Tag Archives: The New York Times

F.B.I. Error Locked San Bernardino Attacker’s iPhone - The New York Times 20160301

F.B.I. Error Locked San Bernardino Attacker’s iPhone - The New York Times 20160301

The head of the F.B.I. acknowledged on Tuesday that his agency lost a chance to capture data from the iPhone used by one of the San Bernardino attackers when it ordered that his password to the online storage service iCloud be reset shortly after the rampage.

“There was a mistake made in the 24 hours after the attack,” James B. Comey Jr., the director of the F.B.I., told lawmakers at a hearing on the government’s attempt to force Apple to help “unlock” the iPhone.

F.B.I. personnel apparently believed that by resetting the iCloud password, they could get access to information stored on the iPhone. Instead, the change had the opposite effect — locking them out and eliminating other means of getting in.

While some lawmakers voiced support for Apple’s privacy concerns, others attacked the company’s position, saying it threatened to deprive the authorities of evidence in critical cases involving newer iPhones.

“We’re going to create evidence-free zones?” asked Representative Trey Gowdy, a South Carolina Republican who once served as a federal prosecutor. “Am I missing something?”

“How the hell you can’t access a phone, I just find baffling,” he said.

Bruce Sewell, Apple’s general counsel, told committee members that the F.B.I.’s demand for technical help to unlock Mr. Farook’s iPhone 5c “would set a dangerous precedent for government intrusion on the privacy and safety of its citizens.” Apple has said that in many cases investigators have other means to gain access to crucial information, and in some instances it has turned over data stored in iCloud.

Mr. Sewell reacted angrily to the Justice Department’s suggestion that Apple’s branding and marketing strategy was driving its resistance to helping the F.B.I., an assertion that he said made his “blood boil.”

“We don’t put up billboards that market our security,” he said. “We do this because we think protecting security and privacy of hundreds of millions of iPhones is the right thing to do.”

F.B.I. officials say that encrypted data in Mr. Farook’s phone and its GPS system may hold vital clues about where he and his wife, Tashfeen Malik, traveled in the 18 minutes after the shootings, and about whom they might have contacted beforehand. While investigators believe that the couple was “inspired” by the Islamic State, they have not found evidence that they had contact with any extremists overseas.

A judge last month ordered Apple to develop software that would disable security mechanisms on Mr. Farook’s phone so that the F.B.I. could try multiple passwords to unlock the phone through a “brute force” attack, without destroying any data. Once the systems were disabled, it would take only about 26 minutes to find the correct password, Mr. Comey said.

He rejected an idea expressed by several lawmakers that the F.B.I. was trying to force Apple to build a “back door” to decrypt its own security features. He used a different analogy to explain the government’s demands.

“There’s already a door on that iPhone,” Mr. Comey said. “Essentially, we’re saying to Apple ‘take the vicious guard dog away and let us pick the lock.’ ”

But the F.B.I. did not help its case with lawmakers when Mr. Comey acknowledged the mistake of changing the iCloud password.

When the dispute over Mr. Farook’s iPhone erupted two weeks ago, the Justice Department blamed technicians at San Bernardino County, which employed Mr. Farook as an environmental health specialist and which owned the phone he used. But county officials said their technicians had changed the password only “at the F.B.I.’s request.”

Mr. Comey acknowledged at the hearing that the F.B.I. had directed the county to change the password.

Mr. Sewell, the Apple lawyer, explained to the committee that before F.B.I. officials ordered the password reset, Apple first wanted them to try to connect the phone to a “known” Wi-Fi connection that Mr. Farook had used. Doing so might have recovered information saved to the phone since October, when it was last connected to iCloud.

“The very information that the F.B.I. is seeking would have been available, and we could have pulled it down from the cloud,” he said.

The F.B.I.’s handling of the password change drew criticism from both Democrats and Republicans at the hearing.

“If the F.B.I. hadn’t instructed San Bernardino County to change the password to the iCloud account, all this would have been unnecessary, and you would have had that information,” said Representative Jerrold Nadler, Democrat of New York.

Mr. Gowdy leveled a similar criticism during the more than two and a half hours of testimony from Mr. Comey.

“With all due respect to the F.B.I., they didn’t do what Apple had suggested they do in order to retrieve the data, correct?” Mr. Gowdy asked the director. “I mean, when they went to change the password, that kind of screwed things up, did it not?”

But Mr. Comey said that even if the F.B.I. had not mishandled the password, he did not think the bureau could have gotten everything it wanted from the phone and would still have needed Apple to help disable the security features in the phone.

“We would still be in litigation,” he said, “because the experts tell me there’s no way we would have gotten everything off the phone from a backup.”

Mr. Comey stressed that the fight with Apple was about trying to get as much information as possible about the San Bernardino attack — not about gaining a powerful law enforcement tool elsewhere.

But when he was asked whether the F.B.I. would seek to unlock other encrypted phones if it prevailed in the San Bernardino case, he responded, “Of course.”

In the audience were relatives of a Louisiana woman, Brittney Mills, who was shot to death at her doorstep last year when she was about eight months pregnant.

Mr. Comey said the data in her phone could help investigators determine whether she was shot by someone she knew, but they had been unable to break the passcode.

Apple moves to shift battle over unlocking iPhone to Capitol Hill - The New York Times 20160222

Apple moves to shift battle over unlocking iPhone to Capitol Hill - The New York Times 20160222

Apple said on Monday that it wanted to expand its iPhone battle with the United States government beyond a courtroom — where it is currently being fought — to a hearing room on Capitol Hill.

The announcement came after the House Energy and Commerce Committee invited the company’s chief executive, Timothy D. Cook, and the F.B.I. director, James B. Comey, to testify at a hearing on privacy and national security “to explain to Congress and the American people the issues at play and how they plan to move forward.”

The standoff centers on a court order last week calling on Apple to weaken the security functions on an iPhone belonging to one of the gunmen in a mass shooting in San Bernardino, Calif., in December, so that F.B.I. investigators could access its contents. Apple has refused to comply, setting off a heated exchange of public statements and court filings.

The best way forward, the company said, would be for the government to, “as some in Congress have proposed, form a commission or other panel of experts on intelligence, technology and civil liberties to discuss the implications for law enforcement, national security, privacy and personal freedoms.”

Apple said that it would “gladly participate in such an effort.”

If the Justice Department does not withdraw its demands, Apple has until Friday to file a formal brief opposing the order, which was issued on Tuesday by Magistrate Judge Sheri Pym of the United States District Court for the Central District of California.

Apple’s note, which was intended to answer the most frequently asked questions about the dispute, also reiterated that law enforcement officials, frustrated by their inability to open locked iPhones, were closely watching the case.

“Law enforcement agents around the country have already said they have hundreds of iPhones they want Apple to unlock if the F.B.I. wins this case,” Apple said.

In an interview with Charlie Rose, the Manhattan district attorney, Cyrus R. Vance Jr., was asked, “If there is access to this phone, you want access to all those phones that you think are crucial in a criminal proceeding?”

Mr. Vance responded: “Absolutely right.”

The New York City police commissioner, William J. Bratton, and Mr. Vance criticized Apple after it refused to comply with the court order and said that they currently possessed 175 iPhones that they could not unlock.

The fight between Apple and law enforcement is an important moment in the growing tension between technology companies that have access to reams of private customer data and the government, which has long sought greater access to that information. Apple says that customer data must remain accessible only to customers in order to protect their civil liberties. Law enforcement officials like Mr. Comey say that increasingly robust encryption technology hinders their ability to fight criminals.

After the judge ordered Apple on Tuesday to create a tool that would weaken security measures on a work phone issued to Syed Farook, one of the gunmen in the December attack that left 14 dead, Mr. Cook posted a personally signed letter to customers early Wednesday morning in which he said he opposed the order as an intrusion into customers’ privacy. The Justice Department shot back on Friday with a sharply worded, 25-page motion demanding that Apple cooperate with the order, writing that the company’s refusal “appears to be based on its concern for its business model and public brand marketing strategy.”

On Sunday, Mr. Comey released a statement to defend why the agency needed to break into the iPhone, saying the order “isn’t about trying to set a precedent or send any kind of message.”

“It is about the victims and justice,” he said.

In an internal email sent to Apple employees on Monday, Mr. Cook wrote that the company’s customer data was “under siege” and that “it does not feel right to be on the opposite side of the government in a case centering on the freedoms and liberties that government is meant to protect.”

N.S.A. Gets Less Web Data Than Believed, Report Suggests - The New York Times 20160217

N.S.A. Gets Less Web Data Than Believed, Report Suggests - The New York Times 20160217

A newly declassified report by the National Security Agency’s inspector general suggests that the government is receiving far less data from Americans’ international Internet communications than privacy advocates have long suspected.

The report indicates that when the N.S.A. conducts Internet surveillance under the FISA Amendments Act, companies that operate the Internet are probably turning over just emails to, from or about the N.S.A.’s foreign targets — not all the data crossing their switches, as the critics had presumed.

The theory that the government is rooting through vast amounts of data for its targets’ messages has been at the heart of several lawsuits challenging such surveillance as violating the Fourth Amendment.

The report, obtained by The New York Times through a Freedom of Information Act lawsuit, was classified when completed in 2015, and it still contains many redactions. But several uncensored sentences appear to indicate how the system works: They suggest that the government supplies its foreign targets’ “selectors” — like email addresses — to the network companies that operate the Internet, and they sift through the raw data for any messages containing them, turning over only those.

The distinction is important for evaluating crucial constitutional issues raised by how to apply Fourth Amendment privacy rights to new communications and surveillance technologies. Government secrecy about Internet wiretapping has prevented judges from adjudicating the issues in open court.

Still, Patrick Toomey, an American Civil Liberties Union lawyer who is helping lead one of several lawsuits challenging the N.S.A.’s Internet surveillance, argued that even if the companies were sifting the data themselves, the constitutional issues were the same if the companies were doing something they would not otherwise do at the government’s direction.

“The equivalent would be if AT&T were compelled to put every phone call through a voice transcription and then give to the government” copies of only those calls that were linked to a suspect, Mr. Toomey said. “We would find that disturbing, not just because it could be abused, but because it involves the phone company listening to every phone call.”

The network companies that operate the Internet, like AT&T and Verizon, do not publicly discuss how the surveillance system works, and the government declined to comment about the newly disclosed report.

Congress commissioned the inspector general report after the leaks about surveillance by the former intelligence contractor Edward J. Snowden. A central focus was the FISA Amendments Act program, which permits warrantless collection of communications on domestic soil so long as the target is a noncitizen abroad — even if the target is communicating with an American.

One part of the program is called Upstream. It involves the collection of emails and other Internet messages as they cross network switches. The report discusses how network providers are legally compelled to give the N.S.A. communications “related to tasked selectors.” A little later, after a redacted paragraph, it says, “The providers should deliver only communications meeting these criteria to N.S.A.”

And the report said that “for each source of collection, N.S.A. employs processes to determine whether” — the middle of the sentence is redacted, before it picks up with, “are sending communications only for selectors currently tasked and authorized for collection.”

A senior administration official, speaking on the condition of anonymity to discuss internal deliberations, said there had been no official policy decision, as part of disclosing the inspector general report, to say more about how Upstream collection works than what the government had said previously.

Still, in previous reports and court documents about the Upstream system, the government has tended to use language that leaves it ambiguous whether the telecommunications companies or the government is filtering and scanning the raw Internet data.

(The inspector general report does not address how the N.S.A. collects foreign-to-foreign Internet messages passing through the American network. Such messages are not protected by domestic law, and the government does collect them in bulk, just as it could do if it intercepted them abroad, according to leaked documents and officials familiar with that system.)

The new report’s discussion of how the Upstream collection system works under the FISA Amendments Act dovetails with an article by The Times and ProPublica in August, which was largely based on “top-secret” documents provided by Mr. Snowden. But those documents remain classified. And in public, the government has been vague about the system’s details, including in its responses to lawsuits.

The cases are important because Internet technology works differently from the telephone technology for which wiretapping rules were developed and tested in court. A suspect’s phone call can be intercepted without touching any other people’s calls. But on the Internet, data from different messages are broken up and intermingled, so collecting a suspect’s email requires temporarily copying and sifting data from many people’s messages.

Privacy advocates want a court to address whether that violates the Fourth Amendment. So far, they have not succeeded.

In one such case, a group of AT&T customers represented by the Electronic Frontier Foundation argued in 2014 that the government was getting a copy of all Internet data and rooting through it. But the Justice Department said litigating the allegation would reveal state secrets, and a judge dismissed the claim in February 2015, writing cryptically that secret documents showed that “the plaintiffs’ version of the significant operational details of the Upstream collection process is substantially inaccurate.”

The complaint in another such case, brought in 2015 by the A.C.L.U. on behalf of the Wikimedia Foundation, also said that the N.S.A. was systematically copying and reviewing international communications, although it also hedged that some aspects of that surveillance “may be conducted by the telecommunications providers on the government’s behalf.” A judge dismissed that case, too, and it is now on appeal.

How Tim Cook, in iPhone Battle, Became a Bulwark for Digital Privacy - The New York Times 20160218

How Tim Cook, in iPhone Battle, Became a Bulwark for Digital Privacy - The New York Times 20160218

Timothy D. Cook, Apple’s chief, testifying before Congress in 2013. “We feel we must speak up in the face of what we see as an overreach by the U.S. government,” he wrote in an open letter published this week.

Letters from around the globe began pouring into the inbox of Timothy D. Cook not long after the publication of the first revelations from Edward J. Snowden about mass government surveillance.

Do you know how much privacy means to us? they asked Apple’s chief executive. Do you understand?

Mr. Cook did. He was proud that Apple sold physical products — phones, tablets and laptops — and did not traffic in the intimate, digital details of its customers’ lives.

That stance crystallized on Tuesday when Mr. Cook huddled for hours with lawyers and others at Apple’s headquarters to figure out how to respond to a federal court order requiring the company to let the United States government break into the iPhone of one of the gunmen in a San Bernardino, Calif., mass shooting. Late Tuesday, Mr. Cook took the fight public with a letter to customers that he personally signed.

“We feel we must speak up in the face of what we see as an overreach by the U.S. government,” wrote Mr. Cook, 55. “Ultimately, we fear that this demand would undermine the very freedoms and liberty our government is meant to protect.”

Mr. Cook’s standoff with law enforcement officials is indicative of his personal evolution from a behind-the-scenes operator at Apple to one of the world’s most outspoken corporate executives. During that time, he has moved a once secretive Silicon Valley company into the center of highly charged social and legal issues. While Mr. Cook’s predecessor, Apple co-founder Steven P. Jobs, was considered a business icon, he never took aggressive positions on such matters as Mr. Cook now has.

Being at loggerheads with the United States government is risky for Apple and may draw a torrent of public criticism of the world’s most valuable company at a time when its growth rate has significantly decelerated.

Yet people who know Mr. Cook said he did not believe he had a choice but to be vocal. Mr. Cook, who became Apple’s chief executive in 2011, has long said that businesses and their leaders should think of themselves as important members of civic society. In September, he emphasized that this responsibility “has grown markedly in the last couple of decades or so as government has found it more difficult to move forward.”

Mr. Cook “says what he believes, especially in difficult situations,” said Don Logan, the former chairman of Time Warner Cable who has been friends with Mr. Cook since he became chief executive of Apple, bonding over their shared alma mater, Auburn University. Of Mr. Cook’s opposition to the court order, Mr. Logan said: “Tim is currently dealing with a very difficult situation and he knows the decision he has made has lots of ramifications, good or bad. But he wants to do the right thing.”

Apple declined to make Mr. Cook available for an interview. The company is preparing to file an opposition brief against the court order.

Mr. Cook’s ideas about civic duty were partly formed during his childhood in rural Alabama. In a speech at the United Nations in 2013, he recounted how Ku Klux Klansmen had once burned a cross on the lawn of a black family’s home and how he yelled for them to stop. “This image was permanently imprinted in my brain, and it would change my life forever,” he said.

At Apple, which he joined as a senior executive in 1998, Mr. Cook was a quiet figure for much of the period when he worked for Mr. Jobs, a showman who prized secrecy at the company. After Mr. Jobs stepped down because of ailing health, Mr. Cook began making Apple more open, publishing an annual report on suppliers and working conditions for more than a million factory workers.

In 2014, Mr. Cook revealed he was gay, a move widely seen as making a statement about gay rights. Last year, he wrote an editorial decrying religious freedom laws that had been proposed in more than two dozen states that would let people skirt anti-discrimination laws that conflicted with their religious beliefs.

His outspokenness has drawn criticism, with some investors questioning how nonbusiness initiatives — including some of Apple’s environmental moves — would contribute to the company’s bottom line. Mr. Cook responded at a shareholder meeting that it is important for Apple to do things “because they’re just and right.”

Privacy has long been a priority for Mr. Cook. At a tech conference in 2010, he said Apple “has always had a very different view of privacy than some of our colleagues in the Valley.” He cited the iPhone’s feature that shows where a phone — and presumably its user — is and said fears about abuse and stalking had compelled the company to let consumers decide whether or not their apps could use their location data.

Mr. Cook’s views on privacy hardened over time as customers globally began entrusting more personal data to Apple’s iPhones. At the same time, Apple was growing tired of requests from government officials worldwide asking the company to unlock smartphones.

Each data-extraction request was carefully vetted by Apple’s lawyers. Of those deemed legitimate, Apple in recent years required that law enforcement officials physically travel with the gadget to the company’s headquarters, where a trusted Apple engineer would work on the phones inside Faraday bags, which block wireless signals, during the process of data extraction.

Processing these requests was extremely tedious. More worrisome, the data stored on its customers iPhones was growing more personal, including photos, messages and bank, health and travel data.

And some government officials were not exactly instilling confidence in Apple’s engineers. In one case, after law enforcement officials rushed a phone to Apple’s headquarters for data extraction, the engineers discovered their target had not enabled the device’s passcode feature.

So Mr. Cook and other Apple executives resolved not only to lock up customer data, but to do so in a way that would put the keys squarely in the hands of the customer, not the company. By the time Apple rolled out a new mobile operating system, iOS7, in September 2013, the company was encrypting all third-party data stored on customers’ phones by default.

“People have a basic right to privacy,” Mr. Cook has said.

By then, Mr. Snowden’s disclosures about how the National Security Agency had cozied up to some tech companies and hacked others to gain user data were reverberating worldwide. The disclosures included revelations of a comprehensive, decade-long Central Intelligence Agency program to compromise Apple’s products; C.I.A. analysts tampered with the products so the government could collect app makers’ data. In other cases, the agency was embedding spy tools in Apple’s hardware, and even modifying an Apple software update that allowed government analysts to record every keystroke.

Letters from alarmed Apple customers started flooding into Mr. Cook’s inbox, fortifying his stance on privacy. Apple’s eighth mobile operating system, iOS8, which rolled out in September 2014, made it basically impossible for the company’s engineers to extract any data from mobile phones and tablets.

For officials at the world’s law enforcement agencies, the new software was a clear signal that Apple was growing defiant. A month after iOS8’s release, James Comey, the director of the F.B.I., told an audience at the Brookings Institution that Apple had gone “too far” with the expanded encryption, arguing that the operating system effectively sealed off any chance of tracking kidnappers, terrorists and criminals.

Government agencies began to press Apple and other tech companies for so-called back doors that could bypass strong security measures. With tensions rising, some form of technical compromise — whether in the form of a chip, a back door or a key — was off the table by 2015.

At Apple, Mr. Cook and others continued to work with investigators to the extent the company could and complied with court orders. Last October, a federal judge in New York said the government was overstepping its boundaries by using a centuries-old law, the All Writs Act, as the basis for its request that Apple open an iPhone for a drug investigation. Apple’s lawyer sided with the judge in the case. The matter has not been resolved.

After December’s San Bernardino attack, Apple worked with the F.B.I. to gather data that had been backed up to the cloud from a work iPhone issued to one of the assailants, according to court filings. When investigators also wanted unspecified information on the phone that had not been backed up, the judge this week granted the order requiring Apple to create a special tool to help investigators more easily crack the phone’s passcode and get into the device.

Apple had asked the F.B.I. to issue its application for the tool under seal. But the government made it public, prompting Mr. Cook to go into bunker mode to draft a response, according to people privy to the discussions, who spoke on condition of anonymity. The result was the letter that Mr. Cook signed on Tuesday, where he argued that it set a “dangerous precedent” for a company to be forced to build tools for the government that weaken security.

“Compromising the security of our personal information can ultimately put our personal safety at risk,” he wrote. “That is why encryption has become so important to all of us.”

Far from backing down from the fight, Mr. Cook has told colleagues that he still stands by the company’s longstanding plans to encrypt everything stored on Apple’s myriad devices, services and in the cloud, where the bulk of data is still stored unencrypted.

“If you place any value on civil liberties, you don’t do what law enforcement is asking,” Mr. Cook has said.

Correction: February 18, 2016
An earlier version of this article misstated the service Apple provided to law enforcement authorities. It extracted data from iPhones; it did not unlock them.

The Saga of Julian Assange - The New York Times 20160207

The Saga of Julian Assange - The New York Times 20160207

Julian Assange


The curious case of Julian Assange got curiouser last week when a United Nations rights panel concluded that the WikiLeaks founder has been “arbitrarily detained” by Britain and Sweden for more than five years, including the past three and a half years that he has been holed up as a diplomatic refugee in the Ecuadorean Embassy in London. The finding, which is not legally enforceable, was “ridiculous,” responded the British foreign secretary, Philip Hammond. But then so is much else in this convoluted saga, which should be drawn to a close.

Mr. Assange, 44, a onetime computer hacker with an Australian passport, has spent those five years fighting or evading British efforts to extradite him to Sweden, which says it wants to question him about accusations of rape. Mr. Assange and his backers say what is really going on is an attempt to extradite him to the United States to face charges for WikiLeaks’s role in receiving and publishing tens of thousands of secret American military and diplomatic cables in 2010. The New York Times and The Guardian also published many of the cables. Neither Sweden nor the United States has filed formal charges against Mr. Assange.

On Friday, the five-member United Nations “working group on arbitrary detention,” which is under the High Commissioner for Human Rights, and to which Mr. Assange appealed, declared that his ordeal amounted to being “subjected to different forms of deprivation,” which were arbitrary because of the “lack of diligence” by Swedish prosecutors.

Though Swedish prosecutors have said they only want to question Mr. Assange, they insisted that this must take place in Sweden — until last March, when they changed their mind and said they were willing to go to London. They haven’t yet, though Mr. Assange has said all along he’s agreeable to an interrogation there.

The United States also has not filed formal charges against Mr. Assange and what they would charge him with is not clear. In the end, the United Nations ruling, dubious as it may seem, might offer a way for Sweden and Britain to walk away from a case that has not made much sense from the outset.

The New York Times - New Technologies Give Government Ample Means to Track Suspects, Study Finds - 20160131

The New York Times - New Technologies Give Government Ample Means to Track Suspects, Study Finds - 20160131

The F.B.I. director, James B. Comey, and other Justice Department officials have said moves by technology firms to encrypt data have choked off critical ways to monitor suspects.

For more than two years the F.B.I. and intelligence agencies have warned that encrypted communications are creating a “going dark” crisis that will keep them from tracking terrorists and kidnappers.

Now, a study in which current and former intelligence officials participated concludes that the warning is wildly overblown, and that a raft of new technologies — like television sets with microphones and web-connected cars — are creating ample opportunities for the government to track suspects, many of them worrying.

“ ‘Going dark’ does not aptly describe the long-term landscape for government surveillance,” concludes the study, to be published Monday by the Berkman Center for Internet and Society at Harvard.

The study argues that the phrase ignores the flood of new technologies “being packed with sensors and wireless connectivity” that are expected to become the subject of court orders and subpoenas, and are already the target of the National Security Agency as it places “implants” into networks around the world to monitor communications abroad.

The products, ranging from “toasters to bedsheets, light bulbs, cameras, toothbrushes, door locks, cars, watches and other wearables,” will give the government increasing opportunities to track suspects and in many cases reconstruct communications and meetings.

The study, titled, “Don’t Panic: Making Progress on the ‘Going Dark’ Debate,” is among the sharpest counterpoints yet to the contentions of James B. Comey, the F.B.I. director, and other Justice Department officials, mostly by arguing that they have defined the issue too narrowly.

Over the past year, they have repeatedly told Congress that the move by Apple to automatically encrypt data on its iPhone, and similar steps by Google and Microsoft, are choking off critical abilities to track suspects, even with a court order.

President Obama, however, concluded last fall that any effort to legislate a government “back door” into encrypted communications would probably create a pathway for hackers — including those working for foreign governments like Russia, China and Iran — to gain access as well, and create a precedent for authoritarian governments demanding similar access.

Most Republican candidates for president have demanded that technology companies create a way for investigators to unlock encrypted communications, and on the Democratic side, Hillary Clinton has taken a tough line on Silicon Valley companies, urging them to join the fight against the Islamic State.

Apple’s chief executive, Timothy D. Cook, has led the charge on the other side. He recently told a group of White House officials seeking technology companies’ voluntary help to counter the Islamic State that the government’s efforts to get the keys to encrypted communications would be a boon for hackers and put legitimate business transactions, financial data and personal communications at greater risk.

The Harvard study, funded by the Hewlett Foundation, was unusual because it involved technical experts, civil libertarians and officials who are, or have been, on the forefront of counterterrorism. Larry Kramer, the former dean of Stanford Law School, who heads the foundation, noted Friday that until now “the policy debate has been impeded by gaps in trust — chasms, really — between academia, civil society, the private sector and the intelligence community” that have impeded the evolution of a “safe, open and resilient Internet.”

Among the chief authors of the report is Matthew G. Olsen, who was a director of the National Counterterrorism Center under Mr. Obama and a general counsel of the National Security Agency.

Two current senior officials of the N.S.A. — John DeLong, the head of the agency’s Commercial Solutions Center, and Anne Neuberger, the agency’s chief risk officer — are described in the report as “core members” of the group, but did not sign the report because they could not act on behalf of the agency or the United States government in endorsing its conclusions, government officials said.

“Encryption is a real problem, and the F.B.I. and intelligence agencies are right to raise it,” Mr. Olsen said Sunday. But he noted that in their testimony officials had not described the other technological breaks that are falling their way, nor had they highlighted cases in which they were able to exploit mistakes made by suspects in applying encryption to their messages.

Jonathan Zittrain, a professor of law and computer science at Harvard who convened the group, said in an interview that the goal was “to have a discussion among people with very different points of view” that would move “the state of the debate beyond its well-known bumper stickers. We managed to do that in part by thinking of a larger picture, specifically in the unexpected ways that surveillance might be attempted.”

He noted that in the current stalemate there was little discussion of the “ever-expanding ‘Internet of things,’ where telemetry from teakettles, televisions and light bulbs might prove surprisingly, and worryingly, amenable to subpoena from governments around the world.”

Those technologies are already being exploited: The government frequently seeks location data from devices like cellphones and EZ Passes to track suspects.

The study notes that such opportunities are expanding rapidly. A Samsung “smart” television contains a microphone meant to relay back to Samsung voice instructions to the TV — “I want to see the last three ‘Star Wars’ movies” — and a Hello, Barbie brought out by Mattel last year records children’s conversations with the doll, processes them over the Internet and sends back a response.

The history of technology shows that what is invented for convenience can soon become a target of surveillance. “Law enforcement or intelligence agencies may start to seek orders compelling Samsung, Google, Mattel, Nest or vendors of other networked devices to push an update or flip a digital switch to intercept the ambient communications of a target,” the report said.

These communications, too, may one day be encrypted. But Google’s business model depends on picking out key words from emails to tailor advertisements for specific users of Gmail, the popular email service. Apple users routinely back up the contents of their phones to iCloud — a service that is not encrypted and now is almost a routine target for investigators or intelligence agencies. So are the tracking and mapping systems for cars that rely on transmitted global positioning data.

“I think what this report shows is that the world today is like living in a big field that is more illuminated than ever before,” said Joseph Nye, a Harvard government professor and former head of the National Intelligence Council. “There will be dark spots — there always will be. But it’s easy to forget that there is far more data available to governments now than ever before.”

Europe Fail to Meet Deadline for Data Transfer Deal - The New York Times 20160131

Europe Fail to Meet Deadline for Data Transfer Deal - The New York Times 20160131

American and European officials failed on Sunday to reach an agreement over how digital data — including financial information and social media posts — could be transferred between the two regions.

Despite last-minute talks, the two sides remained far apart on specific details required to approve a comprehensive deal. Without an agreement, companies that regularly move data, including tech giants like Google and nontech companies like General Electric, could find themselves in murky legal waters.

European and American officials had until Sunday evening to meet a deadline set by Europe’s national privacy agencies, some of which have promised aggressive legal action if the current negotiations founder. Those agencies will publish their own judgment on how data can be moved safely between the two regions on Wednesday.

With time ticking down, the two sides are now hoping to agree to a broad deal before European national regulators act on Wednesday, according to several officials with direct knowledge of the talks, who spoke on the condition of anonymity because they were not authorized to speak publicly.

Still, negotiators said sticking points remained — including over how Europeans’ data would be protected from surveillance by the American government and how Europeans could seek legal remedies in American courts — and neither side could guarantee the final outcome.

The rules governing the transfer of online data have become a vital issue for many businesses. Facebook and Google, for example, use the information to help tailor the advertisements that are central to their businesses. Many nontech companies, like G.E., move data related to their customers and employees, as well as on how their products are used.

No big American company is expected to change how it does business immediately. But many have gathered teams of lawyers to protect themselves in case no deal emerges.

“There’s a lot of uncertainty,” said Tanguy Van Overstraeten, global head of privacy and data protection at the Brussels office of the Linklaters law firm, who represents companies that may become tangled up in the standoff. “We need a solution. Global business relies on transferring data. You cannot stop that.”

The most recent talks have been taking place in Brussels. Senior officials from the Commerce Department, the Federal Trade Commission and other American agencies traveled there last week. They have been meeting with the European Commission, the executive arm of the European Union that is in charge of the negotiations, along with senior national politicians from across Europe.

With the talks increasingly stalled, Penny Pritzker, the United States commerce secretary, was expected to call Vera Jourova, the European commissioner of justice, on Sunday in the hopes of brokering a deal.

The negotiations began three months ago after Europe’s highest court invalidated a 15-year-old data-transfer pact, a so-called safe harbor agreement. The judges ruled that Europeans’ data was not sufficiently protected when being transferred to the United States.

European and American negotiators had been talking for years about a new deal, but the court’s decision — which went into effect immediately — made action increasingly urgent.

In recent weeks, American officials have offered a number of concessions to their European counterparts. They include increased oversight over American intelligence agencies’ access to European data, according to several officials involved in the discussions, who spoke on the condition of anonymity.

American officials have also proposed the creation of a so-called data ombudsman within the State Department. That office, according to officials, would give Europeans a direct point of contact in the United States if they believed government agencies had misused their data. Europeans also may seek arbitration directly with American companies that they accuse of unlawfully using their digital information.

European officials, though, have expressed doubts that those moves would hold up if challenged in European courts. They have asked the Americans to provide specific details about how the current proposals would work in practice, according to two officials. In particular, Europeans want more information on the limits to American intelligence agencies’ access to European data, and on how Europeans can file legal claims in the United States.

American officials have argued that their proposals will stand up to European legal challenges. They also believe the United States has levels of data protection comparable to those in the European Union, where privacy is valued as highly as freedom of expression.

“We’ve agreed to make major changes,” Bruce H. Andrews, the deputy secretary of the Commerce Department, said on Jan. 15. “The U.S. takes individuals’ privacy very seriously.”

Any company — large or small — that transfers information between the two regions may face legal challenges. But the most likely targets for litigation, privacy advocates say, are large American tech giants like Google and Facebook that rely so heavily on people’s data.

Several of Europe’s national data regulators, including Isabelle Falque-Pierrotin, the French privacy chief who is chairwoman of a Pan-European data protection group, have said they will back a new data-transfer agreement if all of Europe’s privacy rights are upheld in the United States.

But if a new pact is not approved — or does not meet national regulators’ standards — some European privacy watchdogs may demand new limits on the movement of data.

Several consumer groups plan to file complaints about how companies transfer data as soon as Monday, arguing that people’s rights are not upheld when information is moved to the United States.

“These issues are going to end up back in court,” said Peter Swire, a law professor at the Georgia Institute of Technology, who helped negotiate the original safe harbor agreement while working for the Clinton administration.

The importance of the deal to the companies and privacy groups has crystallized in recent weeks, as American executives and government officials made it a top priority.

At the recent World Economic Forum in Davos, Switzerland, for instance, Sheryl Sandberg, chief operating officer of the social network Facebook, held high-level discussions with a number of European and American politicians to voice the company’s concerns about the pending deadline, according to several people with knowledge of the matter.

Secretary Pritzker also met with Andrus Ansip, the European official in charge of the region’s digital agenda, among other local policy makers, at Davos to discuss the new pact.

On their way to negotiations in Brussels, a delegation of American officials made a stop in Paris last week, sitting down with a group of European national regulators to address concerns over how their citizens’ data was used in the United States.

In Brussels, several trade groups regularly shuttled between meetings with senior European officials last week. The groups representing the tech industry came armed with a series of legal opinions from leading data protection experts that played down the differences in the way privacy was handled in the two regions.

The legal arguments included details about why current United States rules were on par with those of Europe — a view that critics of America’s position jumped on almost immediately.

“That assessment just isn’t true,” said Jan Philipp Albrecht, a German politician who has called for stronger data protection rules. “There’s a massive difference over how this issue is treated in Europe compared to the U.S.”

Savage, Charlie - File Says N.S.A. Found Way to Replace Email Program - The New York Times 20151119

Savage, Charlie - File Says N.S.A. Found Way to Replace Email Program - The New York Times 20151119

WASHINGTON — When the National Security Agency’s bulk collection of records about Americans’ emails came to light in 2013, the government conceded the program’s existence but said it had shut down the effort in December 2011 for “operational and resource reasons.”

While that particular secret program stopped, newly disclosed documents show that the N.S.A. had found a way to create a functional equivalent. The shift has permitted the agency to continue analyzing social links revealed by Americans’ email patterns, but without collecting the data in bulk from American telecommunications companies — and with less oversight by the Foreign Intelligence Surveillance Court.

The newly disclosed information about the email records program is contained in a report by the N.S.A.’s inspector general that was obtained by The New York Times through a lawsuit under the Freedom of Information Act. One passage lists four reasons that the N.S.A. decided to end the email program and purge previously collected data. Three were redacted, but the fourth was uncensored. It said that “other authorities can satisfy certain foreign intelligence requirements” that the bulk email records program “had been designed to meet.”

The report explained that there were two other legal ways to get such data. One was the collection of bulk data that had been gathered in other countries, where the N.S.A.’s activities are largely not subject to regulation by the Foreign Intelligence Surveillance Act and oversight by the intelligence court. Because of the way the Internet operates, domestic data is often found on fiber optic cables abroad.

The N.S.A. had long barred analysts from using Americans’ data that had been swept up abroad, but in November 2010 it changed that rule, documents leaked by Edward J. Snowden have shown. The inspector general report cited that change to the N.S.A.’s internal procedures.

The other replacement source for the data was collection under the FISA Amendments Act of 2008, which permits warrantless surveillance on domestic soil that targets specific noncitizens abroad, including their new or stored emails to or from Americans.

“Thus,” the report said, these two sources “assist in the identification of terrorists communicating with individuals in the United States, which addresses one of the original reasons for establishing” the bulk email records program.

Timothy Edgar, a privacy official in the Office of the Director of National Intelligence in both the George W. Bush and Obama administrations who now teaches at Brown University, said the explanation filled an important gap in the still-emerging history of post-Sept. 11, 2001, surveillance.

“The document makes it clear that N.S.A. is able to get all the Internet metadata it needs through foreign collection,” he said. “The change it made to its procedures in 2010 allowed it to exploit metadata involving Americans. Once that change was made, it was no longer worth the effort to collect Internet metadata inside the United States, in part because doing so requires N.S.A. to deal with” restrictions by the intelligence court.

Observers have previously suggested that the N.S.A.’s November 2010 rules change on the use of Americans’ data gathered abroad might be connected to the December 2011 end of the bulk email records program. Marcy Wheeler of the national security blog Emptywheel, for example, has argued that this was probably what happened.

And officials, who spoke on the condition of anonymity to discuss sensitive collection programs, have said the rules change and the FISA Amendments Act helped make the email records program less valuable relative to its expense and trouble. The newly disclosed documents amount to official confirmation.

The N.S.A. and the Office of the Director of National Intelligence did not respond to a request for comment.

After the Sept. 11 attacks, Mr. Bush secretly authorized the N.S.A. to conduct surveillance and data-collection activities without obeying the Foreign Intelligence Surveillance Act, in a program called Stellarwind.

The email records component caused many internal headaches. In 2004, the Justice Department questioned its legality, contributing to a confrontation in the hospital room of Attorney General John Ashcroft and the threat of a mass resignation.

Mr. Bush then halted the program until the intelligence court began issuing secret orders authorizing it.

The court limited the categories of data that the N.S.A. was permitted to collect and restricted how it could gain access to the data. After violations of those limits were revealed in 2009, the N.S.A. suspended the program until mid-2010, only to end it the next year.