German court denies Snowden visit bid

The German high court has denied an attempt by two of the country’s opposition parties to have NSA whistleblower Edward Snowden visit Berlin to testify before the Bundestag, Germany’s parliament.

The Karlsruhe court reportedly said that the suit was an administrative issue that had to go before the Federal Court of Justice instead. The suit had been filed by the Greens and the Left, seeking to force the government to allow Snowden into Germany – he is currently still stuck in Russia, and Chancellor Angela Merkel’s administration has not been keen to let him in, lest the visit further impair relations with the U.S.

The German government has previously asked whether Snowden would be willing to testify before the parliamentary inquiry into the NSA allegations if the committee members went to visit him, but his lawyer has said he would only be willing to testify in Berlin.

Meanwhile, a formal probe into the alleged bugging of Merkel’s phone by the NSA has so far come up short. The investigation launched in June, more than half a year after those allegations were published by Der Spiegel, leading to a great deal of public frostiness from Germany towards the U.S.

Germany’s chief federal prosecutor, Harald Range, told a press conference on Wednesday that there wasn’t enough evidence to bring charges in the case. He said: “The document presented in public as proof of an actual tapping of the mobile phone is not an authentic surveillance order by the NSA. It does not come from the NSA database.”

The original Spiegel article in question (PDF) did not actually depict the document in question, which included Merkel’s phone number as a “selector”, though it did show others that apparently came from the NSA. Range, whose investigation continues, said the Spiegel reporter who produced the document had not provided further details to aid the investigation, and neither had the BND spy agency.

Perhaps importantly, the original article did not claim that the document came from the Snowden cache, but rather said more ambiguously that Spiegel‘s wider investigation had taken in “internal documents of the U.S. National Security Agency and other information, most of which comes from the archive of former NSA contractor Edward Snowden.”

UPDATE (December 13): Der Spiegel has hit back over allegations in some reportage that the Merkelphone document was a fake. The publication said on Saturday that Range had categorically denied during the press conference that the document was a fake. It also reiterated that what it had published and passed onto Merkel’s office was “a transcription and not the original document”, and accused Range of trying to “publicly undermine the credibility” of Der Spiegel.

Web report: Online surveillance and censorship are getting worse

Mass online surveillance and censorship of what people see on the web appear to be getting worse, according to the latest Web Index report from Tim Berners-Lee’s World Wide Web Foundation. These trends, along with the paucity of net neutrality rules around the world, have led the web inventor to call for the internet to be made a basic human right.

“That means guaranteeing affordable access for all, ensuring internet packets are delivered without commercial or political discrimination, and protecting the privacy and freedom of web users regardless of where they live,” Berners-Lee said in a statement. “In an increasingly unequal world, the web can be a great leveller — but only if we hardwire the rights to privacy, freedom of expression, affordable access and net neutrality into the rules of the game.”

The Web Index aims to quantify the web’s impact on countries’ social, economic and political progress. Produced annually since 2012, the index provides rankings that, over time, make it easier to spot trends. This year, the trends aren’t looking so hot. In 2013, the foundation’s researchers found that 63 percent of the 86 countries listed in the index had privacy safeguards that were weak to non-existent. A year on, that figure has risen to 83 percent.

According to the report, the rise is partly because revelations about mass surveillance programs and their associated legal regimes have taught us more than we knew before about what’s actually going on. “However, there is also evidence that due process safeguards for citizens are being progressively dismantled,” the report stated, “even as the capability and appetite of governments to spy on us is expanding.”

It continued:

The companies that report on government demands for user data have documented worldwide increases in such orders — between January–June 2013 and January–June 2014, [company]Twitter[/company] reported a 78% increase; [company]Google[/company], a 14% increase; and [company]Facebook[/company], a 30% increase. [company]Microsoft[/company] reported 30% growth in the number of accounts affected by secret US Foreign Intelligence Surveillance Act (FISA) requests between 2011 and 2013, while Yahoo said it was “troubled” by a 67% increase in accounts subject to FISA orders between the first and last half of 2013.

