2013年6月21日金曜日

NSA 通話盗聴300件未満、20カ国以上でテロ阻止

NSAは通話盗聴300件未満で、20カ国以上でテロ阻止と言う。
 米NSAや米FBIが米国の大手通信会社などから密かに個人情報を収集して
いたとされる問題で、米当局は実際に詳細を調査していたのは300件にも
満たない通話で、その対象はテロに関するものだけ、などとする文書を
公開した。

上院情報委員会
・6月15日 文書公開
・当局側はNSAのプログラムで収集されたデータによって、米国と世界
 20カ国以上で計画されていた数十に及ぶテロを阻止できた。
・数が2012年の1年間で300件未満だった。
・NSAのプログラムが「外国情報監視裁判所(FISC)」によって承認済。
 プログラムは90日毎に精査、収集した情報は5年経過すると消去されること。
・収集しているメタデータには電話番号や通話時間が含まれているが、
 通話内容、携帯電話の位置情報は含まれていない。

NSA 監視プログラム
・MAINWAY
 電話番号や通話時間を自動的に収集
・NUCLEON
 電話の通話内容を集める
・MARINA
 ネット通信で使われるメールアドレスなどのデータを収集
・PRISM
 ネット上で、主に外国人の通信内容を収集。

Apple
・2012年12月1日-2013年5月31日
 米政府当局から受けた顧客データ要請件数は4000~5000件
 アカウントまたは端末数は9000~10000件。
 何件がNSAによるもの。
 犯罪捜査、行方不明の子供の捜索、アルツハイマー病患者の居場所特定、
 自殺の防止。
・政府機関にも同社のサーバに対する直接アクセスを与えることはしてお
 らず、また、顧客データを要請する政府機関は裁判所命令を取得する
 必要がある。

愛国者法第215条とFISA702条の解釈の違いを問題としているようだ。
令状を取れなかったり、違法捜査による告訴で、裁判において、違法捜査
が証明されれば、明らかに有罪であっても無罪となる。諸刃の剣か。
疑わしい中、銃撃戦となれば死亡する確率が高く、事件終了かな。

PRISM data-collection program
US Cyber Attack


--- 元CIA職員のSnowden氏、「NSAは日常的に米国人の通信を傍受している」---
2013/06/18
小久保 重信
http://itpro.nikkeibp.co.jp/article/NEWS/20130618/485724/

  米国家安全保障局(NSA)が運用している通信情報収集プログラムの問題を告発した元CIA職員のEdward Snowden氏は、現地時間2013年6月17日、英Guardian紙のWebサイトのチャットで読者からの質問に答え、NSAは裁判所の令状なくして米国民の通信を傍受しているなどと述べた。
 Snowden氏によると、NSAは2008年に改正された外国情報監視法(FISA)702条に基づき、日常的に米国人の通信内容を収集しており、これは裁判所の令状なくして行われているという。NSAはこれを「一時的な収集」としているが、結局のところはNSAの職員がその情報を今も持ち続けているという。同氏は「分析官がある電子メールアドレスにターゲットを絞れば、そのアドレスから送られた米国人宛のメールは、IPアドレス、本文、添付ファイルを含めすべてが盗み見られてしまう」などと述べている。
 これに先立つ6月15日に米当局は、NSAが運用している2つの情報収集プログラムに関する文書を公開し、両プログラムは愛国者法(反テロ法)第215条と外国情報監視法(FISA)の702条に基づいて正しく運用されていると主張していた。
 当局によると、外国情報監視法(FISA)の702条に基づく通信データ収集プログラムは、国外の非米国人を対象にするもので、米国市民や国外にいる米国人の通話や電子メールをターゲットにすることは許可されていないという。
 また先ごろ、情報機関の分析官が米国人の国内通話を傍受していると報道されたことを受け、James Clapper米国家情報長官は声明を出し「分析官が“法的に適切な許可”を取らずに国内通話を傍受しているという報道は、事実に反する」と述べていた。
 これについて、米CNETは、米Electronic Frontier Foundation(EFF:電子フロンティア財団)の話として、「Obama政権の一部の高官は、裁判所の令状と“法的に適切な許可”を別のものと解釈している可能性がある」と伝えている。


---アップル、米政府当局による顧客データ要請件数を公表--NSAなどめぐる騒動を受け---
Dan Farber (CNET News) 翻訳校正: 編集部 2013/06/18 07:17
http://japan.cnet.com/apple/35033506/

