Tumblelog by Soup.io
Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

October 29 2013

NSA: James Clapper gibt weitere zehn Dokumente frei

480px-James_R._Clapper_official_portraitDer Direktor der US amerikanischen Geheimdienste James Clapper hat am Montag zehn weitere NSA Dokumente freigegeben. Die Freigabe beruht weniger auf Clappers angeblichen Bemühungen für mehr Transparenz zu sorgen, sondern sind direkt auf eine Freedom of Information Act Klage der US amerikanischen Electronic Frontier Foundation zurückzuführen. Einige der Dokumente legen weitere Interpretationen der umstrittenen Section 215 des USA PATRIOT Acts – eine Gesetzesänderung, die es US amerikanischen Geheimdiensten erlaubt umfassend und verdachtsunabhängig Telekommunikation zu überwachen.

  • Ein Memorandum zwischen NSA und dem Senate Select Committee on Intelligence (SSCI) belegt, dass die NSA in Kooperation mit einem Provider mindestens seit 26. April 2010 Standortdaten von Mobiltelefonen – zunächst zu Testzwecken – ausgewertet haben. Das Justizministerium (DOJ) hatte davon gewusst und die Erfassung unter dem FISA Gesetz genehmigt.
  • Seit 1. September 2011 wusste der zumindest der Justizausschuss des Senats der USA laut Memorandum, dass Verbindungsdaten (Meta-Daten) von Telefongesprächen zwischen zwei US-Bürgern im Inland abgefangen und analysiert werden. Auch dies wurde durch das Geheimdienstgericht (FISA Court) gebilligt.

[...] NSA has begun to acquire and analyze telephony metadata derived from cellular network or “mobility” call detail records (CDRs). The cellular telephony metadata is being produced pursuant to an order issued by the Foreign Intelligence Surveillance Court… for billed long distance telephone calls to or from landline telephones either (a) between the U.S. and abroad; or (b) wholly within the U.S., including local telphone calls.

  • In einem Brief von Dezember 2009 an Mitglieder des Justizausschusses des Senats betont das Justizministerium (DOJ), dass eine öffentliche Debatte über die umfassenden Überwachungsmaßnahmen durch Sektion 215 des USA PATRIOT Acts nicht erwünscht sei, da die nationale Sicherheit gefährdet sei.

Public disclosure of the highly classified uses of Section 215 authority, including the bulk collection program thereunder, is problematic… Because we are concerned that public disclosure would cause serious damage to national security, we cannot disclose publicly that Section 215 is used for bulk collection of telephony metadata.

  • Ein Protokoll vom selben Jahr illustriert, dass die Richter des Geheimdienstgerichts immer wieder Bedenken gegenüber der NSA geäußert haben in Bezug auf die Legalität des Programmes und der Einhaltung der gesetzlichen Schranken – vor allem bei der Beurteilung der Reasonable Articulable Suspicion (RAS). Dadurch, dass die Richter des FISC niemals die Gegenseite oder Bedenken hören, können sie kaum ehrlich abwägen, ob tatsächlich Überwachung zu weit geht. Und somit findet keine effektive Kontrolle der Geheimdienste statt.
  • Ein Memorandum von Februar 2009 an das Select Committee on Intelligence zeigt, wie wenig diese Memoranden eigentlich sagen: Die Quintessenz aus drei Seiten Text ist, dass die NSA ‘kleinere Probleme’ bei der Einhaltung der Auflagen und aufgezeigten Schranken des Geheimdienstgerichts hatte. Man würde aber eng mit dem Justizministerium zusammenarbeiten, um die Programme entsprechend abzuändern.

NSA and DOJ have already identified a number of steps designed to improve the Agency’s ability to comply with the relevant orders and implementation of these changes has begun.

NSA needs access to telephony business records in bulk so that it can quickly identify the network of contacts that a targeted number is connected to, whenever a targeted number is detected. NSA identifies the network of contact by applying sophisticated analysis to this metadata. The more metadata NSA has access to, the higher the chances are that NSA can identify or discover the network of contacts linked to targeted numbers.

Im Vergleich zu den ersten Veröffentlichungen durch den Dirctor of National Intelligence, durch die u.a. das erste Mal die rechtliche Interpretation des Patriot Acts an die Öffentlichkeit gelangte, sind die jetzigen Dokumente eher als Bestätigung einiger Vermutungen zu sehen. Wir wussten all das schon durch Snowdens Enthüllungen. Allerdings sind diese offiziellen Dokumente essenziell für die weitere politische Diskussion. So ist ein weiteres Mal durch diese Dokumente eindeutig belegt, dass DNI James Clapper vor dem Kongress gelogen hat.

Ebenso hatte Barack Obama gelogen, als er in Jay Lenos Show sagte, es würden keine Amerikaner überwacht werden.

There is no spying on Americans.

Die Dokumente verdeutlichen außerdem das grundlegende Problem der Aufsicht und Kontrolle der geheimdienstlichen Aktivitäten. Ein Richter des US amerikanischen Geheimdienstgerichtes, Reggie B. Walton, sagte gegenüber der Washington Post, dass das Gericht selbst keine Untersuchungen einleiten könne und auf die durch die NSA vorgelegten Informationen angewiesen sei. Somit ist vorprogrammiert, dass es zu keiner echten Aufsicht und scharfen Kontrolle kommt – sondern eher zum ‘Abnicken’.

The FISC is forced to rely upon the accuracy of the information that is provided to the Court. The FISC does not have the capacity to investigate issues of noncompliance, and in that respect the FISC is in the same position as any other court when it comes to enforcing [government] compliance with its orders.

Gerade deswegen kann man nur hoffen, dass der neu vorgeschlagene USA FREEDOM Act der US Senatoren Sensenbrenner und Leahy große Unterstützung findet.

Wir wollen netzpolitik.org weiter ausbauen. Dafür brauchen wir finanzielle Unterstützung. Investiere in digitale Bürgerrechte.

flattr this!

July 23 2013

Contract with FBI and Department of Justice: How Telekom and T-Mobile USA Commit to Electronic Surveillance

German telecommunications company Deutsche Telekom and its subsidiary company T-Mobile USA committed themselves to make communication data and contents available to American authorities. This agreement is part of a contract with the FBI and Department of Justice from 2001, which we hereby publish. Telekom comments that it of course cooperates with security services – also in other countries.

This is an English translation of the original German post.

Two weeks ago Deutsche Telekom CEO René Obermann was totally surprised by the mass-surveillance of western intelligence agencies. Yesterday, David Scharven reported on WAZ.de about an “surveillance contract of Deutsche Telekom with US authorities”.

We are hereby publishing this contract exclusively: PDF, Text (bad OCR, sorry.)

Commitment to Electronic Communications Surveillance

Logo während des Übergangs von VoiceStream zu T-Mobile USA.

Logo during the transition of VoiceStream to T-Mobile USA.

The contract is between Deutsche Telekom AG and VoiceStream Wireless (which became T-Mobile USA in 2002) on one side and the Federal Bureau of Investigation and the US Department of Justice on the other. The 27 page document was signed in December 2000 and January 2001 – before 9/11.

After recitals and definitions, Article 2 of the contract describes “Facilities, Information Storage and Access”. T-Mobile USA commits to operate its infrastructure for “all Domestic Communications” “in the United States”. The communication has to flow through a facility in the US “from which Electronic Surveillance can be conducted”. Deutsche Telekom further commits to “provide technical or other assistance to facilitate such Electronic Surveillance”.

Access to this data is granted on the basis of “Lawful U.S. Process”, “orders of the President in exercise of bis/her authority under § 706 of the Communications Act of 1934″ or “National Security and Emergency Preparedness rules”.

Any Wire Communications or Electronic Communications

The types of data to be stored are “stored Domestic Communications”, “any Wire Communications or Electronic Communications”, “Transactional Data and Call Associated Data”, “Subscriber Information” and “billing records”. These data must be “stored in a manner not subject to mandatory destruction under any foreign laws”. Billing records shall be stored “for at least two years”. Other legal obligations for data retention remain unaffected by this contract.

We include the full article 2 at the bottom of this post. Further articles commit Deutsche Telekom/T-Mobile USA to security instructions. They shall not disclose this data to foreign parties, especially foreign governments. Every three months Deutsche Telekom “shall notify DOJ in writing of legal process or requests by foreign non governmental entities”. Furthermore FBI and DOJ insist on 24/7 “designate points of contact” “to conduct Electronic Surveillance”.

On FBI or DOJ demand, Deutsche Telekom “shall provide access to Information concerning technical, physical, management, or other security measures and other reasonably available information”. The institutions can, “upon a reasonable notice and during reasonable hours”, visit and inspect any part of Deutsche Telekoms “Domestic Communications infrastructure and security offices”. Further Deutsche Telekom is committed to “submit to the FBI and the DOJ a report assessing DT compliance with the terms of this Agreement” every year.

United States would suffer irreparable injury

Hans-Willi Hefekäuser. Quelle: neue musikzeitung.

Hans-Willi Hefekäuser.

Last but not least “Deutsche Telekom AG agrees that the United States would suffer irreparable injury if for any reason DT failed to perform any of its significant obligations under this Agreement”.

The contract was signed in December 2000 and January 2001 by Hans-Willi Hefekäuser (Deutsche Telekom AG), John W. Stanton (VoiceStream Wireless), Larry R. Parkinson (FBI) and Eric Holder (DOJ).

Questions to Deutsche Telekom

This revelation raises multiple questions, which we have asked Deutsche Telekom:

  • Is this contract still in force? Was the contract changed since 2001?
  • How much data was transferred to US authorities by this or other contracts?
  • Did CEO René Obermann know about this contract, when he said two weaks ago: “We are not cooperating with foreign intelligence services”?

Which other countries with such contracts?

A spokesman from Deutsche Telekom confirmed to WAZ:

A spokesman of Deutsche Telekom explained, such surveillance contracts with foreign intelligence services are also in place “in other countries”. Telekom could not say in which countries surveillance duties are regulated by such contracts. It will be checked, they said.

Deutsche Telekom AG weltweit. Bild: Peeperman. Lizenz: Creative Commons BY-SA 3.0

Deutsche Telekom AG worldwide. Picture: Peeperman. License: CC BY-SA 3.0.

Deutsche Telekom AG is active in dozens of countries, including China and Russia. Did Telekom sign surveillance contracts in these states as well?

A spokesman of Deutsche Telekom commented to netzpolitik.org:

This contract essentially says that the American subsidiary of Deutsche Telekom AG abides American law.

Of course Deutsche Telekom cooperates with intelligence services, when obliged by law to do so.

Frank Rieger, a spokesperson of Chaos Computer Club told netzpolitik.org:

Deutsche Telekom, as well as any other telecommunications companies, must reveal all secret agreements with domestic and foreign intelligence services. These providers have to decide where to put their loyalty: their customers or the intelligence services.


Here is the full paragraph 2 of the contract:

ARTICLE 2: FACILITIES, INFORMATION STORAGE AND ACCESS

2.1 Except (to the extend and under conditions concurred in by the FBI and the DOJ in writing:

(a) all Domestic Communications Infrastructure that is owned, operated, or controlled by VoiceStream shall at all times be located in the United States and will be directed, controlled, supervised and managed by VoiceStream; and

(b) all Domestic Communications Infrastructure not covered by Section 2.1(a) shall at all times be located in the United States and shall be directed, controlled, supervised and managed by a U.S. Subsidiary, except strictly for bona fide commercial reasons;

(c) all Domestic Communications that are carried by or through, in whole or in part, the Domestic Communications Infrastructure shall pass through a facility under the control of a US, Subsidiary and physically located in the United States, from which Electronic Surveillance can be conducted pursuant to Lawful U.S. Process. DT will provide technical or other assistance 1o facilitate such Electronic Surveillance.

2.2 DT shall take all practicable steps to configure its Domestic Communications Infrastructure to be capable of complying, and DT’s employees in the United States will have unconstrained authority to comply, in an effective, efficient, and unimpeded fashion, with:

(a) Lawful U.S. Process,

(b) the orders of the President in exercise of bis/her authority under § 706 of the Communications Act of 1934, as amended, (47 U.S.C. § 606), and under § 302(e) of the Aviation Act of 1958 (49 U.S.C. § 40107(b)) and Executive Order 11161 (as amended by Executive Order 11382), and

(c) National Security and Emergency Preparedness rules, regulations and orders issued pursuant to the Communications Act of 1934, as amended (47 U.S.C. § 151 et seq.)

2.3 U.S. Subsidiaries shall make available in the United States the following:

(a) stored Domestic Communications, if such communications are stored by a U.S. Subsidiary (or any entity with which a U.S. Subsidiary has contracted or made other arrangements for data or communications processing or storage) for any reason;

(b) any Wire Communications or Electronic Communications (including any other type of wire, voice er electronic Communication not covered by the definitions of Wire Communication or Electronic Communication) received by, intended to be received by, or stored in the account of a customer or subscriber of a U.S. Subsidiary, if such communications are stored by a U.S. Subsidiary (or any entity with which a U.S. Subsidiary has contracted or made other arrangements for data or communications processing or storage) for any reason;

(c) Transactional Data and Call Associated Data relating to Domestic Communications, if such data are stored by a U.S. Subsidiary (or any entity with which a U.S. Subsidiary has contracted or made other arrangements for data or communications processing or storage) for any reason;

(d) Subscriber Information concerning customers or subscribers of a U.S. Subsidiary, if such information are stored by a U.S. Subsidiary (or any entity with which a U.S. Subsidiary has contracted or made other arrangements for data or communications processing or storage) for any reason; and

(e) billing records relating to customers and subscribers of a U.S. Subsidiary for so long as such records are kept and at a minimum for as long as such records and required to be kept pursuant to applicable U.S. law or this Agreement.

2.4 U.S. Subsidiaries shall ensure that the data and communications described in Section 2.3(a) – (e) of this Agreement are stored in a manner not subject to mandatory destruction under any foreign laws, if such data and communications an: stored by a U.S. Subsidiary (or any entity with which a U.S. Subsidiary has contracted or made other arrangements for data or communications processing or storage) for any reason. U.S. Subsidiaries shall ensure that the data and communications described in Section 2.3(a) – (e) of this Agreement shall not be stored by a U.S. Subsidiary (or any entity with which a U.S. Subsidiary has contacted with or made other arrangements for data or communications processing or storage) outside of the United Stales unless such storage is strictly for bona fide commercial reasons weighing in favor of storage outside the United Stales.

2.5 DT shall store for at least two years all billing records maintained by U.S. Subsidiaries for their customers and subscribers.

2.6 Upon a request made pursuant to 18 U.S.C. § 2703(f) by a governmental entity within the United States to preserve any information in the possession, custody, or control of DT (hat relates to (a) a customer or subscriber of a U.S. Subsidiary, or (b) any communication of such customer or subscriber described in (a) above, or (c) any Domestic Communication, DT shall store such preserved records or other evidence in the United States.

2.7 Nothing in this Agreement shall excuse DT from any obligation it may have to comply with U.S. legal requirements for the retention, preservation, or production of such information or data.

2.8 Except strictly for bona fide commercial reasons, DT shall not route a Domestic Communication outside the United States.

2.9 DT shall comply, with respect to Domestic Communications, with all applicable FCC rules and regulations governing access to and storage of Customer Proprietary Network Information (“CPNI”), as defined in 47 U.S.C. § 222(f)(1).

Wir wollen netzpolitik.org weiter ausbauen. Dafür brauchen wir finanzielle Unterstützung. Investiere in digitale Bürgerrechte.

flattr this!

Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.

Don't be the product, buy the product!

Schweinderl