA | Define NSA at AcronymFinder

Posted in NSA

National Security Agency – Wikipedia

National Security Agency

Seal of the National Security Agency

Flag of the National Security Agency

The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence. The NSA is responsible for global monitoring, collection, and processing of information and data for foreign intelligence and counterintelligence purposes, specializing in a discipline known as signals intelligence (SIGINT). The NSA is also tasked with the protection of U.S. communications networks and information systems.[8][9] The NSA relies on a variety of measures to accomplish its mission, the majority of which are clandestine.[10]

Originating as a unit to decipher coded communications in World War II, it was officially formed as the NSA by President Harry S. Truman in 1952. Since then, it has become the largest of the U.S. intelligence organizations in terms of personnel and budget.[6][11] The NSA currently conducts worldwide mass data collection and has been known to physically bug electronic systems as one method to this end.[12] The NSA has also been alleged to have been behind such attack software as Stuxnet, which severely damaged Iran’s nuclear program.[13][14] The NSA, alongside the Central Intelligence Agency (CIA), maintains a physical presence in many countries across the globe; the CIA/NSA joint Special Collection Service (a highly classified intelligence team) inserts eavesdropping devices in high value targets (such as Presidential palaces or embassies). SCS collection tactics allegedly encompass “close surveillance, burglary, wiretapping, [and] breaking and entering”.[15][16]

Unlike the CIA and the Defense Intelligence Agency (DIA), both of which specialize primarily in foreign human espionage, the NSA does not publicly conduct human-source intelligence gathering. The NSA is entrusted with providing assistance to, and the coordination of, SIGINT elements for other government organizations – which are prevented by law from engaging in such activities on their own.[17] As part of these responsibilities, the agency has a co-located organization called the Central Security Service (CSS), which facilitates cooperation between the NSA and other U.S. defense cryptanalysis components. To further ensure streamlined communication between the signals intelligence community divisions, the NSA Director simultaneously serves as the Commander of the United States Cyber Command and as Chief of the Central Security Service.

The NSA’s actions have been a matter of political controversy on several occasions, including its spying on anti-Vietnam-war leaders and the agency’s participation in economic espionage. In 2013, the NSA had many of its secret surveillance programs revealed to the public by Edward Snowden, a former NSA contractor. According to the leaked documents, the NSA intercepts and stores the communications of over a billion people worldwide, including United States citizens. The documents also revealed the NSA tracks hundreds of millions of people’s movements using cellphones metadata. Internationally, research has pointed to the NSA’s ability to surveil the domestic Internet traffic of foreign countries through “boomerang routing”.[18]

The origins of the National Security Agency can be traced back to April 28, 1917, three weeks after the U.S. Congress declared war on Germany in World War I. A code and cipher decryption unit was established as the Cable and Telegraph Section which was also known as the Cipher Bureau.[19] It was headquartered in Washington, D.C. and was part of the war effort under the executive branch without direct Congressional authorization. During the course of the war it was relocated in the army’s organizational chart several times. On July 5, 1917, Herbert O. Yardley was assigned to head the unit. At that point, the unit consisted of Yardley and two civilian clerks. It absorbed the navy’s Cryptanalysis functions in July 1918. World War I ended on November 11, 1918, and the army cryptographic section of Military Intelligence (MI-8) moved to New York City on May 20, 1919, where it continued intelligence activities as the Code Compilation Company under the direction of Yardley.[20][21]

After the disbandment of the U.S. Army cryptographic section of military intelligence, known as MI-8, in 1919, the U.S. government created the Cipher Bureau, also known as Black Chamber. The Black Chamber was the United States’ first peacetime cryptanalytic organization.[22] Jointly funded by the Army and the State Department, the Cipher Bureau was disguised as a New York City commercial code company; it actually produced and sold such codes for business use. Its true mission, however, was to break the communications (chiefly diplomatic) of other nations. Its most notable known success was at the Washington Naval Conference, during which it aided American negotiators considerably by providing them with the decrypted traffic of many of the conference delegations, most notably the Japanese. The Black Chamber successfully persuaded Western Union, the largest U.S. telegram company at the time, as well as several other communications companies to illegally give the Black Chamber access to cable traffic of foreign embassies and consulates.[23] Soon, these companies publicly discontinued their collaboration.

Despite the Chamber’s initial successes, it was shut down in 1929 by U.S. Secretary of State Henry L. Stimson, who defended his decision by stating, “Gentlemen do not read each other’s mail”.[24]

During World War II, the Signal Intelligence Service (SIS) was created to intercept and decipher the communications of the Axis powers.[25] When the war ended, the SIS was reorganized as the Army Security Agency (ASA), and it was placed under the leadership of the Director of Military Intelligence.[25]

On May 20, 1949, all cryptologic activities were centralized under a national organization called the Armed Forces Security Agency (AFSA).[25] This organization was originally established within the U.S. Department of Defense under the command of the Joint Chiefs of Staff.[26] The AFSA was tasked to direct Department of Defense communications and electronic intelligence activities, except those of U.S. military intelligence units.[26] However, the AFSA was unable to centralize communications intelligence and failed to coordinate with civilian agencies that shared its interests such as the Department of State, Central Intelligence Agency (CIA) and the Federal Bureau of Investigation (FBI).[26] In December 1951, President Harry S. Truman ordered a panel to investigate how AFSA had failed to achieve its goals. The results of the investigation led to improvements and its redesignation as the National Security Agency.[27]

The agency was formally established by Truman in a memorandum of October 24, 1952, that revised National Security Council Intelligence Directive (NSCID) 9.[28] Since President Truman’s memo was a classified document,[28] the existence of the NSA was not known to the public at that time. Due to its ultra-secrecy the U.S. intelligence community referred to the NSA as “No Such Agency”.[29]

In the 1960s, the NSA played a key role in expanding U.S. commitment to the Vietnam War by providing evidence of a North Vietnamese attack on the American destroyer USSMaddox during the Gulf of Tonkin incident.[30]

A secret operation, code-named “MINARET”, was set up by the NSA to monitor the phone communications of Senators Frank Church and Howard Baker, as well as major civil rights leaders, including Martin Luther King, Jr., and prominent U.S. journalists and athletes who criticized the Vietnam War.[31] However, the project turned out to be controversial, and an internal review by the NSA concluded that its Minaret program was “disreputable if not outright illegal”.[31]

The NSA mounted a major effort to secure tactical communications among U.S. forces during the war with mixed success. The NESTOR family of compatible secure voice systems it developed was widely deployed during the Vietnam War, with about 30,000 NESTOR sets produced. However a variety of technical and operational problems limited their use, allowing the North Vietnamese to exploit and intercept U.S. communications.[32]:Vol I, p.79

In the aftermath of the Watergate scandal, a congressional hearing in 1975 led by Sen. Frank Church[33] revealed that the NSA, in collaboration with Britain’s SIGINT intelligence agency Government Communications Headquarters (GCHQ), had routinely intercepted the international communications of prominent anti-Vietnam war leaders such as Jane Fonda and Dr. Benjamin Spock.[34] The Agency tracked these individuals in a secret filing system that was destroyed in 1974.[35]Following the resignation of President Richard Nixon, there were several investigations of suspected misuse of FBI, CIA and NSA facilities.[36] Senator Frank Church uncovered previously unknown activity,[36] such as a CIA plot (ordered by the administration of President John F. Kennedy) to assassinate Fidel Castro.[37] The investigation also uncovered NSA’s wiretaps on targeted U.S. citizens.[38]

After the Church Committee hearings, the Foreign Intelligence Surveillance Act of 1978 was passed into law. This was designed to limit the practice of mass surveillance in the United States.[36]

In 1986, the NSA intercepted the communications of the Libyan government during the immediate aftermath of the Berlin discotheque bombing. The White House asserted that the NSA interception had provided “irrefutable” evidence that Libya was behind the bombing, which U.S. President Ronald Reagan cited as a justification for the 1986 United States bombing of Libya.[39][40]

In 1999, a multi-year investigation by the European Parliament highlighted the NSA’s role in economic espionage in a report entitled ‘Development of Surveillance Technology and Risk of Abuse of Economic Information’.[41] That year, the NSA founded the NSA Hall of Honor, a memorial at the National Cryptologic Museum in Fort Meade, Maryland.[42] The memorial is a, “tribute to the pioneers and heroes who have made significant and long-lasting contributions to American cryptology”.[42] NSA employees must be retired for more than fifteen years to qualify for the memorial.[42]

NSA’s infrastructure deteriorated in the 1990s as defense budget cuts resulted in maintenance deferrals. On January 24, 2000, NSA headquarters suffered a total network outage for three days caused by an overloaded network. Incoming traffic was successfully stored on agency servers, but it could not be directed and processed. The agency carried out emergency repairs at a cost of $3 million to get the system running again. (Some incoming traffic was also directed instead to Britain’s GCHQ for the time being.) Director Michael Hayden called the outage a “wake-up call” for the need to invest in the agency’s infrastructure.[43]

In the 1990s the defensive arm of the NSA the Information Assurance Directorate (IAD) started working more openly; the first public technical talk by an NSA scientist at a major cryptography conference was J. Solinas’ presentation onefficient Elliptic Curve Cryptography algorithms at Crypto 1997.[44] The IAD’s cooperative approach to academia and industry culminated in its support for a transparent process for replacing the outdated Data Encryption Standard (DES) by an Advanced Encryption Standard (AES). Cybersecurity policy expert Susan Landau attributes the NSA’s harmonious collaboration with industry and academia in the selection of the AES in 2000 and the Agency’s support for the choice of a strong encryption algorithm designed by Europeans rather than by Americans to Brian Snow, who was the Technical Director of IAD and represented the NSA as cochairman of the Technical Working Group for the AES competition, and Michael Jacobs, who headed IAD at the time.[45]:75

After the terrorist attacks of 11 September 2001, the NSA believed that it had public support for a dramatic expansion of its surveillance activities.[46] According to Neal Koblitz and Alfred Menezes, the period when the NSA was a trusted partner with academia and industry in the development of cryptographic standards started to come to an end when, as part of the change in the NSA in the post-September 11 era, Snow was replaced as Technical Director, Jacobs retired, and IAD could no longer effectively oppose proposed actions by the offensive arm of the NSA.[47]

In the aftermath of the September 11 attacks, the NSA created new IT systems to deal with the flood of information from new technologies like the Internet and cellphones. ThinThread contained advanced data mining capabilities. It also had a “privacy mechanism”; surveillance was stored encrypted; decryption required a warrant. The research done under this program may have contributed to the technology used in later systems. ThinThread was cancelled when Michael Hayden chose Trailblazer, which did not include ThinThread’s privacy system.[48]

Trailblazer Project ramped up in 2002 and was worked on by Science Applications International Corporation (SAIC), Boeing, Computer Sciences Corporation, IBM, and Litton Industries. Some NSA whistleblowers complained internally about major problems surrounding Trailblazer. This led to investigations by Congress and the NSA and DoD Inspectors General. The project was cancelled in early 2004.

Turbulence started in 2005. It was developed in small, inexpensive “test” pieces, rather than one grand plan like Trailblazer. It also included offensive cyber-warfare capabilities, like injecting malware into remote computers. Congress criticized Turbulence in 2007 for having similar bureaucratic problems as Trailblazer.[49] It was to be a realization of information processing at higher speeds in cyberspace.[50]

The massive extent of the NSA’s spying, both foreign and domestic, was revealed to the public in a series of detailed disclosures of internal NSA documents beginning in June 2013. Most of the disclosures were leaked by former NSA contractor, Edward Snowden.

NSA’s eavesdropping mission includes radio broadcasting, both from various organizations and individuals, the Internet, telephone calls, and other intercepted forms of communication. Its secure communications mission includes military, diplomatic, and all other sensitive, confidential or secret government communications.[51]

According to a 2010 article in The Washington Post, “[e]very day, collection systems at the National Security Agency intercept and store 1.7billion e-mails, phone calls and other types of communications. The NSA sorts a fraction of those into 70 separate databases.”[52]

Because of its listening task, NSA/CSS has been heavily involved in cryptanalytic research, continuing the work of predecessor agencies which had broken many World War II codes and ciphers (see, for instance, Purple, Venona project, and JN-25).

In 2004, NSA Central Security Service and the National Cyber Security Division of the Department of Homeland Security (DHS) agreed to expand NSA Centers of Academic Excellence in Information Assurance Education Program.[53]

As part of the National Security Presidential Directive 54/Homeland Security Presidential Directive 23 (NSPD 54), signed on January 8, 2008, by President Bush, the NSA became the lead agency to monitor and protect all of the federal government’s computer networks from cyber-terrorism.[9]

In the United States, at least since 2001,[54] there has been legal controversy over what signal intelligence can be used for and how much freedom the National Security Agency has to use signal intelligence.[55] The government has made, in 2015, slight changes in how it uses and collects certain types of data,[56] specifically phone records.

On December 16, 2005, The New York Times reported that, under White House pressure and with an executive order from President George W. Bush, the National Security Agency, in an attempt to thwart terrorism, had been tapping phone calls made to persons outside the country, without obtaining warrants from the United States Foreign Intelligence Surveillance Court, a secret court created for that purpose under the Foreign Intelligence Surveillance Act (FISA).[57]

One such surveillance program, authorized by the U.S. Signals Intelligence Directive 18 of President George Bush, was the Highlander Project undertaken for the National Security Agency by the U.S. Army 513th Military Intelligence Brigade. NSA relayed telephone (including cell phone) conversations obtained from ground, airborne, and satellite monitoring stations to various U.S. Army Signal Intelligence Officers, including the 201st Military Intelligence Battalion. Conversations of citizens of the U.S. were intercepted, along with those of other nations.[58]

Proponents of the surveillance program claim that the President has executive authority to order such action, arguing that laws such as FISA are overridden by the President’s Constitutional powers. In addition, some argued that FISA was implicitly overridden by a subsequent statute, the Authorization for Use of Military Force, although the Supreme Court’s ruling in Hamdan v. Rumsfeld deprecates this view. In the August 2006 case ACLU v. NSA, U.S. District Court Judge Anna Diggs Taylor concluded that NSA’s warrantless surveillance program was both illegal and unconstitutional. On July 6, 2007, the 6th Circuit Court of Appeals vacated the decision on the grounds that the ACLU lacked standing to bring the suit.[59]

On January 17, 2006, the Center for Constitutional Rights filed a lawsuit, CCR v. Bush, against the George W. Bush Presidency. The lawsuit challenged the National Security Agency’s (NSA’s) surveillance of people within the U.S., including the interception of CCR emails without securing a warrant first.[60][61]

In September 2008, the Electronic Frontier Foundation (EFF) filed a class action lawsuit against the NSA and several high-ranking officials of the Bush administration,[62] charging an “illegal and unconstitutional program of dragnet communications surveillance,”[63] based on documentation provided by former AT&T technician Mark Klein.[64]

As a result of the USA Freedom Act passed by Congress in June 2015, the NSA had to shut down its bulk phone surveillance program on November 29 of the same year. The USA Freedom Act forbids the NSA to collect metadata and content of phone calls unless it has a warrant for terrorism investigation. In that case the agency has to ask the telecom companies for the record, which will only be kept for six months.

In May 2008, Mark Klein, a former AT&T employee, alleged that his company had cooperated with NSA in installing Narus hardware to replace the FBI Carnivore program, to monitor network communications including traffic between U.S. citizens.[65]

NSA was reported in 2008 to use its computing capability to analyze “transactional” data that it regularly acquires from other government agencies, which gather it under their own jurisdictional authorities. As part of this effort, NSA now monitors huge volumes of records of domestic email data, web addresses from Internet searches, bank transfers, credit-card transactions, travel records, and telephone data, according to current and former intelligence officials interviewed by The Wall Street Journal. The sender, recipient, and subject line of emails can be included, but the content of the messages or of phone calls are not.[66]

A 2013 advisory group for the Obama administration, seeking to reform NSA spying programs following the revelations of documents released by Edward J. Snowden.[67] mentioned in ‘Recommendation 30’ on page 37, “…that the National Security Council staff should manage an interagency process to review on a regular basis the activities of the US Government regarding attacks that exploit a previously unknown vulnerability in a computer application.” Retired cyber security expert Richard A. Clarke was a group member and stated on April 11 that NSA had no advance knowledge of Heartbleed.[68]

In August 2013 it was revealed that a 2005 IRS training document showed that NSA intelligence intercepts and wiretaps, both foreign and domestic, were being supplied to the Drug Enforcement Administration (DEA) and Internal Revenue Service (IRS) and were illegally used to launch criminal investigations of US citizens. Law enforcement agents were directed to conceal how the investigations began and recreate an apparently legal investigative trail by re-obtaining the same evidence by other means.[69][70]

In the months leading to April 2009, the NSA intercepted the communications of U.S. citizens, including a Congressman, although the Justice Department believed that the interception was unintentional. The Justice Department then took action to correct the issues and bring the program into compliance with existing laws.[71] United States Attorney General Eric Holder resumed the program according to his understanding of the Foreign Intelligence Surveillance Act amendment of 2008, without explaining what had occurred.[72]

Polls conducted in June 2013 found divided results among Americans regarding NSA’s secret data collection.[73] Rasmussen Reports found that 59% of Americans disapprove,[74] Gallup found that 53% disapprove,[75] and Pew found that 56% are in favor of NSA data collection.[76]

On April 25, 2013, the NSA obtained a court order requiring Verizon’s Business Network Services to provide metadata on all calls in its system to the NSA “on an ongoing daily basis” for a three-month period, as reported by The Guardian on June 6, 2013. This information includes “the numbers of both parties on a call… location data, call duration, unique identifiers, and the time and duration of all calls” but not “[t]he contents of the conversation itself”. The order relies on the so-called “business records” provision of the Patriot Act.[77][78]

In August 2013, following the Snowden leaks, new details about the NSA’s data mining activity were revealed. Reportedly, the majority of emails into or out of the United States are captured at “selected communications links” and automatically analyzed for keywords or other “selectors”. Emails that do not match are deleted.[79]

The utility of such a massive metadata collection in preventing terrorist attacks is disputed. Many studies reveal the dragnet like system to be ineffective. One such report, released by the New America Foundation concluded that after an analysis of 225 terrorism cases, the NSA “had no discernible impact on preventing acts of terrorism.”[80]

Defenders of the program said that while metadata alone can’t provide all the information necessary to prevent an attack, it assures the ability to “connect the dots”[81] between suspect foreign numbers and domestic numbers with a speed only the NSA’s software is capable of. One benefit of this is quickly being able to determine the difference between suspicious activity and real threats.[citation needed] As an example, NSA director General Keith B. Alexander mentioned at the annual Cybersecurity Summit in 2013, that metadata analysis of domestic phone call records after the Boston Marathon bombing helped determine that rumors of a follow-up attack in New York were baseless.[81]

In addition to doubts about its effectiveness, many people argue that the collection of metadata is an unconstitutional invasion of privacy. As of 2015[update], the collection process remains legal and grounded in the ruling from Smith v. Maryland (1979). A prominent opponent of the data collection and its legality is U.S. District Judge Richard J. Leon, who issued a report in 2013[82] in which he stated:”I cannot imagine a more ‘indiscriminate’ and ‘arbitrary invasion’ than this systematic and high tech collection and retention of personal data on virtually every single citizen for purposes of querying and analyzing it without prior judicial approval…Surely, such a program infringes on ‘that degree of privacy’ that the founders enshrined in the Fourth Amendment”.

As of May 7, 2015, the U.S. Court of Appeals for the Second Circuit ruled that the interpretation of Section 215 of the Patriot Act was wrong and that the NSA program that has been collecting Americans’ phone records in bulk is illegal.[83] It stated that Section 215 cannot be clearly interpreted to allow government to collect national phone data and, as a result, expired on June 1, 2015. This ruling “is the first time a higher-level court in the regular judicial system has reviewed the N.S.A. phone records program.”[84] The replacement law known as the USA Freedom Act, which will enable the NSA to continue to have bulk access to citizens’ metadata but with the stipulation that the data will now be stored by the companies themselves.[84] This change will not have any effect on other Agency procedures – outside of metadata collection – which have purportedly challenged Americans’ Fourth Amendment rights;,[85] including Upstream collection, a mass of techniques used by the Agency to collect and store American’s data/communications directly from the Internet backbone.[86]

Under the Upstream program, the NSA paid telecommunications companies between 9 and 95 million dollars in order to collect data from them.[87] While companies such as Google and Yahoo! claim that they do not provide “direct access” from their servers to the NSA unless under a court order,[88] the NSA had access to emails, phone calls and cellular data users.[89] Under this new ruling, telecommunications companies maintain bulk user metadata on their servers for at least 18 months, to be provided upon request to the NSA.[84] This ruling made the mass storage of specific phone records at NSA datacenters illegal, but it did not rule on Section 215’s constitutionality.[84]

In a declassified document it was revealed that 17,835 phone lines were on an improperly permitted “alert list” from 2006 to 2009 in breach of compliance, which tagged these phone lines for daily monitoring.[90][91][92] Eleven percent of these monitored phone lines met the agency’s legal standard for “reasonably articulable suspicion” (RAS).[90][93]The NSA tracks the locations of hundreds of millions of cellphones per day, allowing it to map people’s movements and relationships in detail.[94] The NSA has been reported to have access to all communications made via Google, Microsoft, Facebook, Yahoo, YouTube, AOL, Skype, Apple and Paltalk,[95] and collects hundreds of millions of contact lists from personal email and instant messaging accounts each year.[96] It has also managed to weaken much of the encryption used on the Internet (by collaborating with, coercing or otherwise infiltrating numerous technology companies to leave “backdoors” into their systems), so that the majority of encryption is inadvertently vulnerable to different forms of attack.[97][98]

Domestically, the NSA has been proven to collect and store metadata records of phone calls,[99] including over 120 million US Verizon subscribers,[100] as well as intercept vast amounts of communications via the internet (Upstream).[95] The government’s legal standing had been to rely on a secret interpretation of the Patriot Act whereby the entirety of US communications may be considered “relevant” to a terrorism investigation if it is expected that even a tiny minority may relate to terrorism.[101] The NSA also supplies foreign intercepts to the DEA, IRS and other law enforcement agencies, who use these to initiate criminal investigations. Federal agents are then instructed to “recreate” the investigative trail via parallel construction.[102]

The NSA also spies on influential Muslims to obtain information that could be used to discredit them, such as their use of pornography. The targets, both domestic and abroad, are not suspected of any crime but hold religious or political views deemed “radical” by the NSA.[103]

According to a report in The Washington Post in July 2014, relying on information provided by Snowden, 90% of those placed under surveillance in the U.S. are ordinary Americans, and are not the intended targets. The newspaper said it had examined documents including emails, text messages, and online accounts that support the claim.[104]

Despite White House claims that these programs have congressional oversight, many members of Congress were unaware of the existence of these NSA programs or the secret interpretation of the Patriot Act, and have consistently been denied access to basic information about them.[105] The United States Foreign Intelligence Surveillance Court, the secret court charged with regulating the NSA’s activities is, according to its chief judge, incapable of investigating or verifying how often the NSA breaks even its own secret rules.[106]It has since been reported that the NSA violated its own rules on data access thousands of times a year, many of these violations involving large-scale data interceptions.[107] NSA officers have even used data intercepts to spy on love interests;[108] “most of the NSA violations were self-reported, and each instance resulted in administrative action of termination.”[109]

The NSA has “generally disregarded the special rules for disseminating United States person information” by illegally sharing its intercepts with other law enforcement agencies.[110] A March 2009 FISA Court opinion, which the court released, states that protocols restricting data queries had been “so frequently and systemically violated that it can be fairly said that this critical element of the overall … regime has never functioned effectively.”[111][112] In 2011 the same court noted that the “volume and nature” of the NSA’s bulk foreign Internet intercepts was “fundamentally different from what the court had been led to believe”.[110] Email contact lists (including those of US citizens) are collected at numerous foreign locations to work around the illegality of doing so on US soil.[96]

Legal opinions on the NSA’s bulk collection program have differed. In mid-December 2013, U.S. District Judge Richard Leon ruled that the “almost-Orwellian” program likely violates the Constitution, and wrote, “I cannot imagine a more ‘indiscriminate’ and ‘arbitrary invasion’ than this systematic and high-tech collection and retention of personal data on virtually every single citizen for purposes of querying and analyzing it without prior judicial approval. Surely, such a program infringes on ‘that degree of privacy’ that the Founders enshrined in the Fourth Amendment. Indeed, I have little doubt that the author of our Constitution, James Madison, who cautioned us to beware ‘the abridgement of freedom of the people by gradual and silent encroachments by those in power,’ would be aghast.”[113]

Later that month, U.S. District Judge William Pauley ruled that the NSA’s collection of telephone records is legal and valuable in the fight against terrorism. In his opinion, he wrote, “a bulk telephony metadata collection program [is] a wide net that could find and isolate gossamer contacts among suspected terrorists in an ocean of seemingly disconnected data” and noted that a similar collection of data prior to 9/11 might have prevented the attack.[114]

At a March 2013 Senate Intelligence Committee hearing, Senator Ron Wyden asked Director of National Intelligence James Clapper, “does the NSA collect any type of data at all on millions or hundreds of millions of Americans?” Clapper replied “No, sir. … Not wittingly. There are cases where they could inadvertently perhaps collect, but not wittingly.”[115] This statement came under scrutiny months later, in June 2013, details of the PRISM surveillance program were published, showing that “the NSA apparently can gain access to the servers of nine Internet companies for a wide range of digital data.”[115] Wyden said that Clapper had failed to give a “straight answer” in his testimony. Clapper, in response to criticism, said, “I responded in what I thought was the most truthful, or least untruthful manner.” Clapper added, “There are honest differences on the semantics of what — when someone says collection to me, that has a specific meaning, which may have a different meaning to him.”[115]

NSA whistler-blower Edward Snowden additionally revealed the existence of XKeyscore, a top secret NSA program that allows the agency to search vast databases of “the metadata as well as the content of emails and other internet activity, such as browser history,” with capability to search by “name, telephone number, IP address, keywords, the language in which the internet activity was conducted or the type of browser used.”[116] XKeyscore “provides the technological capability, if not the legal authority, to target even US persons for extensive electronic surveillance without a warrant provided that some identifying information, such as their email or IP address, is known to the analyst.”[116]

Regarding the necessity of these NSA programs, Alexander stated on June 27 that the NSA’s bulk phone and Internet intercepts had been instrumental in preventing 54 terrorist “events”, including 13 in the US, and in all but one of these cases had provided the initial tip to “unravel the threat stream”.[117] On July 31 NSA Deputy Director John Inglis conceded to the Senate that these intercepts had not been vital in stopping any terrorist attacks, but were “close” to vital in identifying and convicting four San Diego men for sending US$8,930 to Al-Shabaab, a militia that conducts terrorism in Somalia.[118][119][120]

The U.S. government has aggressively sought to dismiss and challenge Fourth Amendment cases raised against it, and has granted retroactive immunity to ISPs and telecoms participating in domestic surveillance.[121][122]The U.S. military has acknowledged blocking access to parts of The Guardian website for thousands of defense personnel across the country,[123][124] and blocking the entire Guardian website for personnel stationed throughout Afghanistan, the Middle East, and South Asia.[125]

An October 2014 United Nations report condemned mass surveillance by the United States and other countries as violating multiple international treaties and conventions that guarantee core privacy rights.[126]