 FacebookとMicrosoftに続き、Appleが米政府当局からのユーザー情報要請件数とそれに関連するアカウント数を公表した。
 Appleによると、2012年12月1日から2013年5月31日の間に同社が米政府当局から受けた顧客データ要請件数は4000~5000件で、その要請で指定されたアカウントまたは端末数は9000~10000件であるという。Appleは、そのうちの何件が米国家安全保障局(NSA)によるもので、NSAからの要請に関連していた可能性のあるアカウントまたは端末が何件であったかを明らかにしなかった。
 しかしAppleは、「最も多い要請形式」は警察を通したものであることを明らかにした。「窃盗などの犯罪の捜査、行方不明になった子供の捜索、アルツハイマー病患者の居場所の特定、自殺の防止」というAppleによる声明の文脈から判断して、地方警察または州警察であると思われる。
 Appleによる件数公表は、6月に入ってNSAが通話やウェブ利用に関する情報を秘密裏に取得するための大々的な取り組みに従事しているとする疑惑に対して騒動が勃発したことを受けたものである。
 Appleは声明の中で、どの政府機関にも同社のサーバに対する直接アクセスを与えることはしておらず、また、顧客データを要請する政府機関は裁判所命令を取得する必要があると述べた。


---「NSAが内容を調べた通話は300件未満、20カ国以上でテロを阻止できた」、米当局が主張---
2013/06/17
小久保 重信
http://itpro.nikkeibp.co.jp/article/NEWS/20130617/485525/

  米国家安全保障局(NSA)や米連邦捜査局(FBI)が米国の大手通信会社などから密かに個人情報を収集していたとされる問題で、米当局は実際に詳細を調査していたのは300件にも満たない通話で、その対象はテロに関するものだけ、などとする文書を公開した。米Washington Postや米Associated Press(AP通信)、英BBCなどが、現地時間2013年6月16日までに報じた。
 報道によると、文書は6月15日に上院情報委員会によって公開された。Washington Postが入手し、ネット公開した資料(PDF)よると、当局側はNSAのプログラムで収集されたデータによって、米国と世界20カ国以上で計画されていた数十に及ぶテロを阻止できたとしている。
 文書には、NSAのプログラムが「外国情報監視裁判所(FISC)」によって承認されていること、プログラムが90日ごとに精査されていること、収集した情報は5年経過すると消去されることなどが記されている。
 諜報当局側の説明によると、当局が収集しているメタデータには電話番号や通話時間が含まれているが、通話内容、携帯電話の位置情報は含まれていない。米国外のテロリストが米国内の実行犯などと連絡を取り合っていることなどを察知して、当局は初めて詳細を調べる。その数が2012年の1年間で300件未満だったと説明している。


---米NSAの盗聴・監視、4つの「道具」---
2013年6月17日19時48分  読売新聞
http://www.yomiuri.co.jp/world/news/20130617-OYT1T01053.htm?from=ylist

 【ワシントン=山口香子】米紙ワシントン・ポストは16日、米国家安全保障局(NSA)が、テロ対策として電話とインターネットの通信を監視するため、計四つのプログラムを運営していると報じた。
 〈1〉電話番号や通話時間を自動的に収集する「メーンウエー」〈2〉電話の通話内容を集める「ニュークレオン」〈3〉ネット通信で使われるメールアドレスなどのデータを収集する「マリーナ」〈4〉ネット上で、主に外国人の通信内容を収集する「プリズム」――で、このうち〈2〉と〈3〉の存在が明らかになるのは初めて。NSAによる包括的な監視体制を示すものといえそうだ。


---U.S. surveillance architecture includes collection of revealing Internet, phone metadata---
By Barton Gellman, Published: June 16
http://www.washingtonpost.com/investigations/us-surveillance-architecture-includes-collection-of-revealing-internet-phone-metadata/2013/06/15/e9bf004a-d511-11e2-b05f-3ea3f0e7bb5a_story.html

On March 12, 2004, acting attorney general James B. Comey and the Justice Department’s top leadership reached the brink of resignation over electronic surveillance orders that they believed to be illegal.

President George W. Bush backed down, halting secret foreign-
intelligence-gathering operations that had crossed into domestic terrain. That morning marked the beginning of the end of STELLARWIND, the cover name for a set of four surveillance programs that brought Americans and American territory within the domain of the National Security Agency for the first time in decades. It was also a prelude to new legal structures that allowed Bush and then President Obama to reproduce each of those programs and expand their reach.

What exactly STELLARWIND did has never been disclosed in an unclassified form. Which parts of it did Comey approve? Which did he shut down? What became of the programs when the crisis passed and Comey, now Obama’s expected nominee for FBI director, returned to private life?

