U.S. lawmakers want to restrict internet surveillance on Americans

U.S. lawmakers want to restrict internet surveillance on Americans

By Dustin Volz

(Reuters) – A bipartisan group of U.S. lawmakers unveiled legislation on Wednesday that would overhaul aspects of the National Security Agency’s warrantless internet surveillance program in an effort to install additional privacy protections.

The bill, which will be formally introduced as soon as Thursday, is likely to revive debate in Washington over the balance between security and privacy, amid concerns among some lawmakers in both parties that the U.S. government may be too eager to spy on its own citizens.

The legislation, written by the House of Representatives Judiciary Committee, is seen by civil liberties groups as the best chance in Congress to reform the law, known as Section 702 of the Foreign Intelligence Surveillance Act, before its expiration on Dec. 31.

Senior U.S. intelligence officials consider Section 702 to be among the most vital tools they have to thwart threats to national security and American allies.

It allows U.S. intelligence agencies to eavesdrop on and store vast amounts of digital communications from foreign suspects living outside the United States.

But the program, classified details of which were exposed in 2013 by former NSA contractor Edward Snowden, also incidentally scoops up communications of Americans, including if they communicate with a foreign target living overseas. Those communications can then be subject to searches without a warrant by the Federal Bureau of Investigation.

A discussion draft of the legislation, a copy of which was seen by Reuters, partially restricts the FBI’s ability to access American data collected under Section 702 by requiring the agency to obtain a warrant when seeking evidence of a crime.

That limit would not apply, however, to requests of data that involve counterterrorism or counter-espionage.

The narrower restriction on what some have called a “backdoor search loophole” has disappointed some civil liberties groups. Several organizations sent a letter this week saying they would not support legislation that did not require a warrant for all queries of American data collected under Section 702.

The legislation would also renew the program for six years and codify the National Security Agency’s decision earlier this year to halt the collection of communications that merely mentioned a foreign intelligence target. But that codification would end in six years as well, meaning NSA could potentially resume the activity in 2023.

The spy agency has said it lost some operational capability by ending so-called “about” collection due to privacy compliance issues and has lobbied against a law that would make its termination permanent.

Republican senators introduced a bill earlier this year to renew Section 702 without changes and make it permanent, a position backed by the White House and intelligence agencies.

But that effort is expected to face major resistance in the House, where an influential conservative bloc of Republicans earlier this year said it opposed renewal unless major changes were made, reflecting disagreement within the majority party.

Separately, Senators John Cornyn, the No. 2 Republican in the chamber, and Democratic Senator Dianne Feinstein are working on Section 702 legislation that may also be introduced this week and include fewer reforms.

Democratic Senator Ron Wyden and Republican Senator Rand Paul are also planning to introduce a bill that would require a warrant for any query of Section 702 involving data belonging to an American.

(Reporting by Dustin Volz; Editing by Peter Cooney and Lisa Shumaker)

Blame game for cyber attacks grows murkier as spying, crime tools mix

FILE PHOTO: A man types on a computer keyboard in front of the displayed cyber code in this illustration picture taken March 1, 2017. REUTERS/Kacper Pempel/Illustration/File Photo

By Eric Auchard

TALLINN, Estonia (Reuters) – Veteran espionage researcher Jon DiMaggio was hot on the trail three months ago of what on the face of it looked like a menacing new industrial espionage attack by Russian cyber spies.

All the hallmarks were there: targeted phishing emails common to government espionage, an advanced Trojan horse for stealing data from inside organizations, covert communication channels for grabbing documents and clues in the programming code indicating its authors were Russian speakers.

It took weeks before the lead cyber spying investigator at Symantec, a top U.S. computer security firm, figured out instead he was tracking a lone-wolf cyber criminal.

DiMaggio won’t identify the name of the culprit, whom he has nicknamed Igor, saying the case is a run-of-the-mill example of increasing difficulties in separating national spy agency activity from cyber crime. The hacker comes from Transdniestria, a disputed, Russian-speaking region of Moldova, he said.

“The malware in question, Trojan.Bachosens, was so advanced that Symantec analysts initially thought they were looking at the work of nation-state actors,” DiMaggio told Reuters in a phone interview on Wednesday. “Further investigation revealed a 2017 equivalent of the hobbyist hackers of the 1990s.”

Reuters could not contact the alleged hacker.

The example highlights the dangers of jumping to conclusions in the murky world of cyber attack and defense, as tools once only available to government intelligence services find their way into the computer criminal underground.

Security experts refer to this as “the attribution problem”, using technical evidence to assign blame for cyber attacks in order to take appropriate legal and political responses.