In 2015, the Wikimedia Foundation and several other plaintiffs filed suit against the NSA, Wikimedia Foundation v. NSA, for the violation of their user’s First and Fourth Amendment rights by the Agency’s mass surveillance programs like Upstream.[127] The suit was initially dismissed, but was later found to have plausible and legal standing to its complaints by the US Court of Appeals for the Fourth Circuit and was remanded. The case is currently awaiting further proceedings at the United States District Court for the District of Maryland.[128]

An exploit, EternalBlue, which is believed to have been created by the NSA, was used in the unprecedented worldwide WannaCry ransomware attack in May 2017. The exploit had been leaked online by a hacking group, The Shadow Brokers, nearly a month prior to the attack. A number of experts have pointed the finger at the NSA’s non-disclosure of the underlying vulnerability, and their loss of control over the EternalBlue attack tool that exploited it. Edward Snowden said that if the NSA had “privately disclosed the flaw used to attack hospitals when they found it, not when they lost it, [the attack] might not have happened”.[129] Wikipedia co-founder, Jimmy Wales, stated that he joined “with Microsoft and the other leaders of the industry in saying this is a huge screw-up by the government … the moment the NSA found it, they should have notified Microsoft so they could quietly issue a patch and really chivvy people along, long before it became a huge problem.”[130]

Operations by the National Security Agency can be divided in three types:

“Echelon” was created in the incubator of the Cold War.[131] Today it is a legacy system, and several NSA stations are closing.[132]

NSA/CSS, in combination with the equivalent agencies in the United Kingdom (Government Communications Headquarters), Canada (Communications Security Establishment), Australia (Defence Signals Directorate), and New Zealand (Government Communications Security Bureau), otherwise known as the UKUSA group,[133] was reported to be in command of the operation of the so-called ECHELON system. Its capabilities were suspected to include the ability to monitor a large proportion of the world’s transmitted civilian telephone, fax and data traffic.[134]

During the early 1970s, the first of what became more than eight large satellite communications dishes were installed at Menwith Hill.[135] Investigative journalist Duncan Campbell reported in 1988 on the “ECHELON” surveillance program, an extension of the UKUSA Agreement on global signals intelligence SIGINT, and detailed how the eavesdropping operations worked.[136] On November 3, 1999 the BBC reported that they had confirmation from the Australian Government of the existence of a powerful “global spying network” code-named Echelon, that could “eavesdrop on every single phone call, fax or e-mail, anywhere on the planet” with Britain and the United States as the chief protagonists. They confirmed that Menwith Hill was “linked directly to the headquarters of the US National Security Agency (NSA) at Fort Meade in Maryland”.[137]

NSA’s United States Signals Intelligence Directive 18 (USSID 18) strictly prohibited the interception or collection of information about “… U.S. persons, entities, corporations or organizations….” without explicit written legal permission from the United States Attorney General when the subject is located abroad, or the Foreign Intelligence Surveillance Court when within U.S. borders. Alleged Echelon-related activities, including its use for motives other than national security, including political and industrial espionage, received criticism from countries outside the UKUSA alliance.[138][139]

The NSA was also involved in planning to blackmail people with “SEXINT”, intelligence gained about a potential target’s sexual activity and preferences. Those targeted had not committed any apparent crime nor were they charged with one.[140]

In order to support its facial recognition program, the NSA is intercepting “millions of images per day”.[141]

The Real Time Regional Gateway is a data collection program introduced in 2005 in Iraq by NSA during the Iraq War that consisted of gathering all electronic communication, storing it, then searching and otherwise analyzing it. It was effective in providing information about Iraqi insurgents who had eluded less comprehensive techniques.[142] This “collect it all” strategy introduced by NSA director, Keith B. Alexander, is believed by Glenn Greenwald of The Guardian to be the model for the comprehensive worldwide mass archiving of communications which NSA is engaged in as of 2013.[143]

A dedicated unit of the NSA locates targets for the CIA for extrajudicial assassination in the Middle East.[144] The NSA has also spied extensively on the European Union, the United Nations and numerous governments including allies and trading partners in Europe, South America and Asia.[145][146]

In June 2015, WikiLeaks published documents showing that NSA spied on French companies.[147]

In July 2015, WikiLeaks published documents showing that NSA spied on federal German ministries since the 1990s.[148][149] Even Germany’s Chancellor Angela Merkel’s cellphones and phone of her predecessors had been intercepted.[150]

Edward Snowden revealed in June 2013 that between February 8 and March 8, 2013, the NSA collected about 124.8billion telephone data items and 97.1billion computer data items throughout the world, as was displayed in charts from an internal NSA tool codenamed Boundless Informant. Initially, it was reported that some of these data reflected eavesdropping on citizens in countries like Germany, Spain and France,[151] but later on, it became clear that those data were collected by European agencies during military missions abroad and were subsequently shared with NSA.

In 2013, reporters uncovered a secret memo that claims the NSA created and pushed for the adoption of the Dual EC DRBG encryption standard that contained built-in vulnerabilities in 2006 to the United States National Institute of Standards and Technology (NIST), and the International Organization for Standardization (aka ISO).[152][153] This memo appears to give credence to previous speculation by cryptographers at Microsoft Research.[154] Edward Snowden claims that the NSA often bypasses encryption altogether by lifting information before it is encrypted or after it is decrypted.[153]

XKeyscore rules (as specified in a file xkeyscorerules100.txt, sourced by German TV stations NDR and WDR, who claim to have excerpts from its source code) reveal that the NSA tracks users of privacy-enhancing software tools, including Tor; an anonymous email service provided by the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) in Cambridge, Massachusetts; and readers of the Linux Journal.[155][156]

Linus Torvalds, the founder of Linux kernel, joked during a LinuxCon keynote on September 18, 2013, that the NSA, who are the founder of SELinux, wanted a backdoor in the kernel.[157] However, later, Linus’ father, a Member of the European Parliament (MEP), revealed that the NSA actually did this.[158]

When my oldest son was asked the same question: “Has he been approached by the NSA about backdoors?” he said “No”, but at the same time he nodded. Then he was sort of in the legal free. He had given the right answer, everybody understood that the NSA had approached him.

IBM Notes was the first widely adopted software product to use public key cryptography for clientserver and serverserver authentication and for encryption of data. Until US laws regulating encryption were changed in 2000, IBM and Lotus were prohibited from exporting versions of Notes that supported symmetric encryption keys that were longer than 40 bits. In 1997, Lotus negotiated an agreement with the NSA that allowed export of a version that supported stronger keys with 64 bits, but 24 of the bits were encrypted with a special key and included in the message to provide a “workload reduction factor” for the NSA. This strengthened the protection for users of Notes outside the US against private-sector industrial espionage, but not against spying by the US government.[160][161]

While it is assumed that foreign transmissions terminating in the U.S. (such as a non-U.S. citizen accessing a U.S. website) subject non-U.S. citizens to NSA surveillance, recent research into boomerang routing has raised new concerns about the NSA’s ability to surveil the domestic Internet traffic of foreign countries.[18] Boomerang routing occurs when an Internet transmission that originates and terminates in a single country transits another. Research at the University of Toronto has suggested that approximately 25% of Canadian domestic traffic may be subject to NSA surveillance activities as a result of the boomerang routing of Canadian Internet service providers.[18]

Intercepted packages are opened carefully by NSA employees

A “load station” implanting a beacon

A document included in NSA files released with Glenn Greenwald’s book No Place to Hide details how the agency’s Tailored Access Operations (TAO) and other NSA units gain access to hardware. They intercept routers, servers and other network hardware being shipped to organizations targeted for surveillance and install covert implant firmware onto them before they are delivered. This was described by an NSA manager as “some of the most productive operations in TAO because they preposition access points into hard target networks around the world.”[162]

Computers seized by the NSA due to interdiction are often modified with a physical device known as Cottonmouth.[163] Cottonmouth is a device that can be inserted in the USB port of a computer in order to establish remote access to the targeted machine. According to NSA’s Tailored Access Operations (TAO) group implant catalog, after implanting Cottonmouth, the NSA can establish Bridging (networking) “that allows the NSA to load exploit software onto modified computers as well as allowing the NSA to relay commands and data between hardware and software implants.”[164]

NSA’s mission, as set forth in Executive Order 12333 in 1981, is to collect information that constitutes “foreign intelligence or counterintelligence” while not “acquiring information concerning the domestic activities of United States persons”. NSA has declared that it relies on the FBI to collect information on foreign intelligence activities within the borders of the United States, while confining its own activities within the United States to the embassies and missions of foreign nations.[165]The appearance of a ‘Domestic Surveillance Directorate’ of the NSA was soon exposed as a hoax in 2013.[166][167]

NSA’s domestic surveillance activities are limited by the requirements imposed by the Fourth Amendment to the U.S. Constitution. The Foreign Intelligence Surveillance Court for example held in October 2011, citing multiple Supreme Court precedents, that the Fourth Amendment prohibitions against unreasonable searches and seizures applies to the contents of all communications, whatever the means, because “a person’s private communications are akin to personal papers.”[168] However, these protections do not apply to non-U.S. persons located outside of U.S. borders, so the NSA’s foreign surveillance efforts are subject to far fewer limitations under U.S. law.[169] The specific requirements for domestic surveillance operations are contained in the Foreign Intelligence Surveillance Act of 1978 (FISA), which does not extend protection to non-U.S. citizens located outside of U.S. territory.[169]

George W. Bush, president during the 9/11 terrorist attacks, approved the Patriot Act shortly after the attacks to take anti-terrorist security measures. Title 1, 2, and 9 specifically authorized measures that would be taken by the NSA. These titles granted enhanced domestic security against terrorism, surveillance procedures, and improved intelligence, respectively. On March 10, 2004, there was a debate between President Bush and White House Counsel Alberto Gonzales, Attorney General John Ashcroft, and Acting Attorney General James Comey. The Attorneys General were unsure if the NSA’s programs could be considered constitutional. They threatened to resign over the matter, but ultimately the NSA’s programs continued.[170] On March 11, 2004, President Bush signed a new authorization for mass surveillance of Internet records, in addition to the surveillance of phone records. This allowed the president to be able to override laws such as the Foreign Intelligence Surveillance Act, which protected civilians from mass surveillance. In addition to this, President Bush also signed that the measures of mass surveillance were also retroactively in place.[171]

Under the PRISM program, which started in 2007,[172][173] NSA gathers Internet communications from foreign targets from nine major U.S. Internet-based communication service providers: Microsoft,[174] Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube and Apple. Data gathered include email, video and voice chat, videos, photos, VoIP chats such as Skype, and file transfers.

Former NSA director General Keith Alexander claimed that in September 2009 the NSA prevented Najibullah Zazi and his friends from carrying out a terrorist attack.[175] However, this claim has been debunked and no evidence has been presented demonstrating that the NSA has ever been instrumental in preventing a terrorist attack.[176][177][178][179]

Besides the more traditional ways of eavesdropping in order to collect signals intelligence, NSA is also engaged in hacking computers, smartphones and their networks. These operations are conducted by the Tailored Access Operations (TAO) division, which has been active since at least circa 1998.[180]

According to the Foreign Policy magazine, “… the Office of Tailored Access Operations, or TAO, has successfully penetrated Chinese computer and telecommunications systems for almost 15 years, generating some of the best and most reliable intelligence information about what is going on inside the People’s Republic of China.”[181][182]

In an interview with Wired magazine, Edward Snowden said the Tailored Access Operations division accidentally caused Syria’s internet blackout in 2012.[183]

The NSA is led by the Director of the National Security Agency (DIRNSA), who also serves as Chief of the Central Security Service (CHCSS) and Commander of the United States Cyber Command (USCYBERCOM) and is the highest-ranking military official of these organizations. He is assisted by a Deputy Director, who is the highest-ranking civilian within the NSA/CSS.

NSA also has an Inspector General, head of the Office of the Inspector General (OIG), a General Counsel, head of the Office of the General Counsel (OGC) and a Director of Compliance, who is head of the Office of the Director of Compliance (ODOC).[184]

Unlike other intelligence organizations such as CIA or DIA, NSA has always been particularly reticent concerning its internal organizational structure.

Go here to read the rest:

National Security Agency – Wikipedia

Posted in NSA

Urban Dictionary: NSA

Everything I say and do on my laptop, on the internet and worse, in what used to be the comfort, safety and privacy of my own home, is NSA.

Now my whole life and everything I once considered personal and private including: what I look like when I wake up; when I sleep; how I look naked; how often I fart; my whole life story; what I say to a confidant like my mother is all NSA since those guys loaded spyware on my laptop, ironically one of whom repeatedly told me I couldn’t keep a secret.

Antonyms: be faithful, be loyal, defend, protect, support

Go here to read the rest:

Urban Dictionary: NSA

Posted in NSA

National Security Agency – Wikipedia

National Security Agency

Seal of the National Security Agency

Flag of the National Security Agency

The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence. The NSA is responsible for global monitoring, collection, and processing of information and data for foreign intelligence and counterintelligence purposes, specializing in a discipline known as signals intelligence (SIGINT). The NSA is also tasked with the protection of U.S. communications networks and information systems.[8][9] The NSA relies on a variety of measures to accomplish its mission, the majority of which are clandestine.[10]

Originating as a unit to decipher coded communications in World War II, it was officially formed as the NSA by President Harry S. Truman in 1952. Since then, it has become the largest of the U.S. intelligence organizations in terms of personnel and budget.[6][11] The NSA currently conducts worldwide mass data collection and has been known to physically bug electronic systems as one method to this end.[12] The NSA has also been alleged to have been behind such attack software as Stuxnet, which severely damaged Iran’s nuclear program.[13][14] The NSA, alongside the Central Intelligence Agency (CIA), maintains a physical presence in many countries across the globe; the CIA/NSA joint Special Collection Service (a highly classified intelligence team) inserts eavesdropping devices in high value targets (such as Presidential palaces or embassies). SCS collection tactics allegedly encompass “close surveillance, burglary, wiretapping, [and] breaking and entering”.[15][16]

Unlike the CIA and the Defense Intelligence Agency (DIA), both of which specialize primarily in foreign human espionage, the NSA does not publicly conduct human-source intelligence gathering. The NSA is entrusted with providing assistance to, and the coordination of, SIGINT elements for other government organizations – which are prevented by law from engaging in such activities on their own.[17] As part of these responsibilities, the agency has a co-located organization called the Central Security Service (CSS), which facilitates cooperation between the NSA and other U.S. defense cryptanalysis components. To further ensure streamlined communication between the signals intelligence community divisions, the NSA Director simultaneously serves as the Commander of the United States Cyber Command and as Chief of the Central Security Service.

The NSA’s actions have been a matter of political controversy on several occasions, including its spying on anti-Vietnam-war leaders and the agency’s participation in economic espionage. In 2013, the NSA had many of its secret surveillance programs revealed to the public by Edward Snowden, a former NSA contractor. According to the leaked documents, the NSA intercepts and stores the communications of over a billion people worldwide, including United States citizens. The documents also revealed the NSA tracks hundreds of millions of people’s movements using cellphones metadata. Internationally, research has pointed to the NSA’s ability to surveil the domestic Internet traffic of foreign countries through “boomerang routing”.[18]

The origins of the National Security Agency can be traced back to April 28, 1917, three weeks after the U.S. Congress declared war on Germany in World War I. A code and cipher decryption unit was established as the Cable and Telegraph Section which was also known as the Cipher Bureau.[19] It was headquartered in Washington, D.C. and was part of the war effort under the executive branch without direct Congressional authorization. During the course of the war it was relocated in the army’s organizational chart several times. On July 5, 1917, Herbert O. Yardley was assigned to head the unit. At that point, the unit consisted of Yardley and two civilian clerks. It absorbed the navy’s Cryptanalysis functions in July 1918. World War I ended on November 11, 1918, and the army cryptographic section of Military Intelligence (MI-8) moved to New York City on May 20, 1919, where it continued intelligence activities as the Code Compilation Company under the direction of Yardley.[20][21]

After the disbandment of the U.S. Army cryptographic section of military intelligence, known as MI-8, in 1919, the U.S. government created the Cipher Bureau, also known as Black Chamber. The Black Chamber was the United States’ first peacetime cryptanalytic organization.[22] Jointly funded by the Army and the State Department, the Cipher Bureau was disguised as a New York City commercial code company; it actually produced and sold such codes for business use. Its true mission, however, was to break the communications (chiefly diplomatic) of other nations. Its most notable known success was at the Washington Naval Conference, during which it aided American negotiators considerably by providing them with the decrypted traffic of many of the conference delegations, most notably the Japanese. The Black Chamber successfully persuaded Western Union, the largest U.S. telegram company at the time, as well as several other communications companies to illegally give the Black Chamber access to cable traffic of foreign embassies and consulates.[23] Soon, these companies publicly discontinued their collaboration.

Despite the Chamber’s initial successes, it was shut down in 1929 by U.S. Secretary of State Henry L. Stimson, who defended his decision by stating, “Gentlemen do not read each other’s mail”.[24]

During World War II, the Signal Intelligence Service (SIS) was created to intercept and decipher the communications of the Axis powers.[25] When the war ended, the SIS was reorganized as the Army Security Agency (ASA), and it was placed under the leadership of the Director of Military Intelligence.[25]

On May 20, 1949, all cryptologic activities were centralized under a national organization called the Armed Forces Security Agency (AFSA).[25] This organization was originally established within the U.S. Department of Defense under the command of the Joint Chiefs of Staff.[26] The AFSA was tasked to direct Department of Defense communications and electronic intelligence activities, except those of U.S. military intelligence units.[26] However, the AFSA was unable to centralize communications intelligence and failed to coordinate with civilian agencies that shared its interests such as the Department of State, Central Intelligence Agency (CIA) and the Federal Bureau of Investigation (FBI).[26] In December 1951, President Harry S. Truman ordered a panel to investigate how AFSA had failed to achieve its goals. The results of the investigation led to improvements and its redesignation as the National Security Agency.[27]

The agency was formally established by Truman in a memorandum of October 24, 1952, that revised National Security Council Intelligence Directive (NSCID) 9.[28] Since President Truman’s memo was a classified document,[28] the existence of the NSA was not known to the public at that time. Due to its ultra-secrecy the U.S. intelligence community referred to the NSA as “No Such Agency”.[29]

In the 1960s, the NSA played a key role in expanding U.S. commitment to the Vietnam War by providing evidence of a North Vietnamese attack on the American destroyer USSMaddox during the Gulf of Tonkin incident.[30]

A secret operation, code-named “MINARET”, was set up by the NSA to monitor the phone communications of Senators Frank Church and Howard Baker, as well as major civil rights leaders, including Martin Luther King, Jr., and prominent U.S. journalists and athletes who criticized the Vietnam War.[31] However, the project turned out to be controversial, and an internal review by the NSA concluded that its Minaret program was “disreputable if not outright illegal”.[31]

The NSA mounted a major effort to secure tactical communications among U.S. forces during the war with mixed success. The NESTOR family of compatible secure voice systems it developed was widely deployed during the Vietnam War, with about 30,000 NESTOR sets produced. However a variety of technical and operational problems limited their use, allowing the North Vietnamese to exploit and intercept U.S. communications.[32]:Vol I, p.79

In the aftermath of the Watergate scandal, a congressional hearing in 1975 led by Sen. Frank Church[33] revealed that the NSA, in collaboration with Britain’s SIGINT intelligence agency Government Communications Headquarters (GCHQ), had routinely intercepted the international communications of prominent anti-Vietnam war leaders such as Jane Fonda and Dr. Benjamin Spock.[34] The Agency tracked these individuals in a secret filing system that was destroyed in 1974.[35]Following the resignation of President Richard Nixon, there were several investigations of suspected misuse of FBI, CIA and NSA facilities.[36] Senator Frank Church uncovered previously unknown activity,[36] such as a CIA plot (ordered by the administration of President John F. Kennedy) to assassinate Fidel Castro.[37] The investigation also uncovered NSA’s wiretaps on targeted U.S. citizens.[38]

After the Church Committee hearings, the Foreign Intelligence Surveillance Act of 1978 was passed into law. This was designed to limit the practice of mass surveillance in the United States.[36]

In 1986, the NSA intercepted the communications of the Libyan government during the immediate aftermath of the Berlin discotheque bombing. The White House asserted that the NSA interception had provided “irrefutable” evidence that Libya was behind the bombing, which U.S. President Ronald Reagan cited as a justification for the 1986 United States bombing of Libya.[39][40]

In 1999, a multi-year investigation by the European Parliament highlighted the NSA’s role in economic espionage in a report entitled ‘Development of Surveillance Technology and Risk of Abuse of Economic Information’.[41] That year, the NSA founded the NSA Hall of Honor, a memorial at the National Cryptologic Museum in Fort Meade, Maryland.[42] The memorial is a, “tribute to the pioneers and heroes who have made significant and long-lasting contributions to American cryptology”.[42] NSA employees must be retired for more than fifteen years to qualify for the memorial.[42]

NSA’s infrastructure deteriorated in the 1990s as defense budget cuts resulted in maintenance deferrals. On January 24, 2000, NSA headquarters suffered a total network outage for three days caused by an overloaded network. Incoming traffic was successfully stored on agency servers, but it could not be directed and processed. The agency carried out emergency repairs at a cost of $3 million to get the system running again. (Some incoming traffic was also directed instead to Britain’s GCHQ for the time being.) Director Michael Hayden called the outage a “wake-up call” for the need to invest in the agency’s infrastructure.[43]

In the 1990s the defensive arm of the NSA the Information Assurance Directorate (IAD) started working more openly; the first public technical talk by an NSA scientist at a major cryptography conference was J. Solinas’ presentation onefficient Elliptic Curve Cryptography algorithms at Crypto 1997.[44] The IAD’s cooperative approach to academia and industry culminated in its support for a transparent process for replacing the outdated Data Encryption Standard (DES) by an Advanced Encryption Standard (AES). Cybersecurity policy expert Susan Landau attributes the NSA’s harmonious collaboration with industry and academia in the selection of the AES in 2000 and the Agency’s support for the choice of a strong encryption algorithm designed by Europeans rather than by Americans to Brian Snow, who was the Technical Director of IAD and represented the NSA as cochairman of the Technical Working Group for the AES competition, and Michael Jacobs, who headed IAD at the time.[45]:75

After the terrorist attacks of 11 September 2001, the NSA believed that it had public support for a dramatic expansion of its surveillance activities.[46] According to Neal Koblitz and Alfred Menezes, the period when the NSA was a trusted partner with academia and industry in the development of cryptographic standards started to come to an end when, as part of the change in the NSA in the post-September 11 era, Snow was replaced as Technical Director, Jacobs retired, and IAD could no longer effectively oppose proposed actions by the offensive arm of the NSA.[47]

In the aftermath of the September 11 attacks, the NSA created new IT systems to deal with the flood of information from new technologies like the Internet and cellphones. ThinThread contained advanced data mining capabilities. It also had a “privacy mechanism”; surveillance was stored encrypted; decryption required a warrant. The research done under this program may have contributed to the technology used in later systems. ThinThread was cancelled when Michael Hayden chose Trailblazer, which did not include ThinThread’s privacy system.[48]

Trailblazer Project ramped up in 2002 and was worked on by Science Applications International Corporation (SAIC), Boeing, Computer Sciences Corporation, IBM, and Litton Industries. Some NSA whistleblowers complained internally about major problems surrounding Trailblazer. This led to investigations by Congress and the NSA and DoD Inspectors General. The project was cancelled in early 2004.

Turbulence started in 2005. It was developed in small, inexpensive “test” pieces, rather than one grand plan like Trailblazer. It also included offensive cyber-warfare capabilities, like injecting malware into remote computers. Congress criticized Turbulence in 2007 for having similar bureaucratic problems as Trailblazer.[49] It was to be a realization of information processing at higher speeds in cyberspace.[50]

The massive extent of the NSA’s spying, both foreign and domestic, was revealed to the public in a series of detailed disclosures of internal NSA documents beginning in June 2013. Most of the disclosures were leaked by former NSA contractor, Edward Snowden.

NSA’s eavesdropping mission includes radio broadcasting, both from various organizations and individuals, the Internet, telephone calls, and other intercepted forms of communication. Its secure communications mission includes military, diplomatic, and all other sensitive, confidential or secret government communications.[51]

According to a 2010 article in The Washington Post, “[e]very day, collection systems at the National Security Agency intercept and store 1.7billion e-mails, phone calls and other types of communications. The NSA sorts a fraction of those into 70 separate databases.”[52]

Because of its listening task, NSA/CSS has been heavily involved in cryptanalytic research, continuing the work of predecessor agencies which had broken many World War II codes and ciphers (see, for instance, Purple, Venona project, and JN-25).

In 2004, NSA Central Security Service and the National Cyber Security Division of the Department of Homeland Security (DHS) agreed to expand NSA Centers of Academic Excellence in Information Assurance Education Program.[53]

As part of the National Security Presidential Directive 54/Homeland Security Presidential Directive 23 (NSPD 54), signed on January 8, 2008, by President Bush, the NSA became the lead agency to monitor and protect all of the federal government’s computer networks from cyber-terrorism.[9]

In the United States, at least since 2001,[54] there has been legal controversy over what signal intelligence can be used for and how much freedom the National Security Agency has to use signal intelligence.[55] The government has made, in 2015, slight changes in how it uses and collects certain types of data,[56] specifically phone records.

On December 16, 2005, The New York Times reported that, under White House pressure and with an executive order from President George W. Bush, the National Security Agency, in an attempt to thwart terrorism, had been tapping phone calls made to persons outside the country, without obtaining warrants from the United States Foreign Intelligence Surveillance Court, a secret court created for that purpose under the Foreign Intelligence Surveillance Act (FISA).[57]

One such surveillance program, authorized by the U.S. Signals Intelligence Directive 18 of President George Bush, was the Highlander Project undertaken for the National Security Agency by the U.S. Army 513th Military Intelligence Brigade. NSA relayed telephone (including cell phone) conversations obtained from ground, airborne, and satellite monitoring stations to various U.S. Army Signal Intelligence Officers, including the 201st Military Intelligence Battalion. Conversations of citizens of the U.S. were intercepted, along with those of other nations.[58]

Proponents of the surveillance program claim that the President has executive authority to order such action, arguing that laws such as FISA are overridden by the President’s Constitutional powers. In addition, some argued that FISA was implicitly overridden by a subsequent statute, the Authorization for Use of Military Force, although the Supreme Court’s ruling in Hamdan v. Rumsfeld deprecates this view. In the August 2006 case ACLU v. NSA, U.S. District Court Judge Anna Diggs Taylor concluded that NSA’s warrantless surveillance program was both illegal and unconstitutional. On July 6, 2007, the 6th Circuit Court of Appeals vacated the decision on the grounds that the ACLU lacked standing to bring the suit.[59]

On January 17, 2006, the Center for Constitutional Rights filed a lawsuit, CCR v. Bush, against the George W. Bush Presidency. The lawsuit challenged the National Security Agency’s (NSA’s) surveillance of people within the U.S., including the interception of CCR emails without securing a warrant first.[60][61]

In September 2008, the Electronic Frontier Foundation (EFF) filed a class action lawsuit against the NSA and several high-ranking officials of the Bush administration,[62] charging an “illegal and unconstitutional program of dragnet communications surveillance,”[63] based on documentation provided by former AT&T technician Mark Klein.[64]

As a result of the USA Freedom Act passed by Congress in June 2015, the NSA had to shut down its bulk phone surveillance program on November 29 of the same year. The USA Freedom Act forbids the NSA to collect metadata and content of phone calls unless it has a warrant for terrorism investigation. In that case the agency has to ask the telecom companies for the record, which will only be kept for six months.

