Intercept, The

Following the vote by the Federal Communication Commission to unwind the net neutrality rules enacted during the Obama administration, House Republican lawmakers received an email from GOP leadership on how to defend the decision. “Want more information on the net neutrality discussion?” wrote House Republican Conference Chairman Cathy McMorris Rodgers (R-WA). “Here is a nifty toolkit with news resources, myth vs reality information, what others are saying, and free market comments.”

The attached packet of talking points came directly from the cable industry. The metadata of the document shows it was created by Kerry Landon, the assistant director of industry grassroots at the National Cable and Telecommunications Association, a trade group that lobbies on behalf of Comcast, Cox Communications, Charter, and other cable industry companies. The document was shared with House Republican leaders via “Broadband for America,” a nonprofit largely funded by the NCTA. “The FCC is wisely repealing the reckless decision of its predecessors to regulate competing internet service providers,” reads one of the document’s talking points. “We rightly protest when governments around the world seek to place political controls over the internet, and the same should apply here in America,” according to another. The document also refers GOP caucus members to quotes they can use from other industry-funded nonprofits to defend the decision to repeal net neutrality through the rollback of Title II reclassification.

Congressional Republicans are baldly enticing donors with the promise of meetings with senior legislative staff, effectively placing access to congressional employees up for sale to professional influence peddlers and other well-heeled interests. Documents show that the National Republican Senatorial Committee and the National Republican Congressional Committee are both telling donors that in exchange for campaign contributions, they will receive invitations to special events to meet with congressional staff including chiefs of staff, leadership staffers, and committee staffers.

While selling donors access to senators and representatives and their campaign staff is nothing new, the open effort to sell access to their legislative staff — the taxpayer-funded government employees who work behind the scenes to write legislation, handle investigations, and organize committee hearings — appears to be in violation of ethics rules that prohibit campaigns from using House and Senate resources in any way. Congressional ethics rules flatly forbid Capitol Hill employees from engaging in fundraising activities as part of their official duties. Any explicit fundraising work must be done strictly as a volunteer, and there must be a clear firewall separating government work from campaign work. It’s arguably the last fig leaf left when it comes to giving the appearance that campaign contributions are not directly linked to official acts.

The two lawmakers most responsible for rolling back landmark internet browsing privacy protections were richly rewarded by telecommunication giants. Verizon, AT&T, Cox Enterprises, the US Telecom Association, and CTIA, the trade association for the major cell phone carriers, appeared to single out the original sponsors of the repeal resolution — Sen Jeff Flake (R-AZ) and House Communications Subcommittee Chair Marsha Blackburn (R-TN) — for particularly generous campaign contributions.

A Verizon political action committee filing shows that most lawmakers received between $500 and $1,000 from the firm during the first three months of this year. But Sen Flake received $8,000 and Chairman Blackburn received $4,500. Chairman Blackburn received $5,000 from the CTIA, the most of any House member. House Speaker Paul Ryan (R-WI) only received $2,500 from the group during the same time period.

A new report from Rand Corp may help shed light on the government’s arsenal of malicious software, including the size of its stockpile of so-called “zero days” — hacks that hit undisclosed vulnerabilities in computers, smartphones, and other digital devices. The report also provides evidence that such vulnerabilities are long lasting.

The findings are of particular interest because not much is known about the US government’s controversial use of zero days. Officials have long refused to say how many such attacks are in the government’s arsenal or how long it uses them before disclosing information about the vulnerabilities they exploit so software vendors can patch the holes. Rand’s report is based on unprecedented access to a database of zero days from a company that sells them to governments and other customers on the “gray market.” The collection contains about 200 entries — about the same number of zero days some experts believe the government to have. Rand found that the exploits had an average lifespan of 6.9 years before the vulnerability each targeted was disclosed to the software maker to be fixed, or before the vendor made upgrades to the code that unwittingly eliminated the security hole. Some of the exploits survived even longer than this. About 25 percent had a lifespan of a decade or longer. But another 25 percent survived less than 18 months before they were patched or rendered obsolete through software upgrades.

