WASHINGTON (Reuters) – The Supreme Court agreed on Monday to hear an Obama administration appeal arguing that attorneys, journalists and human rights groups have no right to sue over a law making it easier for U.S. intelligence agencies to eavesdrop on foreign communications.
The justices said they would review a ruling by a U.S. appeals court in New York that the plaintiffs have the legal right to proceed with their challenge to a 2008 amendment to the law, the Foreign Intelligence Surveillance Act.
The section at issue allows intelligence agencies to eavesdrop on overseas communications, including phone calls and e-mails, more widely and with less judicial oversight than in the past.
The change meant the U.S. government does not have to submit to a special judge an individualized application to monitor a non-American overseas. Instead, the U.S. attorney general and the director of national intelligence can apply for mass surveillance authorization from the judge.
The American Civil Liberties Union (ACLU) sued the attorney general and the director of national intelligence in 2008 in challenging the law as unconstitutional.
The plaintiffs argued they had the legal standing to proceed with their lawsuit because they suspected their communications with people abroad were being monitored.
They said they had reasonable fear of injury from the surveillance and had to take costly, burdensome steps to protect the confidentiality of their communications.
The appeals court agreed and reversed a ruling by a federal judge who dismissed the lawsuit on the grounds the plaintiffs lacked the standing to sue because they could not show they had been actually harmed by the surveillance.
The appeals court did not address the merits of the constitutional challenge and that issue will not be before the Supreme Court either.
But even on the standing issue, the Obama administration cited national security in its appeal.
Solicitor General Donald Verrilli said Congress in adopting the law regulated “the nation’s exceedingly important need to conduct foreign intelligence surveillance” targeting certain non-Americans. The litigation threatened to disrupt important activities “protecting the national security,” he said.
The ACLU opposed the government’s appeal.
“It’s crucial that the government’s surveillance activities be subject to constitutional limits, but the administration’s argument would effectively insulate the most intrusive surveillance programs from judicial review,” Jameel Jaffer, the ACLU’s deputy legal director, said.
The Supreme Court will hear arguments in the case during its upcoming term that begins in October, with a ruling likely early next year.
The Supreme Court case is James Clapper v. Amnesty International USA, No. 11-1025.
(Reporting By James Vicini; Editing by Vicki Allen)
The security threat to mobiles has just stepped up.
Phone crashing regularly? Strange SMS bothering you for an update or a juicy link? It’s time to wise up to mobile malware.
Security experts have shown that iPhones and Android phones are vulnerable to the same type of “drive-by” attacks that have long plagued PC users.
A team of researchers infected a Google Android smartphone on Wednesday, live, in front of a packed audience of computer security buffs to prove how mobile malware is now on the cusp of the big time, after so many years of unfulfilled predictions.
Grabbed: a screenshot of the researchers’ Command Control server shows a person with an infected phone traveling around Washigton DC. The blue P pin shows where he placed a phone call. Clicking on this icon would play the recording.
George Kurtz, co-author of Hacking Exposed, former McAfee security champion and now at the helm of CrowdStrike alongside former McAfee leading researcher Dmitri Alperovitch, demonstrated how the team designed a smartphone remote access tool (RAT) and eavesdrop operation.
They then set about buying the necessary items to make it happen, later coding, then executing the attack on their demo phone.
“We believe we are here today and on the cusp of what we’re going to see in the future. If you think of what a smartphone has the capability to do, it’s the ultimate spying tool. Always powered on, always connected, travels around with us at all times,” Kurtz began.
“If you haven’t figured out privacy is dead, this is going to do it for you.”
The scenario was a competitor wanting to intercept calls and text messages on Kurtz’s phone and the attack was Webkit-based. Webkit is a tool used by Apple, Google and RIM to render HTML websites in Safari, Chrome and Android, and the latest versions of the BlackBerry, respectively.
The team bought 20 Webkit vulnerabilities – or bugs – in the underground for $US1400, spent approximately $US14,000 developing the malware code (“weaponisation phase”) and engineering root access, as well as building their own command and control centre to be able to harvest the fruits of their exploits.
The attack followed several steps: the first was a text message delivered to the smartphone appearing to come from the mobile carrier requesting a system update via a link. Once clicked, the drive-by link delivered the first part of the malware to the phone to elevate access (root) privilege, then cause it to crash.
It then automatically rebooted, executing the second part of the malware and hijacking the phone’s communications.
When Kurtz made a call to Alperovitch, the audience could hear the live conversation – as well as what was said before the call connected. On the command and control centre’s screen, a map positioned Kurtz and Alperovitch’s locations, the start of transmission, and the text of a subsequent text message Alperovitch sent Kurtz.
They said the attack did not require a phone be jailbroken and would work on any of the devices using Webkit – although this particular code was customised for the Adroid 2.2 (Froyo) version.
Kurtz told Fairfax Media such an attack would be possible on the iPhone because of the root access obtained via the browser vulnerability.
“We would have to get code execution via the browser, then escalate our privilege to root and totally bypass the app store [as we did] with Android.