In May 2008, Mark Klein, a former AT&T employee, alleged that his company had cooperated with NSA in installing Narus hardware to replace the FBI Carnivore program, to monitor network communications including traffic between U.S. citizens.[65]

NSA was reported in 2008 to use its computing capability to analyze “transactional” data that it regularly acquires from other government agencies, which gather it under their own jurisdictional authorities. As part of this effort, NSA now monitors huge volumes of records of domestic email data, web addresses from Internet searches, bank transfers, credit-card transactions, travel records, and telephone data, according to current and former intelligence officials interviewed by The Wall Street Journal. The sender, recipient, and subject line of emails can be included, but the content of the messages or of phone calls are not.[66]

A 2013 advisory group for the Obama administration, seeking to reform NSA spying programs following the revelations of documents released by Edward J. Snowden.[67] mentioned in ‘Recommendation 30’ on page 37, “…that the National Security Council staff should manage an interagency process to review on a regular basis the activities of the US Government regarding attacks that exploit a previously unknown vulnerability in a computer application.” Retired cyber security expert Richard A. Clarke was a group member and stated on April 11 that NSA had no advance knowledge of Heartbleed.[68]

In August 2013 it was revealed that a 2005 IRS training document showed that NSA intelligence intercepts and wiretaps, both foreign and domestic, were being supplied to the Drug Enforcement Administration (DEA) and Internal Revenue Service (IRS) and were illegally used to launch criminal investigations of US citizens. Law enforcement agents were directed to conceal how the investigations began and recreate an apparently legal investigative trail by re-obtaining the same evidence by other means.[69][70]

In the months leading to April 2009, the NSA intercepted the communications of U.S. citizens, including a Congressman, although the Justice Department believed that the interception was unintentional. The Justice Department then took action to correct the issues and bring the program into compliance with existing laws.[71] United States Attorney General Eric Holder resumed the program according to his understanding of the Foreign Intelligence Surveillance Act amendment of 2008, without explaining what had occurred.[72]

Polls conducted in June 2013 found divided results among Americans regarding NSA’s secret data collection.[73] Rasmussen Reports found that 59% of Americans disapprove,[74] Gallup found that 53% disapprove,[75] and Pew found that 56% are in favor of NSA data collection.[76]

On April 25, 2013, the NSA obtained a court order requiring Verizon’s Business Network Services to provide metadata on all calls in its system to the NSA “on an ongoing daily basis” for a three-month period, as reported by The Guardian on June 6, 2013. This information includes “the numbers of both parties on a call… location data, call duration, unique identifiers, and the time and duration of all calls” but not “[t]he contents of the conversation itself”. The order relies on the so-called “business records” provision of the Patriot Act.[77][78]

In August 2013, following the Snowden leaks, new details about the NSA’s data mining activity were revealed. Reportedly, the majority of emails into or out of the United States are captured at “selected communications links” and automatically analyzed for keywords or other “selectors”. Emails that do not match are deleted.[79]

The utility of such a massive metadata collection in preventing terrorist attacks is disputed. Many studies reveal the dragnet like system to be ineffective. One such report, released by the New America Foundation concluded that after an analysis of 225 terrorism cases, the NSA “had no discernible impact on preventing acts of terrorism.”[80]

Defenders of the program said that while metadata alone can’t provide all the information necessary to prevent an attack, it assures the ability to “connect the dots”[81] between suspect foreign numbers and domestic numbers with a speed only the NSA’s software is capable of. One benefit of this is quickly being able to determine the difference between suspicious activity and real threats.[citation needed] As an example, NSA director General Keith B. Alexander mentioned at the annual Cybersecurity Summit in 2013, that metadata analysis of domestic phone call records after the Boston Marathon bombing helped determine that rumors of a follow-up attack in New York were baseless.[81]

In addition to doubts about its effectiveness, many people argue that the collection of metadata is an unconstitutional invasion of privacy. As of 2015[update], the collection process remains legal and grounded in the ruling from Smith v. Maryland (1979). A prominent opponent of the data collection and its legality is U.S. District Judge Richard J. Leon, who issued a report in 2013[82] in which he stated:”I cannot imagine a more ‘indiscriminate’ and ‘arbitrary invasion’ than this systematic and high tech collection and retention of personal data on virtually every single citizen for purposes of querying and analyzing it without prior judicial approval…Surely, such a program infringes on ‘that degree of privacy’ that the founders enshrined in the Fourth Amendment”.

As of May 7, 2015, the U.S. Court of Appeals for the Second Circuit ruled that the interpretation of Section 215 of the Patriot Act was wrong and that the NSA program that has been collecting Americans’ phone records in bulk is illegal.[83] It stated that Section 215 cannot be clearly interpreted to allow government to collect national phone data and, as a result, expired on June 1, 2015. This ruling “is the first time a higher-level court in the regular judicial system has reviewed the N.S.A. phone records program.”[84] The replacement law known as the USA Freedom Act, which will enable the NSA to continue to have bulk access to citizens’ metadata but with the stipulation that the data will now be stored by the companies themselves.[84] This change will not have any effect on other Agency procedures – outside of metadata collection – which have purportedly challenged Americans’ Fourth Amendment rights;,[85] including Upstream collection, a mass of techniques used by the Agency to collect and store American’s data/communications directly from the Internet backbone.[86]

Under the Upstream program, the NSA paid telecommunications companies between 9 and 95 million dollars in order to collect data from them.[87] While companies such as Google and Yahoo! claim that they do not provide “direct access” from their servers to the NSA unless under a court order,[88] the NSA had access to emails, phone calls and cellular data users.[89] Under this new ruling, telecommunications companies maintain bulk user metadata on their servers for at least 18 months, to be provided upon request to the NSA.[84] This ruling made the mass storage of specific phone records at NSA datacenters illegal, but it did not rule on Section 215’s constitutionality.[84]

In a declassified document it was revealed that 17,835 phone lines were on an improperly permitted “alert list” from 2006 to 2009 in breach of compliance, which tagged these phone lines for daily monitoring.[90][91][92] Eleven percent of these monitored phone lines met the agency’s legal standard for “reasonably articulable suspicion” (RAS).[90][93]The NSA tracks the locations of hundreds of millions of cellphones per day, allowing it to map people’s movements and relationships in detail.[94] The NSA has been reported to have access to all communications made via Google, Microsoft, Facebook, Yahoo, YouTube, AOL, Skype, Apple and Paltalk,[95] and collects hundreds of millions of contact lists from personal email and instant messaging accounts each year.[96] It has also managed to weaken much of the encryption used on the Internet (by collaborating with, coercing or otherwise infiltrating numerous technology companies to leave “backdoors” into their systems), so that the majority of encryption is inadvertently vulnerable to different forms of attack.[97][98]

Domestically, the NSA has been proven to collect and store metadata records of phone calls,[99] including over 120 million US Verizon subscribers,[100] as well as intercept vast amounts of communications via the internet (Upstream).[95] The government’s legal standing had been to rely on a secret interpretation of the Patriot Act whereby the entirety of US communications may be considered “relevant” to a terrorism investigation if it is expected that even a tiny minority may relate to terrorism.[101] The NSA also supplies foreign intercepts to the DEA, IRS and other law enforcement agencies, who use these to initiate criminal investigations. Federal agents are then instructed to “recreate” the investigative trail via parallel construction.[102]

The NSA also spies on influential Muslims to obtain information that could be used to discredit them, such as their use of pornography. The targets, both domestic and abroad, are not suspected of any crime but hold religious or political views deemed “radical” by the NSA.[103]

According to a report in The Washington Post in July 2014, relying on information provided by Snowden, 90% of those placed under surveillance in the U.S. are ordinary Americans, and are not the intended targets. The newspaper said it had examined documents including emails, text messages, and online accounts that support the claim.[104]

Despite White House claims that these programs have congressional oversight, many members of Congress were unaware of the existence of these NSA programs or the secret interpretation of the Patriot Act, and have consistently been denied access to basic information about them.[105] The United States Foreign Intelligence Surveillance Court, the secret court charged with regulating the NSA’s activities is, according to its chief judge, incapable of investigating or verifying how often the NSA breaks even its own secret rules.[106]It has since been reported that the NSA violated its own rules on data access thousands of times a year, many of these violations involving large-scale data interceptions.[107] NSA officers have even used data intercepts to spy on love interests;[108] “most of the NSA violations were self-reported, and each instance resulted in administrative action of termination.”[109]

The NSA has “generally disregarded the special rules for disseminating United States person information” by illegally sharing its intercepts with other law enforcement agencies.[110] A March 2009 FISA Court opinion, which the court released, states that protocols restricting data queries had been “so frequently and systemically violated that it can be fairly said that this critical element of the overall … regime has never functioned effectively.”[111][112] In 2011 the same court noted that the “volume and nature” of the NSA’s bulk foreign Internet intercepts was “fundamentally different from what the court had been led to believe”.[110] Email contact lists (including those of US citizens) are collected at numerous foreign locations to work around the illegality of doing so on US soil.[96]

Legal opinions on the NSA’s bulk collection program have differed. In mid-December 2013, U.S. District Judge Richard Leon ruled that the “almost-Orwellian” program likely violates the Constitution, and wrote, “I cannot imagine a more ‘indiscriminate’ and ‘arbitrary invasion’ than this systematic and high-tech collection and retention of personal data on virtually every single citizen for purposes of querying and analyzing it without prior judicial approval. Surely, such a program infringes on ‘that degree of privacy’ that the Founders enshrined in the Fourth Amendment. Indeed, I have little doubt that the author of our Constitution, James Madison, who cautioned us to beware ‘the abridgement of freedom of the people by gradual and silent encroachments by those in power,’ would be aghast.”[113]

Later that month, U.S. District Judge William Pauley ruled that the NSA’s collection of telephone records is legal and valuable in the fight against terrorism. In his opinion, he wrote, “a bulk telephony metadata collection program [is] a wide net that could find and isolate gossamer contacts among suspected terrorists in an ocean of seemingly disconnected data” and noted that a similar collection of data prior to 9/11 might have prevented the attack.[114]

At a March 2013 Senate Intelligence Committee hearing, Senator Ron Wyden asked Director of National Intelligence James Clapper, “does the NSA collect any type of data at all on millions or hundreds of millions of Americans?” Clapper replied “No, sir. … Not wittingly. There are cases where they could inadvertently perhaps collect, but not wittingly.”[115] This statement came under scrutiny months later, in June 2013, details of the PRISM surveillance program were published, showing that “the NSA apparently can gain access to the servers of nine Internet companies for a wide range of digital data.”[115] Wyden said that Clapper had failed to give a “straight answer” in his testimony. Clapper, in response to criticism, said, “I responded in what I thought was the most truthful, or least untruthful manner.” Clapper added, “There are honest differences on the semantics of what — when someone says collection to me, that has a specific meaning, which may have a different meaning to him.”[115]

NSA whistler-blower Edward Snowden additionally revealed the existence of XKeyscore, a top secret NSA program that allows the agency to search vast databases of “the metadata as well as the content of emails and other internet activity, such as browser history,” with capability to search by “name, telephone number, IP address, keywords, the language in which the internet activity was conducted or the type of browser used.”[116] XKeyscore “provides the technological capability, if not the legal authority, to target even US persons for extensive electronic surveillance without a warrant provided that some identifying information, such as their email or IP address, is known to the analyst.”[116]

Regarding the necessity of these NSA programs, Alexander stated on June 27 that the NSA’s bulk phone and Internet intercepts had been instrumental in preventing 54 terrorist “events”, including 13 in the US, and in all but one of these cases had provided the initial tip to “unravel the threat stream”.[117] On July 31 NSA Deputy Director John Inglis conceded to the Senate that these intercepts had not been vital in stopping any terrorist attacks, but were “close” to vital in identifying and convicting four San Diego men for sending US$8,930 to Al-Shabaab, a militia that conducts terrorism in Somalia.[118][119][120]

The U.S. government has aggressively sought to dismiss and challenge Fourth Amendment cases raised against it, and has granted retroactive immunity to ISPs and telecoms participating in domestic surveillance.[121][122]The U.S. military has acknowledged blocking access to parts of The Guardian website for thousands of defense personnel across the country,[123][124] and blocking the entire Guardian website for personnel stationed throughout Afghanistan, the Middle East, and South Asia.[125]

An October 2014 United Nations report condemned mass surveillance by the United States and other countries as violating multiple international treaties and conventions that guarantee core privacy rights.[126]

In 2015, the Wikimedia Foundation and several other plaintiffs filed suit against the NSA, Wikimedia Foundation v. NSA, for the violation of their user’s First and Fourth Amendment rights by the Agency’s mass surveillance programs like Upstream.[127] The suit was initially dismissed, but was later found to have plausible and legal standing to its complaints by the US Court of Appeals for the Fourth Circuit and was remanded. The case is currently awaiting further proceedings at the United States District Court for the District of Maryland.[128]

An exploit, EternalBlue, which is believed to have been created by the NSA, was used in the unprecedented worldwide WannaCry ransomware attack in May 2017. The exploit had been leaked online by a hacking group, The Shadow Brokers, nearly a month prior to the attack. A number of experts have pointed the finger at the NSA’s non-disclosure of the underlying vulnerability, and their loss of control over the EternalBlue attack tool that exploited it. Edward Snowden said that if the NSA had “privately disclosed the flaw used to attack hospitals when they found it, not when they lost it, [the attack] might not have happened”.[129] Wikipedia co-founder, Jimmy Wales, stated that he joined “with Microsoft and the other leaders of the industry in saying this is a huge screw-up by the government … the moment the NSA found it, they should have notified Microsoft so they could quietly issue a patch and really chivvy people along, long before it became a huge problem.”[130]

Operations by the National Security Agency can be divided in three types:

“Echelon” was created in the incubator of the Cold War.[131] Today it is a legacy system, and several NSA stations are closing.[132]

NSA/CSS, in combination with the equivalent agencies in the United Kingdom (Government Communications Headquarters), Canada (Communications Security Establishment), Australia (Defence Signals Directorate), and New Zealand (Government Communications Security Bureau), otherwise known as the UKUSA group,[133] was reported to be in command of the operation of the so-called ECHELON system. Its capabilities were suspected to include the ability to monitor a large proportion of the world’s transmitted civilian telephone, fax and data traffic.[134]

During the early 1970s, the first of what became more than eight large satellite communications dishes were installed at Menwith Hill.[135] Investigative journalist Duncan Campbell reported in 1988 on the “ECHELON” surveillance program, an extension of the UKUSA Agreement on global signals intelligence SIGINT, and detailed how the eavesdropping operations worked.[136] On November 3, 1999 the BBC reported that they had confirmation from the Australian Government of the existence of a powerful “global spying network” code-named Echelon, that could “eavesdrop on every single phone call, fax or e-mail, anywhere on the planet” with Britain and the United States as the chief protagonists. They confirmed that Menwith Hill was “linked directly to the headquarters of the US National Security Agency (NSA) at Fort Meade in Maryland”.[137]

NSA’s United States Signals Intelligence Directive 18 (USSID 18) strictly prohibited the interception or collection of information about “… U.S. persons, entities, corporations or organizations….” without explicit written legal permission from the United States Attorney General when the subject is located abroad, or the Foreign Intelligence Surveillance Court when within U.S. borders. Alleged Echelon-related activities, including its use for motives other than national security, including political and industrial espionage, received criticism from countries outside the UKUSA alliance.[138][139]

The NSA was also involved in planning to blackmail people with “SEXINT”, intelligence gained about a potential target’s sexual activity and preferences. Those targeted had not committed any apparent crime nor were they charged with one.[140]

In order to support its facial recognition program, the NSA is intercepting “millions of images per day”.[141]

The Real Time Regional Gateway is a data collection program introduced in 2005 in Iraq by NSA during the Iraq War that consisted of gathering all electronic communication, storing it, then searching and otherwise analyzing it. It was effective in providing information about Iraqi insurgents who had eluded less comprehensive techniques.[142] This “collect it all” strategy introduced by NSA director, Keith B. Alexander, is believed by Glenn Greenwald of The Guardian to be the model for the comprehensive worldwide mass archiving of communications which NSA is engaged in as of 2013.[143]

A dedicated unit of the NSA locates targets for the CIA for extrajudicial assassination in the Middle East.[144] The NSA has also spied extensively on the European Union, the United Nations and numerous governments including allies and trading partners in Europe, South America and Asia.[145][146]

In June 2015, WikiLeaks published documents showing that NSA spied on French companies.[147]

In July 2015, WikiLeaks published documents showing that NSA spied on federal German ministries since the 1990s.[148][149] Even Germany’s Chancellor Angela Merkel’s cellphones and phone of her predecessors had been intercepted.[150]

Edward Snowden revealed in June 2013 that between February 8 and March 8, 2013, the NSA collected about 124.8billion telephone data items and 97.1billion computer data items throughout the world, as was displayed in charts from an internal NSA tool codenamed Boundless Informant. Initially, it was reported that some of these data reflected eavesdropping on citizens in countries like Germany, Spain and France,[151] but later on, it became clear that those data were collected by European agencies during military missions abroad and were subsequently shared with NSA.

In 2013, reporters uncovered a secret memo that claims the NSA created and pushed for the adoption of the Dual EC DRBG encryption standard that contained built-in vulnerabilities in 2006 to the United States National Institute of Standards and Technology (NIST), and the International Organization for Standardization (aka ISO).[152][153] This memo appears to give credence to previous speculation by cryptographers at Microsoft Research.[154] Edward Snowden claims that the NSA often bypasses encryption altogether by lifting information before it is encrypted or after it is decrypted.[153]

XKeyscore rules (as specified in a file xkeyscorerules100.txt, sourced by German TV stations NDR and WDR, who claim to have excerpts from its source code) reveal that the NSA tracks users of privacy-enhancing software tools, including Tor; an anonymous email service provided by the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) in Cambridge, Massachusetts; and readers of the Linux Journal.[155][156]

Linus Torvalds, the founder of Linux kernel, joked during a LinuxCon keynote on September 18, 2013, that the NSA, who are the founder of SELinux, wanted a backdoor in the kernel.[157] However, later, Linus’ father, a Member of the European Parliament (MEP), revealed that the NSA actually did this.[158]

When my oldest son was asked the same question: “Has he been approached by the NSA about backdoors?” he said “No”, but at the same time he nodded. Then he was sort of in the legal free. He had given the right answer, everybody understood that the NSA had approached him.

IBM Notes was the first widely adopted software product to use public key cryptography for clientserver and serverserver authentication and for encryption of data. Until US laws regulating encryption were changed in 2000, IBM and Lotus were prohibited from exporting versions of Notes that supported symmetric encryption keys that were longer than 40 bits. In 1997, Lotus negotiated an agreement with the NSA that allowed export of a version that supported stronger keys with 64 bits, but 24 of the bits were encrypted with a special key and included in the message to provide a “workload reduction factor” for the NSA. This strengthened the protection for users of Notes outside the US against private-sector industrial espionage, but not against spying by the US government.[160][161]

While it is assumed that foreign transmissions terminating in the U.S. (such as a non-U.S. citizen accessing a U.S. website) subject non-U.S. citizens to NSA surveillance, recent research into boomerang routing has raised new concerns about the NSA’s ability to surveil the domestic Internet traffic of foreign countries.[18] Boomerang routing occurs when an Internet transmission that originates and terminates in a single country transits another. Research at the University of Toronto has suggested that approximately 25% of Canadian domestic traffic may be subject to NSA surveillance activities as a result of the boomerang routing of Canadian Internet service providers.[18]

Intercepted packages are opened carefully by NSA employees

A “load station” implanting a beacon

A document included in NSA files released with Glenn Greenwald’s book No Place to Hide details how the agency’s Tailored Access Operations (TAO) and other NSA units gain access to hardware. They intercept routers, servers and other network hardware being shipped to organizations targeted for surveillance and install covert implant firmware onto them before they are delivered. This was described by an NSA manager as “some of the most productive operations in TAO because they preposition access points into hard target networks around the world.”[162]

Computers seized by the NSA due to interdiction are often modified with a physical device known as Cottonmouth.[163] Cottonmouth is a device that can be inserted in the USB port of a computer in order to establish remote access to the targeted machine. According to NSA’s Tailored Access Operations (TAO) group implant catalog, after implanting Cottonmouth, the NSA can establish Bridging (networking) “that allows the NSA to load exploit software onto modified computers as well as allowing the NSA to relay commands and data between hardware and software implants.”[164]

NSA’s mission, as set forth in Executive Order 12333 in 1981, is to collect information that constitutes “foreign intelligence or counterintelligence” while not “acquiring information concerning the domestic activities of United States persons”. NSA has declared that it relies on the FBI to collect information on foreign intelligence activities within the borders of the United States, while confining its own activities within the United States to the embassies and missions of foreign nations.[165]The appearance of a ‘Domestic Surveillance Directorate’ of the NSA was soon exposed as a hoax in 2013.[166][167]

NSA’s domestic surveillance activities are limited by the requirements imposed by the Fourth Amendment to the U.S. Constitution. The Foreign Intelligence Surveillance Court for example held in October 2011, citing multiple Supreme Court precedents, that the Fourth Amendment prohibitions against unreasonable searches and seizures applies to the contents of all communications, whatever the means, because “a person’s private communications are akin to personal papers.”[168] However, these protections do not apply to non-U.S. persons located outside of U.S. borders, so the NSA’s foreign surveillance efforts are subject to far fewer limitations under U.S. law.[169] The specific requirements for domestic surveillance operations are contained in the Foreign Intelligence Surveillance Act of 1978 (FISA), which does not extend protection to non-U.S. citizens located outside of U.S. territory.[169]

George W. Bush, president during the 9/11 terrorist attacks, approved the Patriot Act shortly after the attacks to take anti-terrorist security measures. Title 1, 2, and 9 specifically authorized measures that would be taken by the NSA. These titles granted enhanced domestic security against terrorism, surveillance procedures, and improved intelligence, respectively. On March 10, 2004, there was a debate between President Bush and White House Counsel Alberto Gonzales, Attorney General John Ashcroft, and Acting Attorney General James Comey. The Attorneys General were unsure if the NSA’s programs could be considered constitutional. They threatened to resign over the matter, but ultimately the NSA’s programs continued.[170] On March 11, 2004, President Bush signed a new authorization for mass surveillance of Internet records, in addition to the surveillance of phone records. This allowed the president to be able to override laws such as the Foreign Intelligence Surveillance Act, which protected civilians from mass surveillance. In addition to this, President Bush also signed that the measures of mass surveillance were also retroactively in place.[171]

Under the PRISM program, which started in 2007,[172][173] NSA gathers Internet communications from foreign targets from nine major U.S. Internet-based communication service providers: Microsoft,[174] Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube and Apple. Data gathered include email, video and voice chat, videos, photos, VoIP chats such as Skype, and file transfers.

Former NSA director General Keith Alexander claimed that in September 2009 the NSA prevented Najibullah Zazi and his friends from carrying out a terrorist attack.[175] However, this claim has been debunked and no evidence has been presented demonstrating that the NSA has ever been instrumental in preventing a terrorist attack.[176][177][178][179]

Besides the more traditional ways of eavesdropping in order to collect signals intelligence, NSA is also engaged in hacking computers, smartphones and their networks. These operations are conducted by the Tailored Access Operations (TAO) division, which has been active since at least circa 1998.[180]

According to the Foreign Policy magazine, “… the Office of Tailored Access Operations, or TAO, has successfully penetrated Chinese computer and telecommunications systems for almost 15 years, generating some of the best and most reliable intelligence information about what is going on inside the People’s Republic of China.”[181][182]

In an interview with Wired magazine, Edward Snowden said the Tailored Access Operations division accidentally caused Syria’s internet blackout in 2012.[183]

The NSA is led by the Director of the National Security Agency (DIRNSA), who also serves as Chief of the Central Security Service (CHCSS) and Commander of the United States Cyber Command (USCYBERCOM) and is the highest-ranking military official of these organizations. He is assisted by a Deputy Director, who is the highest-ranking civilian within the NSA/CSS.

NSA also has an Inspector General, head of the Office of the Inspector General (OIG), a General Counsel, head of the Office of the General Counsel (OGC) and a Director of Compliance, who is head of the Office of the Director of Compliance (ODOC).[184]

Unlike other intelligence organizations such as CIA or DIA, NSA has always been particularly reticent concerning its internal organizational structure.

Read more:

National Security Agency – Wikipedia

Posted in NSA

NSA | Define NSA at AcronymFinder

NSANational Security Agency (US government)NSANational Speakers AssociationNSANo Strings AttachedNSANaval Support ActivityNSANaczelny Sad Administracyjny (Polish: Supreme Administrative Court)NSANetwork Security Appliance (Sonicwall)NSANotary Signing AgentNSANational Security AdvisorNSANot Seasonally AdjustedNSANational Security ArchiveNSANational Security ActNSANon-Standard Auto (insurance)NSANational Society of AccountantsNSANational Sheriffs’ Association (Alexandria, VA, USA)NSANetwork Systems Administrator (various organizations)NSANational Security AffairsNSANational Snow Analyses (US NOAA)NSANational Sports Academy (various locations)NSANetwork Security AdministratorNSANetwork Storage Appliance (computing)NSANo Sugar AddedNSANational Space AgencyNSANational Stuttering AssociationNSANational Supervisory Authority (EU)NSANational Stroke AssociationNSANetwork Spinal AnalysisNSANational Spiritual Assembly (Institution of the Baha’i Faith)NSANational Survey of AdolescentsNSANorwegian Shipowners AssociationNSANorth Slope of AlaskaNSANational Sheep Association (Malvern, Worcestershire, UK)NSANew Small Airplane (Boeing)NSANational Safety AssociatesNSANational Scrabble AssociationNSANon-State Actor (international relations)NSANippon Surfing Association (Japan)NSANational Student AssociationNSANorth Star AcademyNSANeed Special AssistanceNSANational Smokejumper AssociationNSANew Saint Andrews College (Moscow, Idaho)NSANational Sunflower AssociationNSANetwork Security AgreementNSANew Student Ambassadors (various schools)NSANational Stone Association (Washington, DC)NSANative Speakers of ArabicNSANational Stereoscopic AssociationNSANegative Security AssurancesNSANational Steeplechase AssociationNSANational Sound ArchiveNSANational Security AreaNSANATO Standardization AgencyNSANational Smokers AllianceNSANebraska Statewide ArboretumNSANon Standard Ammunition (munitions)NSANational Statistical Authorities (EU)NSANordic Securities Association (est. 2008)NSANegotiated Service Agreement (US postal service)NSANational Security Agents (gaming clan)NSANo Secrets AssociationNSANon-Standard AnalysisNSANew Settlement Apartments (New York, NY)NSANeil Stewart Associates (UK)NSANational Seniors Australia (est. 1976)NSANuclear Science AbstractsNSANormalized Site AttenuationNSANashville School of the Arts (Tennessee)NSANational Storytelling AssociationNSANatural Systems AgricultureNSANetwork Simplex AlgorithmNSANational Slag Association (Alexandria, VA)NSANon-Self-AlignedNSANorthern Study AreaNSANavy Support ActivityNSANational Skateboard AssociationNSANoise Sensitive AreaNSANikkei Stock AverageNSANational Shipping AuthorityNSANational School of Administration (China)NSANon-surgical Sperm AspirationNSANunavut Settlement AreaNSANew Statistical Account (Reports on the conditions of Scotland, with reports on each parish, in the 1830s)NSANouvelle Substance Active (French: New Active Substance; Canada)NSANational Supers Agency (fictional from the movie The Incredibles)NSANational Safety AssociationNSANational Security Anarchists (hacker group)NSANational Sprint Association (UK)NSANatuurwetenschappelijke Studievereniging Amsterdam (University of Amsterdam Physics Department student organization)NSANebraska Soybean AssociationNSANational Scrapbooking AssociationNSANaperville Soccer AssociationNSANippon Software Industry Association (Japan)NSANo Smoking AreaNSANetwork Supported Account (Cisco)NSANever Standing AloneNSANippon Steel AustraliaNSANational Softball Association, Inc.NSANorcross Soccer Association (Georgia)NSANaval Supervising ActivityNSANational Singles Association (Atlanta, Georgia)NSANavy Stock AccountNSANight Stalker AssociationNSANational Success AssociationNSANational Shuffleboard AssociationNSANational Software AllianceNSANo Significant Abnormalities (disease assessment)NSANorthern Slope of AlaskaNSANational Service Alliance, LLCNSANon Semi Auto (concealed handgun license; Texas)NSANon Standard Area (of a database)NSANantucket Shellfish Association (Nantucket, MA)NSANational Scout AssociationNSANational Standard ApplicationNSANarrow-Slot ApproximationNSANational Sentinel AuditNSANet Sales AreaNSANode Switching AssemblyNSANikkei Student AssociationNSANetwork Search AlgorithmNSANuclear Support AgencyNSANaval Systems AnalysisNSANet Sellable Area (real estate)NSANational Sex AuthorityNSANetwork South Australia (Adelaide, Australia)NSANeutron Source AssemblyNSANichiren Shosu of AmericaNSANippon Supporters Association (Japan)NSANorwegian Security ActNSANet Server AssistantNSANabelschnurarterie (German: Umbilical Cord Artery)NSANarrow Slot ApertureNSANikkei Siam Aluminium Limited (Pathumtani, Thailand)

More:

NSA | Define NSA at AcronymFinder

Posted in NSA

Urban Dictionary: NSA

Everything I say and do on my laptop, on the internet and worse, in what used to be the comfort, safety and privacy of my own home, is NSA.

Now my whole life and everything I once considered personal and private including: what I look like when I wake up; when I sleep; how I look naked; how often I fart; my whole life story; what I say to a confidant like my mother is all NSA since those guys loaded spyware on my laptop, ironically one of whom repeatedly told me I couldn’t keep a secret.

Antonyms: be faithful, be loyal, defend, protect, support

Go here to read the rest:

Urban Dictionary: NSA

Posted in NSA

NSA Spying | Electronic Frontier Foundation

The US government, with assistance from major telecommunications carriers including AT&T, has engaged in massive, illegal dragnet surveillance of the domestic communications and communications records of millions of ordinary Americans since at least 2001. Since this was first reported on by the press and discovered by the public in late 2005, EFF has been at the forefront of the effort to stop it and bring government surveillance programs back within the law and the Constitution.

History of NSA Spying Information since 2005 (See EFFs full timeline of events here)

News reports in December 2005 first revealed that the National Security Agency (NSA) has been intercepting Americans phone calls and Internet communications. Those news reports, combined with a USA Today story in May 2006 and the statements of several members of Congress, revealed that the NSA is also receiving wholesale copies of American’s telephone and other communications records. All of these surveillance activities are in violation of the privacy safeguards established by Congress and the US Constitution.

In early 2006, EFF obtained whistleblower evidence (.pdf) from former AT&T technician Mark Klein showing that AT&T is cooperating with the illegal surveillance. The undisputed documents show that AT&T installed a fiberoptic splitter at its facility at 611 Folsom Street in San Francisco that makes copies of all emails web browsing and other Internet traffic to and from AT&T customers and provides those copies to the NSA. This copying includes both domestic and international Internet activities of AT&T customers. As one expert observed, this isnt a wiretap, its a country-tap.

Secret government documents, published by the media in 2013, confirm the NSA obtains full copies of everything that is carried along major domestic fiber optic cable networks. In June 2013, the media, led by the Guardian and Washington Post started publishing a series of articles, along with full government documents, that have confirmed much of what was reported in 2005 and 2006 and then some. The reports showed-and the government later admittedthat the government is mass collecting phone metadata of all US customers under the guise of the Patriot Act. Moreover, the media reports confirm that the government is collecting and analyzing the content of communications of foreigners talking to persons inside the United States, as well as collecting much more, without a probable cause warrant. Finally, the media reports confirm the upstream collection off of the fiberoptic cables that Mr. Klein first revealed in 2006. (See EFFs How It Works page here for more)

EFF Fights Back in the Courts

EFF is fighting these illegal activities in the courts. Currently, EFF is representing victims of the illegal surveillance program in Jewel v. NSA,a lawsuit filed in September 2008 seeking to stop the warrantless wiretapping and hold the government and government officials behind the program accountable. In July 2013, a federal judge ruled that the government could not rely on the controversial “state secrets” privilege to block our challenge to the constitutionality of the program. On February 10, 2015, however, the court granted summary judgment to the government on the Plaintiffs allegations of Fourth Amendment violations based on the NSAs copying of Internet traffic from the Internet backbone. The court ruled that the publicly available information did not paint a complete picture of how the NSA collects Internet traffic, so the court could not rule on the program without looking at information that could constitute state secrets. The court did not rule that the NSAs activities are legal, nor did it rule on the other claims in Jewel, and the case will go forward on those claims.This case is being heard in conjunction with Shubert v. Obama, which raises similar claims.

In July, 2013, EFF filed another lawsuit, First Unitarian v. NSA, based on the recently published FISA court order demanding Verizon turn over all customer phone records including who is talking to whom, when and for how longto the NSA. This so-called metadata, especially when collected in bulk and aggregated, allows the government to track the associations of various political and religious organizations. The Director of National Intelligence has since confirmed that the collection of Verizon call records is part of a broader program.

In addition to making the same arguments we made in Jewel, we argue in First Unitarian that this type of collection violates the First Amendment right to association. Previously, in Hepting v. AT&T,EFF filed the first case against a cooperating telecom for violating its customers’ privacy. After Congress expressly intervened and passed the FISA Amendments Act to allow the Executive to require dismissal of the case,Hepting was ultimately dismissed by the US Supreme Court.

In September of 2014, EFF, along with the American Civil Liberties Union (ACLU) and the American Civil Liberties Union of Idaho, joined the legal team for Anna Smith, an Idaho emergency neonatal nurse, in her challenge of the government’s bulk collection of the telephone records of millions of innocent Americans. In Smith v. Obama, we are arguing the program violated her Fourth Amendment rights by collecting a wealth of detail about her familial, political, professional, religious and intimate associations. In particular, we focus on challenging the applicability of the so-called third party doctrine, the idea that people have no expectation of privacy in information they entrust to others.

First Unitarian v. NSA: EFFs case challenging the NSAs phone metadata surveillance

Jewel v. NSA: EFFs case challenging the NSAs dragnet surveillance

Hepting v. AT&T: EFFs case that challenged AT&Ts complicity in illegal NSA spying

Smith v. Obama: EFF’s appeal with the ACLU of an Idaho nurse’s challenge to the NSA’s phone metadata surveillance.

Read more here:

NSA Spying | Electronic Frontier Foundation

Posted in NSA

What Does "NSA" Mean on Dating Sites? (The #1 Definition)

Youll often come across some confusing acronyms when youre online dating, and one of the most common ones is NSA, which just means no strings attached. People who are looking for no strings attached want a casual sexual encounter without any sort of commitment. Here are some more details about NSA and sites you can use to find people for it.

A no-strings-attached situation, which can be found on sites like BeNaughty or Zoosk, is when two people want to hook up, either once or on a regular basis, without the strings of commitment tying them down. Think Ashton Kutcher and Natalie Portman in the aptly named No Strings Attached.

When youre in an NSA relationship, you usually try to limit your interactions with the other person to just sex, depending on what you two agree on at the beginning. Youre also free to date and sleep with other people just make sure everyone practices safe sex and is honest about what they truly want.

BeNaughty and Zoosk are our experts top 2 choices if youre looking for an NSA relationship. Heres a little bit more about each:

The most popular hookup site on the web, BeNaughty puts it all out there so people can be open about their desires without feeling ashamed. BeNaughty alsohas a free account that lets you create a profile and search through millions of singles ASAP.

Zooskis another good dating site if you want something casual. Its modern and has more than 35 million members, most of them being millennials. You can also try Zoosk for free to see if it meets your needs.

Knowing common online dating phrases is helpful in getting what you want faster, whether its an NSA relationship or something more serious. And there are some awesome sites out there, like BeNaughty, that make it easy for you. Good luck!

View post:

What Does "NSA" Mean on Dating Sites? (The #1 Definition)

Posted in NSA

National Speakers Association (NSA) | Where professional …

NSA provides professional speakers with the comprehensive resources, mentoring and professional connections they need to become more efficient and more effective in all aspects of their trade. Our 3,400+ members reach audiences as thought leaders, authors, consultants, coaches, trainers, educators, humorists, and motivators. Anyone who uses the spoken word to impact listeners can benefit from NSA membership.

Here is the original post:

National Speakers Association (NSA) | Where professional …

Posted in NSA

National Security Agency – Wikipedia

The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence. The NSA is responsible for global monitoring, collection, and processing of information and data for foreign intelligence and counterintelligence purposes, specializing in a discipline known as signals intelligence (SIGINT). The NSA is also tasked with the protection of U.S. communications networks and information systems.[8][9] The NSA relies on a variety of measures to accomplish its mission, the majority of which are clandestine.[10]

Seal of the National Security Agency

Flag of the National Security Agency

Originating as a unit to decipher coded communications in World War II, it was officially formed as the NSA by President Harry S. Truman in 1952. Since then, it has become the largest of the U.S. intelligence organizations in terms of personnel and budget.[6][11] The NSA currently conducts worldwide mass data collection and has been known to physically bug electronic systems as one method to this end.[12] The NSA has also been alleged to have been behind such attack software as Stuxnet, which severely damaged Iran’s nuclear program.[13][14] The NSA, alongside the Central Intelligence Agency (CIA), maintains a physical presence in many countries across the globe; the CIA/NSA joint Special Collection Service (a highly classified intelligence team) inserts eavesdropping devices in high value targets (such as Presidential palaces or embassies). SCS collection tactics allegedly encompass “close surveillance, burglary, wiretapping, [and] breaking and entering”.[15][16]

Unlike the CIA and the Defense Intelligence Agency (DIA), both of which specialize primarily in foreign human espionage, the NSA does not publicly conduct human-source intelligence gathering. The NSA is entrusted with providing assistance to, and the coordination of, SIGINT elements for other government organizations – which are prevented by law from engaging in such activities on their own.[17] As part of these responsibilities, the agency has a co-located organization called the Central Security Service (CSS), which facilitates cooperation between the NSA and other U.S. defense cryptanalysis components. To further ensure streamlined communication between the signals intelligence community divisions, the NSA Director simultaneously serves as the Commander of the United States Cyber Command and as Chief of the Central Security Service.

The NSA’s actions have been a matter of political controversy on several occasions, including its spying on anti-Vietnam-war leaders and the agency’s participation in economic espionage. In 2013, the NSA had many of its secret surveillance programs revealed to the public by Edward Snowden, a former NSA contractor. According to the leaked documents, the NSA intercepts and stores the communications of over a billion people worldwide, including United States citizens. The documents also revealed the NSA tracks hundreds of millions of people’s movements using cellphones metadata. Internationally, research has pointed to the NSA’s ability to surveil the domestic Internet traffic of foreign countries through “boomerang routing”.[18]

Contents

The origins of the National Security Agency can be traced back to April 28, 1917, three weeks after the U.S. Congress declared war on Germany in World War I. A code and cipher decryption unit was established as the Cable and Telegraph Section which was also known as the Cipher Bureau.[19] It was headquartered in Washington, D.C. and was part of the war effort under the executive branch without direct Congressional authorization. During the course of the war it was relocated in the army’s organizational chart several times. On July 5, 1917, Herbert O. Yardley was assigned to head the unit. At that point, the unit consisted of Yardley and two civilian clerks. It absorbed the navy’s Cryptanalysis functions in July 1918. World War I ended on November 11, 1918, and the army cryptographic section of Military Intelligence (MI-8) moved to New York City on May 20, 1919, where it continued intelligence activities as the Code Compilation Company under the direction of Yardley.[20][21]

After the disbandment of the U.S. Army cryptographic section of military intelligence, known as MI-8, in 1919, the U.S. government created the Cipher Bureau, also known as Black Chamber. The Black Chamber was the United States’ first peacetime cryptanalytic organization.[22] Jointly funded by the Army and the State Department, the Cipher Bureau was disguised as a New York City commercial code company; it actually produced and sold such codes for business use. Its true mission, however, was to break the communications (chiefly diplomatic) of other nations. Its most notable known success was at the Washington Naval Conference, during which it aided American negotiators considerably by providing them with the decrypted traffic of many of the conference delegations, most notably the Japanese. The Black Chamber successfully persuaded Western Union, the largest U.S. telegram company at the time, as well as several other communications companies to illegally give the Black Chamber access to cable traffic of foreign embassies and consulates.[23] Soon, these companies publicly discontinued their collaboration.

Despite the Chamber’s initial successes, it was shut down in 1929 by U.S. Secretary of State Henry L. Stimson, who defended his decision by stating, “Gentlemen do not read each other’s mail”.[24]

During World War II, the Signal Intelligence Service (SIS) was created to intercept and decipher the communications of the Axis powers.[25] When the war ended, the SIS was reorganized as the Army Security Agency (ASA), and it was placed under the leadership of the Director of Military Intelligence.[25]

On May 20, 1949, all cryptologic activities were centralized under a national organization called the Armed Forces Security Agency (AFSA).[25] This organization was originally established within the U.S. Department of Defense under the command of the Joint Chiefs of Staff.[26] The AFSA was tasked to direct Department of Defense communications and electronic intelligence activities, except those of U.S. military intelligence units.[26] However, the AFSA was unable to centralize communications intelligence and failed to coordinate with civilian agencies that shared its interests such as the Department of State, Central Intelligence Agency (CIA) and the Federal Bureau of Investigation (FBI).[26] In December 1951, President Harry S. Truman ordered a panel to investigate how AFSA had failed to achieve its goals. The results of the investigation led to improvements and its redesignation as the National Security Agency.[27]

The agency was formally established by Truman in a memorandum of October 24, 1952, that revised National Security Council Intelligence Directive (NSCID) 9.[28] Since President Truman’s memo was a classified document,[28] the existence of the NSA was not known to the public at that time. Due to its ultra-secrecy the U.S. intelligence community referred to the NSA as “No Such Agency”.[29]

In the 1960s, the NSA played a key role in expanding U.S. commitment to the Vietnam War by providing evidence of a North Vietnamese attack on the American destroyer USSMaddox during the Gulf of Tonkin incident.[30]

A secret operation, code-named “MINARET”, was set up by the NSA to monitor the phone communications of Senators Frank Church and Howard Baker, as well as major civil rights leaders, including Martin Luther King, Jr., and prominent U.S. journalists and athletes who criticized the Vietnam War.[31] However, the project turned out to be controversial, and an internal review by the NSA concluded that its Minaret program was “disreputable if not outright illegal”.[31]

The NSA mounted a major effort to secure tactical communications among U.S. forces during the war with mixed success. The NESTOR family of compatible secure voice systems it developed was widely deployed during the Vietnam War, with about 30,000 NESTOR sets produced. However a variety of technical and operational problems limited their use, allowing the North Vietnamese to exploit and intercept U.S. communications.[32]:Vol I, p.79

In the aftermath of the Watergate scandal, a congressional hearing in 1975 led by Sen. Frank Church[33] revealed that the NSA, in collaboration with Britain’s SIGINT intelligence agency Government Communications Headquarters (GCHQ), had routinely intercepted the international communications of prominent anti-Vietnam war leaders such as Jane Fonda and Dr. Benjamin Spock.[34] The Agency tracked these individuals in a secret filing system that was destroyed in 1974.[35]Following the resignation of President Richard Nixon, there were several investigations of suspected misuse of FBI, CIA and NSA facilities.[36] Senator Frank Church uncovered previously unknown activity,[36] such as a CIA plot (ordered by the administration of President John F. Kennedy) to assassinate Fidel Castro.[37] The investigation also uncovered NSA’s wiretaps on targeted U.S. citizens.[38]

After the Church Committee hearings, the Foreign Intelligence Surveillance Act of 1978 was passed into law. This was designed to limit the practice of mass surveillance in the United States.[36]

In 1986, the NSA intercepted the communications of the Libyan government during the immediate aftermath of the Berlin discotheque bombing. The White House asserted that the NSA interception had provided “irrefutable” evidence that Libya was behind the bombing, which U.S. President Ronald Reagan cited as a justification for the 1986 United States bombing of Libya.[39][40]

In 1999, a multi-year investigation by the European Parliament highlighted the NSA’s role in economic espionage in a report entitled ‘Development of Surveillance Technology and Risk of Abuse of Economic Information’.[41] That year, the NSA founded the NSA Hall of Honor, a memorial at the National Cryptologic Museum in Fort Meade, Maryland.[42] The memorial is a, “tribute to the pioneers and heroes who have made significant and long-lasting contributions to American cryptology”.[42] NSA employees must be retired for more than fifteen years to qualify for the memorial.[42]

NSA’s infrastructure deteriorated in the 1990s as defense budget cuts resulted in maintenance deferrals. On January 24, 2000, NSA headquarters suffered a total network outage for three days caused by an overloaded network. Incoming traffic was successfully stored on agency servers, but it could not be directed and processed. The agency carried out emergency repairs at a cost of $3 million to get the system running again. (Some incoming traffic was also directed instead to Britain’s GCHQ for the time being.) Director Michael Hayden called the outage a “wake-up call” for the need to invest in the agency’s infrastructure.[43]

In the 1990s the defensive arm of the NSA the Information Assurance Directorate (IAD) started working more openly; the first public technical talk by an NSA scientist at a major cryptography conference was J. Solinas’ presentation onefficient Elliptic Curve Cryptography algorithms at Crypto 1997.[44] The IAD’s cooperative approach to academia and industry culminated in its support for a transparent process for replacing the outdated Data Encryption Standard (DES) by an Advanced Encryption Standard (AES). Cybersecurity policy expert Susan Landau attributes the NSA’s harmonious collaboration with industry and academia in the selection of the AES in 2000 and the Agency’s support for the choice of a strong encryption algorithm designed by Europeans rather than by Americans to Brian Snow, who was the Technical Director of IAD and represented the NSA as cochairman of the Technical Working Group for the AES competition, and Michael Jacobs, who headed IAD at the time.[45]:75

After the terrorist attacks of 11 September 2001, the NSA believed that it had public support for a dramatic expansion of its surveillance activities.[46] According to Neal Koblitz and Alfred Menezes, the period when the NSA was a trusted partner with academia and industry in the development of cryptographic standards started to come to an end when, as part of the change in the NSA in the post-September 11 era, Snow was replaced as Technical Director, Jacobs retired, and IAD could no longer effectively oppose proposed actions by the offensive arm of the NSA.[47]

In the aftermath of the September 11 attacks, the NSA created new IT systems to deal with the flood of information from new technologies like the Internet and cellphones. ThinThread contained advanced data mining capabilities. It also had a “privacy mechanism”; surveillance was stored encrypted; decryption required a warrant. The research done under this program may have contributed to the technology used in later systems. ThinThread was cancelled when Michael Hayden chose Trailblazer, which did not include ThinThread’s privacy system.[48]

Trailblazer Project ramped up in 2002 and was worked on by Science Applications International Corporation (SAIC), Boeing, Computer Sciences Corporation, IBM, and Litton Industries. Some NSA whistleblowers complained internally about major problems surrounding Trailblazer. This led to investigations by Congress and the NSA and DoD Inspectors General. The project was cancelled in early 2004.

Turbulence started in 2005. It was developed in small, inexpensive “test” pieces, rather than one grand plan like Trailblazer. It also included offensive cyber-warfare capabilities, like injecting malware into remote computers. Congress criticized Turbulence in 2007 for having similar bureaucratic problems as Trailblazer.[49] It was to be a realization of information processing at higher speeds in cyberspace.[50]

The massive extent of the NSA’s spying, both foreign and domestic, was revealed to the public in a series of detailed disclosures of internal NSA documents beginning in June 2013. Most of the disclosures were leaked by former NSA contractor, Edward Snowden.

NSA’s eavesdropping mission includes radio broadcasting, both from various organizations and individuals, the Internet, telephone calls, and other intercepted forms of communication. Its secure communications mission includes military, diplomatic, and all other sensitive, confidential or secret government communications.[51]

According to a 2010 article in The Washington Post, “[e]very day, collection systems at the National Security Agency intercept and store 1.7billion e-mails, phone calls and other types of communications. The NSA sorts a fraction of those into 70 separate databases.”[52]

Because of its listening task, NSA/CSS has been heavily involved in cryptanalytic research, continuing the work of predecessor agencies which had broken many World War II codes and ciphers (see, for instance, Purple, Venona project, and JN-25).

In 2004, NSA Central Security Service and the National Cyber Security Division of the Department of Homeland Security (DHS) agreed to expand NSA Centers of Academic Excellence in Information Assurance Education Program.[53]

As part of the National Security Presidential Directive 54/Homeland Security Presidential Directive 23 (NSPD 54), signed on January 8, 2008, by President Bush, the NSA became the lead agency to monitor and protect all of the federal government’s computer networks from cyber-terrorism.[9]

In the United States, at least since 2001,[54] there has been legal controversy over what signal intelligence can be used for and how much freedom the National Security Agency has to use signal intelligence.[55] The government has made, in 2015, slight changes in how it uses and collects certain types of data,[56] specifically phone records.

On December 16, 2005, The New York Times reported that, under White House pressure and with an executive order from President George W. Bush, the National Security Agency, in an attempt to thwart terrorism, had been tapping phone calls made to persons outside the country, without obtaining warrants from the United States Foreign Intelligence Surveillance Court, a secret court created for that purpose under the Foreign Intelligence Surveillance Act (FISA).[57]

One such surveillance program, authorized by the U.S. Signals Intelligence Directive 18 of President George Bush, was the Highlander Project undertaken for the National Security Agency by the U.S. Army 513th Military Intelligence Brigade. NSA relayed telephone (including cell phone) conversations obtained from ground, airborne, and satellite monitoring stations to various U.S. Army Signal Intelligence Officers, including the 201st Military Intelligence Battalion. Conversations of citizens of the U.S. were intercepted, along with those of other nations.[58]

Proponents of the surveillance program claim that the President has executive authority to order such action, arguing that laws such as FISA are overridden by the President’s Constitutional powers. In addition, some argued that FISA was implicitly overridden by a subsequent statute, the Authorization for Use of Military Force, although the Supreme Court’s ruling in Hamdan v. Rumsfeld deprecates this view. In the August 2006 case ACLU v. NSA, U.S. District Court Judge Anna Diggs Taylor concluded that NSA’s warrantless surveillance program was both illegal and unconstitutional. On July 6, 2007, the 6th Circuit Court of Appeals vacated the decision on the grounds that the ACLU lacked standing to bring the suit.[59]

On January 17, 2006, the Center for Constitutional Rights filed a lawsuit, CCR v. Bush, against the George W. Bush Presidency. The lawsuit challenged the National Security Agency’s (NSA’s) surveillance of people within the U.S., including the interception of CCR emails without securing a warrant first.[60][61]

In September 2008, the Electronic Frontier Foundation (EFF) filed a class action lawsuit against the NSA and several high-ranking officials of the Bush administration,[62] charging an “illegal and unconstitutional program of dragnet communications surveillance,”[63] based on documentation provided by former AT&T technician Mark Klein.[64]

As a result of the USA Freedom Act passed by Congress in June 2015, the NSA had to shut down its bulk phone surveillance program on November 29 of the same year. The USA Freedom Act forbids the NSA to collect metadata and content of phone calls unless it has a warrant for terrorism investigation. In that case the agency has to ask the telecom companies for the record, which will only be kept for six months.

In May 2008, Mark Klein, a former AT&T employee, alleged that his company had cooperated with NSA in installing Narus hardware to replace the FBI Carnivore program, to monitor network communications including traffic between U.S. citizens.[65]

NSA was reported in 2008 to use its computing capability to analyze “transactional” data that it regularly acquires from other government agencies, which gather it under their own jurisdictional authorities. As part of this effort, NSA now monitors huge volumes of records of domestic email data, web addresses from Internet searches, bank transfers, credit-card transactions, travel records, and telephone data, according to current and former intelligence officials interviewed by The Wall Street Journal. The sender, recipient, and subject line of emails can be included, but the content of the messages or of phone calls are not.[66]

A 2013 advisory group for the Obama administration, seeking to reform NSA spying programs following the revelations of documents released by Edward J. Snowden.[67] mentioned in ‘Recommendation 30’ on page 37, “…that the National Security Council staff should manage an interagency process to review on a regular basis the activities of the US Government regarding attacks that exploit a previously unknown vulnerability in a computer application.” Retired cyber security expert Richard A. Clarke was a group member and stated on April 11 that NSA had no advance knowledge of Heartbleed.[68]

In August 2013 it was revealed that a 2005 IRS training document showed that NSA intelligence intercepts and wiretaps, both foreign and domestic, were being supplied to the Drug Enforcement Administration (DEA) and Internal Revenue Service (IRS) and were illegally used to launch criminal investigations of US citizens. Law enforcement agents were directed to conceal how the investigations began and recreate an apparently legal investigative trail by re-obtaining the same evidence by other means.[69][70]

In the months leading to April 2009, the NSA intercepted the communications of U.S. citizens, including a Congressman, although the Justice Department believed that the interception was unintentional. The Justice Department then took action to correct the issues and bring the program into compliance with existing laws.[71] United States Attorney General Eric Holder resumed the program according to his understanding of the Foreign Intelligence Surveillance Act amendment of 2008, without explaining what had occurred.[72]

Polls conducted in June 2013 found divided results among Americans regarding NSA’s secret data collection.[73] Rasmussen Reports found that 59% of Americans disapprove,[74] Gallup found that 53% disapprove,[75] and Pew found that 56% are in favor of NSA data collection.[76]

On April 25, 2013, the NSA obtained a court order requiring Verizon’s Business Network Services to provide metadata on all calls in its system to the NSA “on an ongoing daily basis” for a three-month period, as reported by The Guardian on June 6, 2013. This information includes “the numbers of both parties on a call… location data, call duration, unique identifiers, and the time and duration of all calls” but not “[t]he contents of the conversation itself”. The order relies on the so-called “business records” provision of the Patriot Act.[77][78]

In August 2013, following the Snowden leaks, new details about the NSA’s data mining activity were revealed. Reportedly, the majority of emails into or out of the United States are captured at “selected communications links” and automatically analyzed for keywords or other “selectors”. Emails that do not match are deleted.[79]

The utility of such a massive metadata collection in preventing terrorist attacks is disputed. Many studies reveal the dragnet like system to be ineffective. One such report, released by the New America Foundation concluded that after an analysis of 225 terrorism cases, the NSA “had no discernible impact on preventing acts of terrorism.”[80]

Defenders of the program said that while metadata alone can’t provide all the information necessary to prevent an attack, it assures the ability to “connect the dots”[81] between suspect foreign numbers and domestic numbers with a speed only the NSA’s software is capable of. One benefit of this is quickly being able to determine the difference between suspicious activity and real threats.[citation needed] As an example, NSA director General Keith B. Alexander mentioned at the annual Cybersecurity Summit in 2013, that metadata analysis of domestic phone call records after the Boston Marathon bombing helped determine that rumors of a follow-up attack in New York were baseless.[81]

In addition to doubts about its effectiveness, many people argue that the collection of metadata is an unconstitutional invasion of privacy. As of 2015[update], the collection process remains legal and grounded in the ruling from Smith v. Maryland (1979). A prominent opponent of the data collection and its legality is U.S. District Judge Richard J. Leon, who issued a report in 2013[82] in which he stated:”I cannot imagine a more ‘indiscriminate’ and ‘arbitrary invasion’ than this systematic and high tech collection and retention of personal data on virtually every single citizen for purposes of querying and analyzing it without prior judicial approval…Surely, such a program infringes on ‘that degree of privacy’ that the founders enshrined in the Fourth Amendment”.

