Microsoft is moving toward a major new effort to encrypt its internet traffic amid fears that the National Security Agency may have broken into its global communications links, said people familiar with the emerging plans.


Suspicions at Microsoft, while building for several months, sharpened in October when it was reported that the NSA was intercepting traffic inside the private networks of Google and Yahoo, two industry rivals with similar global infrastructures, said people with direct knowledge of the company’s deliberations. They said top Microsoft executives are meeting this week to decide what encryption initiatives to deploy and how quickly.

Documents obtained from former NSA contractor Edward Snowden suggest – though do not prove – that the company is right to be concerned. Two previously unreleased slides that describe operations against Google and Yahoo include references to Microsoft’s Hotmail and Windows Live Messenger services. A separate NSA email mentions Microsoft Passport, a web-based service formerly offered by Microsoft, as a possible target of that same surveillance project, called MUSCULAR, which was first disclosed by The Washington Post last month.

Though Microsoft officials said they had no independent verification of the NSA targeting the company in this way, general counsel Brad Smith said Tuesday that it would be ‘‘very disturbing’’ and a possible constitutional breach if true.

Microsoft’s move to expand encryption would allow it to join Google, Yahoo, Facebook and other major technology firms in hardening their defences in response to news reports about once-secret NSA programs. The resulting new investments in encryption technology stand to complicate surveillance efforts – by governments, private companies and criminals – for years, experts say.

Though several legislative efforts are underway to curb the NSA’s surveillance powers, the wholesale move by private companies to expand the use of encryption technology may prove to be the most tangible outcome of months of revelations based on documents that Snowden provided to The Washington Post and Britain’s The Guardian newspaper.

In another major shift, the companies also are explicitly building defenses against US government surveillance programs, in addition to combating hackers, criminals or foreign intelligence services.

‘‘That’s a pretty big change in the way these companies have operated,’’ said Matthew Green, a Johns Hopkins University cryptography expert. ‘‘And it’s a big engineering effort.’’

In response to questions about Microsoft, the NSA said in a statement Tuesday, ‘‘NSA’s focus is on targeting the communications of valid foreign intelligence targets, not on collecting and exploiting a class of communications or services that would sweep up communications that are not of bona fide foreign intelligence interest to the U.S. government.’’

A US official, who was not authorised to discuss the matter publicly and spoke on the condition of anonymity, said Tuesday that collection can be done at various points and does not necessarily happen on a company’s private fiber-optic links.

A 2009 email from a senior manager of the NSA’s MUSCULAR project specifies that a targeting tool called ‘‘MONKEY PUZZLE’’ is capable of searching only across certain listed ‘‘realms,’’ including Google, Yahoo and Microsoft’s Passport service. It is not clear what service a fourth listed realm, ‘‘emailAddr,’’ refers to.

‘‘NSA could send us whatever realms they like right now, but the targeting just won’t go anywhere unless it’s of one of the above 4 realms,’’ the email said.

The tech industry’s response to revelations about NSA surveillance has grown far more pointed in recent weeks as it has become clear that the government was gathering information not only through court-approved channels in the United States – overseen by the Foreign Intelligence Surveillance Court – but also through the massive data links overseas, where the NSA needs only authority from the president.

That form of collection has been done surreptitiously by gaining access to fiber-optic connections on foreign soil. Smith, the Microsoft general counsel, hinted at the extent of the company’s growing encryption effort at a shareholder’s meeting last week.

‘‘We’re focused on engineering improvements that will further strengthen security,’’ he said, ‘‘including strengthening security against snooping by governments.’’

People familiar with the company’s planning, who spoke on the condition of anonymity to discuss matters not yet publicly announced, said that while officials do not have definitive proof that the NSA has targeted Microsoft’s communication links, they have been engaged in a series of high-level meetings to pursue encryption initiatives ‘‘across the full range of consumer and business services.’’

A cost estimate was not available; key decisions are due to be made at a meeting of top executives this week in Redmond, Washington, where Microsoft is headquartered.

When asked about the NSA documents mentioning surveillance of Microsoft services, Smith issued a sharply worded statement: ‘‘These allegations are very disturbing. If they are true these actions amount to hacking and seizure of private data and in our view are a breach of the protection guaranteed by the Fourth Amendment to the Constitution.’’

