Ellen Nakashima

House votes to rein in NSA ‘back door’ surveillance powers

By an overwhelming margin, the House passed a funding bill that among other things would significantly rein in intelligence agencies' ability to search through data they have collected and stop them from placing secret "back doors" into software and hardware products.

The bill includes an amendment, sponsored by Reps Thomas Massie (R-KY), Jim Sensenbrenner (R-WI) and Zoe Lofgren (D-CA), that adds the new restrictions.

The bill passed on a 340-to-73 vote. The amendment was passed in a 293-to-123 vote that surprised even those who have supported greater limits on the National Security Agency's powers.

The 2015 defense appropriations bill still needs to get worked out with the Senate, where the amendment's prospects are uncertain. If passed as-is by the Senate, the bill would block the government from doing two things: search government databases for information on a US citizen without a warrant, and force an organization to build into its product any technical "back door" that would assist the CIA or NSA with electronic surveillance. The amendment would bar the use of funds for searching an American's communications under this authority without a warrant.

Government officials contend that they are not required to obtain a warrant to search on data acquired lawfully. To do so would be a burden that would impair intelligence investigations, they say. The Foreign Intelligence Surveillance Court in 2011 reversed a previous ban on such warrantless searches.

The amendment would also block the NSA and the CIA from asking or requiring a person to "alter its product or service to permit the electronic surveillance" of users -- essentially a ban on back doors in software and hardware.

Report: Cybercrime and espionage costs $445 billion annually

The Center for Strategic and International Studies, a Washington think tank, has estimated the likely annual cost of cybercrime and economic espionage to the world economy at more than $445 billion -- or almost 1 percent of global income.

The estimate is lower than the eye-popping $1 trillion figure cited by President Barack Obama, but it nonetheless puts cybercrime in the ranks of drug trafficking in terms of worldwide economic harm.

The report, funded by the security firm McAfee, which is part of Intel Security, represents one of the first efforts to analyze the costs, drawing on a variety of data. According to the report, the most advanced economies suffered the greatest losses. The United States, Germany and China together accounted for about $200 billion of the total in 2013. Much of that was due to theft of intellectual property by foreign governments.

Chinese military unit charged with cyber-espionage against US firms

The Justice Department accused five members of the Chinese military of conducting economic cyber-espionage against American companies, marking the first time that the United States has leveled such criminal charges against a foreign country.

Industries targeted by the alleged cyberspying ranged from nuclear to steel to solar energy, officials said. The hacking by a military unit in Shanghai, they said, was conducted for no other reason than to give a competitive advantage to Chinese companies, including state-owned enterprises.

Attorney General Eric Holder Jr said: “The range of trade secrets and other sensitive business information stolen in this case is significant and demands an aggressive response. . . . Success in the international marketplace should be based solely on a company’s ability to innovate and compete, not on a sponsor government’s ability to spy and steal business secrets.” Attorney General Holder added that the Obama Administration “will not tolerate actions by any nation that seeks to illegally sabotage American companies and undermine the integrity of fair competition in the operation of the free market.”

In response, China’s Foreign Ministry charged that the US government “fabricated facts” in the indictment, which it said “seriously violates basic norms of international relations and damages Sino-US cooperation and mutual trust.” It said China lodged a “protest” with the United States, urging it to “correct the error immediately and withdraw its so-called prosecution.”

US revealed secret legal basis for NSA program to Sprint, documents show

Under threat of a court challenge, the Obama Administration in 2010 revealed to Sprint the secret legal basis of a then-classified program that collected billions of Americans’ phone records for counterterrorism purposes, according to newly declassified documents and interviews.

The company -- the nation’s third-largest wireless provider -- is believed to have been one of the only firms to have raised concerns about the lawfulness of the National Security Agency program before its existence was revealed in June 2013 as a result of a leak from former NSA contractor Edward Snowden, current and former US officials said.

The administration continued to resist opposition entreaties for surface-to-air missiles to fight Assad’s forces. But after being shown the legal rationale, the company dropped its challenge and continued to turn over customers’ call detail records to the NSA. Civil liberties advocates seized on the case to argue that the disclosure of the program’s legal reasoning to the phone company alone was not sufficient to protect the public’s privacy rights.

Companies e-mail sensitive data to law enforcement

There’s a lack of rules governing the secure handling of law enforcement orders for data, industry experts say. Documents posted on Twitter by the Syrian Electronic Army, a collective of hackers and online activists supporting Syrian President Bashar al-Assad, included correspondence between Microsoft’s government compliance team and various law enforcement agencies around the world.

The documents contained criminal subpoenas, e-mail addresses of targets and “access keys,” presumably passwords, to the user packages Microsoft makes available to law enforcement. Other documents suggest the hackers also were able to access the account information Microsoft provides to law enforcement agencies, which includes the target’s name, location, Internet Protocol or computer address used by the target to sign-up for an e-mail account or to log-in to his e-mail account.