As of May 7, 2015, the U.S. Court of Appeals for the Second Circuit ruled that the interpretation of Section 215 of the Patriot Act was wrong and that the NSA program that has been collecting Americans’ phone records in bulk is illegal.[83] It stated that Section 215 cannot be clearly interpreted to allow government to collect national phone data and, as a result, expired on June 1, 2015. This ruling “is the first time a higher-level court in the regular judicial system has reviewed the N.S.A. phone records program.”[84] The replacement law known as the USA Freedom Act, which will enable the NSA to continue to have bulk access to citizens’ metadata but with the stipulation that the data will now be stored by the companies themselves.[84] This change will not have any effect on other Agency procedures – outside of metadata collection – which have purportedly challenged Americans’ Fourth Amendment rights;,[85] including Upstream collection, a mass of techniques used by the Agency to collect and store American’s data/communications directly from the Internet backbone.[86]

Under the Upstream program, the NSA paid telecommunications companies between 9 and 95 million dollars in order to collect data from them.[87] While companies such as Google and Yahoo! claim that they do not provide “direct access” from their servers to the NSA unless under a court order,[88] the NSA had access to emails, phone calls and cellular data users.[89] Under this new ruling, telecommunications companies maintain bulk user metadata on their servers for at least 18 months, to be provided upon request to the NSA.[84] This ruling made the mass storage of specific phone records at NSA datacenters illegal, but it did not rule on Section 215’s constitutionality.[84]

In a declassified document it was revealed that 17,835 phone lines were on an improperly permitted “alert list” from 2006 to 2009 in breach of compliance, which tagged these phone lines for daily monitoring.[90][91][92] Eleven percent of these monitored phone lines met the agency’s legal standard for “reasonably articulable suspicion” (RAS).[90][93]The NSA tracks the locations of hundreds of millions of cellphones per day, allowing it to map people’s movements and relationships in detail.[94] The NSA has been reported to have access to all communications made via Google, Microsoft, Facebook, Yahoo, YouTube, AOL, Skype, Apple and Paltalk,[95] and collects hundreds of millions of contact lists from personal email and instant messaging accounts each year.[96] It has also managed to weaken much of the encryption used on the Internet (by collaborating with, coercing or otherwise infiltrating numerous technology companies to leave “backdoors” into their systems), so that the majority of encryption is inadvertently vulnerable to different forms of attack.[97][98]

Domestically, the NSA has been proven to collect and store metadata records of phone calls,[99] including over 120 million US Verizon subscribers,[100] as well as intercept vast amounts of communications via the internet (Upstream).[95] The government’s legal standing had been to rely on a secret interpretation of the Patriot Act whereby the entirety of US communications may be considered “relevant” to a terrorism investigation if it is expected that even a tiny minority may relate to terrorism.[101] The NSA also supplies foreign intercepts to the DEA, IRS and other law enforcement agencies, who use these to initiate criminal investigations. Federal agents are then instructed to “recreate” the investigative trail via parallel construction.[102]

The NSA also spies on influential Muslims to obtain information that could be used to discredit them, such as their use of pornography. The targets, both domestic and abroad, are not suspected of any crime but hold religious or political views deemed “radical” by the NSA.[103]

According to a report in The Washington Post in July 2014, relying on information provided by Snowden, 90% of those placed under surveillance in the U.S. are ordinary Americans, and are not the intended targets. The newspaper said it had examined documents including emails, text messages, and online accounts that support the claim.[104]

Despite White House claims that these programs have congressional oversight, many members of Congress were unaware of the existence of these NSA programs or the secret interpretation of the Patriot Act, and have consistently been denied access to basic information about them.[105] The United States Foreign Intelligence Surveillance Court, the secret court charged with regulating the NSA’s activities is, according to its chief judge, incapable of investigating or verifying how often the NSA breaks even its own secret rules.[106]It has since been reported that the NSA violated its own rules on data access thousands of times a year, many of these violations involving large-scale data interceptions.[107] NSA officers have even used data intercepts to spy on love interests;[108] “most of the NSA violations were self-reported, and each instance resulted in administrative action of termination.”[109]

The NSA has “generally disregarded the special rules for disseminating United States person information” by illegally sharing its intercepts with other law enforcement agencies.[110] A March 2009 FISA Court opinion, which the court released, states that protocols restricting data queries had been “so frequently and systemically violated that it can be fairly said that this critical element of the overall … regime has never functioned effectively.”[111][112] In 2011 the same court noted that the “volume and nature” of the NSA’s bulk foreign Internet intercepts was “fundamentally different from what the court had been led to believe”.[110] Email contact lists (including those of US citizens) are collected at numerous foreign locations to work around the illegality of doing so on US soil.[96]

Legal opinions on the NSA’s bulk collection program have differed. In mid-December 2013, U.S. District Judge Richard Leon ruled that the “almost-Orwellian” program likely violates the Constitution, and wrote, “I cannot imagine a more ‘indiscriminate’ and ‘arbitrary invasion’ than this systematic and high-tech collection and retention of personal data on virtually every single citizen for purposes of querying and analyzing it without prior judicial approval. Surely, such a program infringes on ‘that degree of privacy’ that the Founders enshrined in the Fourth Amendment. Indeed, I have little doubt that the author of our Constitution, James Madison, who cautioned us to beware ‘the abridgement of freedom of the people by gradual and silent encroachments by those in power,’ would be aghast.”[113]

Later that month, U.S. District Judge William Pauley ruled that the NSA’s collection of telephone records is legal and valuable in the fight against terrorism. In his opinion, he wrote, “a bulk telephony metadata collection program [is] a wide net that could find and isolate gossamer contacts among suspected terrorists in an ocean of seemingly disconnected data” and noted that a similar collection of data prior to 9/11 might have prevented the attack.[114]

At a March 2013 Senate Intelligence Committee hearing, Senator Ron Wyden asked Director of National Intelligence James Clapper, “does the NSA collect any type of data at all on millions or hundreds of millions of Americans?” Clapper replied “No, sir. … Not wittingly. There are cases where they could inadvertently perhaps collect, but not wittingly.”[115] This statement came under scrutiny months later, in June 2013, details of the PRISM surveillance program were published, showing that “the NSA apparently can gain access to the servers of nine Internet companies for a wide range of digital data.”[115] Wyden said that Clapper had failed to give a “straight answer” in his testimony. Clapper, in response to criticism, said, “I responded in what I thought was the most truthful, or least untruthful manner.” Clapper added, “There are honest differences on the semantics of what — when someone says collection to me, that has a specific meaning, which may have a different meaning to him.”[115]

NSA whistler-blower Edward Snowden additionally revealed the existence of XKeyscore, a top secret NSA program that allows the agency to search vast databases of “the metadata as well as the content of emails and other internet activity, such as browser history,” with capability to search by “name, telephone number, IP address, keywords, the language in which the internet activity was conducted or the type of browser used.”[116] XKeyscore “provides the technological capability, if not the legal authority, to target even US persons for extensive electronic surveillance without a warrant provided that some identifying information, such as their email or IP address, is known to the analyst.”[116]

Regarding the necessity of these NSA programs, Alexander stated on June 27 that the NSA’s bulk phone and Internet intercepts had been instrumental in preventing 54 terrorist “events”, including 13 in the US, and in all but one of these cases had provided the initial tip to “unravel the threat stream”.[117] On July 31 NSA Deputy Director John Inglis conceded to the Senate that these intercepts had not been vital in stopping any terrorist attacks, but were “close” to vital in identifying and convicting four San Diego men for sending US$8,930 to Al-Shabaab, a militia that conducts terrorism in Somalia.[118][119][120]

The U.S. government has aggressively sought to dismiss and challenge Fourth Amendment cases raised against it, and has granted retroactive immunity to ISPs and telecoms participating in domestic surveillance.[121][122]The U.S. military has acknowledged blocking access to parts of The Guardian website for thousands of defense personnel across the country,[123][124] and blocking the entire Guardian website for personnel stationed throughout Afghanistan, the Middle East, and South Asia.[125]

An October 2014 United Nations report condemned mass surveillance by the United States and other countries as violating multiple international treaties and conventions that guarantee core privacy rights.[126]

In 2015, the Wikimedia Foundation and several other plaintiffs filed suit against the NSA, Wikimedia Foundation v. NSA, for the violation of their user’s First and Fourth Amendment rights by the Agency’s mass surveillance programs like Upstream.[127] The suit was initially dismissed, but was later found to have plausible and legal standing to its complaints by the US Court of Appeals for the Fourth Circuit and was remanded. The case is currently awaiting further proceedings at the United States District Court for the District of Maryland.[128]

An exploit, EternalBlue, which is believed to have been created by the NSA, was used in the unprecedented worldwide WannaCry ransomware attack in May 2017. The exploit had been leaked online by a hacking group, The Shadow Brokers, nearly a month prior to the attack. A number of experts have pointed the finger at the NSA’s non-disclosure of the underlying vulnerability, and their loss of control over the EternalBlue attack tool that exploited it. Edward Snowden said that if the NSA had “privately disclosed the flaw used to attack hospitals when they found it, not when they lost it, [the attack] might not have happened”.[129] Wikipedia co-founder, Jimmy Wales, stated that he joined “with Microsoft and the other leaders of the industry in saying this is a huge screw-up by the government … the moment the NSA found it, they should have notified Microsoft so they could quietly issue a patch and really chivvy people along, long before it became a huge problem.”[130]

Operations by the National Security Agency can be divided in three types:

“Echelon” was created in the incubator of the Cold War.[131] Today it is a legacy system, and several NSA stations are closing.[132]

NSA/CSS, in combination with the equivalent agencies in the United Kingdom (Government Communications Headquarters), Canada (Communications Security Establishment), Australia (Defence Signals Directorate), and New Zealand (Government Communications Security Bureau), otherwise known as the UKUSA group,[133] was reported to be in command of the operation of the so-called ECHELON system. Its capabilities were suspected to include the ability to monitor a large proportion of the world’s transmitted civilian telephone, fax and data traffic.[134]

During the early 1970s, the first of what became more than eight large satellite communications dishes were installed at Menwith Hill.[135] Investigative journalist Duncan Campbell reported in 1988 on the “ECHELON” surveillance program, an extension of the UKUSA Agreement on global signals intelligence SIGINT, and detailed how the eavesdropping operations worked.[136] On November 3, 1999 the BBC reported that they had confirmation from the Australian Government of the existence of a powerful “global spying network” code-named Echelon, that could “eavesdrop on every single phone call, fax or e-mail, anywhere on the planet” with Britain and the United States as the chief protagonists. They confirmed that Menwith Hill was “linked directly to the headquarters of the US National Security Agency (NSA) at Fort Meade in Maryland”.[137]

NSA’s United States Signals Intelligence Directive 18 (USSID 18) strictly prohibited the interception or collection of information about “… U.S. persons, entities, corporations or organizations….” without explicit written legal permission from the United States Attorney General when the subject is located abroad, or the Foreign Intelligence Surveillance Court when within U.S. borders. Alleged Echelon-related activities, including its use for motives other than national security, including political and industrial espionage, received criticism from countries outside the UKUSA alliance.[138][139]

The NSA was also involved in planning to blackmail people with “SEXINT”, intelligence gained about a potential target’s sexual activity and preferences. Those targeted had not committed any apparent crime nor were they charged with one.[140]

In order to support its facial recognition program, the NSA is intercepting “millions of images per day”.[141]

The Real Time Regional Gateway is a data collection program introduced in 2005 in Iraq by NSA during the Iraq War that consisted of gathering all electronic communication, storing it, then searching and otherwise analyzing it. It was effective in providing information about Iraqi insurgents who had eluded less comprehensive techniques.[142] This “collect it all” strategy introduced by NSA director, Keith B. Alexander, is believed by Glenn Greenwald of The Guardian to be the model for the comprehensive worldwide mass archiving of communications which NSA is engaged in as of 2013.[143]

A dedicated unit of the NSA locates targets for the CIA for extrajudicial assassination in the Middle East.[144] The NSA has also spied extensively on the European Union, the United Nations and numerous governments including allies and trading partners in Europe, South America and Asia.[145][146]

In June 2015, WikiLeaks published documents showing that NSA spied on French companies.[147]

In July 2015, WikiLeaks published documents showing that NSA spied on federal German ministries since the 1990s.[148][149] Even Germany’s Chancellor Angela Merkel’s cellphones and phone of her predecessors had been intercepted.[150]

Edward Snowden revealed in June 2013 that between February 8 and March 8, 2013, the NSA collected about 124.8billion telephone data items and 97.1billion computer data items throughout the world, as was displayed in charts from an internal NSA tool codenamed Boundless Informant. Initially, it was reported that some of these data reflected eavesdropping on citizens in countries like Germany, Spain and France,[151] but later on, it became clear that those data were collected by European agencies during military missions abroad and were subsequently shared with NSA.

In 2013, reporters uncovered a secret memo that claims the NSA created and pushed for the adoption of the Dual EC DRBG encryption standard that contained built-in vulnerabilities in 2006 to the United States National Institute of Standards and Technology (NIST), and the International Organization for Standardization (aka ISO).[152][153] This memo appears to give credence to previous speculation by cryptographers at Microsoft Research.[154] Edward Snowden claims that the NSA often bypasses encryption altogether by lifting information before it is encrypted or after it is decrypted.[153]

XKeyscore rules (as specified in a file xkeyscorerules100.txt, sourced by German TV stations NDR and WDR, who claim to have excerpts from its source code) reveal that the NSA tracks users of privacy-enhancing software tools, including Tor; an anonymous email service provided by the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) in Cambridge, Massachusetts; and readers of the Linux Journal.[155][156]

Linus Torvalds, the founder of Linux kernel, joked during a LinuxCon keynote on September 18, 2013, that the NSA, who are the founder of SELinux, wanted a backdoor in the kernel.[157] However, later, Linus’ father, a Member of the European Parliament (MEP), revealed that the NSA actually did this.[158]

When my oldest son was asked the same question: “Has he been approached by the NSA about backdoors?” he said “No”, but at the same time he nodded. Then he was sort of in the legal free. He had given the right answer, everybody understood that the NSA had approached him.

IBM Notes was the first widely adopted software product to use public key cryptography for clientserver and serverserver authentication and for encryption of data. Until US laws regulating encryption were changed in 2000, IBM and Lotus were prohibited from exporting versions of Notes that supported symmetric encryption keys that were longer than 40 bits. In 1997, Lotus negotiated an agreement with the NSA that allowed export of a version that supported stronger keys with 64 bits, but 24 of the bits were encrypted with a special key and included in the message to provide a “workload reduction factor” for the NSA. This strengthened the protection for users of Notes outside the US against private-sector industrial espionage, but not against spying by the US government.[160][161]

While it is assumed that foreign transmissions terminating in the U.S. (such as a non-U.S. citizen accessing a U.S. website) subject non-U.S. citizens to NSA surveillance, recent research into boomerang routing has raised new concerns about the NSA’s ability to surveil the domestic Internet traffic of foreign countries.[18] Boomerang routing occurs when an Internet transmission that originates and terminates in a single country transits another. Research at the University of Toronto has suggested that approximately 25% of Canadian domestic traffic may be subject to NSA surveillance activities as a result of the boomerang routing of Canadian Internet service providers.[18]

Intercepted packages are opened carefully by NSA employees

A “load station” implanting a beacon

A document included in NSA files released with Glenn Greenwald’s book No Place to Hide details how the agency’s Tailored Access Operations (TAO) and other NSA units gain access to hardware. They intercept routers, servers and other network hardware being shipped to organizations targeted for surveillance and install covert implant firmware onto them before they are delivered. This was described by an NSA manager as “some of the most productive operations in TAO because they preposition access points into hard target networks around the world.”[162]

Computers seized by the NSA due to interdiction are often modified with a physical device known as Cottonmouth.[163] Cottonmouth is a device that can be inserted in the USB port of a computer in order to establish remote access to the targeted machine. According to NSA’s Tailored Access Operations (TAO) group implant catalog, after implanting Cottonmouth, the NSA can establish Bridging (networking) “that allows the NSA to load exploit software onto modified computers as well as allowing the NSA to relay commands and data between hardware and software implants.”[164]

NSA’s mission, as set forth in Executive Order 12333 in 1981, is to collect information that constitutes “foreign intelligence or counterintelligence” while not “acquiring information concerning the domestic activities of United States persons”. NSA has declared that it relies on the FBI to collect information on foreign intelligence activities within the borders of the United States, while confining its own activities within the United States to the embassies and missions of foreign nations.[165]The appearance of a ‘Domestic Surveillance Directorate’ of the NSA was soon exposed as a hoax in 2013.[166][167]

NSA’s domestic surveillance activities are limited by the requirements imposed by the Fourth Amendment to the U.S. Constitution. The Foreign Intelligence Surveillance Court for example held in October 2011, citing multiple Supreme Court precedents, that the Fourth Amendment prohibitions against unreasonable searches and seizures applies to the contents of all communications, whatever the means, because “a person’s private communications are akin to personal papers.”[168] However, these protections do not apply to non-U.S. persons located outside of U.S. borders, so the NSA’s foreign surveillance efforts are subject to far fewer limitations under U.S. law.[169] The specific requirements for domestic surveillance operations are contained in the Foreign Intelligence Surveillance Act of 1978 (FISA), which does not extend protection to non-U.S. citizens located outside of U.S. territory.[169]

George W. Bush, president during the 9/11 terrorist attacks, approved the Patriot Act shortly after the attacks to take anti-terrorist security measures. Title 1, 2, and 9 specifically authorized measures that would be taken by the NSA. These titles granted enhanced domestic security against terrorism, surveillance procedures, and improved intelligence, respectively. On March 10, 2004, there was a debate between President Bush and White House Counsel Alberto Gonzales, Attorney General John Ashcroft, and Acting Attorney General James Comey. The Attorneys General were unsure if the NSA’s programs could be considered constitutional. They threatened to resign over the matter, but ultimately the NSA’s programs continued.[170] On March 11, 2004, President Bush signed a new authorization for mass surveillance of Internet records, in addition to the surveillance of phone records. This allowed the president to be able to override laws such as the Foreign Intelligence Surveillance Act, which protected civilians from mass surveillance. In addition to this, President Bush also signed that the measures of mass surveillance were also retroactively in place.[171]

Under the PRISM program, which started in 2007,[172][173] NSA gathers Internet communications from foreign targets from nine major U.S. Internet-based communication service providers: Microsoft,[174] Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube and Apple. Data gathered include email, video and voice chat, videos, photos, VoIP chats such as Skype, and file transfers.

Former NSA director General Keith Alexander claimed that in September 2009 the NSA prevented Najibullah Zazi and his friends from carrying out a terrorist attack.[175] However, this claim has been debunked and no evidence has been presented demonstrating that the NSA has ever been instrumental in preventing a terrorist attack.[176][177][178][179]

Besides the more traditional ways of eavesdropping in order to collect signals intelligence, NSA is also engaged in hacking computers, smartphones and their networks. These operations are conducted by the Tailored Access Operations (TAO) division, which has been active since at least circa 1998.[180]

According to the Foreign Policy magazine, “… the Office of Tailored Access Operations, or TAO, has successfully penetrated Chinese computer and telecommunications systems for almost 15 years, generating some of the best and most reliable intelligence information about what is going on inside the People’s Republic of China.”[181][182]

In an interview with Wired magazine, Edward Snowden said the Tailored Access Operations division accidentally caused Syria’s internet blackout in 2012.[183]

The NSA is led by the Director of the National Security Agency (DIRNSA), who also serves as Chief of the Central Security Service (CHCSS) and Commander of the United States Cyber Command (USCYBERCOM) and is the highest-ranking military official of these organizations. He is assisted by a Deputy Director, who is the highest-ranking civilian within the NSA/CSS.

NSA also has an Inspector General, head of the Office of the Inspector General (OIG), a General Counsel, head of the Office of the General Counsel (OGC) and a Director of Compliance, who is head of the Office of the Director of Compliance (ODOC).[184]

Unlike other intelligence organizations such as CIA or DIA, NSA has always been particularly reticent concerning its internal organizational structure.

Read this article:

National Security Agency – Wikipedia

Posted in NSA

Urban Dictionary: NSA

Everything I say and do on my laptop, on the internet and worse, in what used to be the comfort, safety and privacy of my own home, is NSA.

Now my whole life and everything I once considered personal and private including: what I look like when I wake up; when I sleep; how I look naked; how often I fart; my whole life story; what I say to a confidant like my mother is all NSA since those guys loaded spyware on my laptop, ironically one of whom repeatedly told me I couldn’t keep a secret.

Antonyms: be faithful, be loyal, defend, protect, support

Visit link:

Urban Dictionary: NSA

Posted in NSA

National Security Agency – Wikipedia

The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence. The NSA is responsible for global monitoring, collection, and processing of information and data for foreign intelligence and counterintelligence purposes, specializing in a discipline known as signals intelligence (SIGINT). The NSA is also tasked with the protection of U.S. communications networks and information systems.[8][9] The NSA relies on a variety of measures to accomplish its mission, the majority of which are clandestine.[10]

Seal of the National Security Agency

Flag of the National Security Agency

Originating as a unit to decipher coded communications in World War II, it was officially formed as the NSA by President Harry S. Truman in 1952. Since then, it has become the largest of the U.S. intelligence organizations in terms of personnel and budget.[6][11] The NSA currently conducts worldwide mass data collection and has been known to physically bug electronic systems as one method to this end.[12] The NSA has also been alleged to have been behind such attack software as Stuxnet, which severely damaged Iran’s nuclear program.[13][14] The NSA, alongside the Central Intelligence Agency (CIA), maintains a physical presence in many countries across the globe; the CIA/NSA joint Special Collection Service (a highly classified intelligence team) inserts eavesdropping devices in high value targets (such as Presidential palaces or embassies). SCS collection tactics allegedly encompass “close surveillance, burglary, wiretapping, [and] breaking and entering”.[15][16]

Unlike the CIA and the Defense Intelligence Agency (DIA), both of which specialize primarily in foreign human espionage, the NSA does not publicly conduct human-source intelligence gathering. The NSA is entrusted with providing assistance to, and the coordination of, SIGINT elements for other government organizations – which are prevented by law from engaging in such activities on their own.[17] As part of these responsibilities, the agency has a co-located organization called the Central Security Service (CSS), which facilitates cooperation between the NSA and other U.S. defense cryptanalysis components. To further ensure streamlined communication between the signals intelligence community divisions, the NSA Director simultaneously serves as the Commander of the United States Cyber Command and as Chief of the Central Security Service.

The NSA’s actions have been a matter of political controversy on several occasions, including its spying on anti-Vietnam-war leaders and the agency’s participation in economic espionage. In 2013, the NSA had many of its secret surveillance programs revealed to the public by Edward Snowden, a former NSA contractor. According to the leaked documents, the NSA intercepts and stores the communications of over a billion people worldwide, including United States citizens. The documents also revealed the NSA tracks hundreds of millions of people’s movements using cellphones metadata. Internationally, research has pointed to the NSA’s ability to surveil the domestic Internet traffic of foreign countries through “boomerang routing”.[18]

Contents

The origins of the National Security Agency can be traced back to April 28, 1917, three weeks after the U.S. Congress declared war on Germany in World War I. A code and cipher decryption unit was established as the Cable and Telegraph Section which was also known as the Cipher Bureau.[19] It was headquartered in Washington, D.C. and was part of the war effort under the executive branch without direct Congressional authorization. During the course of the war it was relocated in the army’s organizational chart several times. On July 5, 1917, Herbert O. Yardley was assigned to head the unit. At that point, the unit consisted of Yardley and two civilian clerks. It absorbed the navy’s Cryptanalysis functions in July 1918. World War I ended on November 11, 1918, and the army cryptographic section of Military Intelligence (MI-8) moved to New York City on May 20, 1919, where it continued intelligence activities as the Code Compilation Company under the direction of Yardley.[20][21]

After the disbandment of the U.S. Army cryptographic section of military intelligence, known as MI-8, in 1919, the U.S. government created the Cipher Bureau, also known as Black Chamber. The Black Chamber was the United States’ first peacetime cryptanalytic organization.[22] Jointly funded by the Army and the State Department, the Cipher Bureau was disguised as a New York City commercial code company; it actually produced and sold such codes for business use. Its true mission, however, was to break the communications (chiefly diplomatic) of other nations. Its most notable known success was at the Washington Naval Conference, during which it aided American negotiators considerably by providing them with the decrypted traffic of many of the conference delegations, most notably the Japanese. The Black Chamber successfully persuaded Western Union, the largest U.S. telegram company at the time, as well as several other communications companies to illegally give the Black Chamber access to cable traffic of foreign embassies and consulates.[23] Soon, these companies publicly discontinued their collaboration.

