data privacy

US collecting citizens’ data illegally, says whistleblower

Warwick Ashford

The US is collecting huge amounts of data on its citizens, according to former National Security Agency (NSA) official Bill Binney.

While at the NSA, Binney led the development of secret software he now believes is being used to carry out the illegal data collection, according to the Guardian.

"What's happening is a violation of the constitutional rights of everybody in the country,” he told the paper.

In July, NSA chief Keith Alexander told the DefCon hacker conference in Las Vegas that his agency “absolutely” does not maintain files on US citizens.

But at the same conference, Binney accused Alexander of playing a “word game” and said the secret software he helped develop was designed to take in data and build profiles of everyone in that data.

Secret surveillance software

According to Binney, he helped develop a software system called ThinTread in the late 1990s to correlate and analyse data from emails, phone calls, credit card payments and internet searches to track foreign threats.

The system was mothballed by 2000, but within weeks of the attack on the World Trade Centre in New York in 2001, Binney noticed parts of ThinThread were being used by the NSA in a surveillance operation.

He claimed that all the protections built into the system had been removed to allow far more targeted surveillance of US citizens.

Shortly after his discovery, Binney left the agency. But in 2005, the New York Times broke the story that the NSA was engaged in large-scale warrantless electronic surveillance.

The scandal led to the passing of amendments to the Foreign Intelligence Surveillance Act in 2008, which critics say gave legal protection to the agency's data-mining operations and allowed them to continue.

In the past year, Binney has been speaking out about what he believes is a massive effort by the US government to collect all electronic data in the country.

According to Binney, the secret programme includes the building of a $2bn datacentre at Bluffdale in Utah to store the data collected, which is set to become operational in 2013.

Privacy of UK citizens' data

In September, Wikipedia founder Jimmy Wales slammed as “technologically incompetent” the UK’s Draft Data Communications Bill, which is aimed at making it easier for security and police services to spy on emails, phone calls and internet activity of UK citizens.

Jimmy Wales said Wikipedia would encrypt all its connections to the UK if local internet service providers (ISPs) are required by law to keep track of every single page accessed by UK citizens.

Human rights campaigners have also criticised the proposed legislation, and UK ISPs have raised concerns about the responsibility for retaining and storing sensitive data from overseas third-party companies.

The internet industry is also concerned that the proposed legislation could damage commercial relationships. Critics have said the bill will create new opportunities for cyber criminals seeking sensitive private information about individuals, because it would produce detailed profiles of all users of electronic communications.

Home Office security officials estimate that the rapidly evolving nature of the internet stops them tracking up to 25% of communications data that could be used as evidence in terrorist and serious crime cases.

However, the Internet Service Providers Association (ISPA) said the government estimated that this could be cut by only 10% and questioned whether this was sufficient to justify the proposals.

Despite the Home Office’s insistence that the move is required for security reasons and assurances by the government that safeguards will be built in, the proposed legislation has been widely criticised as an assault on civil liberties.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy