Google has admitted complying with requests from US intelligence agencies for data stored in its European data centers, most likely in violation of European Union data protection laws. Gordon Frazer, Microsoft UK’s managing director, made news headlines some weeks ago when he admitted that Microsoft can be compelled to share data with the US government regardless of where it is hosted in the world. At the center of this problem is the USA PATRIOT ACT, which states that companies incorporated in the United States must hand over data administered by their foreign subsidiaries if requested. Not only that, but they can be forced to keep quiet about it in order to avoid exposing active investigations and alert those targeted by the probes.
A federal judge has issued an opinion in EPIC v. NSA, and accepted the NSA’s claim that it can “neither confirm nor deny” that it had entered into a relationship with Google following the China hacking incident in January 2010. EPIC had sought documents under the FOIA because such an agreement could reveal that the NSA is developing technical standards that would enable greater surveillance of Internet users. The “Glomar response,” to neither confirm nor deny, is a controversial legal doctrine that allows agencies to conceal the existence of records that might otherwise be subject to public disclosure. EPIC plans to appeal this decision. EPIC is also litigating to obtain the National Security Presidential Directive that sets out the NSA’s cyber security authority. And EPIC is seeking from the NSA information about Internet vulnerability assessments, the Director’s classified views on how the NSA’s practices impact Internet privacy, and the NSA’s “Perfect Citizen” program.
Declassified DoD Inspector General Report on NSA Thinthread and Trailblazer Systems from December 15, 2004.
A social networking site (SNS) is a web-based service that allows communities of people to share common interests and/or experiences. Rather than using direct point-to-point communication to stay in touch (e.g., face-toface, phone, text/video messages), SNSs allow users to publish information that can be read later by other users (a one-to-many form of communication) and follow their friend’s postings and provide comments. SNSs provide innovative methods for interacting with friends through third-part applications, such as simple games (tic-tac-toe, paper-rock-scissors), interactive maps to show places visited across the world, and quiz/trivia games which allow for score comparison with others. Many SNSs also allow users to logon from mobile devices that have web browser access to the Internet, allowing them to check and update their accounts from virtually any location with a Wi-Fi or cellular signal.
Two pamphlets produced by the NSA on “Using Your BlackBerry Securely” and “Security Tips for Personally Managed Apple iPhones and iPads” from March 2011.
In July 2010, the NSA revealed that it was expanding into a 227-acre parcel of land at Fort Meade called “Site M”, constructing a series of buildings that could cost as much as $5.2 billion. This expansion would displace two golf courses currently occupying the land and provide the NSA, which already occupies 630 acres at Fort Meade, with more space to build “an operational complex and to construct and operate consolidated facilities to meet the National Security Agency’s (NSA) continually evolving requirements and for Intelligence Community use”. The project has been shrouded in secrecy throughout its existence and there are only a few references to “Site M” in DoD budget planning documents. However, a recently discovered collection of development planning documents for the Site M project provide detailed information about the proposed $3.2 billion expansion, indicating that the facility will be a centralized command center for the NSA’s evolving cyberwarfare capabilities.
National Security Agency “Site M” Expansion Development Plan and Anti-Terrorism Force Protection Assessment from May 31, 2011. The Site M Area Development Plan (ADP) for the National Security Agency/Central Security Service (NSA/CSS) coordinates the development of facilities on Site M at Fort George G. Meade (Ft. Meade), allowing for growth and expansion over time. Site M development is planned to consist of administrative buildings, operation buildings, High Performance Computing Centers (HPCC) and associated support facilities. The objective of the AT/FP component is to develop a plan for protection of the proposed Site M development. This plan is based on the mandatory DoD minimum antiterrorism standards as well the specific requirements of NSA/CSS Ft. Meade. The plan provides overall guidance for development of the site as well as specific design strategies for key AT/FP components. A layered approach to security has been applied to ensure probability of detection with low false and nuisance alarm rates.
One of the more interesting aspects of running a website like this is that you receive a lot of highly unusual email. Everything from the occasional death threat to advertisements for Kuwaiti GPS tracking systems, all mixed with the incoherent ramblings of people with advanced schizophrenic disorders. That’s okay. That’s what you expect. However, a recent trend has emerged that is basically incomprehensible to us. People send us email thinking we are all kinds of people, places, and organizations that we are not.
Former NSA Mathematician Says He Believes the Agency Stores Copies of All Emails Transmitted in America
Binney, for his part, believes that the agency now stores copies of all e-mails transmitted in America, in case the government wants to retrieve the details later. In the past few years, the N.S.A. has built enormous electronic-storage facilities in Texas and Utah. Binney says that an N.S.A. e-mail database can be searched with “dictionary selection,” in the manner of Google. After 9/11, he says, “General Hayden reassured everyone that the N.S.A. didn’t put out dragnets, and that was true. It had no need—it was getting every fish in the sea.”
The U.S. needs a cybersecurity emergency response capability to help businesses under major attacks, a U.S. senator said Monday. “Who do you call if your CIO is overwhelmed, if you’re a local bank or utility?” Senator Sheldon Whitehouse said during a forum on cybersecurity at the University of Rhode Island (URI). “How can we preposition defenses for our critical infrastructure, since these attacks come at the speed of light?” Whitehouse, a Rhode Island Democrat, didn’t lay out details of a cybersecurity emergency response unit, but he said he hopes the U.S. Senate will pass a comprehensive cybersecurity bill this year.