Despite the Chamber’s initial successes, it was shut down in 1929 by U.S. Secretary of State Henry L. Stimson, who defended his decision by stating, “Gentlemen do not read each other’s mail”.[24]

During World War II, the Signal Intelligence Service (SIS) was created to intercept and decipher the communications of the Axis powers.[25] When the war ended, the SIS was reorganized as the Army Security Agency (ASA), and it was placed under the leadership of the Director of Military Intelligence.[25]

On May 20, 1949, all cryptologic activities were centralized under a national organization called the Armed Forces Security Agency (AFSA).[25] This organization was originally established within the U.S. Department of Defense under the command of the Joint Chiefs of Staff.[26] The AFSA was tasked to direct Department of Defense communications and electronic intelligence activities, except those of U.S. military intelligence units.[26] However, the AFSA was unable to centralize communications intelligence and failed to coordinate with civilian agencies that shared its interests such as the Department of State, Central Intelligence Agency (CIA) and the Federal Bureau of Investigation (FBI).[26] In December 1951, President Harry S. Truman ordered a panel to investigate how AFSA had failed to achieve its goals. The results of the investigation led to improvements and its redesignation as the National Security Agency.[27]

The agency was formally established by Truman in a memorandum of October 24, 1952, that revised National Security Council Intelligence Directive (NSCID) 9.[28] Since President Truman’s memo was a classified document,[28] the existence of the NSA was not known to the public at that time. Due to its ultra-secrecy the U.S. intelligence community referred to the NSA as “No Such Agency”.[29]

In the 1960s, the NSA played a key role in expanding U.S. commitment to the Vietnam War by providing evidence of a North Vietnamese attack on the American destroyer USSMaddox during the Gulf of Tonkin incident.[30]

A secret operation, code-named “MINARET”, was set up by the NSA to monitor the phone communications of Senators Frank Church and Howard Baker, as well as major civil rights leaders, including Martin Luther King, Jr., and prominent U.S. journalists and athletes who criticized the Vietnam War.[31] However, the project turned out to be controversial, and an internal review by the NSA concluded that its Minaret program was “disreputable if not outright illegal”.[31]

The NSA mounted a major effort to secure tactical communications among U.S. forces during the war with mixed success. The NESTOR family of compatible secure voice systems it developed was widely deployed during the Vietnam War, with about 30,000 NESTOR sets produced. However a variety of technical and operational problems limited their use, allowing the North Vietnamese to exploit and intercept U.S. communications.[32]:Vol I, p.79

In the aftermath of the Watergate scandal, a congressional hearing in 1975 led by Sen. Frank Church[33] revealed that the NSA, in collaboration with Britain’s SIGINT intelligence agency Government Communications Headquarters (GCHQ), had routinely intercepted the international communications of prominent anti-Vietnam war leaders such as Jane Fonda and Dr. Benjamin Spock.[34] The Agency tracked these individuals in a secret filing system that was destroyed in 1974.[35]Following the resignation of President Richard Nixon, there were several investigations of suspected misuse of FBI, CIA and NSA facilities.[36] Senator Frank Church uncovered previously unknown activity,[36] such as a CIA plot (ordered by the administration of President John F. Kennedy) to assassinate Fidel Castro.[37] The investigation also uncovered NSA’s wiretaps on targeted U.S. citizens.[38]

After the Church Committee hearings, the Foreign Intelligence Surveillance Act of 1978 was passed into law. This was designed to limit the practice of mass surveillance in the United States.[36]

In 1986, the NSA intercepted the communications of the Libyan government during the immediate aftermath of the Berlin discotheque bombing. The White House asserted that the NSA interception had provided “irrefutable” evidence that Libya was behind the bombing, which U.S. President Ronald Reagan cited as a justification for the 1986 United States bombing of Libya.[39][40]

In 1999, a multi-year investigation by the European Parliament highlighted the NSA’s role in economic espionage in a report entitled ‘Development of Surveillance Technology and Risk of Abuse of Economic Information’.[41] That year, the NSA founded the NSA Hall of Honor, a memorial at the National Cryptologic Museum in Fort Meade, Maryland.[42] The memorial is a, “tribute to the pioneers and heroes who have made significant and long-lasting contributions to American cryptology”.[42] NSA employees must be retired for more than fifteen years to qualify for the memorial.[42]

NSA’s infrastructure deteriorated in the 1990s as defense budget cuts resulted in maintenance deferrals. On January 24, 2000, NSA headquarters suffered a total network outage for three days caused by an overloaded network. Incoming traffic was successfully stored on agency servers, but it could not be directed and processed. The agency carried out emergency repairs at a cost of $3 million to get the system running again. (Some incoming traffic was also directed instead to Britain’s GCHQ for the time being.) Director Michael Hayden called the outage a “wake-up call” for the need to invest in the agency’s infrastructure.[43]

In the 1990s the defensive arm of the NSA the Information Assurance Directorate (IAD) started working more openly; the first public technical talk by an NSA scientist at a major cryptography conference was J. Solinas’ presentation onefficient Elliptic Curve Cryptography algorithms at Crypto 1997.[44] The IAD’s cooperative approach to academia and industry culminated in its support for a transparent process for replacing the outdated Data Encryption Standard (DES) by an Advanced Encryption Standard (AES). Cybersecurity policy expert Susan Landau attributes the NSA’s harmonious collaboration with industry and academia in the selection of the AES in 2000 and the Agency’s support for the choice of a strong encryption algorithm designed by Europeans rather than by Americans to Brian Snow, who was the Technical Director of IAD and represented the NSA as cochairman of the Technical Working Group for the AES competition, and Michael Jacobs, who headed IAD at the time.[45]:75

After the terrorist attacks of 11 September 2001, the NSA believed that it had public support for a dramatic expansion of its surveillance activities.[46] According to Neal Koblitz and Alfred Menezes, the period when the NSA was a trusted partner with academia and industry in the development of cryptographic standards started to come to an end when, as part of the change in the NSA in the post-September 11 era, Snow was replaced as Technical Director, Jacobs retired, and IAD could no longer effectively oppose proposed actions by the offensive arm of the NSA.[47]

In the aftermath of the September 11 attacks, the NSA created new IT systems to deal with the flood of information from new technologies like the Internet and cellphones. ThinThread contained advanced data mining capabilities. It also had a “privacy mechanism”; surveillance was stored encrypted; decryption required a warrant. The research done under this program may have contributed to the technology used in later systems. ThinThread was cancelled when Michael Hayden chose Trailblazer, which did not include ThinThread’s privacy system.[48]

Trailblazer Project ramped up in 2002 and was worked on by Science Applications International Corporation (SAIC), Boeing, Computer Sciences Corporation, IBM, and Litton Industries. Some NSA whistleblowers complained internally about major problems surrounding Trailblazer. This led to investigations by Congress and the NSA and DoD Inspectors General. The project was cancelled in early 2004.

Turbulence started in 2005. It was developed in small, inexpensive “test” pieces, rather than one grand plan like Trailblazer. It also included offensive cyber-warfare capabilities, like injecting malware into remote computers. Congress criticized Turbulence in 2007 for having similar bureaucratic problems as Trailblazer.[49] It was to be a realization of information processing at higher speeds in cyberspace.[50]

The massive extent of the NSA’s spying, both foreign and domestic, was revealed to the public in a series of detailed disclosures of internal NSA documents beginning in June 2013. Most of the disclosures were leaked by former NSA contractor, Edward Snowden.

NSA’s eavesdropping mission includes radio broadcasting, both from various organizations and individuals, the Internet, telephone calls, and other intercepted forms of communication. Its secure communications mission includes military, diplomatic, and all other sensitive, confidential or secret government communications.[51]

According to a 2010 article in The Washington Post, “[e]very day, collection systems at the National Security Agency intercept and store 1.7billion e-mails, phone calls and other types of communications. The NSA sorts a fraction of those into 70 separate databases.”[52]

Because of its listening task, NSA/CSS has been heavily involved in cryptanalytic research, continuing the work of predecessor agencies which had broken many World War II codes and ciphers (see, for instance, Purple, Venona project, and JN-25).

In 2004, NSA Central Security Service and the National Cyber Security Division of the Department of Homeland Security (DHS) agreed to expand NSA Centers of Academic Excellence in Information Assurance Education Program.[53]

As part of the National Security Presidential Directive 54/Homeland Security Presidential Directive 23 (NSPD 54), signed on January 8, 2008, by President Bush, the NSA became the lead agency to monitor and protect all of the federal government’s computer networks from cyber-terrorism.[9]

In the United States, at least since 2001,[54] there has been legal controversy over what signal intelligence can be used for and how much freedom the National Security Agency has to use signal intelligence.[55] The government has made, in 2015, slight changes in how it uses and collects certain types of data,[56] specifically phone records.

On December 16, 2005, The New York Times reported that, under White House pressure and with an executive order from President George W. Bush, the National Security Agency, in an attempt to thwart terrorism, had been tapping phone calls made to persons outside the country, without obtaining warrants from the United States Foreign Intelligence Surveillance Court, a secret court created for that purpose under the Foreign Intelligence Surveillance Act (FISA).[57]

One such surveillance program, authorized by the U.S. Signals Intelligence Directive 18 of President George Bush, was the Highlander Project undertaken for the National Security Agency by the U.S. Army 513th Military Intelligence Brigade. NSA relayed telephone (including cell phone) conversations obtained from ground, airborne, and satellite monitoring stations to various U.S. Army Signal Intelligence Officers, including the 201st Military Intelligence Battalion. Conversations of citizens of the U.S. were intercepted, along with those of other nations.[58]

Proponents of the surveillance program claim that the President has executive authority to order such action, arguing that laws such as FISA are overridden by the President’s Constitutional powers. In addition, some argued that FISA was implicitly overridden by a subsequent statute, the Authorization for Use of Military Force, although the Supreme Court’s ruling in Hamdan v. Rumsfeld deprecates this view. In the August 2006 case ACLU v. NSA, U.S. District Court Judge Anna Diggs Taylor concluded that NSA’s warrantless surveillance program was both illegal and unconstitutional. On July 6, 2007, the 6th Circuit Court of Appeals vacated the decision on the grounds that the ACLU lacked standing to bring the suit.[59]

On January 17, 2006, the Center for Constitutional Rights filed a lawsuit, CCR v. Bush, against the George W. Bush Presidency. The lawsuit challenged the National Security Agency’s (NSA’s) surveillance of people within the U.S., including the interception of CCR emails without securing a warrant first.[60][61]

In September 2008, the Electronic Frontier Foundation (EFF) filed a class action lawsuit against the NSA and several high-ranking officials of the Bush administration,[62] charging an “illegal and unconstitutional program of dragnet communications surveillance,”[63] based on documentation provided by former AT&T technician Mark Klein.[64]

As a result of the USA Freedom Act passed by Congress in June 2015, the NSA had to shut down its bulk phone surveillance program on November 29 of the same year. The USA Freedom Act forbids the NSA to collect metadata and content of phone calls unless it has a warrant for terrorism investigation. In that case the agency has to ask the telecom companies for the record, which will only be kept for six months.

In May 2008, Mark Klein, a former AT&T employee, alleged that his company had cooperated with NSA in installing Narus hardware to replace the FBI Carnivore program, to monitor network communications including traffic between U.S. citizens.[65]

NSA was reported in 2008 to use its computing capability to analyze “transactional” data that it regularly acquires from other government agencies, which gather it under their own jurisdictional authorities. As part of this effort, NSA now monitors huge volumes of records of domestic email data, web addresses from Internet searches, bank transfers, credit-card transactions, travel records, and telephone data, according to current and former intelligence officials interviewed by The Wall Street Journal. The sender, recipient, and subject line of emails can be included, but the content of the messages or of phone calls are not.[66]

A 2013 advisory group for the Obama administration, seeking to reform NSA spying programs following the revelations of documents released by Edward J. Snowden.[67] mentioned in ‘Recommendation 30’ on page 37, “…that the National Security Council staff should manage an interagency process to review on a regular basis the activities of the US Government regarding attacks that exploit a previously unknown vulnerability in a computer application.” Retired cyber security expert Richard A. Clarke was a group member and stated on April 11 that NSA had no advance knowledge of Heartbleed.[68]

In August 2013 it was revealed that a 2005 IRS training document showed that NSA intelligence intercepts and wiretaps, both foreign and domestic, were being supplied to the Drug Enforcement Administration (DEA) and Internal Revenue Service (IRS) and were illegally used to launch criminal investigations of US citizens. Law enforcement agents were directed to conceal how the investigations began and recreate an apparently legal investigative trail by re-obtaining the same evidence by other means.[69][70]

In the months leading to April 2009, the NSA intercepted the communications of U.S. citizens, including a Congressman, although the Justice Department believed that the interception was unintentional. The Justice Department then took action to correct the issues and bring the program into compliance with existing laws.[71] United States Attorney General Eric Holder resumed the program according to his understanding of the Foreign Intelligence Surveillance Act amendment of 2008, without explaining what had occurred.[72]

Polls conducted in June 2013 found divided results among Americans regarding NSA’s secret data collection.[73] Rasmussen Reports found that 59% of Americans disapprove,[74] Gallup found that 53% disapprove,[75] and Pew found that 56% are in favor of NSA data collection.[76]

On April 25, 2013, the NSA obtained a court order requiring Verizon’s Business Network Services to provide metadata on all calls in its system to the NSA “on an ongoing daily basis” for a three-month period, as reported by The Guardian on June 6, 2013. This information includes “the numbers of both parties on a call… location data, call duration, unique identifiers, and the time and duration of all calls” but not “[t]he contents of the conversation itself”. The order relies on the so-called “business records” provision of the Patriot Act.[77][78]

In August 2013, following the Snowden leaks, new details about the NSA’s data mining activity were revealed. Reportedly, the majority of emails into or out of the United States are captured at “selected communications links” and automatically analyzed for keywords or other “selectors”. Emails that do not match are deleted.[79]

The utility of such a massive metadata collection in preventing terrorist attacks is disputed. Many studies reveal the dragnet like system to be ineffective. One such report, released by the New America Foundation concluded that after an analysis of 225 terrorism cases, the NSA “had no discernible impact on preventing acts of terrorism.”[80]

Defenders of the program said that while metadata alone can’t provide all the information necessary to prevent an attack, it assures the ability to “connect the dots”[81] between suspect foreign numbers and domestic numbers with a speed only the NSA’s software is capable of. One benefit of this is quickly being able to determine the difference between suspicious activity and real threats.[citation needed] As an example, NSA director General Keith B. Alexander mentioned at the annual Cybersecurity Summit in 2013, that metadata analysis of domestic phone call records after the Boston Marathon bombing helped determine that rumors of a follow-up attack in New York were baseless.[81]

In addition to doubts about its effectiveness, many people argue that the collection of metadata is an unconstitutional invasion of privacy. As of 2015[update], the collection process remains legal and grounded in the ruling from Smith v. Maryland (1979). A prominent opponent of the data collection and its legality is U.S. District Judge Richard J. Leon, who issued a report in 2013[82] in which he stated:”I cannot imagine a more ‘indiscriminate’ and ‘arbitrary invasion’ than this systematic and high tech collection and retention of personal data on virtually every single citizen for purposes of querying and analyzing it without prior judicial approval…Surely, such a program infringes on ‘that degree of privacy’ that the founders enshrined in the Fourth Amendment”.

As of May 7, 2015, the U.S. Court of Appeals for the Second Circuit ruled that the interpretation of Section 215 of the Patriot Act was wrong and that the NSA program that has been collecting Americans’ phone records in bulk is illegal.[83] It stated that Section 215 cannot be clearly interpreted to allow government to collect national phone data and, as a result, expired on June 1, 2015. This ruling “is the first time a higher-level court in the regular judicial system has reviewed the N.S.A. phone records program.”[84] The replacement law known as the USA Freedom Act, which will enable the NSA to continue to have bulk access to citizens’ metadata but with the stipulation that the data will now be stored by the companies themselves.[84] This change will not have any effect on other Agency procedures – outside of metadata collection – which have purportedly challenged Americans’ Fourth Amendment rights;,[85] including Upstream collection, a mass of techniques used by the Agency to collect and store American’s data/communications directly from the Internet backbone.[86]

Under the Upstream program, the NSA paid telecommunications companies between 9 and 95 million dollars in order to collect data from them.[87] While companies such as Google and Yahoo! claim that they do not provide “direct access” from their servers to the NSA unless under a court order,[88] the NSA had access to emails, phone calls and cellular data users.[89] Under this new ruling, telecommunications companies maintain bulk user metadata on their servers for at least 18 months, to be provided upon request to the NSA.[84] This ruling made the mass storage of specific phone records at NSA datacenters illegal, but it did not rule on Section 215’s constitutionality.[84]

In a declassified document it was revealed that 17,835 phone lines were on an improperly permitted “alert list” from 2006 to 2009 in breach of compliance, which tagged these phone lines for daily monitoring.[90][91][92] Eleven percent of these monitored phone lines met the agency’s legal standard for “reasonably articulable suspicion” (RAS).[90][93]The NSA tracks the locations of hundreds of millions of cellphones per day, allowing it to map people’s movements and relationships in detail.[94] The NSA has been reported to have access to all communications made via Google, Microsoft, Facebook, Yahoo, YouTube, AOL, Skype, Apple and Paltalk,[95] and collects hundreds of millions of contact lists from personal email and instant messaging accounts each year.[96] It has also managed to weaken much of the encryption used on the Internet (by collaborating with, coercing or otherwise infiltrating numerous technology companies to leave “backdoors” into their systems), so that the majority of encryption is inadvertently vulnerable to different forms of attack.[97][98]

Domestically, the NSA has been proven to collect and store metadata records of phone calls,[99] including over 120 million US Verizon subscribers,[100] as well as intercept vast amounts of communications via the internet (Upstream).[95] The government’s legal standing had been to rely on a secret interpretation of the Patriot Act whereby the entirety of US communications may be considered “relevant” to a terrorism investigation if it is expected that even a tiny minority may relate to terrorism.[101] The NSA also supplies foreign intercepts to the DEA, IRS and other law enforcement agencies, who use these to initiate criminal investigations. Federal agents are then instructed to “recreate” the investigative trail via parallel construction.[102]

The NSA also spies on influential Muslims to obtain information that could be used to discredit them, such as their use of pornography. The targets, both domestic and abroad, are not suspected of any crime but hold religious or political views deemed “radical” by the NSA.[103]

According to a report in The Washington Post in July 2014, relying on information provided by Snowden, 90% of those placed under surveillance in the U.S. are ordinary Americans, and are not the intended targets. The newspaper said it had examined documents including emails, text messages, and online accounts that support the claim.[104]

Despite White House claims that these programs have congressional oversight, many members of Congress were unaware of the existence of these NSA programs or the secret interpretation of the Patriot Act, and have consistently been denied access to basic information about them.[105] The United States Foreign Intelligence Surveillance Court, the secret court charged with regulating the NSA’s activities is, according to its chief judge, incapable of investigating or verifying how often the NSA breaks even its own secret rules.[106]It has since been reported that the NSA violated its own rules on data access thousands of times a year, many of these violations involving large-scale data interceptions.[107] NSA officers have even used data intercepts to spy on love interests;[108] “most of the NSA violations were self-reported, and each instance resulted in administrative action of termination.”[109]

The NSA has “generally disregarded the special rules for disseminating United States person information” by illegally sharing its intercepts with other law enforcement agencies.[110] A March 2009 FISA Court opinion, which the court released, states that protocols restricting data queries had been “so frequently and systemically violated that it can be fairly said that this critical element of the overall … regime has never functioned effectively.”[111][112] In 2011 the same court noted that the “volume and nature” of the NSA’s bulk foreign Internet intercepts was “fundamentally different from what the court had been led to believe”.[110] Email contact lists (including those of US citizens) are collected at numerous foreign locations to work around the illegality of doing so on US soil.[96]

Legal opinions on the NSA’s bulk collection program have differed. In mid-December 2013, U.S. District Judge Richard Leon ruled that the “almost-Orwellian” program likely violates the Constitution, and wrote, “I cannot imagine a more ‘indiscriminate’ and ‘arbitrary invasion’ than this systematic and high-tech collection and retention of personal data on virtually every single citizen for purposes of querying and analyzing it without prior judicial approval. Surely, such a program infringes on ‘that degree of privacy’ that the Founders enshrined in the Fourth Amendment. Indeed, I have little doubt that the author of our Constitution, James Madison, who cautioned us to beware ‘the abridgement of freedom of the people by gradual and silent encroachments by those in power,’ would be aghast.”[113]

Later that month, U.S. District Judge William Pauley ruled that the NSA’s collection of telephone records is legal and valuable in the fight against terrorism. In his opinion, he wrote, “a bulk telephony metadata collection program [is] a wide net that could find and isolate gossamer contacts among suspected terrorists in an ocean of seemingly disconnected data” and noted that a similar collection of data prior to 9/11 might have prevented the attack.[114]

At a March 2013 Senate Intelligence Committee hearing, Senator Ron Wyden asked Director of National Intelligence James Clapper, “does the NSA collect any type of data at all on millions or hundreds of millions of Americans?” Clapper replied “No, sir. … Not wittingly. There are cases where they could inadvertently perhaps collect, but not wittingly.”[115] This statement came under scrutiny months later, in June 2013, details of the PRISM surveillance program were published, showing that “the NSA apparently can gain access to the servers of nine Internet companies for a wide range of digital data.”[115] Wyden said that Clapper had failed to give a “straight answer” in his testimony. Clapper, in response to criticism, said, “I responded in what I thought was the most truthful, or least untruthful manner.” Clapper added, “There are honest differences on the semantics of what — when someone says collection to me, that has a specific meaning, which may have a different meaning to him.”[115]

NSA whistler-blower Edward Snowden additionally revealed the existence of XKeyscore, a top secret NSA program that allows the agency to search vast databases of “the metadata as well as the content of emails and other internet activity, such as browser history,” with capability to search by “name, telephone number, IP address, keywords, the language in which the internet activity was conducted or the type of browser used.”[116] XKeyscore “provides the technological capability, if not the legal authority, to target even US persons for extensive electronic surveillance without a warrant provided that some identifying information, such as their email or IP address, is known to the analyst.”[116]

Regarding the necessity of these NSA programs, Alexander stated on June 27 that the NSA’s bulk phone and Internet intercepts had been instrumental in preventing 54 terrorist “events”, including 13 in the US, and in all but one of these cases had provided the initial tip to “unravel the threat stream”.[117] On July 31 NSA Deputy Director John Inglis conceded to the Senate that these intercepts had not been vital in stopping any terrorist attacks, but were “close” to vital in identifying and convicting four San Diego men for sending US$8,930 to Al-Shabaab, a militia that conducts terrorism in Somalia.[118][119][120]

The U.S. government has aggressively sought to dismiss and challenge Fourth Amendment cases raised against it, and has granted retroactive immunity to ISPs and telecoms participating in domestic surveillance.[121][122]The U.S. military has acknowledged blocking access to parts of The Guardian website for thousands of defense personnel across the country,[123][124] and blocking the entire Guardian website for personnel stationed throughout Afghanistan, the Middle East, and South Asia.[125]

An October 2014 United Nations report condemned mass surveillance by the United States and other countries as violating multiple international treaties and conventions that guarantee core privacy rights.[126]

In 2015, the Wikimedia Foundation and several other plaintiffs filed suit against the NSA, Wikimedia Foundation v. NSA, for the violation of their user’s First and Fourth Amendment rights by the Agency’s mass surveillance programs like Upstream.[127] The suit was initially dismissed, but was later found to have plausible and legal standing to its complaints by the US Court of Appeals for the Fourth Circuit and was remanded. The case is currently awaiting further proceedings at the United States District Court for the District of Maryland.[128]

An exploit, EternalBlue, which is believed to have been created by the NSA, was used in the unprecedented worldwide WannaCry ransomware attack in May 2017. The exploit had been leaked online by a hacking group, The Shadow Brokers, nearly a month prior to the attack. A number of experts have pointed the finger at the NSA’s non-disclosure of the underlying vulnerability, and their loss of control over the EternalBlue attack tool that exploited it. Edward Snowden said that if the NSA had “privately disclosed the flaw used to attack hospitals when they found it, not when they lost it, [the attack] might not have happened”.[129] Wikipedia co-founder, Jimmy Wales, stated that he joined “with Microsoft and the other leaders of the industry in saying this is a huge screw-up by the government … the moment the NSA found it, they should have notified Microsoft so they could quietly issue a patch and really chivvy people along, long before it became a huge problem.”[130]

Operations by the National Security Agency can be divided in three types:

“Echelon” was created in the incubator of the Cold War.[131] Today it is a legacy system, and several NSA stations are closing.[132]

NSA/CSS, in combination with the equivalent agencies in the United Kingdom (Government Communications Headquarters), Canada (Communications Security Establishment), Australia (Defence Signals Directorate), and New Zealand (Government Communications Security Bureau), otherwise known as the UKUSA group,[133] was reported to be in command of the operation of the so-called ECHELON system. Its capabilities were suspected to include the ability to monitor a large proportion of the world’s transmitted civilian telephone, fax and data traffic.[134]

During the early 1970s, the first of what became more than eight large satellite communications dishes were installed at Menwith Hill.[135] Investigative journalist Duncan Campbell reported in 1988 on the “ECHELON” surveillance program, an extension of the UKUSA Agreement on global signals intelligence SIGINT, and detailed how the eavesdropping operations worked.[136] On November 3, 1999 the BBC reported that they had confirmation from the Australian Government of the existence of a powerful “global spying network” code-named Echelon, that could “eavesdrop on every single phone call, fax or e-mail, anywhere on the planet” with Britain and the United States as the chief protagonists. They confirmed that Menwith Hill was “linked directly to the headquarters of the US National Security Agency (NSA) at Fort Meade in Maryland”.[137]

NSA’s United States Signals Intelligence Directive 18 (USSID 18) strictly prohibited the interception or collection of information about “… U.S. persons, entities, corporations or organizations….” without explicit written legal permission from the United States Attorney General when the subject is located abroad, or the Foreign Intelligence Surveillance Court when within U.S. borders. Alleged Echelon-related activities, including its use for motives other than national security, including political and industrial espionage, received criticism from countries outside the UKUSA alliance.[138][139]

The NSA was also involved in planning to blackmail people with “SEXINT”, intelligence gained about a potential target’s sexual activity and preferences. Those targeted had not committed any apparent crime nor were they charged with one.[140]

In order to support its facial recognition program, the NSA is intercepting “millions of images per day”.[141]

The Real Time Regional Gateway is a data collection program introduced in 2005 in Iraq by NSA during the Iraq War that consisted of gathering all electronic communication, storing it, then searching and otherwise analyzing it. It was effective in providing information about Iraqi insurgents who had eluded less comprehensive techniques.[142] This “collect it all” strategy introduced by NSA director, Keith B. Alexander, is believed by Glenn Greenwald of The Guardian to be the model for the comprehensive worldwide mass archiving of communications which NSA is engaged in as of 2013.[143]

A dedicated unit of the NSA locates targets for the CIA for extrajudicial assassination in the Middle East.[144] The NSA has also spied extensively on the European Union, the United Nations and numerous governments including allies and trading partners in Europe, South America and Asia.[145][146]

In June 2015, WikiLeaks published documents showing that NSA spied on French companies.[147]

In July 2015, WikiLeaks published documents showing that NSA spied on federal German ministries since the 1990s.[148][149] Even Germany’s Chancellor Angela Merkel’s cellphones and phone of her predecessors had been intercepted.[150]

Edward Snowden revealed in June 2013 that between February 8 and March 8, 2013, the NSA collected about 124.8billion telephone data items and 97.1billion computer data items throughout the world, as was displayed in charts from an internal NSA tool codenamed Boundless Informant. Initially, it was reported that some of these data reflected eavesdropping on citizens in countries like Germany, Spain and France,[151] but later on, it became clear that those data were collected by European agencies during military missions abroad and were subsequently shared with NSA.

In 2013, reporters uncovered a secret memo that claims the NSA created and pushed for the adoption of the Dual EC DRBG encryption standard that contained built-in vulnerabilities in 2006 to the United States National Institute of Standards and Technology (NIST), and the International Organization for Standardization (aka ISO).[152][153] This memo appears to give credence to previous speculation by cryptographers at Microsoft Research.[154] Edward Snowden claims that the NSA often bypasses encryption altogether by lifting information before it is encrypted or after it is decrypted.[153]

XKeyscore rules (as specified in a file xkeyscorerules100.txt, sourced by German TV stations NDR and WDR, who claim to have excerpts from its source code) reveal that the NSA tracks users of privacy-enhancing software tools, including Tor; an anonymous email service provided by the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) in Cambridge, Massachusetts; and readers of the Linux Journal.[155][156]

Linus Torvalds, the founder of Linux kernel, joked during a LinuxCon keynote on September 18, 2013, that the NSA, who are the founder of SELinux, wanted a backdoor in the kernel.[157] However, later, Linus’ father, a Member of the European Parliament (MEP), revealed that the NSA actually did this.[158]

When my oldest son was asked the same question: “Has he been approached by the NSA about backdoors?” he said “No”, but at the same time he nodded. Then he was sort of in the legal free. He had given the right answer, everybody understood that the NSA had approached him.

IBM Notes was the first widely adopted software product to use public key cryptography for clientserver and serverserver authentication and for encryption of data. Until US laws regulating encryption were changed in 2000, IBM and Lotus were prohibited from exporting versions of Notes that supported symmetric encryption keys that were longer than 40 bits. In 1997, Lotus negotiated an agreement with the NSA that allowed export of a version that supported stronger keys with 64 bits, but 24 of the bits were encrypted with a special key and included in the message to provide a “workload reduction factor” for the NSA. This strengthened the protection for users of Notes outside the US against private-sector industrial espionage, but not against spying by the US government.[160][161]

While it is assumed that foreign transmissions terminating in the U.S. (such as a non-U.S. citizen accessing a U.S. website) subject non-U.S. citizens to NSA surveillance, recent research into boomerang routing has raised new concerns about the NSA’s ability to surveil the domestic Internet traffic of foreign countries.[18] Boomerang routing occurs when an Internet transmission that originates and terminates in a single country transits another. Research at the University of Toronto has suggested that approximately 25% of Canadian domestic traffic may be subject to NSA surveillance activities as a result of the boomerang routing of Canadian Internet service providers.[18]

Intercepted packages are opened carefully by NSA employees

A “load station” implanting a beacon

A document included in NSA files released with Glenn Greenwald’s book No Place to Hide details how the agency’s Tailored Access Operations (TAO) and other NSA units gain access to hardware. They intercept routers, servers and other network hardware being shipped to organizations targeted for surveillance and install covert implant firmware onto them before they are delivered. This was described by an NSA manager as “some of the most productive operations in TAO because they preposition access points into hard target networks around the world.”[162]

Computers seized by the NSA due to interdiction are often modified with a physical device known as Cottonmouth.[163] Cottonmouth is a device that can be inserted in the USB port of a computer in order to establish remote access to the targeted machine. According to NSA’s Tailored Access Operations (TAO) group implant catalog, after implanting Cottonmouth, the NSA can establish Bridging (networking) “that allows the NSA to load exploit software onto modified computers as well as allowing the NSA to relay commands and data between hardware and software implants.”[164]

NSA’s mission, as set forth in Executive Order 12333 in 1981, is to collect information that constitutes “foreign intelligence or counterintelligence” while not “acquiring information concerning the domestic activities of United States persons”. NSA has declared that it relies on the FBI to collect information on foreign intelligence activities within the borders of the United States, while confining its own activities within the United States to the embassies and missions of foreign nations.[165]The appearance of a ‘Domestic Surveillance Directorate’ of the NSA was soon exposed as a hoax in 2013.[166][167]

NSA’s domestic surveillance activities are limited by the requirements imposed by the Fourth Amendment to the U.S. Constitution. The Foreign Intelligence Surveillance Court for example held in October 2011, citing multiple Supreme Court precedents, that the Fourth Amendment prohibitions against unreasonable searches and seizures applies to the contents of all communications, whatever the means, because “a person’s private communications are akin to personal papers.”[168] However, these protections do not apply to non-U.S. persons located outside of U.S. borders, so the NSA’s foreign surveillance efforts are subject to far fewer limitations under U.S. law.[169] The specific requirements for domestic surveillance operations are contained in the Foreign Intelligence Surveillance Act of 1978 (FISA), which does not extend protection to non-U.S. citizens located outside of U.S. territory.[169]

George W. Bush, president during the 9/11 terrorist attacks, approved the Patriot Act shortly after the attacks to take anti-terrorist security measures. Title 1, 2, and 9 specifically authorized measures that would be taken by the NSA. These titles granted enhanced domestic security against terrorism, surveillance procedures, and improved intelligence, respectively. On March 10, 2004, there was a debate between President Bush and White House Counsel Alberto Gonzales, Attorney General John Ashcroft, and Acting Attorney General James Comey. The Attorneys General were unsure if the NSA’s programs could be considered constitutional. They threatened to resign over the matter, but ultimately the NSA’s programs continued.[170] On March 11, 2004, President Bush signed a new authorization for mass surveillance of Internet records, in addition to the surveillance of phone records. This allowed the president to be able to override laws such as the Foreign Intelligence Surveillance Act, which protected civilians from mass surveillance. In addition to this, President Bush also signed that the measures of mass surveillance were also retroactively in place.[171]

Under the PRISM program, which started in 2007,[172][173] NSA gathers Internet communications from foreign targets from nine major U.S. Internet-based communication service providers: Microsoft,[174] Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube and Apple. Data gathered include email, video and voice chat, videos, photos, VoIP chats such as Skype, and file transfers.

Former NSA director General Keith Alexander claimed that in September 2009 the NSA prevented Najibullah Zazi and his friends from carrying out a terrorist attack.[175] However, this claim has been debunked and no evidence has been presented demonstrating that the NSA has ever been instrumental in preventing a terrorist attack.[176][177][178][179]

Besides the more traditional ways of eavesdropping in order to collect signals intelligence, NSA is also engaged in hacking computers, smartphones and their networks. These operations are conducted by the Tailored Access Operations (TAO) division, which has been active since at least circa 1998.[180]

According to the Foreign Policy magazine, “… the Office of Tailored Access Operations, or TAO, has successfully penetrated Chinese computer and telecommunications systems for almost 15 years, generating some of the best and most reliable intelligence information about what is going on inside the People’s Republic of China.”[181][182]

In an interview with Wired magazine, Edward Snowden said the Tailored Access Operations division accidentally caused Syria’s internet blackout in 2012.[183]

The NSA is led by the Director of the National Security Agency (DIRNSA), who also serves as Chief of the Central Security Service (CHCSS) and Commander of the United States Cyber Command (USCYBERCOM) and is the highest-ranking military official of these organizations. He is assisted by a Deputy Director, who is the highest-ranking civilian within the NSA/CSS.

NSA also has an Inspector General, head of the Office of the Inspector General (OIG), a General Counsel, head of the Office of the General Counsel (OGC) and a Director of Compliance, who is head of the Office of the Director of Compliance (ODOC).[184]

Unlike other intelligence organizations such as CIA or DIA, NSA has always been particularly reticent concerning its internal organizational structure.

Excerpt from:

National Security Agency – Wikipedia

Posted in NSA

NSA – What does NSA stand for? The Free Dictionary

AcronymDefinitionNSANational Security Agency (US government)NSANaval Support ActivityNSANational Speakers AssociationNSANo Strings AttachedNSANetwork Security Appliance (Sonicwall)NSANotary Signing AgentNSANational Security AdvisorNSANot Seasonally AdjustedNSANational Security ArchiveNSANational Security ActNSANational Society of AccountantsNSANational Sheriffs’ Association (Alexandria, VA, USA)NSANational Security AffairsNSANo Sugar AddedNSANational Stuttering AssociationNSANational Stroke AssociationNSANetwork Spinal AnalysisNSANational Spiritual Assembly (Institution of the Baha’i Faith)NSANorwegian Shipowners AssociationNSANorth Slope of AlaskaNSANational Sheep Association (Malvern, Worcestershire, UK)NSANational Safety AssociatesNSANon-State Actor (international relations)NSANational Scrabble AssociationNSANational Student AssociationNSANorth Star AcademyNSANew Saint Andrews College (Moscow, Idaho)NSANational Sunflower AssociationNSANational Stone Association (Washington, DC)NSANational Stereoscopic AssociationNSANegative Security AssurancesNSANational Steeplechase AssociationNSANational Sound ArchiveNSANational Security AreaNSANATO Standardization AgencyNSANational Smokers AllianceNSANebraska Statewide ArboretumNSANegotiated Service Agreement (US postal service)NSANational Security Agents (gaming clan)NSANon-Standard AnalysisNSANational Seniors Australia (est. 1976)NSANuclear Science AbstractsNSANormalized Site AttenuationNSANashville School of the Arts (Tennessee)NSANational Storytelling AssociationNSANational Slag Association (Alexandria, VA)NSANorthern Study AreaNSANavy Support ActivityNSANational Skateboard AssociationNSANoise Sensitive AreaNSANikkei Stock AverageNSANational Shipping AuthorityNSANational School of Administration (China)NSANon-surgical Sperm AspirationNSANew Statistical Account (Reports on the conditions of Scotland, with reports on each parish, in the 1830s)NSANunavut Settlement AreaNSANational Supers Agency (fictional from the movie The Incredibles)NSANational Safety AssociationNSANational Security Anarchists (hacker group)NSANational Sprint Association (UK)NSANatuurwetenschappelijke Studievereniging Amsterdam (University of Amsterdam Physics Department student organization)NSANebraska Soybean AssociationNSANaperville Soccer AssociationNSANo Smoking AreaNSANational Softball Association, Inc.NSANorcross Soccer Association (Georgia)NSANaval Supervising ActivityNSANational Singles Association (Atlanta, Georgia)NSANavy Stock AccountNSANight Stalker AssociationNSANational Success AssociationNSANational Shuffleboard AssociationNSANational Software AllianceNSANo Significant Abnormalities (disease assessment)NSANorthern Slope of AlaskaNSANational Service Alliance, LLCNSANon Semi Auto (concealed handgun license; Texas)NSANon Standard Area (of a database)NSANantucket Shellfish Association (Nantucket, MA)NSANational Standard ApplicationNSANational Scout AssociationNSANarrow-Slot ApproximationNSANational Sentinel AuditNSANet Sales AreaNSANode Switching AssemblyNSANuclear Support AgencyNSANetwork Search AlgorithmNSANaval Systems AnalysisNSANikkei Student AssociationNSANet Sellable Area (real estate)NSANeutron Source AssemblyNSANetwork South Australia (Adelaide, Australia)NSANichiren Shosu of AmericaNSANet Server AssistantNSANorwegian Security ActNSANabelschnurarterie (German: Umbilical Cord Artery)NSANarrow Slot ApertureNSANikkei Siam Aluminium Limited (Pathumtani, Thailand)NSANordic Securities Association (est. 2008)NSANetwork Supported Account (Cisco)NSANational Space AgencyNSANon-Standard Auto (insurance)NSANon-Self-AlignedNSANetwork Storage Appliance (computing)NSANeed Special AssistanceNSANational Supervisory Authority (EU)NSANaczelny Sad Administracyjny (Polish: Supreme Administrative Court)

View post:

NSA – What does NSA stand for? The Free Dictionary

Posted in NSA

National Security Agency – Wikipedia

National Security Agency

Seal of the National Security Agency

Flag of the National Security Agency

The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence. The NSA is responsible for global monitoring, collection, and processing of information and data for foreign intelligence and counterintelligence purposes, specializing in a discipline known as signals intelligence (SIGINT). The NSA is also tasked with the protection of U.S. communications networks and information systems.[8][9] The NSA relies on a variety of measures to accomplish its mission, the majority of which are clandestine.[10]

Originating as a unit to decipher coded communications in World War II, it was officially formed as the NSA by President Harry S. Truman in 1952. Since then, it has become the largest of the U.S. intelligence organizations in terms of personnel and budget.[6][11] The NSA currently conducts worldwide mass data collection and has been known to physically bug electronic systems as one method to this end.[12] The NSA has also been alleged to have been behind such attack software as Stuxnet, which severely damaged Iran’s nuclear program.[13][14] The NSA, alongside the Central Intelligence Agency (CIA), maintains a physical presence in many countries across the globe; the CIA/NSA joint Special Collection Service (a highly classified intelligence team) inserts eavesdropping devices in high value targets (such as Presidential palaces or embassies). SCS collection tactics allegedly encompass “close surveillance, burglary, wiretapping, [and] breaking and entering”.[15][16]

Unlike the CIA and the Defense Intelligence Agency (DIA), both of which specialize primarily in foreign human espionage, the NSA does not publicly conduct human-source intelligence gathering. The NSA is entrusted with providing assistance to, and the coordination of, SIGINT elements for other government organizations – which are prevented by law from engaging in such activities on their own.[17] As part of these responsibilities, the agency has a co-located organization called the Central Security Service (CSS), which facilitates cooperation between the NSA and other U.S. defense cryptanalysis components. To further ensure streamlined communication between the signals intelligence community divisions, the NSA Director simultaneously serves as the Commander of the United States Cyber Command and as Chief of the Central Security Service.

The NSA’s actions have been a matter of political controversy on several occasions, including its spying on anti-Vietnam-war leaders and the agency’s participation in economic espionage. In 2013, the NSA had many of its secret surveillance programs revealed to the public by Edward Snowden, a former NSA contractor. According to the leaked documents, the NSA intercepts and stores the communications of over a billion people worldwide, including United States citizens. The documents also revealed the NSA tracks hundreds of millions of people’s movements using cellphones metadata. Internationally, research has pointed to the NSA’s ability to surveil the domestic Internet traffic of foreign countries through “boomerang routing”.[18]

The origins of the National Security Agency can be traced back to April 28, 1917, three weeks after the U.S. Congress declared war on Germany in World War I. A code and cipher decryption unit was established as the Cable and Telegraph Section which was also known as the Cipher Bureau.[19] It was headquartered in Washington, D.C. and was part of the war effort under the executive branch without direct Congressional authorization. During the course of the war it was relocated in the army’s organizational chart several times. On July 5, 1917, Herbert O. Yardley was assigned to head the unit. At that point, the unit consisted of Yardley and two civilian clerks. It absorbed the navy’s Cryptanalysis functions in July 1918. World War I ended on November 11, 1918, and the army cryptographic section of Military Intelligence (MI-8) moved to New York City on May 20, 1919, where it continued intelligence activities as the Code Compilation Company under the direction of Yardley.[20][21]

After the disbandment of the U.S. Army cryptographic section of military intelligence, known as MI-8, in 1919, the U.S. government created the Cipher Bureau, also known as Black Chamber. The Black Chamber was the United States’ first peacetime cryptanalytic organization.[22] Jointly funded by the Army and the State Department, the Cipher Bureau was disguised as a New York City commercial code company; it actually produced and sold such codes for business use. Its true mission, however, was to break the communications (chiefly diplomatic) of other nations. Its most notable known success was at the Washington Naval Conference, during which it aided American negotiators considerably by providing them with the decrypted traffic of many of the conference delegations, most notably the Japanese. The Black Chamber successfully persuaded Western Union, the largest U.S. telegram company at the time, as well as several other communications companies to illegally give the Black Chamber access to cable traffic of foreign embassies and consulates.[23] Soon, these companies publicly discontinued their collaboration.

Despite the Chamber’s initial successes, it was shut down in 1929 by U.S. Secretary of State Henry L. Stimson, who defended his decision by stating, “Gentlemen do not read each other’s mail”.[24]

During World War II, the Signal Intelligence Service (SIS) was created to intercept and decipher the communications of the Axis powers.[25] When the war ended, the SIS was reorganized as the Army Security Agency (ASA), and it was placed under the leadership of the Director of Military Intelligence.[25]

On May 20, 1949, all cryptologic activities were centralized under a national organization called the Armed Forces Security Agency (AFSA).[25] This organization was originally established within the U.S. Department of Defense under the command of the Joint Chiefs of Staff.[26] The AFSA was tasked to direct Department of Defense communications and electronic intelligence activities, except those of U.S. military intelligence units.[26] However, the AFSA was unable to centralize communications intelligence and failed to coordinate with civilian agencies that shared its interests such as the Department of State, Central Intelligence Agency (CIA) and the Federal Bureau of Investigation (FBI).[26] In December 1951, President Harry S. Truman ordered a panel to investigate how AFSA had failed to achieve its goals. The results of the investigation led to improvements and its redesignation as the National Security Agency.[27]

The agency was formally established by Truman in a memorandum of October 24, 1952, that revised National Security Council Intelligence Directive (NSCID) 9.[28] Since President Truman’s memo was a classified document,[28] the existence of the NSA was not known to the public at that time. Due to its ultra-secrecy the U.S. intelligence community referred to the NSA as “No Such Agency”.[29]

In the 1960s, the NSA played a key role in expanding U.S. commitment to the Vietnam War by providing evidence of a North Vietnamese attack on the American destroyer USSMaddox during the Gulf of Tonkin incident.[30]

A secret operation, code-named “MINARET”, was set up by the NSA to monitor the phone communications of Senators Frank Church and Howard Baker, as well as major civil rights leaders, including Martin Luther King, Jr., and prominent U.S. journalists and athletes who criticized the Vietnam War.[31] However, the project turned out to be controversial, and an internal review by the NSA concluded that its Minaret program was “disreputable if not outright illegal”.[31]

The NSA mounted a major effort to secure tactical communications among U.S. forces during the war with mixed success. The NESTOR family of compatible secure voice systems it developed was widely deployed during the Vietnam War, with about 30,000 NESTOR sets produced. However a variety of technical and operational problems limited their use, allowing the North Vietnamese to exploit and intercept U.S. communications.[32]:Vol I, p.79

In the aftermath of the Watergate scandal, a congressional hearing in 1975 led by Sen. Frank Church[33] revealed that the NSA, in collaboration with Britain’s SIGINT intelligence agency Government Communications Headquarters (GCHQ), had routinely intercepted the international communications of prominent anti-Vietnam war leaders such as Jane Fonda and Dr. Benjamin Spock.[34] The Agency tracked these individuals in a secret filing system that was destroyed in 1974.[35]Following the resignation of President Richard Nixon, there were several investigations of suspected misuse of FBI, CIA and NSA facilities.[36] Senator Frank Church uncovered previously unknown activity,[36] such as a CIA plot (ordered by the administration of President John F. Kennedy) to assassinate Fidel Castro.[37] The investigation also uncovered NSA’s wiretaps on targeted U.S. citizens.[38]

After the Church Committee hearings, the Foreign Intelligence Surveillance Act of 1978 was passed into law. This was designed to limit the practice of mass surveillance in the United States.[36]

In 1986, the NSA intercepted the communications of the Libyan government during the immediate aftermath of the Berlin discotheque bombing. The White House asserted that the NSA interception had provided “irrefutable” evidence that Libya was behind the bombing, which U.S. President Ronald Reagan cited as a justification for the 1986 United States bombing of Libya.[39][40]

In 1999, a multi-year investigation by the European Parliament highlighted the NSA’s role in economic espionage in a report entitled ‘Development of Surveillance Technology and Risk of Abuse of Economic Information’.[41] That year, the NSA founded the NSA Hall of Honor, a memorial at the National Cryptologic Museum in Fort Meade, Maryland.[42] The memorial is a, “tribute to the pioneers and heroes who have made significant and long-lasting contributions to American cryptology”.[42] NSA employees must be retired for more than fifteen years to qualify for the memorial.[42]

NSA’s infrastructure deteriorated in the 1990s as defense budget cuts resulted in maintenance deferrals. On January 24, 2000, NSA headquarters suffered a total network outage for three days caused by an overloaded network. Incoming traffic was successfully stored on agency servers, but it could not be directed and processed. The agency carried out emergency repairs at a cost of $3 million to get the system running again. (Some incoming traffic was also directed instead to Britain’s GCHQ for the time being.) Director Michael Hayden called the outage a “wake-up call” for the need to invest in the agency’s infrastructure.[43]

In the 1990s the defensive arm of the NSA the Information Assurance Directorate (IAD) started working more openly; the first public technical talk by an NSA scientist at a major cryptography conference was J. Solinas’ presentation onefficient Elliptic Curve Cryptography algorithms at Crypto 1997.[44] The IAD’s cooperative approach to academia and industry culminated in its support for a transparent process for replacing the outdated Data Encryption Standard (DES) by an Advanced Encryption Standard (AES). Cybersecurity policy expert Susan Landau attributes the NSA’s harmonious collaboration with industry and academia in the selection of the AES in 2000 and the Agency’s support for the choice of a strong encryption algorithm designed by Europeans rather than by Americans to Brian Snow, who was the Technical Director of IAD and represented the NSA as cochairman of the Technical Working Group for the AES competition, and Michael Jacobs, who headed IAD at the time.[45]:75

After the terrorist attacks of 11 September 2001, the NSA believed that it had public support for a dramatic expansion of its surveillance activities.[46] According to Neal Koblitz and Alfred Menezes, the period when the NSA was a trusted partner with academia and industry in the development of cryptographic standards started to come to an end when, as part of the change in the NSA in the post-September 11 era, Snow was replaced as Technical Director, Jacobs retired, and IAD could no longer effectively oppose proposed actions by the offensive arm of the NSA.[47]

In the aftermath of the September 11 attacks, the NSA created new IT systems to deal with the flood of information from new technologies like the Internet and cellphones. ThinThread contained advanced data mining capabilities. It also had a “privacy mechanism”; surveillance was stored encrypted; decryption required a warrant. The research done under this program may have contributed to the technology used in later systems. ThinThread was cancelled when Michael Hayden chose Trailblazer, which did not include ThinThread’s privacy system.[48]

Trailblazer Project ramped up in 2002 and was worked on by Science Applications International Corporation (SAIC), Boeing, Computer Sciences Corporation, IBM, and Litton Industries. Some NSA whistleblowers complained internally about major problems surrounding Trailblazer. This led to investigations by Congress and the NSA and DoD Inspectors General. The project was cancelled in early 2004.

Turbulence started in 2005. It was developed in small, inexpensive “test” pieces, rather than one grand plan like Trailblazer. It also included offensive cyber-warfare capabilities, like injecting malware into remote computers. Congress criticized Turbulence in 2007 for having similar bureaucratic problems as Trailblazer.[49] It was to be a realization of information processing at higher speeds in cyberspace.[50]

The massive extent of the NSA’s spying, both foreign and domestic, was revealed to the public in a series of detailed disclosures of internal NSA documents beginning in June 2013. Most of the disclosures were leaked by former NSA contractor, Edward Snowden.

NSA’s eavesdropping mission includes radio broadcasting, both from various organizations and individuals, the Internet, telephone calls, and other intercepted forms of communication. Its secure communications mission includes military, diplomatic, and all other sensitive, confidential or secret government communications.[51]

According to a 2010 article in The Washington Post, “[e]very day, collection systems at the National Security Agency intercept and store 1.7billion e-mails, phone calls and other types of communications. The NSA sorts a fraction of those into 70 separate databases.”[52]

Because of its listening task, NSA/CSS has been heavily involved in cryptanalytic research, continuing the work of predecessor agencies which had broken many World War II codes and ciphers (see, for instance, Purple, Venona project, and JN-25).

In 2004, NSA Central Security Service and the National Cyber Security Division of the Department of Homeland Security (DHS) agreed to expand NSA Centers of Academic Excellence in Information Assurance Education Program.[53]

As part of the National Security Presidential Directive 54/Homeland Security Presidential Directive 23 (NSPD 54), signed on January 8, 2008, by President Bush, the NSA became the lead agency to monitor and protect all of the federal government’s computer networks from cyber-terrorism.[9]

In the United States, at least since 2001,[54] there has been legal controversy over what signal intelligence can be used for and how much freedom the National Security Agency has to use signal intelligence.[55] The government has made, in 2015, slight changes in how it uses and collects certain types of data,[56] specifically phone records.

On December 16, 2005, The New York Times reported that, under White House pressure and with an executive order from President George W. Bush, the National Security Agency, in an attempt to thwart terrorism, had been tapping phone calls made to persons outside the country, without obtaining warrants from the United States Foreign Intelligence Surveillance Court, a secret court created for that purpose under the Foreign Intelligence Surveillance Act (FISA).[57]

One such surveillance program, authorized by the U.S. Signals Intelligence Directive 18 of President George Bush, was the Highlander Project undertaken for the National Security Agency by the U.S. Army 513th Military Intelligence Brigade. NSA relayed telephone (including cell phone) conversations obtained from ground, airborne, and satellite monitoring stations to various U.S. Army Signal Intelligence Officers, including the 201st Military Intelligence Battalion. Conversations of citizens of the U.S. were intercepted, along with those of other nations.[58]

Proponents of the surveillance program claim that the President has executive authority to order such action, arguing that laws such as FISA are overridden by the President’s Constitutional powers. In addition, some argued that FISA was implicitly overridden by a subsequent statute, the Authorization for Use of Military Force, although the Supreme Court’s ruling in Hamdan v. Rumsfeld deprecates this view. In the August 2006 case ACLU v. NSA, U.S. District Court Judge Anna Diggs Taylor concluded that NSA’s warrantless surveillance program was both illegal and unconstitutional. On July 6, 2007, the 6th Circuit Court of Appeals vacated the decision on the grounds that the ACLU lacked standing to bring the suit.[59]

On January 17, 2006, the Center for Constitutional Rights filed a lawsuit, CCR v. Bush, against the George W. Bush Presidency. The lawsuit challenged the National Security Agency’s (NSA’s) surveillance of people within the U.S., including the interception of CCR emails without securing a warrant first.[60][61]

In September 2008, the Electronic Frontier Foundation (EFF) filed a class action lawsuit against the NSA and several high-ranking officials of the Bush administration,[62] charging an “illegal and unconstitutional program of dragnet communications surveillance,”[63] based on documentation provided by former AT&T technician Mark Klein.[64]

As a result of the USA Freedom Act passed by Congress in June 2015, the NSA had to shut down its bulk phone surveillance program on November 29 of the same year. The USA Freedom Act forbids the NSA to collect metadata and content of phone calls unless it has a warrant for terrorism investigation. In that case the agency has to ask the telecom companies for the record, which will only be kept for six months.