The report noted that many countries don’t allow disclosure of statistics about interception warrants and metadata access, including the U.K., Germany, India, South Africa, Turkey, the Netherlands and Ireland. It also highlighted several new laws that actually expand state surveillance and weaken privacy safeguards, including DRIPA in the U.K., France’s real-time web spying law, and laws in Australia and South Africa.

Meanwhile, new censorship drives in countries such as Turkey have seen the percentage of the 86 countries found to be “blocking politically or socially sensitive web content to a moderate or extreme degree” had gone up from 30 to 38, year-on-year.

Handily, the foundation has provided an interactive map demonstrating the severity of online surveillance and censorship around the world:

[protected-iframe id=”287d79ed95d521fa524525f04870fd3a-14960843-16988840″ info=”” width=”800″ height=”600″]

The 2014 Web Index provided other findings as well:

  • In three out of five countries surveyed, the web and social media had a significant effect on citizen action.
  • Only a quarter or so of the countries have clear net neutrality rules or rules against political discrimination in internet traffic management.
  • In around three-quarters of the countries, there is a failure to tackle online gender-based violence.
  • 4.3 billion people – almost 60 percent of the world’s population – cannot get online at all, and over 1.8 billion “face severe violations of their rights to privacy and freedom of expression when they go online.”

Meanwhile, earlier this week Berners-Lee said Europe’s right to be de-linked “seems to be dangerous” at the moment. He said it was right that false information should be deleted, but accurate information should remain untouched because of free-speech and history-related reasons.

NSA spies on carriers to break call encryption, report suggests

The NSA spies on the internal emails and documents of major mobile carriers and their industry body, the GSM Association, according to an article published Thursday by The Intercept.

According to the piece, the spy agency is or was running a program called AURORAGOLD, which involved targeting the GSMA in order to find or even create weak spots in carriers’ network technology. If this is the case, it may be yet another example of the foolhardy breaking of widely used security mechanisms in ways that other spies and criminals can potentially also exploit.

The GSMA’s “IR.21” documents are shared between carriers to allow customers to roam internationally between their networks. According to the NSA documents published by The Intercept, IR.21s provide valuable information about new technology that the carriers are using, helping spies to figure out how to “discover vulnerabilities,” “introduce vulnerabilities where they do not yet exist” and find threats to the spies’ existing surveillance methods.

The GSMA is also a hub for the development of new cellular privacy technology. Worryingly, the article suggests that the AURORAGOLD program may have aided NSA attempts to crack A5/3, a type of encryption for cellular communications. Earlier stories based on the Snowden leaks indicated that the NSA has already cracked the older and weaker — but widely used — A5/1 cipher.

It’s not entirely clear whether or not the NSA and GCHQ have had success in cracking A5/3 yet, but some experts are worried:

As the piece noted, the U.K.-based GSMA receives funding from the U.S. National Institute of Standards and Technology (NIST), which has already had to warn companies off using one of its own security standards because Snowden’s leaks indicated the NSA had tampered with it.

GSMA spokeswoman Claire Cranton told me by email: “We are aware of the Intercept story and are currently investigating the claims made in the piece. We are unable to offer any further comment at this time.”

Turns out that German intelligence agency can spy on some Germans

Germany’s equivalent to the NSA is able to spy on some German citizens thanks to a loophole in the country’s laws, a government surveillance inquiry learned last week. According to a former lawyer for the Bundesnachrichtendienst (BND), the agency can legally intercept the work-related emails and phone calls of Germans working abroad for foreign companies, as these communications are attributed to the employer. The German government has since confirmed this. It was previously thought that it was illegal for German intelligence to spy on any of the country’s citizens. The inquiry is examining the implications of Edward Snowden’s NSA revelations. In July, a BND employee was arrested for passing details about the activities of the investigating committee to the Americans.