Ars Technica reports that Hepting v. AT&T – a class-action lawsuit that challenged the constitutionality of the immunity provision – has been rejected by the Supreme Court. This knocks the ruling back down to the Appeals Court who ruled in favor of the government’s right to protect telecoms from legal action over their wiretapping program.

It’s important to note that this particular case was about the immunity provision. All this ruling means is that telecoms have immunity when it comes to handing over your data to the feds. The Obama administration argued that allowing lawsuits to go forward would imperil national security. How? Telecoms would be unwilling to hand over customer data if they could be sued for it. It’s apparently imperative that the U.S. government know your late night drunk texts if they’re going to stop terrorism.

There’s still one more chance to kill off FISA’s warrantless wiretapping provisions. The EFF will be proceeding with Jewel v. NSA shortly. This particular case goes after FISA’s jugular by fighting to prove that the warrantless wiretapping of American citizens is unconstitutional. It also targets those responsible for signing the FISA amendments into law, including former President George W. Bush, Dick Cheney, and other members of the former administration.

Unfortunately, Jewel v. NSA is probably going to be shot down by the Supreme Court as well. The consensus among those in government is that your privacy can be completely destroyed in the name of your safety. Never mind the possibility that hackers could easily gain access to this information and destroy countless lives before terrorists even have a chance to act. In an increasingly digital world, we need laws that protect privacy. Eroding privacy in the name of physical safety only opens us up to far more devastating cyber attacks.

General Keith B. Alexander, head of the NSA, said there has been a 17-fold increase in cyberattacks against American infrastructure. The New York Times reports that these increased attacks are going after key infrastructure including electricity grids, water supplies, cellphone networks and more. A successful attack could do untold damage to major U.S. cities.

So how well prepared is the U.S. for a massive cyberattack? General Alexander puts the country’s preparedness at a 3 out of 10. That’s pretty sad for a country that created the Stuxnet virus that decimated Iran’s nuclear program. If our country’s researchers and scientists can create a virus of magnitude, why can’t they protect our infrastructure from a similar attack?

General Alexander will tell you that it’s all about legislation. He is pushing for the passage of the bills currently going through Congress which includes such hated legislation like CISPA and the Cybersecurity Act of 2012. Civil liberty groups like the EFF have come out against both bills.

Everybody can agree that the U.S. needs cybersecurity legislation of some sort to preserve critical infrastructure. To do away with privacy in the name of cybersecurity is a no go, however, and many Senators including Ron Wyden are coming out against what they feel is a government push to have more control of the Internet.

It remains to be seen if either bill will make it past Congress before the November election rolls around. The sponsors of the CSA have reportedly made some compromises with Republican Senators who were blocking approval in the committee stage. It could be going up for a vote as early as next week. We’ll keep you updated on the progress of both bills, but one of them is going to pass if General Alexander has his way.

Slate is reporting that many feel the change to dedicated servers is to that Microsoft can spy on your Skype conversations. It was previously impossible due to the strong encryption and P2P networking that powered the service. The move to dedicated servers would definitely make it infinitely easier for law enforcement to wiretap Skype calls. Why would Microsoft do such a thing though?

The FBI has been pressuring Skype and other online communication services to put their support behind an amendment to the Communications Assistance for Law Enforcement Act. The amendment would force these providers into assisting the FBI in surveillance over digital communication. Now that Skype is owned by Microsoft, it’s even more plausible that the company moved to dedicated servers to facilitate the needs of the FBI.

Slate did a little digging and found some rather strange coincidences. Only a month after Microsoft bought Skype, the company was granted a patent for “legal intercept” technology that would allow them to capture and record conversations made over Skype’s VOIP technology. Skype also changed its privacy policy allowing them to hand over “personal data, communications content and/or traffic data to an appropriate judicial, law enforcement or government authority.”

Those could all be a coincidences or Skype really is ok with selling you out to the authorities. What makes this even stranger is that Slate contacted Skype for comment numerous times before being told that the company “cooperates with law enforcement agencies as much as is legally and technically possible.”

Now, don’t go uninstalling Skype and putting on your tinfoil hat. Once again, this could all just be a coincidence. Even if it wasn’t, Microsoft is probably just readying Skype to comply with the law. Besides, the FBI could just ask the NSA for all the details of what you had for breakfast and how much you love your dog.

“This is about preparing the battlefield for another type of covert action,” said one former high-ranking U.S. intelligence official, who added that Flame and Stuxnet were elements of a broader assault that continues today. “Cyber-collection against the Iranian program is way further down the road than this.”

The Flame virus was first revealed last month when Iranian officials detected a cyber attack on its oil refineries. The United States was not too happy that Israel decided to launch this phase of their attack without notifying American officials. In doing so they have effectively wiped out a virus that has been quietly doing its job for 5 plus years.

The Flame virus seems to be a precursor to the now infamous Stuxnet virus that directly effected almost 1,000 centrifuges and caused them to spin out of control. The damage occurred gradually, over months, and Iranian officials initially thought it was the result of incompetence.