“This is the point we are making: drive-by attacks will hit the phone just like the PCs,” he said.
But he said he didn’t want the audience to develop a bout of paranoia.
“The sky is not falling, these are very targeted attacks.”
Britain is to allow one of its intelligence agencies to monitor all phone calls, texts, emails and online activities in the country to help tackle crime and militant attacks, the Interior Ministry says.
“It is vital that police and security services are able to obtain communications data in certain circumstances to investigate serious crime and terrorism and to protect the public,” a Home Office spokesman said.
The proposed law has already drawn strong criticism, from within the ruling Conservative Party’s own ranks, as an invasion of privacy and personal rights.
“What the government hasn’t explained is precisely why they intend to eavesdrop on all of us without even going to a judge for a warrant, which is what always used to happen,” Member of Parliament David Davis told BBC News.
“It is an unnecessary extension of the ability of the state to snoop on ordinary people,” he said.
New legislation is expected to be announced in the legislative agenda-setting speech given by the Queen in May.
Currently, British agencies can monitor calls and e-mails of specific individuals who may be under investigation after obtaining ministerial approval, but expanding that to all citizens is certain to enrage civil liberties campaigners.
Internet companies would be required to instal hardware which would allow the Government Communications Headquarters (GCHQ), referred to as Britain’s electronic ‘listening’ agency, to gain real-time access to communications data.
The new law would not allow GCHQ to access the content of emails, calls or messages without a warrant, but it would allow it to trace who an individual or group was in contact with, how frequently they communicated and for how long.
The Sunday Times newspaper, which first reported the story, said some details of the proposals were given to members of Britain’s Internet Service Providers’ Association last month.
“As set out in the Strategic Defence and Security Review we will legislate as soon as parliamentary time allows to ensure that the use of communications data is compatible with the government’s approach to civil liberties,” the Home Office spokesman said.
Any proposed legislation changes are likely to face stiff opposition in both houses of the British Parliament.
A similar proposal was considered by the then-ruling Labour party in 2006 but was abandoned in the face of fierce opposition by the Conservatives and Liberal Democrats, who are junior partners in the ruling coalition.
The proposed legislation could reflect the US Patriot Act, controversially introduced six weeks after September 11 in 2001, to expand the government’s authority to monitor the communications activity of its citizens.
New Orleans Saints general manager Mickey Loomis Thursday denied eavesdropping on opposing coaches during NFL games or even knowing that he could have done so.
Loomis reacted to an ESPN report last week that said wiring in Loomis’s suite at the Superdome, the Saints’ home stadium, allowed him to listen to opposing coaches, which would be a violation of federal law as well as NFL rules.
“I’m angry about it,” Loomis said. “It’s not true. I have a clear conscience.”
Loomis said he has not been contacted by the FBI or state officials about the eavesdrop report but would welcome such a probe to prove the claims were unfounded.
“In my 29 years in the NFL, I have never listened to an opposing team’s communications,” Loomis said. “I have never asked for the capability to listen to an opposing team’s communications.
“I have never inquired as to the possibility of listening in on an opposing team’s communications. And I have never been aware of any capability to listen in on an opposing team’s communications at the Superdome or any NFL stadium.”
The Saints, whose home stadium will host next year’s Super Bowl, have already been hit hard with sanctions for a bounty scheme that rewarded players for knocking opponents out of games.
NFL officials are still deciding upon punishments for players who were involved in the pay-for-injury system, but Saints coach Sean Payton was banned for the entire upcoming NFL season.
Loomis was suspended for eight games and assistant coach Joe Vitt for six games. Vitt will serve as Payton’s replacement once his suspension is completed.
“We will be a better league and the Saints will be a better team for having faced this,” Loomis said.
For now, Loomis said, the Saints’ top priority is signing a new contract with star quarterback Drew Brees, who last year had the greatest passing season in NFL history.
“It’s the most important contract we have to do,” Loomis said. “It will get resolved.”
Hacker group Anonymous, in an embarrassment for law enforcement, released a recording of a conference call between the FBI and Scotland Yard discussing operations against the hacking collective.
The Federal Bureau of Investigation confirmed the authenticity of the nearly 17-minute recording posted on YouTube and other sites and said it was “intended for law enforcement officers only and was illegally obtained.”
“A criminal investigation is under way to identify and hold accountable those responsible,” the FBI said in a statement.
The release of the audio recording was one in a series of attacks Friday by the shadowy loose-knit group of international hackers.
Members of Anonymous also attacked the website of the Greek justice ministry in a protest against the country’s tough fiscal reforms and a site operated by the Boston Police Department.
In addition, members of the hacker group claimed to have briefly knocked Citibank offline and defaced the website of the law firm that defended a US Marine charged in connection with the 2005 killing of 24 Iraqi civilians.
Anonymous, in a statement on the website of the law firm of Puckett and Faraj, also claimed to have published online three gigabytes of private email messages of attorneys Neal Puckett and Haytham Faraj.
