Forgot your password?
typodupeerror
Government Privacy Blackberry Cellphones Communications Handhelds Iphone United States Your Rights Online

NSA Can Spy On Data From Smart Phones, Including Blackberry 298

Posted by timothy
from the ask-not-how-you-can-spy-on-your-country dept.
An anonymous reader writes with a report from Spiegel Online that the U.S. government "has the capability of tapping user data from the iPhone, [and] devices using Android as well as BlackBerry, a system previously believed to be highly secure. The United States' National Security Agency intelligence-gathering operation is capable of accessing user data from smart phones from all leading manufacturers. ... The documents state that it is possible for the NSA to tap most sensitive data held on these smart phones, including contact lists, SMS traffic, notes and location information about where a user has been." As a bonus, the same reader points out a Washington Post report according to which "The Obama administration secretly won permission from a surveillance court in 2011 to reverse restrictions on the National Security Agency's use of intercepted phone calls and e-mails, permitting the agency to search deliberately for Americans' communications in its massive databases ... In addition, the court extended the length of time that the NSA is allowed to retain intercepted U.S. communications from five years to six years — and more under special circumstances, according to the documents, which include a recently released 2011 opinion by U.S. District Judge John D. Bates, then chief judge of the Foreign Intelligence Surveillance Court."
This discussion has been archived. No new comments can be posted.

NSA Can Spy On Data From Smart Phones, Including Blackberry

Comments Filter:
  • Let me guess, BIS (Score:4, Informative)

    by Ferzerp (83619) on Sunday September 08, 2013 @10:31AM (#44789637)

    BES in theory can only be intercepted and cracked with a massive amount of computation time, limiting the functional use of any dragnet attempts.

    Journalists never understand the difference between BIS and BES though.

  • Secret oversight (Score:5, Insightful)

    by Anonymous Coward on Sunday September 08, 2013 @10:32AM (#44789643)

    Secret oversight can't be trusted, and anyone who thought it could be trusted was a moron.

    • by Anonymous Coward on Sunday September 08, 2013 @10:54AM (#44789805)

      The Nazi hunters had to dig thru millions of paper documents. I think it would be the right thing to do to start keeping track of all the people who have thrown our country away. A centralized site where people can upload pictures of the agents and any information they may have on them.

      Whether it is federal agents 'only doing their job' or federal judges making it possible all the way down to the DHS agents at airports acting as thugs.

      We need a single place where all this information can be consolidated for the future so they can all be held accountable for the damage they contributed to.

    • Re: (Score:3, Insightful)

      by Jawnn (445279)
      And yet the sheeple just keep bending over and taking it.
      • Re: (Score:2, Insightful)

        by Anonymous Coward

        Would you lose the idiotic term "sheeple"? It's smug and condescending, and is the sort of expression used by conspiracy nutjobs to distinguish themselves from the unwashed masses who don't understand the Truth as revealed on some guy's blog. In short, it makes you sound like a complete twat.

        • It's smug and condescending

          That's probably intentional. It's not hard to feel superior to people who support this nonsense because they believe it will keep them safe, or people who simply don't care in the least.

        • by Jmc23 (2353706)
          Look, it's a , ah, um, a sheerson(?) in the wild.
    • by gmuslera (3436) on Sunday September 08, 2013 @11:41AM (#44790169) Homepage Journal

      The worst part of the no trust is that they can't even know if the data they are collecting from is being misused [medium.com]. Not just they are lowering on pourpose your security (weakening crypto, planting backdoors, etc), and syphoning everyone's private information, but is already proved (to the public, with Snowden) that they don't know who access their information and how is or will be using it.

      So if tomorrow your bank account shows a pretty rounded zero because the backdoors NSA planted on you was used by one of the employees of one of the companies the NSA hires (he just sold in the black market that backdoor information and someone else did it), don't be sad, the country must be defended from the terrorists.

    • Re:Secret oversight (Score:5, Interesting)

      by mcgrew (92797) * on Sunday September 08, 2013 @12:11PM (#44790407) Homepage Journal

      Secret oversight can't be trusted

      Of course not, but posting anonymously won't keep them from knowing who you are.

      I just upgraded to an Android phone from my old feature phone and find it annoying when a pre-installed app wants me to turn GPS and Location Services on. Those are supposed to be for my benefit, not doubleclick and the NSA's.

  • by xystren (522982) on Sunday September 08, 2013 @10:33AM (#44789655)

    Yet again, the extent of government overreaching continues. Lie about what really is really being done, and with a subtle move along, nothing to see here... "Ohh, look over there,Kim Kardashian."

    Simply amazing that what is being assured is not being done, is in reality being done.

    • by ifiwereasculptor (1870574) on Sunday September 08, 2013 @10:40AM (#44789697)

      What amazes me is that there have been no reprisals so far. Not by the US citizens, by US courts nor by other countries. Folks who actually live in the US, please tell me: are people really just shrugging it off or am I just not seeing the repercussions from here?

      • Things people can do (Score:5, Informative)

        by Okian Warrior (537106) on Sunday September 08, 2013 @11:30AM (#44790087) Homepage Journal

        From a previous post, here's the collected list of suggested actions people can take to help change the situation.

        Have more ideas? Please post below.

        Links worthy of attention:

        http://anticorruptionact.org/ [anticorruptionact.org] [anticorruptionact.org]

        http://www.ted.com/talks/lawrence_lessig_we_the_people_and_the_republic_we_must_reclaim.html [ted.com] [ted.com]

        http://action.fairelectionsnow.org/fairelections [fairelectionsnow.org] [fairelectionsnow.org]

        http://represent.us/ [represent.us] [represent.us]

        http://www.protectourdemocracy.com/ [protectourdemocracy.com] [protectourdemocracy.com]

        http://www.wolf-pac.com/ [wolf-pac.com] [wolf-pac.com]

        https://www.unpac.org/ [unpac.org] [unpac.org]

        http://www.thirty-thousand.org/ [thirty-thousand.org] [thirty-thousand.org]

        Join the class action suit that Rand Paul is bringing against the NSA.

        Suggestion #1:

        (My idea): If people could band together and agree to vote out the incumbent (senator, representative, president) whenever one of these incidents crop up, there would be incentive for politicians to better serve the people in order to continue in office. This would mean giving up party loyalty and the idea of "lessor of two evils", which a lot of people won't do. Some congressional elections are quite close, so 2,000 or so petitioners might be enough to swing a future election.

        Let your house and senate rep know how you feel about this issue / patriot act and encourage those you know to do the same.

        If enough people let their representivies know how they feel obviously those officials who want to be reelected will tend to take notice. We have seen what happens when wikipedia and google go "dark", congressional switchboards melt and the 180's start to pile up.

        Fax is considered the best way to contact a congressperson,especially if it is on corporate letterhead.

        Suggestion #2:

        Tor, I2dP and the likes. Let's build a new common internet over the internet. Full strong anonymity and integrity. Transform what an
        eavesdropper would see in a huge cypherpunk clusterfuck.

        Taking back what's ours through technology and educated practices.

        Let's go back to the 90' where the internet was a place for knowledgeable and cooperative people.

        Someone Added: Let's go full scale by deploying small wireless routers across the globe creating a real mesh network as internet was designed to be!

        Suggestion #3:

        A first step might be understanding the extent towards which the government actually disagrees with the people. Are we talking about a situation where the government is enacting unpopular policies that people oppose? Or are we talking about a situation where people support the policies? Because the solutions to those two situations are very different.

        In many cases involving "national security", I think the situation is closer to the second one. "Tough on X" policies are quite popular, and politicians often pander to people by enacting them. The USA Patriot Act, for example, was hugely popular when it was passed. And in general, politicians get voted out of office more often for being not "tough" on crime and terrorism and whatever else, than for being too over-the-top in pursuing those policies.

        Suggestion #4:

        What I feel is needed is a true 3rd party, not 3rd, 4th, 5th, and 6th parties, such as Green, Tea Party, Libertarian; we need an agreeable third party that can compete against the two majors without a lot of interference from small parties. We need a consensus third party.

        Suggestion #5:

        Replace the voting system. Plurality voting will always lead [wikipedia.org] to the mess we have now. The only contribution towards politics I've made in years

      • by gmuslera (3436)

        There had been some reprisals [slashdot.org], the EFF sued, requested information, tried to keep public informed. That won't mean that law or the wrongly called Department of Justice will do anything regarding it, or that the information that is requested would be just a bunch of lies (if they lies to the congress, and get promoted after that gets found, then they can lie on everyone).

        Also there had been some diplomatic consequences, Germany, Brazil and other countries complained and had some diplomatic answers that if

      • The NSA spends all its time looking for ways to spy on us. That accumulated man-hours is far greater than what we are dedicating to the counter-attack. If we start spending our time looking for ways to protect our privacy (to counter their efforts) then our accumulated man-hours will be far greater, and we will push them back. This method does not require a united counter attack, only that many of us work at the problem.
      • Those who do not study history are doomed to repeat it.
        It was a good tactic in the American revolution against the British and seems to work just as well now.
        --sheeple analogy--
        Sheeple dog guards the sheeple, wolves put on sheeple suits and attack the dog, dog gets frienzied and starts attacking the sheeple, dog runs crazy until it is worn out, Wolves finish off the half dead dog and it is dinner time.
        1. Incite madness
        2. Wait for them to get tired
        3. Profit!
        If you watch a nature show about wolves hunt
  • Open Source Android (Score:3, Interesting)

    by Oysterville (2944937) on Sunday September 08, 2013 @10:33AM (#44789657)
    Are there any projects within the Android realm that can combat this? Given the open nature of the OS, it'd be nice if we could somehow adequately firewall such things.
    • by zidium (2550286) on Sunday September 08, 2013 @10:38AM (#44789685) Homepage

      The exploits and backdoors on Android devices are put in there by the manufacturers themselves, usually for monetary compensation and / or risk of harm from the agencies doing the threatening. There's no way around them.

      • by Nerdfest (867930)

        So, the NSA can get Samsung to put a backdoor into all its phones? What about the ones going to Europe? I find it hard to believe the back doors are being built into all of these phones.

    • by pashdown (124942) <pashdown@xmission.com> on Sunday September 08, 2013 @10:47AM (#44789749) Homepage

      Gibbertbot [guardianproject.info] offers OTR XMPP chat for Android, as does ChatSecure for iOS. The DuckDuckGo [duckduckgo.com] app for Androind/iOS offers untracked search over HTTPS. There are a number of PGP/GPG email readers/writers for Android and iOS.

      All of this can be precluded by the NSA having a backdoor at the graces of the manufacturer, but we still don't know the extent of that. The article states that their iPhone surveillance required them to hack into the host iTunes computer, which can be prevented with a good firewall.

    • Re: (Score:2, Informative)

      by Anonymous Coward

      No, because mobile phone hardware is specifically designed to make sure that user replaceable software like Android is kept inside a sandbox and only a government approved proprietary operating system can directly use the radio hardware.

    • by Xicor (2738029)
      the ubuntu edge WOULD have combated this, but sadly it only recieved 1/3 of the funding it needed. that being said, if they dont have backdoors in the hardware, then the ubuntu phone os will not have backdoors (said by mark shuttleworth of canonical(not an american company and therefore doesnt give a shit))
      • by CRCulver (715279)
        Ubuntu Phone will run on ARM. ARM Holdings is based in the UK, and therefore it is likely comprised by GCHQ just as Intel is likely compromised by NSA.
        • by Xicor (2738029)
          well, i was talking specifically the software, not the hardware. as for the ubuntu edge, it would have been custom manufactured and could have possibly been x86
    • by AHuxley (892839)
      No, your entering of text was the only hardware step needed. What could any later software efforts do as a layer on top of the hardware/design sending/keeping your input... ie safe from the network only.
    • by gmuslera (3436)
      CyanogenMod [cyanogenmod.org] replaces the bundled Android OS with the published open source version (still could remain the closed source binary drivers, phone BIOS and so on). F-Droid [f-droid.org] gives you a replacement market with open source software. And there are a bunch of good android (and other platforms) security programs and open source alternatives here [prism-break.org].

      Also in some point, for some models, will be released Ubuntu Touch [ubuntu.com], and maybe you can install on your phone Firefox OS [mozilla.org] too. Those uses android's boot (open source code, but

  • Not surprising given that the smartphone hardware and software are very much propreitary in nature, and allow for easier exploitation since third party auditing is practically impossible for the entire ecosystem.

    At this point nothing except a ground-up freshly designed and built system and either written from scratch software or highly trusted ones like OpenBSD (without installing anything except base system) can be regarded as tentatively safe, and even this security is gone once such system connects to th

  • by ehack (115197) on Sunday September 08, 2013 @10:43AM (#44789721) Journal

    And now comes Act II where intercepted data can be shown in secret to a judge to obtain convictions without the defense being able to review same.
    Then in Act III trials will be held in secret chambers with no defense.

