Slashdot Mirror

An anonymous reader sends news that Germany's domestic intelligence agency, the BfV, was so impressed with the NSA's surveillance software that they were willing to "share all data relevant to the NSA's mission" in order to get it. "The data in question is regularly part of the approved surveillance measures carried out by the BfV. In contrast, for example, to the Bundesnachrichtendienst (BND), Germany’s foreign intelligence agency, the BfV does not use a dragnet to collect huge volumes of data from the Internet. Rather, it is only allowed to monitor individual suspects in Germany -- and only after a special parliamentary commission has granted approval. ... Targeted surveillance measures are primarily intended to turn up the content of specific conversations, in the form of emails, telephone exchanges or faxes. But along the way, essentially as a side effect, the BfV also collects mass quantities of so-called metadata. Whether the collection of this data is consistent with the restrictions outlined in Germany's surveillance laws is a question that divides legal experts."

An anonymous reader sends news that Germany's domestic intelligence agency, the BfV, was so impressed with the NSA's surveillance software that they were willing to "share all data relevant to the NSA's mission" in order to get it. "The data in question is regularly part of the approved surveillance measures carried out by the BfV. In contrast, for example, to the Bundesnachrichtendienst (BND), Germany’s foreign intelligence agency, the BfV does not use a dragnet to collect huge volumes of data from the Internet. Rather, it is only allowed to monitor individual suspects in Germany -- and only after a special parliamentary commission has granted approval. ... Targeted surveillance measures are primarily intended to turn up the content of specific conversations, in the form of emails, telephone exchanges or faxes. But along the way, essentially as a side effect, the BfV also collects mass quantities of so-called metadata. Whether the collection of this data is consistent with the restrictions outlined in Germany's surveillance laws is a question that divides legal experts."

An anonymous reader writes: We've known for some time already that intelligence agencies operate beyond rules, laws, and regulations. Now, we learn that the NSA and the German intelligence service, BND, lied and withheld information about misuse from the German Chancellor's Office.

"The BND realized as early as 2008 that some of the selectors were not permitted according to its internal rules, or covered by a 2002 US-Germany anti-terrorism "Memorandum of Agreement" on intelligence cooperation. And yet it did nothing to check the NSA's requests systematically. It was only in the summer of 2013, after Edward Snowden's revelations of massive NSA and GCHQ surveillance, that the BND finally started an inquiry into all the selectors that had been processed. According to Der Spiegel, investigators found that the BND had provided information on around 2,000 selectors that were clearly against European and German interests. Not only were European businesses such as the giant aerospace and defense company EADS, best-known as the manufacturer of the Airbus planes, targeted, so were European politicians—including German ones.

However, the BND did not inform the German Chancellor's office, which only found out about the misuse of the selector request system in March 2015. Instead, the BND simply asked the NSA to make requests that were fully covered by the anti-terrorism agreement between the two countries. According to Die Zeit, this was because the BND was worried that the NSA might curtail the flow of its own intelligence data to the German secret services if the selector scheme became embroiled in controversy.

krakman writes: Researchers discovered security flaws in SS7 that allow listening to private phone calls and intercepting text messages on a potentially massive scale – even when cellular networks are using the most advanced encryption now available. The flaws, to be reported at a hacker conference in Hamburg this month, are actually functions built into SS7 for other purposes – such as keeping calls connected as users speed down highways, switching from cell tower to cell tower – that hackers can repurpose for surveillance because of the lax security on the network. It is thought that these flaws were used for bugging German Chancellor Angela's Merkel's phone.

Those skilled at the housekeeping functions built into SS7 can locate callers anywhere in the world, listen to calls as they happen or record hundreds of encrypted calls and texts at a time for later decryption (Google translation of German original). There is also potential to defraud users and cellular carriers by using SS7 functions, the researchers say. This is another result of security being considered only after the fact, as opposed to being part of the initial design.

An anonymous reader writes "Die Zeit has access to leaked documents from the German government warning that Windows 8 is an unacceptable security risk for sensitive workloads. The story is written in German here, but automatic translators (such as Google Translate) do a readable job. Particularly of concern is the inability to opt out of TPM 2.0 usage."

SpicyBrownMustard sends in a fascinating data visualization at Zeit Online showing what information about a person's life can be gleaned from cellphone metadata. Quoting: "Green party politician Malte Spitz sued to have German telecoms giant Deutsche Telekom hand over six months of his phone data that he then made available to ZEIT ONLINE. We combined this geolocation data with information relating to his life as a politician, such as Twitter feeds, blog entries and websites, all of which is all freely available on the internet. By pushing the play button, you will set off on a trip through Malte Spitz's life. The speed controller allows you to adjust how fast you travel, the pause button will let you stop at interesting points. In addition, a calendar at the bottom shows when he was in a particular location and can be used to jump to a specific time period. Each column corresponds to one day."

An anonymous reader writes "The crazy guys over at crowdflow.net are begging you for the location data that your iPhone collected without you being aware of it. All your data will be anonymized, and the whole combined data set of all donations will be shared under an OpenDataCommons license. Those people are data and visualization geeks and create beautiful visualizations like this from the data. They previously did a visualization of data retention caused by the German 'Vorratsdatenspeicherung.' Please consider donating your location data. ...and be fast, too, since the upcoming iOS software update (see Apple press release) will prevent further evaluation of the collected data."

sopssa sends in a TechCrunch story that begins "Several federal and regional government officials in Germany are trying to put a ban on Google Analytics, the search giant's free software product that allows website owners and publishers to get detailed statistics about the number, whereabouts, and search behavior of their visitors (and much more)." Here's Google's translation of the article from Zeit Online (original in German). A German lawyer cited there says that penalties for websites that uses Google Analytics could amount to €50,000 (about $75,000). Reader sopssa adds, "The amount of data Google collects from everywhere on the Internet is indeed huge, and website owners should be using a local open source alternative to keep visitor data private."