Feeds

Using encryption? That means the US spooks have you on file

By my order for the good of the state, the bearer has done what has been done

The essential guide to IT transformation

Anyone who encrypts their emails or uses secure instant message services runs the risk of having their communications stored by the US National Security Agency, according to the latest leaks from former NSA sysadmin Edward Snowden.

The Guardian has published two more explosive documents which set out what sort of information the NSA is allowed to harvest from foreign targets, as well American citizens.

Both were issued by the secret Foreign Intelligence Surveillance Court and were signed by US Attorney General Eric Holder in 2009.

The leaked documents show that data about a US citizen collected "inadvertently" can also be stored for up to five years, giving agents significant breathing space when gathering intelligence. They also show the methods agents use to establish whether targets are based in the US and what they are allowed to do in order to spy on "non-US persons".

The documents clearly state that surveillance should cease the minute a target is on US soil or is deemed to be an American – but there are exceptions to this which allow spooks to store communications from American citizens.

If someone's location can not be clearly established, then they "will not be treated as a United States person" unless other evidence becomes apparent. This would mean that anyone using anonymity software like Tor, which deliberately masks their location, is liable to have their communications stored.

Spies are also told they can retain "all communications that are enciphered or reasonably believed to contain secret meaning" for up to five years, giving them another way to keep American citizens' communications data.

These must be kept to help create a "technical data base", which is spook slang for any data which is useful for cryptanalysis - the breaking of codes - or analysis of internet traffic. In practice, this means that using encrypted messages for security purposes may have the ironic effect of drawing the secret message to the attention of spies.

This data should really be destroyed within five years, unless they are "communications that are enciphered or reasonably believed to contain secret meaning, and sufficient duration may consist of any period of time during which encrypted material is subject to, or of use in, cryptanalysis".

Exchanges between attorneys and clients can also be kept, as long as they contain foreign intelligence information.

The documents follow in the wake of other revelations from Snowden, including an NSA programme called PRISM which trawled data on individuals from popular US cloud and social services. ®

Next gen security for virtualised datacentres

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?