  • Belief In Law (Score:4, Interesting)

    by b4upoo (166390) on Sunday September 08, 2013 @10:52AM (#44789783)

    Obviously if phone traffic is intercepted most of the crimes mentioned in conversations would not relate to terrorism. One wonders how many criminal prosecutions could take place if all crimes detected were subject to prosecution. Murder plots, cases of fraud and tax cheating, drug sales and smuggling and prostitution would all certainly be found with ease. It would quickly become obvious that our local and national government have little interest if stopping most crime.
                    If you don't believe this or do not want to believe it think about this one simple situation. People leaving bars in the wee hours are often drunks driving home. A smart cop would not want to stop people at closing time as he would be pulling over bar staff leaving work. But almost everyone leaving a bar 3o minutes before closing is legally drunk. So simply sitting at an advantageous spot and pulling over cars leaving the bar would yield a huge amount of good arrests. Yet town discourage cops from using this tactic as it disrupts business. Think about that a bit. Wouldn't we want to catch every drunk driver every time they drive drunk?

    • by AHuxley (892839)
      Once you know the bars are been watch and you can expect to be arrested you drink cheap store bought alcoholic beverages at home with friends.
      Once you turn your mil grade tech onto internal crime - corrupt cops/lawyers/press find out and sell/pass the details on. Changes are made to lessen the use of telco and the tracking risk.
      Large scale fraud and tax cheating, drug sales, smuggling and prostitution always seem once step ahead (protected) or fail long term.
  • by Overzeetop (214511) on Sunday September 08, 2013 @10:56AM (#44789823) Journal

    Yeah, the guys who jailbreak iPhones and root Android devices. How about the crackers - all those pirated programs on the internet, or DeCSS and the bluray keys that are published. The ones who hack new features into Canon cameras with third party firmware. You know these guys, right?

    Great - now go pick the ones who have trained for this and have PhDs in cryptography. Give them a $80-120,000/yr salary and benefits. Tell them they are responsible for keeping the USA safe by ferreting out every plot that gets communicated over any device in the world.

    Congratulations, you now know who works for the NSA. And yet, somehow, we're surprised that they've managed to crack (for surveillance) the same devices we crack for entertainment and features.

  • Blackberry and secure? That's why they're handing out surveillance access to oppressive regimes left and right?

  • by rvw (755107) on Sunday September 08, 2013 @11:02AM (#44789867)

    I cannot thank you enough for making all this information public, and for giving up your normal life to inform us. I hope that one time you will be recognized by the UN, EU and most hopefully for you the US, so you can return to your own country without being prosecuted.

  • Thanks Obama!

  • Just because they can crack a four digit password on an iPhone doesn't mean they can quickly crack a 24 character password. A four digit password can be easily brute forced. That's not true with a 24 character password (emphasis on "easily"). Of course, few people have 24 character passwords.

    • Just because they can crack a four digit password on an iPhone doesn't mean they can quickly crack a 24 character password. A four digit password can be easily brute forced. That's not true with a 24 character password (emphasis on "easily"). Of course, few people have 24 character passwords.

      1. Read the article carefully. They can access iPhone data if they have gained control of the computer that is used to sync the iPhone. So basically they cannot actually access iPhone data, but possibly the backups that you made on your computer. The easiest way to avoid this is to have no such computer, and the second easiest way to avoid this is to keep that computer safe (for example by using MacOS X, with full-disk encryption permanently turned on).

      2. To crack the encryption on the iPhone by entering

    • by gatkinso (15975)

      The crypto is intentionally hobbled.

  • Those of you who it doesn't are probably doing something wrong and need to hide it, right?

  • by whoever57 (658626) on Sunday September 08, 2013 @11:50AM (#44790243) Journal

    The Obama administration secretly won permission from a surveillance court in 2011 to reverse restrictions on the National Security Agency's use of intercepted phone calls and e-mails, permitting the agency to search deliberately for Americans' communications in its massive databases,

    That is so obviously unconstitutional that the FISA court is clearly in violation of its oath to uphold the constitution.

    • It's a secret court, with a secret oath, to the government and its masters. You won't find a copy of the constitution anywhere in the room, well maybe in the bathroom, on a roll, by the toilet...

  • Don't trust politicians to fix things. They won't.

    Don't trust government to tell the truth about what they're doing. They won't.

    People who care about their privacy must assure it themselves. Use OpenBSD. Use strong crypto. Use Tor and Mixmaster. Use air gaps. Don't cut corners. Make the bastards work for every byte. If they want a police state, at least make it obvious that it is a police state, and let them consider if they can afford to make that obvious, in a country where half the households are armed.

  • by Lumpy (12016) on Sunday September 08, 2013 @01:31PM (#44790955) Homepage

    Blackberry gave up all security years ago... Nobody remembers that UAE demanded access and they rolled over nearly instantly.. They probably handed everything over to the NSA without them even asking.

When you don't know what to do, walk fast and look worried.

Working...