Special Reports
Spy leaks
Behind the NSA intelligence scandalThe Snowden leaks explained
30 October 2013 Last updated at 00:19 GMT
The leaking of classified documents by former CIA and NSA contractor Edward Snowden continues to ignite controversy.
How spy scandal unravelled
Leaks by ex-CIA contractor Edward Snowden exposed extensive US surveillanceUS spy leaks: How intelligence is gathered
Documents
leaked by whistleblower Edward Snowden suggest the US government has
undertaken mass surveillance operations across the globe - including
eavesdropping on US allies.
The claims have led US Senate's intelligence committee to
pledge to review the way the country's biggest intelligence organisation
- the National Security Agency (NSA) - undertakes surveillance.According to the leaks, what are the key methods the spy agency uses?
1. Accessing internet company data In June, the leaked documents revealed how the NSA had backdoor access to major technology companies.
The files showed the agency had access to the servers of nine internet firms, including Facebook, Google, Microsoft and Yahoo, in order to track online communication under a surveillance programme known as Prism.
They claimed the project gave the NSA - along with the UK's eavesdropping station GCHQ - access to email, chat logs, stored data, voice traffic, file transfers and social networking data.
However, the companies denied they had offered the agency "direct access" to their servers.
Some experts have also questioned Prism's real power.
Digital forensics professor Peter Sommer told the BBC such access may be more akin to a "catflap" than a "backdoor", with intelligence agencies able to tap into servers only to collect intelligence on a named target.
Continue reading the main story
What data could Prism possibly access? |
|
---|---|
Company | What kind of data which could be collected? |
Some Microsoft sites collect email address, name, home or
work address, or telephone numbers. Some services require sign-in with
email and password. Microsoft also receives information sent by
web-browsers on sites visited, together with IP address, referring site
address and time of visit. The company also uses cookies to provide more
information about pages views |
|
Yahoo collects personal information when users sign up for
products or services including name, address, birth date, post code and
occupation. It also records information from users' computers, including
IP addresses. |
|
Personal details are required for sign-up to Google
accounts, including name, email address and phone number. Google email -
Gmail - stores email contacts and email threads for each account, which
have a 10 GB capacity. Search queries, IP addresses, telephone log
information and cookies which uniquely identify each account are also
stored. Chat conversations are also collected unless a user selects 'off
the record' option. |
|
Facebook requires personal information on sign-up, such as
name, email address, date of birth and gender. It also collects status
updates, photos or videos shared, wall posts, comments on others posts,
messages and chat conversations. Friends' names, and the email details
of those friends who have provided addresses on their profiles, are also
recorded. Tagging information about users from friends is recorded, and
GPS or other location information is also stored. |
|
Paltalk is an instant chat, voice and video messaging
service. Users must provide contact information including email address.
The company employs cookies to track user behaviour, with the aim of
delivering targeted advertising. |
|
YouTube is owned by Google and the company applies the same
data collection methods. Users logged in via their Google accounts will
have their YouTube searches, playlists and subscriptions to other users'
accounts recorded. |
|
Skype is part of Microsoft, and its instant messaging
service replaced Microsoft's Messenger this year. Users submit personal
data including name, username, address when signing up. Further profile
information such as age, gender and preferred language are also recorded
as options. Contacts lists are stored, as is location information from
mobile devices. Instant messages, voicemail and video messages are
generally stored by Skype for between 30 and 90 days, though users can
opt to preserve their instant messaging history for longer. |
|
AOL collects personal information for users signing up or
registering for its products and services, but its privacy policy states
that users who do not make themselves known to the company by these
methods are "generally anonymous." |
|
Users signing up for Apple ID's - required for services such
as iTunes , or to register products - must submit personal data
including name, address, email address and phone number. The company
also collects information about the people who Apple users share content
with, including their names and and email addresses. |
In June, further leaked documents from GCHQ published in the Guardian
revealed the UK was tapping fibre-optic cables carrying global
communications and sharing the data with the NSA, its US counterpart.
The documents claimed GCHQ was able to access 200 fibre-optic
cables, giving it the ability to monitor up to 600 million
communications every day.The information on internet and phone use was allegedly stored for up to 30 days in order for it to be sifted and analysed.