Authoritative new answers to those questions, drawing upon a classified NSA history of STELLARWIND and interviews with high-ranking intelligence officials, offer the clearest map yet of the Bush-era programs and the NSA’s contemporary U.S. operations.

STELLARWIND was succeeded by four major lines of intelligence collection in the territorial United States, together capable of spanning the full range of modern telecommunications, according to the interviews and documents.

Foreigners, not Americans, are the NSA’s “targets,” as the law defines that term. But the programs are structured broadly enough that they touch nearly every American household in some way. Obama administration officials and career intelligence officers say Americans should take comfort that privacy protections are built into the design and oversight, but they are not prepared to discuss the details.

The White House, the NSA and the Office of the Director of National Intelligence declined to comment on the record for this article. A senior intelligence official agreed to answer questions if not identified.

“We have rich oversight across three branches of government. I’ve got an [inspector general] here, a fairly robust legal staff here ... and there’s the Justice Department’s national security division,” the official said. “For those things done under court jurisdiction, the courts are intrusive in my business, appropriately so, and there are two congressional committees. It’s a belts-and-suspenders-and-Velcro approach, and inside there’s rich auditing.”

But privacy advocates, such as Sen. Ron Wyden (D-Ore.), said the intelligence committee on which he serves needs “straight answers” to do vigorous oversight.

He added: “The typical person says, ‘If I am law-abiding and the government is out there collecting lots of information about me - who I call, when I call, where I call from’ ... I think the typical person is going to say, ‘That sure sounds like it could have some effect on my privacy.’”

Two of the four collection programs, one each for telephony and the Internet, process trillions of “metadata” records for storage and analysis in systems called MAINWAY and MARINA, respectively. Metadata includes highly revealing information about the times, places, devices and participants in electronic communication, but not its contents. The bulk collection of telephone call records from Verizon Business Services, disclosed this month by the British newspaper the Guardian, is one source of raw intelligence for MAINWAY.

The other two types of collection, which operate on a much smaller scale, are aimed at content. One of them intercepts telephone calls and routes the spoken words to a system called -NUCLEON.

For Internet content, the most important source collection is the PRISM project reported on June 6 by The Washington Post and the Guardian. It draws from data held by Google, Yahoo, Microsoft and other Silicon Valley giants, collectively the richest depositories of personal information in history.

Former NSA contractor Edward Snowden, 29, who unmasked himself as the source behind the PRISM and Verizon revelations, said he hoped for a systematic debate about the “danger to our freedom and way of life” posed by a surveillance apparatus “kept in check by nothing more than policy.”

For well over a week, he has had his wish. Startling disclosures have poured out of the nation’s largest and arguably tightest-lipped spy agency at an unprecedented pace. Snowden’s disclosures have opened a national conversation about the limits of secret surveillance in a free society and an outcry overseas against U.S. espionage.

The debate has focused on two of the four U.S.-based collection programs: PRISM, for Internet content, and the comprehensive collection of telephone call records, foreign and domestic, that the Guardian revealed by posting a classified order from the Foreign Intelligence Surveillance Court to Verizon Business Services.

The Post has learned that similar orders have been renewed every three months for other large U.S. phone companies, including Bell South and AT&T, since May 24, 2006. On that day, the surveillance court made a fundamental shift in its approach to Section 215 of the Patriot Act, which permits the FBI to compel production of “business records” that are relevant to a particular terrorism investigation and to share those in some circumstances with the NSA. Henceforth, the court ruled, it would define the relevant business records as the entirety of a telephone company’s call database.

The Bush administration, by then, had been taking “bulk metadata” from the phone companies under voluntary agreements for more than four years. The volume of information overwhelmed the MAINWAY database, according to a classified report from the NSA inspector general in 2009. The agency spent $146 million in supplemental counterterrorism funds to buy new hardware and contract support - and to make unspecified payments to the phone companies for “collaborative partnerships.”

When the New York Times revealed the warrantless surveillance of voice calls, in December 2005, the telephone companies got nervous. One of them, unnamed in the report, approached the NSA with a request. Rather than volunteer the data, at a price, the “provider preferred to be compelled to do so by a court order,” the report said. Other companies followed suit. The surveillance court order that recast the meaning of business records “essentially gave NSA the same authority to collect bulk telephony metadata from business records that it had” under Bush’s asserted authority alone.