Computers drawing enough electricity to power a small city will soon fill a National Security Agency data center on a 240-acre site where officials officially broke ground on Thursday. But that does not mean Utah is about to see a significant influx of NSA analysts who would not be able to tell their neighbors what they do for a living. Most of the long-term staff at the NSA’s Utah Data Center will have technical jobs, keeping the machines in the 100,000 square feet of computer space working — that within a complex that will include 1 million square feet of enclosed space. Building the mammoth computer center will bring 5,000 to 10,000 much-needed construction jobs through the time the center is finished in 2013. Long term, the staff will be comprised of 100 to 200 information technology specialists and mechanical and electrical engineers, Sen. Orrin Hatch, R-Utah, said at the groundbreaking. Specifics of the work those engineers will do is not being discussed. But Harvey Davis, the NSA’s associate director for installations and architect of the overall concept of the Utah Data Center, said the machines that will live in Utah are the essence of the NSA’s work.
FOUO NSA High Assurance Internet Protocol Encryptor (HAIPE) Briefing from December 2010.
FOUO NSA National COMSEC Security Incident Trends 2008-2009 Briefing from December 2010.
The overall objective of the this task was to architect and implement a capability that will enable automated parsing, normalization, extraction, aggregation, filtering and then detection of attack patterns based on log and log like data in near real time depending on local network settings. We call this the Audit Data Extraction Utility (ADEU).
(U) The purpose of this manual is to help an operator quickly configure a new Rel 3.2 TACLANE from the moment the TACLANE has been unpacked. This TACLANE Quick Start Manual covers the TACLANE-GigE and TACLANE-Mini Rel 3.2 products.
(U//FOUO) The purpose of this manual is to explain how to install, operate, and reconfigure the General Dynamics TACLANE 1 -GigE (KG-175A) and TACLANE -Mini (KG-175B) encryptors.
(U//FOUO) The purpose of this manual is to explain how to install, operate, and reconfigure the General Dynamics TACLANE-Micro (KG-175D) encryptor.
The Utah Data Center (UDC) will be a highly secure 65 Mega Watt, Tier III National Security Agency datacenter facility to be located near Camp Williams, Utah. The fast-track program will consist of approximately 1 million ft2 of new facilities, of which 100,000 ft2 will be mission-critical space with raised flooring, and the other 900,000 ft2 will be devoted to technical support and administrative space. Ancillary support facilities include water treatment facilities, electrical substations, a vehicle inspection facility and visitor control center, perimeter site security measures, fuel storage, chiller plants and fire suppression systems. The UDC will incorporate green building strategies and will be required to be a LEED certified facility, with the goal of obtaining a LEED Silver rating.
U.S. Army Corps of Engineers Utah Data Center (UDC) Brief, November 13, 2009.
The Yakima Training Center (YTC) is a United States Army training center (Army maneuver training and live fire area) located in south central Washington state. It is bounded on the west by Interstate 82, on the south by the city of Yakima, on the north by the city of Ellensburg and Interstate 90, and on the east by the Columbia River. It comprises 327,000 acres (132,332 hectares) of land, most of which consists of shrub-steppe, making it one of the largest areas of shrub-steppe habitat remaining in Washington state. According to a 2001 report by the European Parliament, the Yakima Training Center is also an integral part of the ECHELON global communications interception system.
Sugar Grove is an American government communications site located in Pendleton County, West Virginia operated by the National Security Agency. According to a December 25, 2005 article in the New York Times, the site intercepts all international communications entering the Eastern United States. The site was first developed by the Naval Research Laboratory in the early 1960s as the site of a 600 ft (180 m) radio telescope that would gather intelligence on Soviet radar and radio signals reflected from the moon and would gather radioastronomical data on outer space, but the project was halted in 1962 before the telescope construction was completed. The site was then developed as a radio receiving station. The site was activated as “Naval Radio Station Sugar Grove” on May 10, 1969, and two Wullenweber Circulary Disposed Antenna Arrays (CDAAs) were completed on November 8, 1969. Numerous other antennas, dishes, domes, and other facilities were constructed in the following years. Some of the more significant radio telescopes on site are a 60 ft (18 m) dish (oldest telescope on site), a 105 ft (32 m) dish featuring a special waveguide receiver and a 150 ft (46 m) dish (largest telescope on site).
The existence of a global system for intercepting private and commercial communications (the ECHELON interception system)
A. whereas the existence of a global system for intercepting communications, operating by means of cooperation proportionate to their capabilities among the USA, the UK, Canada, Australia and New Zealand under the UKUSA Agreement, is no longer in doubt; whereas it seems likely, in view of the evidence and the consistent pattern of statements from a very wide range of individuals and organisations, including American sources, that its name is in fact ECHELON, although this is a relatively minor detail . . .
NSA Global Information Grid Information Assurance Roadmap, October 26, 2004.
During 1994 and 1995, Mr. Baker served as General Counsel of the WMD Commission investigating intelligence failures prior to the Iraq war. From 1992 to 1994, Mr. Baker was General Counsel of the National Security Agency, where he led NSA and interagency efforts to reform commercial encryption and computer security law and policy. From 1979 to 1981, he helped start the Education Department and served as deputy General Counsel of that Department. He was also a law clerk to Hon. John Paul Stevens, U.S. Supreme Court, as well as to Hon. Frank M. Coffin, U.S. Court of Appeals, First Circuit, and Hon. Shirley M. Hufstedler, U.S. Court of Appeals, Ninth Circuit.
Google has turned to the National Security Agency for technical assistance to learn more about the computer network attackers who breached the company’s cybersecurity defenses last year, a person with direct knowledge of the agreement said Thursday. The collaboration between Google, the world’s largest search engine company, and the federal agency in charge of global electronic surveillance raises both civil liberties issues and new questions about how much Google knew about the electronic thefts it experienced when it stated last month that it might end its business operations in China, where it said the attacks originated. The agreement was first reported on Wednesday evening by The Washington Post.