GCHQ declined to comment on the claims but said its compliance with the law was "scrupulous".
In October, the Italian weekly L'Espresso published claims that GCHQ and the NSA had targeted three undersea cables with terminals in Italy, intercepting commercial and military data.
The three cables in Sicily were named as SeaMeWe3, SeaMeWe4 and Flag Europe-Asia.
Then, at the end of October, the Washington Post published claims the NSA had hacked into fibre-optic cables and other network equipment connecting servers operated by Google and Yahoo.
According to the leaks, the agency had obtained and sifted through a wide range of material, including "metadata" - which records who sent or received e-mails and when - text, audio and video, in an operation run in conjunction with British counterpart GCHQ.
Google, which has a number of US and overseas data centres - consisting of thousands of miles of cables and computers stored in warehouses - has said it is now working to encrypt its cables.
3. Eavesdropping on phones In October, German media reported that the US had bugged German Chancellor Angela Merkel's phone for more than a decade - and that the surveillance only ended a few months ago.
Der Spiegel magazine, again quoting documents leaked by whistleblower Edward Snowden, suggested the US had been spying on Mrs Merkel's mobile phone since 2002.
The documents quoted by the magazine claimed a US listening unit was based inside its Berlin embassy - and similar operations were replicated in 80 locations around the world.
Investigative journalist Duncan Campbell explains in his blog how windowless areas on the outside of official buildings could be "radio windows". These external windows - made of a special material that does not conduct electricity - allow radio signals to pass through and reach collection and analysis equipment inside.
Der Spiegel said the nature of the monitoring of Mrs Merkel's mobile phone was not clear from the leaked files.
However, later reports claimed that two of the chancellors phones had been targeted - one unencrypted phone she used for party business as well as her encrypted device used for government work.
According to security experts, standard mobile phone encryption systems can be vulnerable because their scrambling system is, in software terms, separate from the program used to create a message.
It is possible for an eavesdropper to position themselves between the message-making software and the encryption system at either end of a conversation and see information before it is scrambled or after it is unscrambled.
End-to-end encryption, now adopted by many, closes this gap by having the message-making software apply the scrambling directly. In addition, many of these systems run a closed network so messages never travel over the public internet and are only decrypted when they reach their intended recipient.
How encryption systems work
As well as the bugging of the chancellor's phone, there are claims the NSA has monitored millions of telephone calls made by German and French citizens along with the emails and phone calls of the presidents of Mexico and Brazil.
The Guardian later reported that the NSA had monitored the phones of 35 world leaders after being given their numbers by another US government official. Again, Edward Snowden was the source of the report.
4. Targeted spying Der Spiegel magazine published claims in June that the NSA had also spied on European Union offices in the US and Europe.
The magazine said it had seen documents leaked by Edward Snowden showing that the US had spied on EU internal computer networks in Washington and at the 27-member bloc's UN office in New York.
The files allegedly suggested that the NSA had also conducted an eavesdropping operation in a building in Brussels, where the EU Council of Ministers and the European Council were located.
Then, in July, the Guardian published claims in further leaked documents that a total of 38 embassies and missions had been "targets" of US spying operations.
Countries targeted included France, Italy and Greece, as well as America's non-European allies such as Japan, South Korea and India, the paper said.
EU embassies and missions in New York and Washington were also said to be under surveillance.
The file is said to have detailed "an extraordinary range" of spying methods used to intercept messages. They included bugs, specialised antennae and wire taps.
5. Text message gathering In January 2014, the Guardian newspaper and Channel 4 News reported that the NSA collected and stored almost 200 million text messages per day across the globe.
NSA programmes codenamed Dishfire and Prefer extracted location information, contacts and financial data from SMS messages, including automated texts, such as roaming charge alerts, the newspaper said.
According to The Guardian, this was an untargeted collection of people's messages, rather than being aimed at known surveillance targets.
However, the NSA told the BBC the programme stored "lawfully collected SMS data" and any implication that collection was "arbitrary and unconstrained is false".
Snowden leaks explained
A summary of US spying allegations brought about by Edward Snowden's leak of classified documents.COPY http://uk.reuters.com/
Nenhum comentário:
Postar um comentário