That echoes a similar statement by Google’s general counsel, David Drummond, who said last month that he was ‘‘outraged’’ over the report in The Washington Post about the NSA tapping into the links connecting the company’s network of data centers. Google in September announced an ambitious new set of encryption initiatives, including among data centers around the world. Yahoo made a similar announcement last week.

Microsoft, Google and Yahoo also have joined other major tech firms, including Apple, Facebook and AOL, in calling for limits to the NSA’s surveillance powers. Most major US tech companies are struggling to cope with a global backlash over US snooping into internet services.

The documents provided by Snowden are not entirely clear on the way the NSA might gain access to Microsoft’s data, and it is possible that some or all of it happens on the public internet as opposed to on the private data center links leased by the company. But several documents about MUSCULAR, the NSA project that collects communications from links between Google and Yahoo data centers, discuss targeting Microsoft online services.

The company’s Hotmail email service also is one of several from which the NSA has collected users’ online address books.The impact of Microsoft’s move toward expanded encryption is hard to measure. And even as most major internet services move to encrypt their communications, they typically are decoded – at least briefly – as they move between each company’s systems, making them vulnerable.Privacy activists long have criticized Microsoft as lagging behind some rivals, such as Google and Twitter, in implementing encryption technology.

A widely cited scorecard of privacy and security by tech companies, compiled by the Electronic Frontier Foundation in San Francisco, gives Microsoft a single check mark out of a possible five.

‘‘Microsoft is not yet in a situation where we really call them praiseworthy,’’ said Peter Eckersley, technology projects director at the foundation. ‘‘Microsoft has no excuse for not being a leader in encryption and security systems, and yet we often see them lagging behind the industry.’’

Encryption, while not impervious to targeted surveillance, makes it much more difficult to read communications in bulk as they travel the internet. The NSA devotes substantial resources to decoding encrypted traffic, but the work is more targeted and time consuming, sometimes involving hacking into individual computers of people using encryption technology.

Documents provided by Snowden, and first reported by The Guardian, show that Microsoft worked with US officials to help circumvent some forms of encryption on the company’s services.

Soltani is an independent security researcher and consultant.

The Washington Post


Henry Sapiecha

blue cam line


Banana peel fraud caught on CCTV


US man charged with fraud after CCTV shows him placing a banana peel on the floor of a lift and then slipping on it.

It was the video that did him in.

One night in early August, Maurice Owens was riding an lift at a Washington Metro station when, he says, he slipped on a banana peel as he was getting off, injuring his hip and leg.

He sued the transit agency for $US15,000 ($16,500) – in part to cover $US4500 in chiropractor bills.

Problem is, the whole incident was caught on tape – and the tape showed something different.


The claim against Metro was thrown out, and Owens, 42, ended up being charged with second-degree fraud, a felony.

“Through our investment in digital camera systems across the system, we are demonstrating our commitment to protecting fare-paying riders and the region’s taxpayers from fraudulent claims,” said Metro spokesman Dan Stessel.

Here’s how the scene played out: About 9pm on August 8, Owens can be seen entering an empty lift in the station.

He paces around a bit, then glances up into the lift’s camera. More pacing. Another glance at the camera. In fact, in the video, which is about 90 seconds long, Owens is seen looking into the camera at least three times.

Near the end of the video, as the lift doors open, Owens can be seen flipping something onto the floor behind him. According to a Metro Transit Police report “this object was later identified as a banana peel”.

In a dramatic gesture, Owens falls to the ground – half his body inside the lift, half outside.

Owens reported his injuries to the station manager, Metro Transit Police was called, and he was taken to Howard University Hospital Centre for treatment.

About two weeks later, Owens filed his claim against Metro.

“What you will see in the camera footage is that the lift, just prior to Mr Owens boarding, shows there’s nothing on the floor,” Stessel said.

“He is then seen with what appears to be a banana peel in his hand, looking in the direction of the camera,” Stessel said. “An object can be seen on the ground, and then when the lift doors open, he steps on the object, thrusts himself forward and falls out of the lift.”

In an interview with Metro officials, Owens reportedly asked why a custodian for the station had “not cleaned up the banana peel prior to his entering the lift”, according to the police report.

Owens did not return a message left on Tuesday at his Washington home.

Metro presented its case to the US Attorney’s Office in the District. A warrant was issued accusing Owens of fraud, and he was arrested.

At a hearing earlier this month, a DC Superior Court judge ordered Owens to undergo a mental health screening and evaluation. He is scheduled to appear in court on Monday.

Slapstick references aside, the case is one of the roughly 225 claims Metro’s Third Party Claims office receives each month. Most seek compensation for slips and falls on station platforms, stairs, escalators, lifts and buses, or while getting on and off trains.

Fewer than half those claims result in a settlement or payout from Metro, and the average payout is less than $US2500, Stessel said.

For example, over the past few years the agency paid: $US50 to a Metro rider who said oil dripped from the air conditioner of a rail car onto his shirt, $US45 to a rider who claimed to have gotten his sandal stuck in an escalator at West Falls Church, $US104.37 to a driver who said the gate at the West Falls Church parking garage came down on his vehicle, and $US100 to a person who said he lost his footing while walking down the steps at the Branch Avenue Metro station.

Stessel noted that Metro sometimes opens its own claims. “For example, if a person gets transported to the hospital, we will automatically open a claim. If the person never gets in touch with us, it is classified as ‘abandoned,’ ” he said

Henry Sapiecha
blue cam line



medical keyboard image

Under the Privacy Act’s Information Privacy Principles you must be told why your personal information is being collected and whether it can be given to anyone else.

Private information of thousands of Australian jobseekers harvested through medical examinations and stored for profit has raised legal and applicant concerns about the protection and use of personal data.

Australia’s largest publicly-listed health and risk management provider, Konekt, has collected the personal data of jobseekers since 2007 through medical examinations on behalf of private companies and government agencies as part of employment selection processes.

Screened at purpose-built clinics operating in every state and territory, jobseekers have their personal information collected by Konekt health professionals on behalf of government, building, construction, manufacturing, health, mining, transport, logistics, hospitality, retail and labour hire industries across Australia.

Screened at purpose-built clinics operating in every state and territory, jobseekers have their personal information collected by Konekt health professionals on behalf of government.
Screened at purpose-built clinics operating in every state and territory, jobseekers have their personal information collected by Konekt health professionals on behalf of government.

The collected private information, including physical and psychological assessments, is stored electronically and provided to the “referring employer”.

Contractor and potential employee Michael* told Fairfax Media he was asked to complete a medical examination with Konekt in order to secure his contract position.

He said he immediately felt uneasy about the process and was concerned his personal information would be used beyond being considered for job suitability.

“Why do they need all that information?” he said.

“It should just be a tick ‘yes’ or ‘no’ from the doctor that I [am eligible to] work, not have every bit of information about you on file for the company to see.”

He said prior to his appointment his request to Konekt to have all paperwork supplied to him before his examination was refused.

A Konekt spokeswoman said potential employees were given 30 minutes “so they can review and complete paperwork which includes the consent form”.

“If they have questions regarding the content, a Konekt consultant can provide clarification.”

At the end of the medical, Michael said he signed a “medical information clearance declaration”.

The 160-word legal paragraph would “waive all provisions of law as to privilege or otherwise forbidding disclosure of such information” or allowed Michael’s protected personal information to be used by parties other than those who gathered the information, such as the potential employer.

Michael said applicants needed to be clearly told what would happen to personal information collected from the examination.

“I’d be surprised if every person realised exactly what they were signing.”

Slater and Gordon’s industrial and employment lawyer Simon Millman said many people were still unaware it was illegal for personal information to be used for purposes other than originally intended.

“You provide consent [for personal information to be collected] because you believe the information is to be used for a specific purpose.

“You have to ask, is the collection lawful and fair? Know your rights about privacy.”

After the examination, Michael said he felt uneasy that his personal information was to be stored in a “massive library” by a business, not by his doctor, and submitted a request for the information to be returned.

Michael wrote to Konekt requesting the return of his personal information and all records destroyed.

He said his personal information was eventually returned after several requests, however, there appeared no specific procedure for the return of personal records.

A Konekt spokeswoman said “if the individual requests access to their results it is provided to them directly”.

Michael said he believed personal information which was otherwise illegal to use without owner permission was being gathered and stored for employers to use against future injury and safety claims by employees.

“What was worse was they were telling me the examination is all about safety,” he said.

“It’s not about safety at all.”

“They say it because anything linked to safety cannot be criticised.

“What it’s about is reducing the risk of fraudulent claims.

“Safety’s important, I like to come home with all my fingers and toes, but it devalues the whole health and safety message.”

Konekt states on its website it is the largest private sector provider of “organisational health and risk management solutions in Australia” and provides a range of health services and “cost containment”.

“Our focus is on helping organisations keep their workforce safe, minimise the impact of workplace injury, rehabilitate or redeploy injured workers, while meeting regulatory and compliance obligations.”

“By taking an integrated solutions approach to workplace health, we can help you contribute to the wellbeing and safety of your workforce while providing you tighter control of your workers compensation costs.”

With its focus on identifying health and safety risks in potential employees, Konekt states in its 2013 annual report that the company’s “vision is that it leads the way in making Australian workplaces injury free by 2025”.

Konekt CEO Damian Banks said in a statement Konekt was largely in the business of conducting functional employment assessments.

“These assessments focus on the ability of the candidate to perform the physical tasks required of the role safely without placing co-workers or themselves at risk.”

“Information collected is stored electronically in Konekt’s secure case management database.

“This database is stored at a secure offsite facility run by one of Australia’s leading technology companies.

“Information collected during the assessments is not made available to any other third party.

“Konekt does not sell information other than charge the requestor for the receipt of the reports and associated analysis,” Mr Banks said.

Jobseekers for positions with some of Australia’s largest companies and government agencies are required to undertake physical, medical and, sometimes, psychological examinations to determine job suitability.

Information from weight, height, eating and sleeping habits, pre-existing conditions and illnesses are recorded.

On presentation to the examination, applicants are asked to read and sign consent forms authorising “to exchange information and medical questionnaire”.

Your personal information from your doctor cannot be provided to a third party without your knowledge or consent.

Under the Privacy Act’s Information Privacy Principles you must be told why your personal information is being collected and whether it can be given to anyone else.

You also have the right to see what information is held about you and have it corrected if it is incorrect, out of date or incomplete.

Mr Millman said the protection of private information was competing with rapid advances in technology for information gathering, storage and sharing.

“It’s a developing area in the world.”

Henry Sapiecha
blue cam line



un logo

The UN General Assembly’s human rights committee has unanimously adopted a resolution sponsored by Brazil and Germany to protect the right to privacy against unlawful surveillance, following months of reports about US eavesdropping abroad.

The symbolic resolution, which seeks to extend personal privacy rights to all people, followed a series of disclosures of US eavesdropping on foreign leaders, including Brazilian President Dilma Rousseff and German Chancellor Angela Merkel, that surprised and angered allies.

Brazil’s Ambassador Antonio de Aguiar Patriota said the resolution “establishes for the first time that human rights should prevail irrespective of the medium, and therefore need to be protected online and offline”.

The resolution expresses deep concern at “the negative impact” that such surveillance, “in particular when carried out on a mass scale, may have on the exercise and enjoyment of human rights”.

German Ambassador Peter Wittig asked: “Is the human right to privacy still protected in our digital world? And should everything that is technologically feasible, be allowed?”

The consensus adoption of the resolution means it will also unanimously pass the whole 193-member General Assembly in December. General Assembly resolutions aren’t legally binding, but reflect world opinion and carry political weight.

The United States did not fight the measure after it engaged in lobbying last week with Britain, Canada, Australia and New Zealand, which comprise the Five Eyes intelligence-sharing group, to dilute some of the draft resolution’s language.

The key compromise dropped the contention that the domestic and international interception and collection of communications and personal data, “in particular massive surveillance,” may constitute a human rights violation.

US delegate Elizabeth Cousens told the committee that the United States welcomed Brazil and Germany’s sponsorship of the resolution and was pleased to support “privacy rights and the right to freedom of expression”.

The draft resolution directs the UN human rights chief to report to the Human Rights Council and the General Assembly on the protection and promotion of privacy “in the context of domestic and extraterritorial surveillance… including on a mass scale”.

Last week, five major human rights and privacy groups – Amnesty International, Human Rights Watch, The Electronic Frontier Foundation, Access and Privacy International – said this will guarantee that the privacy issue stays on the front burner at the United Nations.

Human Rights Watch general counsel Dina PoKempner said that though the resolution was “watered down” it was still a “vital first step toward stigmatising indiscriminate global surveillance as a wide-scale violation of human rights”.

The director of the human rights programme at the American Civil Liberties Union, Jamil Dakwar, said: “Yet again, the US is paying lip service to human rights when it comes to holding intelligence services accountable overseas. It is regrettable that the US is investing time to circumvent the universal human right to privacy rather than setting a new course by ending dragnet surveillance.”

The US has been trying to calm tensions with Brazil and Germany over the reported spying.