Telephone metadata was not the issue that sparked a rebellion at the Justice Department, first by Jack Goldsmith of the Office of Legal Counsel and then by Comey, who was acting attorney general because John D. Ashcroft was in intensive care with acute gallstone pancreatitis. It was Internet metadata.

At Bush’s direction, in orders prepared by David Addington, the counsel to Vice President Richard B. Cheney, the NSA had been siphoning e-mail metadata and technical records of Skype calls from data links owned by AT&T, Sprint and MCI, which later merged with Verizon.

For reasons unspecified in the report, Goldsmith and Comey became convinced that Bush had no lawful authority to do that.

MARINA and the collection tools that feed it are probably the least known of the NSA’s domestic operations, even among experts who follow the subject closely. Yet they probably capture information about more American citizens than any other, because the volume of e-mail, chats and other Internet communications far exceeds the volume of standard telephone calls.

The NSA calls Internet metadata “digital network information.” Sophisticated analysis of those records can reveal unknown associates of known terrorism suspects. Depending on the methods applied, it can also expose medical conditions, political or religious affiliations, confidential business negotiations and extramarital affairs.

What permits the former and prevents the latter is a complex set of policies that the public is not permitted to see. “You could do analyses that give you more information, but the law and procedures don’t allow that,” a senior U.S. intelligence lawyer said.

In the urgent aftermath of Sept. 11, 2001, with more attacks thought to be imminent, analysts wanted to use “contact chaining” techniques to build what the NSA describes as network graphs of people who represented potential threats.

The legal challenge for the NSA was that its practice of collecting high volumes of data from digital links did not seem to meet even the relatively low requirements of Bush’s authorization, which allowed collection of Internet metadata “for communications with at least one communicant outside the United States or for which no communicant was known to be a citizen of the United States,” the NSA inspector general’s report said.

Lawyers for the agency came up with an interpretation that said the NSA did not “acquire” the communications, a term with formal meaning in surveillance law, until analysts ran searches against it. The NSA could “obtain” metadata in bulk, they argued, without meeting the required standards for acquisition.

Goldsmith and Comey did not buy that argument, and a high-ranking U.S. intelligence official said the NSA does not rely on it today.

As soon as surveillance data “touches us, we’ve got it, whatever verbs you choose to use,” the official said in an interview. “We’re not saying there’s a magic formula that lets us have it without having it.”

When Comey finally ordered a stop to the program, Bush signed an order renewing it anyway. Comey, Goldsmith, FBI Director Robert S. Mueller III and most of the senior Bush appointees in the Justice Department began drafting letters of resignation.

Then-NSA Director Michael V. Hayden was not among them. According to the inspector general’s classified report, Cheney’s lawyer, Addington, placed a phone call and “General Hayden had to decide whether NSA would execute the Authorization without the Attorney General’s signature.” He decided to go along.

The following morning, when Mueller told Bush that he and Comey intended to resign, the president reversed himself.

Three months later, on July 15, the secret surveillance court allowed the NSA to resume bulk collection under the court’s own authority. The opinion, which remains highly classified, was based on a provision of electronic surveillance law, known as “pen register, trap and trace,” that was written to allow law enforcement officers to obtain the phone numbers of incoming and outgoing calls from a single telephone line.

When the NSA aims for foreign targets whose communications cross U.S. infrastructure, it expects to sweep in some American content “incidentally” or “inadvertently,” which are terms of art in regulations governing the NSA. Contact chaining, because it extends to the contacts of contacts of targets, inevitably collects even more American data.

Current NSA director Keith B. Alexander and Director of National Intelligence James R. Clapper Jr. have resolutely refused to offer an estimate of the number of Americans whose calls or e-mails have thus made their way into content databases such as -NUCLEON.

The agency and its advocates maintain that its protection of that data is subject to rigorous controls and oversight by Congress and courts. For the public, it comes down to a question of unverifiable trust.

“The constraints that I operate under are much more remarkable than the powers that I enjoy,” said the senior intelligence official who declined to be named.

When asked why the NSA could not release an unclassified copy of its “minimization procedures,” which are supposed to strip accidentally collected records of their identifying details, the official suggested a reporter submit a freedom-of-information request.

As for bulk collection of Internet metadata, the question that triggered the crisis of 2004, another official said the NSA is no longer doing it. When pressed on that question, he said he was speaking only of collections under authority of the surveillance court.

“I’m not going to say we’re not collecting any Internet metadata,” he added. “We’re not using this program and these kinds of accesses to collect Internet metadata in bulk.”

Julie Tate and Ellen Nakashima contributed to this report.

0 コメント: