9 Comments

Summary:

The NSA whistleblower has given extensive evidence to an inquiry into the surveillance of European citizens, describing what he calls a “bazaar” of EU intelligence agencies allowing the U.S. to spy on pretty much everyone.

Snowden

NSA whistleblower Edward Snowden has sent testimony (PDF) to a European Parliament inquiry about the mass surveillance activities he exposed — particularly as they relate to the monitoring of Europeans — and his motives for doing so.

In the long-awaited testimony, Snowden said he had raised his concerns about bulk surveillance to “more than ten distinct officials, none of whom took any action to address them,” before he approached journalists. He also insisted he had no relationship with either the Russian or Chinese governments, but confirmed he had been approached by the secret service in Russia, where he has temporary asylum.

“Even the secret service of Andorra would have approached me, if they had had the chance: that’s their job,” Snowden wrote. “But I didn’t take any documents with me from Hong Kong, and while I’m sure they were disappointed, it doesn’t take long for an intelligence service to realize when they’re out of luck.”

Surveillance “bazaar”

None of the testimony was new information as such, because Snowden was loath to pre-empt the stories of the journalists to whom he has given NSA and GCHQ documents. Much of it was a restatement of his belief that mass surveillance programs are entirely unjustified and a waste of resources that could be spent “running down real leads.”

That said, Snowden did provide a useful summation of the stories that have come out about the NSA network of partnerships with European intelligence agencies. He said the NSA helped these agencies find and exploit loopholes in their national privacy laws, or repeal restrictions. Combined with the NSA’s deals with the companies that run major telecommunications cables, this ultimately lets the NSA spy on everyone:

“The result is a European bazaar, where an EU member state like Denmark may give the NSA access to a tapping center on the (unenforceable) condition that NSA doesn’t search it for Danes, and Germany may give the NSA access to another on the condition that it doesn’t search for Germans. Yet the two tapping sites may be two points on the same cable, so the NSA simply captures the communications of the German citizens as they transit Denmark, and the Danish citizens as they transit Germany, all the while considering it entirely in accordance with their agreements. Ultimately, each EU national government’s spy services are independently hawking domestic accesses to the NSA, GCHQ, FRA, and the like without having any awareness of how their individual contribution is enabling the greater patchwork of mass surveillance against ordinary citizens as a whole.”

The former analyst said there were “many other undisclosed programs that would impact EU citizens’ rights,” but he would leave decisions over their potential disclosure to “responsible journalists in coordination with government stakeholders.”

Snowden added that he does seek asylum in the EU, but no member state has agreed to take him. “Parliamentarians in the national governments have told me that the U.S., and I quote, ‘will not allow’ EU partners to offer political asylum to me, which is why the previous resolution on asylum ran into such mysterious opposition. I would welcome any offer of safe passage or permanent asylum, but I recognize that would require an act of extraordinary political courage.”

Crucial timing

“I know the good and the bad of these systems, and what they can and cannot do, and I am telling you that without getting out of my chair, I could have read the private communications of any member of this committee, as well as any ordinary citizen,” Snowden wrote. “I swear under penalty of perjury that this is true.”

The timing of this testimony is crucial, as it comes days before the European Parliament considers what to do with a draft report that calls for the suspension of the so-called Safe Harbor agreement. This agreement allows U.S. web firms to self-certify that they adhere to EU-grade data protection laws, and Snowden’s revelations have cast major doubts on its effectiveness.

If Safe Harbor is frozen, companies like Google will face potential problems in legally handling the personal data of their European customers.

  1. Extremely interesting read. Combine “In recent public memory, we have seen these FAD “legal guidance” operations occur in both Sweden and the Netherlands, and also faraway New Zealand. Germany was pressured to modify its G-10 law to appease the NSA, and it eroded the rights of German citizens under their constitution.” with http://www.heise.de/ct/artikel/Ergaenzungen-Berichtigungen-Sina-Box-2099152.html and you know why you should not host any communications in Germany.

    Share
  2. I really can’t believe people are that Nieve! Look at the code base being distributed by Google!?! Just take a look at it…

    Ok what’s wrong there, your the Developer’s climbing into bed with Android..

    So I’ll tell you what’s wrong with it, shall I..!?!

    Ok, the KitKat ROM is using the Chrome 30 framework not Chrome 34 so goodness me its been regressed to have the following Vulnerabilities.

    1 CVE-2013-2928

    Multiple unspecified vulnerabilities in Google Chrome before 30.0.1599.101 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

    2 CVE-2013-2927

    Use-after-free vulnerability in the HTMLFormElement::prepareForSubmission function in core/html/HTMLFormElement.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to submission for FORM elements.

    3 CVE-2013-2926

    Use-after-free vulnerability in the IndentOutdentCommand::tryIndentingAsListItem function in core/editing/IndentOutdentCommand.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to list elements.

    4 CVE-2013-2925

    Use-after-free vulnerability in core/xml/XMLHttpRequest.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger multiple conflicting uses of the same XMLHttpRequest object.

    WHILST I AGREE.. That YES, SELinux is an improvement, what is not an overall improvement is the fact that Google’s own applications want to hang around in the Kernel Space using PMEM accessing all your metadata.

    If you havent seen the talk on youtube by the Chao’s Computer Club security conferance about how that so called Metadata is not as insignificant as you think and how it’s being used to turn you into a walking drone target so they can kill you from a distance then perhaps you should watch the presentation by the EFF.

    Secondly those SSL certificates are not in the source code for your privacy, if you really believe that they are then you tell me why you would need an SSL Ca-Root Certificate for the Department of Defence on your phone.

    Not every single user is a nieve imbecile to how these SPY agencies go around screwing up all the technology for everybody else.

    Yes, whilst I am sure this framework makes it great for Spying Advertising App’s like Angry Birds it also makes for some really weak crap security!

    An whilst they’re boasting they can get into everything.. it’s worth reflecting that no they’re just a load of cold war dinosaurs that want to control the world like the control freaks they are and they cant get into the Xbox with grSecurity IPTables Firewall and a modified BIOS!

    The recent news, oh they look at you through your own Camera, watch everywhere you go, read all your SMS, steal anything of value whilst they then engadge in something called OpticPerv when your naked!

    Who taught them how to do it, a group of Cyber-Criminals called HackerTeam based in Italy!

    They’ve damaged the following source code’s irreparably and threaten the entire security of the whole internet, thanks to other developers accepting bribes and being paid off.

    OpenBSD (PF-Sensor)
    Linux (Kernel)
    Windows (Bitlocker)
    Apple (FileVault2 & SSL)

    If I could offer a suggestion it would be dont use any source code that comes dribbling out of Google, because Google has off-shore holdings in Bermuda (Google unlimited) and Google is busy avoiding paying TAX whilst signing little private deal’s that are destroying and impacting other open source project’s far and wide.

    Is there anything we as developers can do about it? yes, I dare say there is…

    There are plenty of ways to code your own microkernel and there are plenty of ways to employ RC4-256 bit encryption on the packet layer and replace there Java with other source’s from other projects that have not been tainted with there bullrun.

    It’s no accident that Apple suddenly changed the Way the BSD firewall worked, it was no accident that they suddenly dropped FileVault for FileVault2 (made by Google) and it was no accident that the NSA are now sitting there telling everybody that they shouldnt use Linux because it’s more vulnerable than Windows and that everybody should continue to use Windows 7 or 8 locked into the undesirable & crap Internet Exploder!

    CIA + NSA + Lots of Off-shore Black Bag Money = Google Inc.

    An of course Google would probably be quick to lie about it and say they have nothing to do with Prism or the NSA.

    But sadly some marketers are too stupid to even change the name of the Device!

    Powered by Android 2.3 Gingerbread and featuring a 3.5-inch HVGA touch screen, the T-Mobile Prism 3G smartphone enables T-Mobile customers to easily be spied upon. The T-Mobile Prism also makes it simple to capture and share photos and videos via its 3.2-megapixel camera with digital zoom and video recorder that you get to share them with everybody, even when you think it’s turned off! With the T-Mobile Prism, customers can sync multiple email accounts, have there data stolen freely, loose there Microsoft Exchange, Google calendar and contacts, and so much, much, more.

    Thats right the NSA gets it’s exploits for it’s TAO operations from the “LAWLESS FRONTIER!” they’re claiming they want to curb!

    Share
  3. Cointel pro disinformation agents and this whole Ukraine-Russia thinga majig. They moved too quickly…lol

    Only i can see them

    Share
  4. CIA + NSA + Lots of Off-shore Black Bag Money = Google Inc

    Don’t forget DARPA and Nanotech WiFi food we eat and pills we swallow…lmao

    Share
    1. Makes ya kinda GUID-Y or is it giddy?

      Share
      1. Lol @ GUID-Y – It just goes to show, he’s probably just uncovered the biggest fortune 500 fraud in existance. False flag op’s oh that would be them sitting there saying “we’re being attacked by Chinese cyber-hackers!” whilst the chinese government are sitting there saying “no, that is false, they’ve been attacking us 52’000 time’s in one year!” then lets not forget the Syrian Cyber Army hacking Microsoft and making off with the users Passwords and Data but funnily when you look at pictures of Syria, there is no huge Data Center complex stealing every piece of information in the world, just lots of flattened Buildings. DARPA actually have some good product ie: OpenBSD but it’s come to light that some of there own developers where bribed to put holes in the software back in 2010. So everytime some IT guy has been fired or lost his Job because of a serious security failure, well we all now know who we should be thanking.

        Share
  5. these comments are funny – lots of drugs being ingested, for sure.

    On, and Snowden? Shoot that f**ker in the head.

    Share
  6. i could go there for you robert but sadly my Browser which is locked to refuse Java-script wouldnt entertain you penetration efforts and I only visit unknown pages whilst having someone trying to Socially Manipulate people into clicking links via tor.

    Share
  7. By bringing this into the public eye all it has done is reinforce the commonly held opinion that heads of state can not be trusted, there are loads of security projects out there that revolve around extremely unbreakable computer security. Grub Bootloader locked with a Password, LVM2 File System encrypted before start-up, Linux Kernel Hardened with AuditD and Security enhanced context’s. You see if those spy agencies where any good at REAL computer security, they would know not to go messing around with stuff they barely understand!

    Share

Comments have been disabled for this post