These questions echo through the debate over whether Russia used cyber attacks to influence last year’s U.S. presidential elections and whether Moscow may be attempting to disrupt national elections taking place in coming months across Europe.

The topic is a big talking point for military officials and private security researchers at the International Conference on Cyber Conflict in Tallin this week. It has been held each year since Estonia was swamped in 2007 by cyber attacks that took down government, financial and media websites amid a dispute with Russia. Attribution for those attacks remains disputed.


“Attribution is almost never a clean, smoking-gun,” said Paul Vixie, creator of the first commercial anti-spam service, whose latest firm, Farsight Security, helps firms track down cyber attackers to identify and block them.

Raising the stakes, a mystery group calling itself ShadowBrokers has taken credit for leaking cyber-spying tools that are now being turned to criminal use, including ones used in the recent WannaCry global ransomware attack, ratcheting up cyber security threats to a whole new level.

In recent weeks, ShadowBrokers has threatened to sell more such tools, believed to have been stolen from the U.S. National Security Agency, to enable hacking into the world’s most used computers, software and phones. (http://reut.rs/2rmTZmm)

“The bar for what’s considered advanced is lowered as time goes by,” said Sean Sullivan, a security researcher with Finnish cyber firm F-Secure.

The Moldovan hacker’s campaign to steal data and resell it on the web came to light only after infections popped up last year at a major airline, an online gambling firm and a Chinese automotive software maker, which are all customers of Symantec products used to secure their business networks.

Igor appears to have targeted the auto-tech company to steal its car diagnostics software, which retails for around $1,100 but Igor sold for just a few hundred dollars on underground forums and websites he had created. His aims in trying to break into the airline and gambling firm remain a mystery.

“Considering the audacity of this attack, the financial rewards for Igor are pretty low,” DiMaggio wrote in a blog post on his findings to be published on Wednesday.

As a threat, Symantec rates Trojan.Bachosens as a very low risk virus, in part because the attack singles out only a handful of specific firms rather than the wide-ranging, random attacks used by many cyber criminals to scoop up the greatest number of victims.

“I think those days are over when we can say in black and white: We know this is an espionage group,” DiMaggio said.

The Symantec researcher has not reported Igor to local authorities, calculating that exposing the methods of the attack will be enough to neutralize them.

(Editing by Peter Millership)

U.S. Court to hear arguments in warrantless NSA spying case

The logo of the U.S. National Security Agency is seen in Fort Meade, Maryland,

y Dustin Volz

WASHINGTON (Reuters) – A U.S. appeals court will weigh a constitutional challenge on Wednesday to a warrantless government surveillance program brought by an Oregon man found guilty of attempting to detonate a bomb in 2010 during a Christmas tree-lighting ceremony.

The case before a three-judge panel of the 9th U.S. Circuit Court of Appeals is the first of its kind to consider whether a criminal defendant’s constitutional privacy rights are violated under a National Security Agency program that allows spying on Americans’ international phone calls and internet communications.

Mohamed Mohamud, a Somali-American, was convicted in 2013 of plotting to use a weapon of mass destruction and sentenced to 30 years in prison.

In 2010, Mohamud, a naturalized U.S. citizen who was then 19, was found to have attempted to remotely detonate a fake car bomb planted near a square crowded with thousands of people attending a ceremony in downtown Portland the day after Thanksgiving.

Mohamud’s lawyers argued he was entrapped by law enforcement officers posing as al Qaeda militants.

Wednesday’s case, U.S. v. Mohamud, challenges the admissibility of evidence brought to trial obtained under a foreign intelligence statute on grounds it does not allow the government to retain and access content of communications belonging to Americans and that it is unconstitutional.

That law, amended in 2008 by Congress and known as Section 702, enables internet surveillance programs known as Prism and Upstream that were first disclosed publicly in a series of leaks by former NSA contractor Edward Snowden three years ago.

Prism gathers messaging data from Alphabet Inc’s Google, Facebook Inc, Microsoft Corp, Apple Inc and other major tech companies that is sent to and from a foreign target under surveillance. Upstream allows the NSA to copy web traffic flowing along the internet backbone located inside the United States and query that data for certain terms associated with a target.

Officials have conceded that data about Americans is sometimes “incidentally” collected under these programs, and later used for domestic criminal investigations. Critics see it as back-door surveillance of Americans without a warrant.

The government has not disclosed which program was used to surveil Mohamud and only alerted him and his lawyers to how evidence against him was collected after his conviction.

Section 702 has been challenged before in court, but cases have generally been dismissed due to an inability to prove someone’s communications were actually caught up in the highly secretive programs.

The case may have political implications, as Congress must reauthorize Section 702 by Dec. 31, 2017, or let it expire.

(Reporting by Dustin Volz; Editing by Leslie Adler)