Rousseff cancelled a state visit to Washington after classified documents leaked by former National Security Agency analyst Edward Snowden showed that the NSA hacked the computer network of Brazil’s state-run oil company Petrobras and scooped up data on emails and telephone calls flowing through the country.

Merkel and other European leaders expressed anger after reports that the NSA allegedly monitored Merkel’s cellphone and swept up millions of French telephone records.


Henry Sapiecha

blue cam line



Cyber-attack image


Companies are facing an alarming rise of cyber-attacks threats as they cut costs, rely more on the Internet, automate equipment, and run mines remotely, a new study by Ernst & Young shows.

The survey, conducted among nearly 40 mining and metal companies and published Wednesday, reveals that 41% of respondents has experienced more external attempts of hacking during the past year.

The participants believed to be behind cyber-attacks had also broadened, to include national governments, the report says.

“It was once thought that hackers were rebellious young students who would target symbols of authority as a protest and a reflection of their technological prowess (…) The list of cyber adversaries has grown to include criminals, national governments and hacktivists, and their target list has likewise grown,” Ernst & Young’s report shows.

top secret report folder





Somewhere between the cyber espionage that outed the US as Big Brother Inc and the phone-hacking scandal that sank Rupert Murdoch’s British form of journalism, the real news of the world may be Spies ‘R’ Us.

There is now enough equipment available via the internet to turn anybody into their own James and Ja’mie Bonds.

The US/Murdoch shenanigans – plus the report that some embassies are being used to intercept Asian phone calls and data as part of a US-global spying network – came courtesy of high-end, high-tech gear operated by highly experienced pros.

But people can buy lots of devices – mobile phone monitors, listening bugs, night-vision cameras, vehicle tracking equipment, thermal imaging cameras, video cameras hidden in pens, flash light/stun guns and a hundred other pieces of equipment – that are relatively cheap and light years removed from the invisible ink and shortwave radio of the spy craft of yesteryear.

Private detectives say the rise of the spy gear trade came out of the spouse-busting business.

”It was helpful in divorce cases but quickly became evident how useful this sort of equipment is in various situations,” one former NSW Australian police officer said. ”The whole business got a huge kick along after 9/11 when heightened fears made everybody just a little bit scared of things they never once feared.”

The US is taking flak now because of reports its National Security Agency monitored German Chancellor Angela Merkel’s mobile phone. It’s a fine irony. Ms Merkel once recalled her parents were nervous whenever she talked for too long on the phone. ”Hang up! The Stasi is listening and it’s all being recorded,” her mother said, according to one biography.

Coincidentally, as the Merkel revelations raged, Russia was forced to deny Italian reports it had equipped USB flash drives and cables to charge the mobile phones given to foreign delegates to the G20 meeting at St Petersburg in September with technology to retrieve data from computers and telephones.

Meanwhile, whistleblower Thomas Drake, a former senior executive at the NSA, told the ABC this week it was alarming that a nation would spy on those it considered an ally.

”Spying on others is considered the world’s second oldest profession and so the idea that nation states would engage in spying on others is no surprise, not at all,” he said.

”I think what’s particularly pernicious here is the fact we’re actually listening on the personal communications of the highest levels of governments in countries that are supposed to be our allies and are actually partnered with us in ensuring that we deal and defend against threats to international order and stability.”

Since humans started building empires and information considered secret or confidential was obtained without permission, people have been calling military intelligence an oxymoron.

But it took the British to turn spying into high romance. At empire high noon, the 1903 novel The Riddle of the Sands: A Record of Secret Service by Erskine Childers established the spy thriller. Half a century later, as the sun set on empire, John Le Carre’s George Smiley and Ian Fleming’s James Bond kept the Union Jack fluttering.

But Smiley’s pragmatic calculations and Bond’s louche bedroom antics have been replaced in real life by high-tech cloak and dagger and, as WikiLeaks and Edward Snowden prove, the rise of Everyman espionage.

The methods

Hidden cameras
Commercially available, can operate in low light conditions and detect motion.

Hidden camera detector
Scans for power use, transmissions or even low levels of light reflected back from a tiny camera lens.

GPS trackers
Can be attached magnetically to vehicles. Battery powered to operate for weeks.

Directional microphones
Magnifies sound from a long distance away and stores in a digital recording device.

Camera glasses
Minature cameras attached to sunglasses can covertly record anything in line of sight.

blue cam line