“The scale of the espionage and sabotage effort is proportionate to the problem that’s trying to be resolved,” the former intelligence official said. “Although Stuxnet and Flame infections can be countered, it doesn’t mean that other tools aren’t in play or performing effectively.”

It is not yet clear the extent of the United Staes’ involvement in the development in making the virus, but it is believed that the U.S. relied on its 2 top spy agencies: The C.I.A. and the N.S.A.. The NSA, known mainly for its electronic eavesdropping and code-breaking capabilities, has extensive expertise in developing malicious code that can be aimed at U.S. adversaries, including Iran. The CIA lacks the NSA’s sophistication in building malware but is deeply involved in the execution of the cyber-campaign.

The disruptions from the Americans and Israelis has led the Iranians to ask a Russian security firm and a Hungarian cyber-lab for help.

So it looks as though any questions about Iran’s true intentions are already known by our government because this virus has been sending back info for years. The U.S. will know the day Iran gains the ability to build a nuclear weapon and they will put a stop to it.

In an article titled, “The NSA Is Building The Country’s Biggest Spy Center (Watch What You Say)”, Wired writer and NSA expert James Bamford detailed the agency’s new “Utah Data Center” that will spy on communications from around the world and from America’s own citizens.

Bamford described an NSA that has set up a national infrastructure tailored towards the collection and decryption of millions of messages sent from Americans to other Americans. It’s Big Brother at its best and Bamford claims it’s being done in total secrecy.

That alone is pretty damning of the NSA, but there’s more. Bamford talked to a lot of eyewitnesses and got the inside story of what may be a huge scandal if revealed to be true. Congress got wind of this story and invited NSA chief General Keith Alexander to defend his agency.

In all, he denied the allegations made in the Wired story a total of fourteen times. After explaining that the NSA doesn’t have the technical capability to spy on the sort of level described by Bamford, he replies to every other subsequent question with just a “no.”

Check out the video of the proceedings. You can decide for yourself if General Alexander was being truthful or not.

The Internet is pretty sensitive to these sort of allegations. Even if the NSA is not collecting information, the very thought is enough to send the Internet into a tizzy.

[Source: Wired]

According to a report in SC Magazine, the agency’s goal was to create phones that were secure enough to meet the NSA’s stringent security standards, cheap enough to be produced in large enough quantities, and easy for government personnel to use. The phones are made with commercial components and run a heavily doctored version of Android 2.2. The phones are locked down tightly, and only applications from the Defence Information Systems Agency’s own app store can be installed (no word on whether they have Angry Birds or Words With Friends).

The phones were developed as part of the NSA’s Mobility Program, which was designed to respond to the growing need among many government agencies for secure methods of communication in an environment that is increasingly reliant on mobile technology.

The phones are created using entirely off-the-shelf components, meaning that with the plans published by the NSA (PDF), the actual device could easily be reproduced. The software, as previously mentioned, is a heavily modified version of Google’s Android operating system. Android is free and open source, meaning that anyone – including the NSA – can download the source code and modify it to suit their needs.

There is no word on how widely the government intends to distribute these “Fishbowl” phones. The number will likely be kept fairly low.

The Wall Street Journal is reporting General Keith Alexander, director of the NSA, has said that Anonymous may be capable of taking down power grids via a cyberattack in the next few years.

The statements were reportedly made in meetings at the White House and other private gatherings according to sources. Gen. Alexander has previously warned on the threat cyberattacks pose to computer networks by being able to disable them.

We reported last week on Operation Global Blackout, an Anonymous plot to take down the entire Internet as an act of protest. Experts speaking to the WSJ said that an attack on that scale would be unlikely, but it does show that Anonymous may be preparing for larger attacks.

It would appear that Anonymous doesn’t have the ability to take power grids via cyerbattacks yet. Intelligence officials claim that the only powers that have that capability would be China or Russia. There is still some concern, however, of Anonymous’ ability to develop a way to take down power grids in the near future.

What’s far more interesting is the alleged belief by some officials that a hostile country could give cyberattack tools to a group like Anonymous. This would allow Anonymous to carry out the attack and remove all responsibility from the offending country.

These rumored meetings come on the tail of Senator John McCain announcing a new cybersecurity bill that would put the NSA in charge of monitoring the net for cyberattacks. It seems that the McCain and Alexander have a vested interest in putting the military in charge of the policing the Internet.

McCain plans to present the bill after Congress gets back from its Presidents Day recess.

The good news is that there was a cybersecurity bill making its way through Congress that was supported by both parties and it would have addressed that very issue. As Wired reports, however, the key word there is “was.” Senator John McCain came in with seven other Senators to slam the current bill and propose a new one.

At a hearing for the proposed bill, the Cybersecurity Act of 2012, McCain made clear his objections to the bill, including but not limited to, the power it gave to the Department of Homeland Security and not enough power being given to the National Security Agency:

General Keith Alexander, the Commander of U.S. Cybercommand and the Director of the NSA stated that if a significant cyber attack against this country were to take place there may not be much that he and his teams at either Cybercommand or NSA can legally do to stop it in advance. According to General Alexander, ‘in order to stop a cyber attack you have to see it in real time, and you have to have those authorities. Those are the conditions we’ve put on the table … Now how and what the Congress chooses, that’ll be a policy decision.’ This legislation does nothing to address this significant concern and I question why we have yet to have a serious discussion about who is best suited to protect our Country from this threat we all agree is very real and growing.

Additionally, if the legislation before us today were enacted into law, unelected bureaucrats at the DHS could promulgate prescriptive regulations on American businesses – which own roughly 90 percent of critical cyber infrastructure. The regulations that would be created under this new authority would stymie job-creation, blur the definition of private property rights and divert resources from actual cybersecurity to compliance with government mandates. A super-regulator, like DHS under this bill, would impact free market forces which currently allow our brightest minds to develop the most effective network security solutions.

McCain ended his comments by saying that he was going to introduce the new bill after the President’s Day recess.

The current bill that McCain wants to shoot down would make the government pick out which sectors of the nation’s infrastructure poses the most immediate risk and then give the DHS the authority to combat those problems.

The real kicker in the bill, however, is that it would require companies that own “critical infrastructure” to meet security standards created by the National Institute of Standards and Technology as well as the NSA. If they did not meet these standards, they would be slapped with civil penalties.

Those affected by these new standards would be allowed to come up with their own ways to meet the standards, but would be required to annually review their practices to confirm that they are meeting standards.

One part of the bill that is suspect is that it would allow these companies to self-certify themselves over the proposed standards. While they can hire a third party to perform the audit, self-certification would probably be the preferred method as it’s easier and cheaper. It’s also ripe for incompetence since auditing yourself doesn’t get the best results.

We’ll have to wait for McCain’s bill to emerge before we can compare the two to see where each of their strengths lie. Once it does emerge though, you can bet that we’ll be on it to let you know what’s in it.

If Congressional hearings are your thing, you can watch the full three hour long committee meeting at the Senate’s Web site.

If you prefer reading, the bill in its entirety can also be downloaded from the Senate’s Web site.

As it stands now, however, would you be more comfortable with the NSA or DHS monitoring our nation’s cybersecurity? Let us know in the comments.

Perfect Citizen would rely on a set of sensors deployed in computer networks for critical infrastructure that would flag "unusual activity" signaling an impending cyberattack, according to the Wall Street Journal.

Defense contractor Raytheon recently was awarded with a classified contract for the first stage of the surveillance program valued up to $100 million.

Some industry and government officials with knowledge of the program view Perfect Citizen as overreaching by the NSA into domestic affairs, while other view it as a critical program to fight emerging security threats that only the NSA can manage.

"The overall purpose of the [program] is our Government…feel[s] that they need to insure the Public Sector is doing all they can to secure Infrastructure critical to our National Security," said one internal Raytheon email, the text of which was seen by The Wall Street Journal. "Perfect Citizen is Big Brother."

A U.S. military official said the program was long overdue and would not be a violation of privacy.

U.S. intelligence officials have grown increasingly concerned about possible Chinese and Russian surveillance of computer systems that control the electric grid and other U.S. infrastructure.

"Because the program is still in the early stages, much remains to be worked out, such as which computer control systems will be monitored and how the data will be collected. NSA would likely start with the systems that have the most important security implications if attacked, such as electric, nuclear, and air-traffic-control systems," according to the Journal.

NSA chief General Keith Alexander head of the recently created US Cyber Command said in a speech that the role of the agency is to ""deter, detect and defend against emerging threats against our nation in cyberspace."

"All of us in government recognize that we cannot do this without the help of industry, academia and our allies," he said. "Securing cyberspace is a team sport."
 

The suit also names the National Security Agency (NSA), Vice President Dick Cheney, Cheney’s chief of staff David Addington, and former Attorney General and White House Counsel Alberto Gonzales.

The lawsuit, Jewel v. NSA, is aimed at ending what the EFF says is "the NSA’s dragnet surveillance of millions of ordinary Americans and holding accountable the government officials who illegally authorized it."

Evidence in the case includes undisputed documents provided by former AT&T employee Mark Klein showing AT&T has routed copies of Internet traffic to a secret room in San Francisco controlled by the NSA.

EFF attorneys filed a suit against AT&T in 2006 alleging that US telecoms giants had opened its network to the NSA without warrants. This year Congress passed legislation giving telecommunications firms immunity from spying lawsuits. The case is now stalled in federal court.

"In addition to suing AT&T, we’ve now opened a second front in the battle to stop the NSA’s illegal surveillance of millions of ordinary Americans and hold personally responsible those who authorized or participated in the spying program," said Senior Staff Attorney Kevin Bankston.

"For years, the NSA has been engaged in a massive and massively illegal fishing expedition through AT&T’s domestic networks and databases of customer records. Our goal in this new case against the government, as in our case against AT&T, is to dismantle this dragnet surveillance program as soon as possible."