In May 2008, Mark Klein, a former AT&T employee, alleged that his company had cooperated with NSA in installing Narus hardware to replace the FBI Carnivore program, to monitor network communications including traffic between U.S. citizens.[65]

NSA was reported in 2008 to use its computing capability to analyze “transactional” data that it regularly acquires from other government agencies, which gather it under their own jurisdictional authorities. As part of this effort, NSA now monitors huge volumes of records of domestic email data, web addresses from Internet searches, bank transfers, credit-card transactions, travel records, and telephone data, according to current and former intelligence officials interviewed by The Wall Street Journal. The sender, recipient, and subject line of emails can be included, but the content of the messages or of phone calls are not.[66]

A 2013 advisory group for the Obama administration, seeking to reform NSA spying programs following the revelations of documents released by Edward J. Snowden.[67] mentioned in ‘Recommendation 30’ on page 37, “…that the National Security Council staff should manage an interagency process to review on a regular basis the activities of the US Government regarding attacks that exploit a previously unknown vulnerability in a computer application.” Retired cyber security expert Richard A. Clarke was a group member and stated on April 11 that NSA had no advance knowledge of Heartbleed.[68]

In August 2013 it was revealed that a 2005 IRS training document showed that NSA intelligence intercepts and wiretaps, both foreign and domestic, were being supplied to the Drug Enforcement Administration (DEA) and Internal Revenue Service (IRS) and were illegally used to launch criminal investigations of US citizens. Law enforcement agents were directed to conceal how the investigations began and recreate an apparently legal investigative trail by re-obtaining the same evidence by other means.[69][70]

In the months leading to April 2009, the NSA intercepted the communications of U.S. citizens, including a Congressman, although the Justice Department believed that the interception was unintentional. The Justice Department then took action to correct the issues and bring the program into compliance with existing laws.[71] United States Attorney General Eric Holder resumed the program according to his understanding of the Foreign Intelligence Surveillance Act amendment of 2008, without explaining what had occurred.[72]

Polls conducted in June 2013 found divided results among Americans regarding NSA’s secret data collection.[73] Rasmussen Reports found that 59% of Americans disapprove,[74] Gallup found that 53% disapprove,[75] and Pew found that 56% are in favor of NSA data collection.[76]

On April 25, 2013, the NSA obtained a court order requiring Verizon’s Business Network Services to provide metadata on all calls in its system to the NSA “on an ongoing daily basis” for a three-month period, as reported by The Guardian on June 6, 2013. This information includes “the numbers of both parties on a call… location data, call duration, unique identifiers, and the time and duration of all calls” but not “[t]he contents of the conversation itself”. The order relies on the so-called “business records” provision of the Patriot Act.[77][78]

In August 2013, following the Snowden leaks, new details about the NSA’s data mining activity were revealed. Reportedly, the majority of emails into or out of the United States are captured at “selected communications links” and automatically analyzed for keywords or other “selectors”. Emails that do not match are deleted.[79]

The utility of such a massive metadata collection in preventing terrorist attacks is disputed. Many studies reveal the dragnet like system to be ineffective. One such report, released by the New America Foundation concluded that after an analysis of 225 terrorism cases, the NSA “had no discernible impact on preventing acts of terrorism.”[80]

Defenders of the program said that while metadata alone can’t provide all the information necessary to prevent an attack, it assures the ability to “connect the dots”[81] between suspect foreign numbers and domestic numbers with a speed only the NSA’s software is capable of. One benefit of this is quickly being able to determine the difference between suspicious activity and real threats.[citation needed] As an example, NSA director General Keith B. Alexander mentioned at the annual Cybersecurity Summit in 2013, that metadata analysis of domestic phone call records after the Boston Marathon bombing helped determine that rumors of a follow-up attack in New York were baseless.[81]

In addition to doubts about its effectiveness, many people argue that the collection of metadata is an unconstitutional invasion of privacy. As of 2015[update], the collection process remains legal and grounded in the ruling from Smith v. Maryland (1979). A prominent opponent of the data collection and its legality is U.S. District Judge Richard J. Leon, who issued a report in 2013[82] in which he stated:”I cannot imagine a more ‘indiscriminate’ and ‘arbitrary invasion’ than this systematic and high tech collection and retention of personal data on virtually every single citizen for purposes of querying and analyzing it without prior judicial approval…Surely, such a program infringes on ‘that degree of privacy’ that the founders enshrined in the Fourth Amendment”.

As of May 7, 2015, the U.S. Court of Appeals for the Second Circuit ruled that the interpretation of Section 215 of the Patriot Act was wrong and that the NSA program that has been collecting Americans’ phone records in bulk is illegal.[83] It stated that Section 215 cannot be clearly interpreted to allow government to collect national phone data and, as a result, expired on June 1, 2015. This ruling “is the first time a higher-level court in the regular judicial system has reviewed the N.S.A. phone records program.”[84] The replacement law known as the USA Freedom Act, which will enable the NSA to continue to have bulk access to citizens’ metadata but with the stipulation that the data will now be stored by the companies themselves.[84] This change will not have any effect on other Agency procedures – outside of metadata collection – which have purportedly challenged Americans’ Fourth Amendment rights;,[85] including Upstream collection, a mass of techniques used by the Agency to collect and store American’s data/communications directly from the Internet backbone.[86]

Under the Upstream program, the NSA paid telecommunications companies between 9 and 95 million dollars in order to collect data from them.[87] While companies such as Google and Yahoo! claim that they do not provide “direct access” from their servers to the NSA unless under a court order,[88] the NSA had access to emails, phone calls and cellular data users.[89] Under this new ruling, telecommunications companies maintain bulk user metadata on their servers for at least 18 months, to be provided upon request to the NSA.[84] This ruling made the mass storage of specific phone records at NSA datacenters illegal, but it did not rule on Section 215’s constitutionality.[84]

In a declassified document it was revealed that 17,835 phone lines were on an improperly permitted “alert list” from 2006 to 2009 in breach of compliance, which tagged these phone lines for daily monitoring.[90][91][92] Eleven percent of these monitored phone lines met the agency’s legal standard for “reasonably articulable suspicion” (RAS).[90][93]The NSA tracks the locations of hundreds of millions of cellphones per day, allowing it to map people’s movements and relationships in detail.[94] The NSA has been reported to have access to all communications made via Google, Microsoft, Facebook, Yahoo, YouTube, AOL, Skype, Apple and Paltalk,[95] and collects hundreds of millions of contact lists from personal email and instant messaging accounts each year.[96] It has also managed to weaken much of the encryption used on the Internet (by collaborating with, coercing or otherwise infiltrating numerous technology companies to leave “backdoors” into their systems), so that the majority of encryption is inadvertently vulnerable to different forms of attack.[97][98]

Domestically, the NSA has been proven to collect and store metadata records of phone calls,[99] including over 120 million US Verizon subscribers,[100] as well as intercept vast amounts of communications via the internet (Upstream).[95] The government’s legal standing had been to rely on a secret interpretation of the Patriot Act whereby the entirety of US communications may be considered “relevant” to a terrorism investigation if it is expected that even a tiny minority may relate to terrorism.[101] The NSA also supplies foreign intercepts to the DEA, IRS and other law enforcement agencies, who use these to initiate criminal investigations. Federal agents are then instructed to “recreate” the investigative trail via parallel construction.[102]

The NSA also spies on influential Muslims to obtain information that could be used to discredit them, such as their use of pornography. The targets, both domestic and abroad, are not suspected of any crime but hold religious or political views deemed “radical” by the NSA.[103]

According to a report in The Washington Post in July 2014, relying on information provided by Snowden, 90% of those placed under surveillance in the U.S. are ordinary Americans, and are not the intended targets. The newspaper said it had examined documents including emails, text messages, and online accounts that support the claim.[104]

Despite White House claims that these programs have congressional oversight, many members of Congress were unaware of the existence of these NSA programs or the secret interpretation of the Patriot Act, and have consistently been denied access to basic information about them.[105] The United States Foreign Intelligence Surveillance Court, the secret court charged with regulating the NSA’s activities is, according to its chief judge, incapable of investigating or verifying how often the NSA breaks even its own secret rules.[106]It has since been reported that the NSA violated its own rules on data access thousands of times a year, many of these violations involving large-scale data interceptions.[107] NSA officers have even used data intercepts to spy on love interests;[108] “most of the NSA violations were self-reported, and each instance resulted in administrative action of termination.”[109]

The NSA has “generally disregarded the special rules for disseminating United States person information” by illegally sharing its intercepts with other law enforcement agencies.[110] A March 2009 FISA Court opinion, which the court released, states that protocols restricting data queries had been “so frequently and systemically violated that it can be fairly said that this critical element of the overall … regime has never functioned effectively.”[111][112] In 2011 the same court noted that the “volume and nature” of the NSA’s bulk foreign Internet intercepts was “fundamentally different from what the court had been led to believe”.[110] Email contact lists (including those of US citizens) are collected at numerous foreign locations to work around the illegality of doing so on US soil.[96]

Legal opinions on the NSA’s bulk collection program have differed. In mid-December 2013, U.S. District Judge Richard Leon ruled that the “almost-Orwellian” program likely violates the Constitution, and wrote, “I cannot imagine a more ‘indiscriminate’ and ‘arbitrary invasion’ than this systematic and high-tech collection and retention of personal data on virtually every single citizen for purposes of querying and analyzing it without prior judicial approval. Surely, such a program infringes on ‘that degree of privacy’ that the Founders enshrined in the Fourth Amendment. Indeed, I have little doubt that the author of our Constitution, James Madison, who cautioned us to beware ‘the abridgement of freedom of the people by gradual and silent encroachments by those in power,’ would be aghast.”[113]

Later that month, U.S. District Judge William Pauley ruled that the NSA’s collection of telephone records is legal and valuable in the fight against terrorism. In his opinion, he wrote, “a bulk telephony metadata collection program [is] a wide net that could find and isolate gossamer contacts among suspected terrorists in an ocean of seemingly disconnected data” and noted that a similar collection of data prior to 9/11 might have prevented the attack.[114]

At a March 2013 Senate Intelligence Committee hearing, Senator Ron Wyden asked Director of National Intelligence James Clapper, “does the NSA collect any type of data at all on millions or hundreds of millions of Americans?” Clapper replied “No, sir. … Not wittingly. There are cases where they could inadvertently perhaps collect, but not wittingly.”[115] This statement came under scrutiny months later, in June 2013, details of the PRISM surveillance program were published, showing that “the NSA apparently can gain access to the servers of nine Internet companies for a wide range of digital data.”[115] Wyden said that Clapper had failed to give a “straight answer” in his testimony. Clapper, in response to criticism, said, “I responded in what I thought was the most truthful, or least untruthful manner.” Clapper added, “There are honest differences on the semantics of what — when someone says collection to me, that has a specific meaning, which may have a different meaning to him.”[115]

NSA whistler-blower Edward Snowden additionally revealed the existence of XKeyscore, a top secret NSA program that allows the agency to search vast databases of “the metadata as well as the content of emails and other internet activity, such as browser history,” with capability to search by “name, telephone number, IP address, keywords, the language in which the internet activity was conducted or the type of browser used.”[116] XKeyscore “provides the technological capability, if not the legal authority, to target even US persons for extensive electronic surveillance without a warrant provided that some identifying information, such as their email or IP address, is known to the analyst.”[116]

Regarding the necessity of these NSA programs, Alexander stated on June 27 that the NSA’s bulk phone and Internet intercepts had been instrumental in preventing 54 terrorist “events”, including 13 in the US, and in all but one of these cases had provided the initial tip to “unravel the threat stream”.[117] On July 31 NSA Deputy Director John Inglis conceded to the Senate that these intercepts had not been vital in stopping any terrorist attacks, but were “close” to vital in identifying and convicting four San Diego men for sending US$8,930 to Al-Shabaab, a militia that conducts terrorism in Somalia.[118][119][120]

The U.S. government has aggressively sought to dismiss and challenge Fourth Amendment cases raised against it, and has granted retroactive immunity to ISPs and telecoms participating in domestic surveillance.[121][122]The U.S. military has acknowledged blocking access to parts of The Guardian website for thousands of defense personnel across the country,[123][124] and blocking the entire Guardian website for personnel stationed throughout Afghanistan, the Middle East, and South Asia.[125]

An October 2014 United Nations report condemned mass surveillance by the United States and other countries as violating multiple international treaties and conventions that guarantee core privacy rights.[126]

In 2015, the Wikimedia Foundation and several other plaintiffs filed suit against the NSA, Wikimedia Foundation v. NSA, for the violation of their user’s First and Fourth Amendment rights by the Agency’s mass surveillance programs like Upstream.[127] The suit was initially dismissed, but was later found to have plausible and legal standing to its complaints by the US Court of Appeals for the Fourth Circuit and was remanded. The case is currently awaiting further proceedings at the United States District Court for the District of Maryland.[128]

An exploit, EternalBlue, which is believed to have been created by the NSA, was used in the unprecedented worldwide WannaCry ransomware attack in May 2017. The exploit had been leaked online by a hacking group, The Shadow Brokers, nearly a month prior to the attack. A number of experts have pointed the finger at the NSA’s non-disclosure of the underlying vulnerability, and their loss of control over the EternalBlue attack tool that exploited it. Edward Snowden said that if the NSA had “privately disclosed the flaw used to attack hospitals when they found it, not when they lost it, [the attack] might not have happened”.[129] Wikipedia co-founder, Jimmy Wales, stated that he joined “with Microsoft and the other leaders of the industry in saying this is a huge screw-up by the government … the moment the NSA found it, they should have notified Microsoft so they could quietly issue a patch and really chivvy people along, long before it became a huge problem.”[130]

Operations by the National Security Agency can be divided in three types:

“Echelon” was created in the incubator of the Cold War.[131] Today it is a legacy system, and several NSA stations are closing.[132]

NSA/CSS, in combination with the equivalent agencies in the United Kingdom (Government Communications Headquarters), Canada (Communications Security Establishment), Australia (Defence Signals Directorate), and New Zealand (Government Communications Security Bureau), otherwise known as the UKUSA group,[133] was reported to be in command of the operation of the so-called ECHELON system. Its capabilities were suspected to include the ability to monitor a large proportion of the world’s transmitted civilian telephone, fax and data traffic.[134]

During the early 1970s, the first of what became more than eight large satellite communications dishes were installed at Menwith Hill.[135] Investigative journalist Duncan Campbell reported in 1988 on the “ECHELON” surveillance program, an extension of the UKUSA Agreement on global signals intelligence SIGINT, and detailed how the eavesdropping operations worked.[136] On November 3, 1999 the BBC reported that they had confirmation from the Australian Government of the existence of a powerful “global spying network” code-named Echelon, that could “eavesdrop on every single phone call, fax or e-mail, anywhere on the planet” with Britain and the United States as the chief protagonists. They confirmed that Menwith Hill was “linked directly to the headquarters of the US National Security Agency (NSA) at Fort Meade in Maryland”.[137]

NSA’s United States Signals Intelligence Directive 18 (USSID 18) strictly prohibited the interception or collection of information about “… U.S. persons, entities, corporations or organizations….” without explicit written legal permission from the United States Attorney General when the subject is located abroad, or the Foreign Intelligence Surveillance Court when within U.S. borders. Alleged Echelon-related activities, including its use for motives other than national security, including political and industrial espionage, received criticism from countries outside the UKUSA alliance.[138][139]

The NSA was also involved in planning to blackmail people with “SEXINT”, intelligence gained about a potential target’s sexual activity and preferences. Those targeted had not committed any apparent crime nor were they charged with one.[140]

In order to support its facial recognition program, the NSA is intercepting “millions of images per day”.[141]

The Real Time Regional Gateway is a data collection program introduced in 2005 in Iraq by NSA during the Iraq War that consisted of gathering all electronic communication, storing it, then searching and otherwise analyzing it. It was effective in providing information about Iraqi insurgents who had eluded less comprehensive techniques.[142] This “collect it all” strategy introduced by NSA director, Keith B. Alexander, is believed by Glenn Greenwald of The Guardian to be the model for the comprehensive worldwide mass archiving of communications which NSA is engaged in as of 2013.[143]

A dedicated unit of the NSA locates targets for the CIA for extrajudicial assassination in the Middle East.[144] The NSA has also spied extensively on the European Union, the United Nations and numerous governments including allies and trading partners in Europe, South America and Asia.[145][146]

In June 2015, WikiLeaks published documents showing that NSA spied on French companies.[147]

In July 2015, WikiLeaks published documents showing that NSA spied on federal German ministries since the 1990s.[148][149] Even Germany’s Chancellor Angela Merkel’s cellphones and phone of her predecessors had been intercepted.[150]

Edward Snowden revealed in June 2013 that between February 8 and March 8, 2013, the NSA collected about 124.8billion telephone data items and 97.1billion computer data items throughout the world, as was displayed in charts from an internal NSA tool codenamed Boundless Informant. Initially, it was reported that some of these data reflected eavesdropping on citizens in countries like Germany, Spain and France,[151] but later on, it became clear that those data were collected by European agencies during military missions abroad and were subsequently shared with NSA.

In 2013, reporters uncovered a secret memo that claims the NSA created and pushed for the adoption of the Dual EC DRBG encryption standard that contained built-in vulnerabilities in 2006 to the United States National Institute of Standards and Technology (NIST), and the International Organization for Standardization (aka ISO).[152][153] This memo appears to give credence to previous speculation by cryptographers at Microsoft Research.[154] Edward Snowden claims that the NSA often bypasses encryption altogether by lifting information before it is encrypted or after it is decrypted.[153]

XKeyscore rules (as specified in a file xkeyscorerules100.txt, sourced by German TV stations NDR and WDR, who claim to have excerpts from its source code) reveal that the NSA tracks users of privacy-enhancing software tools, including Tor; an anonymous email service provided by the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) in Cambridge, Massachusetts; and readers of the Linux Journal.[155][156]

Linus Torvalds, the founder of Linux kernel, joked during a LinuxCon keynote on September 18, 2013, that the NSA, who are the founder of SELinux, wanted a backdoor in the kernel.[157] However, later, Linus’ father, a Member of the European Parliament (MEP), revealed that the NSA actually did this.[158]

When my oldest son was asked the same question: “Has he been approached by the NSA about backdoors?” he said “No”, but at the same time he nodded. Then he was sort of in the legal free. He had given the right answer, everybody understood that the NSA had approached him.

IBM Notes was the first widely adopted software product to use public key cryptography for clientserver and serverserver authentication and for encryption of data. Until US laws regulating encryption were changed in 2000, IBM and Lotus were prohibited from exporting versions of Notes that supported symmetric encryption keys that were longer than 40 bits. In 1997, Lotus negotiated an agreement with the NSA that allowed export of a version that supported stronger keys with 64 bits, but 24 of the bits were encrypted with a special key and included in the message to provide a “workload reduction factor” for the NSA. This strengthened the protection for users of Notes outside the US against private-sector industrial espionage, but not against spying by the US government.[160][161]

While it is assumed that foreign transmissions terminating in the U.S. (such as a non-U.S. citizen accessing a U.S. website) subject non-U.S. citizens to NSA surveillance, recent research into boomerang routing has raised new concerns about the NSA’s ability to surveil the domestic Internet traffic of foreign countries.[18] Boomerang routing occurs when an Internet transmission that originates and terminates in a single country transits another. Research at the University of Toronto has suggested that approximately 25% of Canadian domestic traffic may be subject to NSA surveillance activities as a result of the boomerang routing of Canadian Internet service providers.[18]

Intercepted packages are opened carefully by NSA employees

A “load station” implanting a beacon

A document included in NSA files released with Glenn Greenwald’s book No Place to Hide details how the agency’s Tailored Access Operations (TAO) and other NSA units gain access to hardware. They intercept routers, servers and other network hardware being shipped to organizations targeted for surveillance and install covert implant firmware onto them before they are delivered. This was described by an NSA manager as “some of the most productive operations in TAO because they preposition access points into hard target networks around the world.”[162]

Computers seized by the NSA due to interdiction are often modified with a physical device known as Cottonmouth.[163] Cottonmouth is a device that can be inserted in the USB port of a computer in order to establish remote access to the targeted machine. According to NSA’s Tailored Access Operations (TAO) group implant catalog, after implanting Cottonmouth, the NSA can establish Bridging (networking) “that allows the NSA to load exploit software onto modified computers as well as allowing the NSA to relay commands and data between hardware and software implants.”[164]

NSA’s mission, as set forth in Executive Order 12333 in 1981, is to collect information that constitutes “foreign intelligence or counterintelligence” while not “acquiring information concerning the domestic activities of United States persons”. NSA has declared that it relies on the FBI to collect information on foreign intelligence activities within the borders of the United States, while confining its own activities within the United States to the embassies and missions of foreign nations.[165]The appearance of a ‘Domestic Surveillance Directorate’ of the NSA was soon exposed as a hoax in 2013.[166][167]

NSA’s domestic surveillance activities are limited by the requirements imposed by the Fourth Amendment to the U.S. Constitution. The Foreign Intelligence Surveillance Court for example held in October 2011, citing multiple Supreme Court precedents, that the Fourth Amendment prohibitions against unreasonable searches and seizures applies to the contents of all communications, whatever the means, because “a person’s private communications are akin to personal papers.”[168] However, these protections do not apply to non-U.S. persons located outside of U.S. borders, so the NSA’s foreign surveillance efforts are subject to far fewer limitations under U.S. law.[169] The specific requirements for domestic surveillance operations are contained in the Foreign Intelligence Surveillance Act of 1978 (FISA), which does not extend protection to non-U.S. citizens located outside of U.S. territory.[169]

George W. Bush, president during the 9/11 terrorist attacks, approved the Patriot Act shortly after the attacks to take anti-terrorist security measures. Title 1, 2, and 9 specifically authorized measures that would be taken by the NSA. These titles granted enhanced domestic security against terrorism, surveillance procedures, and improved intelligence, respectively. On March 10, 2004, there was a debate between President Bush and White House Counsel Alberto Gonzales, Attorney General John Ashcroft, and Acting Attorney General James Comey. The Attorneys General were unsure if the NSA’s programs could be considered constitutional. They threatened to resign over the matter, but ultimately the NSA’s programs continued.[170] On March 11, 2004, President Bush signed a new authorization for mass surveillance of Internet records, in addition to the surveillance of phone records. This allowed the president to be able to override laws such as the Foreign Intelligence Surveillance Act, which protected civilians from mass surveillance. In addition to this, President Bush also signed that the measures of mass surveillance were also retroactively in place.[171]

Under the PRISM program, which started in 2007,[172][173] NSA gathers Internet communications from foreign targets from nine major U.S. Internet-based communication service providers: Microsoft,[174] Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube and Apple. Data gathered include email, video and voice chat, videos, photos, VoIP chats such as Skype, and file transfers.

Former NSA director General Keith Alexander claimed that in September 2009 the NSA prevented Najibullah Zazi and his friends from carrying out a terrorist attack.[175] However, this claim has been debunked and no evidence has been presented demonstrating that the NSA has ever been instrumental in preventing a terrorist attack.[176][177][178][179]

Besides the more traditional ways of eavesdropping in order to collect signals intelligence, NSA is also engaged in hacking computers, smartphones and their networks. These operations are conducted by the Tailored Access Operations (TAO) division, which has been active since at least circa 1998.[180]

According to the Foreign Policy magazine, “… the Office of Tailored Access Operations, or TAO, has successfully penetrated Chinese computer and telecommunications systems for almost 15 years, generating some of the best and most reliable intelligence information about what is going on inside the People’s Republic of China.”[181][182]

In an interview with Wired magazine, Edward Snowden said the Tailored Access Operations division accidentally caused Syria’s internet blackout in 2012.[183]

The NSA is led by the Director of the National Security Agency (DIRNSA), who also serves as Chief of the Central Security Service (CHCSS) and Commander of the United States Cyber Command (USCYBERCOM) and is the highest-ranking military official of these organizations. He is assisted by a Deputy Director, who is the highest-ranking civilian within the NSA/CSS.

NSA also has an Inspector General, head of the Office of the Inspector General (OIG), a General Counsel, head of the Office of the General Counsel (OGC) and a Director of Compliance, who is head of the Office of the Director of Compliance (ODOC).[184]

Unlike other intelligence organizations such as CIA or DIA, NSA has always been particularly reticent concerning its internal organizational structure.

Continued here:

National Security Agency – Wikipedia

Posted in NSA

NSA – What does NSA stand for? The Free Dictionary

AcronymDefinitionNSANational Security Agency (US government)NSANaval Support ActivityNSANational Speakers AssociationNSANo Strings AttachedNSANetwork Security Appliance (Sonicwall)NSANotary Signing AgentNSANational Security AdvisorNSANot Seasonally AdjustedNSANational Security ArchiveNSANational Security ActNSANational Society of AccountantsNSANational Sheriffs’ Association (Alexandria, VA, USA)NSANational Security AffairsNSANo Sugar AddedNSANational Stuttering AssociationNSANational Stroke AssociationNSANetwork Spinal AnalysisNSANational Spiritual Assembly (Institution of the Baha’i Faith)NSANorwegian Shipowners AssociationNSANorth Slope of AlaskaNSANational Sheep Association (Malvern, Worcestershire, UK)NSANational Safety AssociatesNSANon-State Actor (international relations)NSANational Scrabble AssociationNSANational Student AssociationNSANorth Star AcademyNSANew Saint Andrews College (Moscow, Idaho)NSANational Sunflower AssociationNSANational Stone Association (Washington, DC)NSANational Stereoscopic AssociationNSANegative Security AssurancesNSANational Steeplechase AssociationNSANational Sound ArchiveNSANational Security AreaNSANATO Standardization AgencyNSANational Smokers AllianceNSANebraska Statewide ArboretumNSANegotiated Service Agreement (US postal service)NSANational Security Agents (gaming clan)NSANon-Standard AnalysisNSANational Seniors Australia (est. 1976)NSANuclear Science AbstractsNSANormalized Site AttenuationNSANashville School of the Arts (Tennessee)NSANational Storytelling AssociationNSANational Slag Association (Alexandria, VA)NSANorthern Study AreaNSANavy Support ActivityNSANational Skateboard AssociationNSANoise Sensitive AreaNSANikkei Stock AverageNSANational Shipping AuthorityNSANational School of Administration (China)NSANon-surgical Sperm AspirationNSANew Statistical Account (Reports on the conditions of Scotland, with reports on each parish, in the 1830s)NSANunavut Settlement AreaNSANational Supers Agency (fictional from the movie The Incredibles)NSANational Safety AssociationNSANational Security Anarchists (hacker group)NSANational Sprint Association (UK)NSANatuurwetenschappelijke Studievereniging Amsterdam (University of Amsterdam Physics Department student organization)NSANebraska Soybean AssociationNSANaperville Soccer AssociationNSANo Smoking AreaNSANational Softball Association, Inc.NSANorcross Soccer Association (Georgia)NSANaval Supervising ActivityNSANational Singles Association (Atlanta, Georgia)NSANavy Stock AccountNSANight Stalker AssociationNSANational Success AssociationNSANational Shuffleboard AssociationNSANational Software AllianceNSANo Significant Abnormalities (disease assessment)NSANorthern Slope of AlaskaNSANational Service Alliance, LLCNSANon Semi Auto (concealed handgun license; Texas)NSANon Standard Area (of a database)NSANantucket Shellfish Association (Nantucket, MA)NSANational Standard ApplicationNSANational Scout AssociationNSANarrow-Slot ApproximationNSANational Sentinel AuditNSANet Sales AreaNSANode Switching AssemblyNSANuclear Support AgencyNSANetwork Search AlgorithmNSANaval Systems AnalysisNSANikkei Student AssociationNSANet Sellable Area (real estate)NSANeutron Source AssemblyNSANetwork South Australia (Adelaide, Australia)NSANichiren Shosu of AmericaNSANet Server AssistantNSANorwegian Security ActNSANabelschnurarterie (German: Umbilical Cord Artery)NSANarrow Slot ApertureNSANikkei Siam Aluminium Limited (Pathumtani, Thailand)NSANordic Securities Association (est. 2008)NSANetwork Supported Account (Cisco)NSANational Space AgencyNSANon-Standard Auto (insurance)NSANon-Self-AlignedNSANetwork Storage Appliance (computing)NSANeed Special AssistanceNSANational Supervisory Authority (EU)NSANaczelny Sad Administracyjny (Polish: Supreme Administrative Court)

See the original post:

NSA – What does NSA stand for? The Free Dictionary

Posted in NSA

National Speakers Association (NSA) | Where professional …

NSA provides professional speakers with the comprehensive resources, mentoring and professional connections they need to become more efficient and more effective in all aspects of their trade. Our 3,400+ members reach audiences as thought leaders, authors, consultants, coaches, trainers, educators, humorists, and motivators. Anyone who uses the spoken word to impact listeners can benefit from NSA membership.

Original post:

National Speakers Association (NSA) | Where professional …

Posted in NSA

12345...102030...