Donald Trump has inherited the most powerful machine for spying ever devised. How this petty, vengeful man might wield and expand the sprawling American spy apparatus, already vulnerable to abuse, is disturbing enough on its own. But the outlook is even worse considering Trump’s vast preference for private sector expertise and new strategic friendship with Silicon Valley billionaire investor Peter Thiel, whose controversial (and opaque) company Palantir has long sought to sell governments an unmatched power to sift and exploit information of any kind. Thiel represents a perfect nexus of government clout with the kind of corporate swagger Trump loves. The Intercept can now reveal that Palantir has worked for years to boost the global dragnet of the NSA and its international partners, and was in fact co-created with American spies.

Leading Civil Rights groups who for many years have been heavily bankrolled by the telecommunications industry are signaling their support for Donald Trump’s promised rollback of the Obama administration’s network neutrality rules, which prevent internet service providers from prioritizing some content providers over others.

In a little-noticed joint letter released recently, the NAACP, Asian Americans Advancing Justice, OCA (formerly known as the Organization for Chinese Americans), the National Urban League, and other civil rights organizations sharply criticized the “jurisdictional and classification problems that plagued the last FCC” — a reference to the legal mechanism used by the Obama administration to accomplish net neutrality. Instead of classifying broadband as a public utility, the letter states, open internet rules should be written by statute. What does that mean? It means the Republican-led Congress should take control of the process — the precise approach that is favored by industry.

Rules governing the use of national security letters allow the FBI to obtain information about journalists’ calls without going to a judge or informing the targeted news organization. Secret FBI rules allow agents to obtain journalists’ phone records with approval from two internal officials — far less oversight than under normal judicial procedures. The classified rules, obtained by The Intercept and dating from 2013, govern the FBI’s use of national security letters, which allow the bureau to obtain information about journalists’ calls without going to a judge or informing the news organization being targeted. They have previously been released only in heavily redacted form.

Media advocates said the documents show that the FBI imposes few constraints on itself when it bypasses the requirement to go to court and obtain subpoenas or search warrants before accessing journalists’ information. The rules stipulate that obtaining a journalist’s records with a national security letter requires the signoff of the FBI’s general counsel and the executive assistant director of the bureau’s National Security Branch, in addition to the regular chain of approval. Generally speaking, there are a variety of FBI officials, including the agents in charge of field offices, who can sign off that an NSL is “relevant” to a national security investigation.

Out of nine US technology firms contacted by The Intercept earlier in Nov, only one — Twitter — would rule out participating in the creation of a national Muslim registry, something President-elect Donald Trump has floated as a possibility.

On Dec 12, 22 advocacy groups sent a letter to the other eight companies, urging them to take a stand. The letter is signed jointly by a coalition including major progressive and human rights organizations: CREDO, Muslim Advocates, Color of Change, Courage Campaign, Democracy for America, #AllOfUs, Amnesty International USA, Asian Law Caucus, Bend the Arc Jewish Action, Center for Constitutional Rights, Center for Media Justice, Daily Kos, Demand Progress, Desis Rising Up and Moving, Faithful America, Fight for the Future, Free Press, Mijente, MPower Change, Presente, Sum of Us, Ultraviolet. Below is the version of the letter sent to Google. Copies are also being sent to Microsoft, IBM, Facebook, Booz Allen Hamilton, SRA International, CGI, and Apple.

Ten years ago, the FBI sent Brewster Kahle, founder of the Internet Archive, a now-infamous type of subpoena known as a National Security Letter, demanding the name, address and activity record of a registered Internet Archive user. The letter came with an everlasting gag order, barring Kahle from discussing the order with anyone but his attorney — not even his wife could know. But Kahle did eventually talk about it, calling the order “horrendous,” after challenging its constitutionality in a joint legal effort with the Electronic Frontier Foundation and the American Civil Liberties Union. As a result of their fight, the FBI folded, rescinding the NSL and unsealing associated court records rather than risk a ruling that their surveillance orders were illegal.

Now, Kahle and the archive are notching another victory, one that underlines the progress their original fight helped set in motion. The archive, a nonprofit online library, has disclosed that it received another NSL in August, its first since the one it received and fought in 2007. Once again it pushed back, but this time events unfolded differently: The archive was able to challenge the NSL and gag order directly in a letter to the FBI, rather than through a secretive lawsuit. In November, the bureau again backed down and, without a protracted battle, has now allowed the archive to publish the NSL in redacted form.

Apple emerged as a guardian of user privacy this year after fighting FBI demands to help crack into San Bernardino (CA) shooter Syed Rizwan Farook’s iPhone. The company has gone to great lengths to secure customer data in recent years, by implementing better encryption for all phones and refusing to undermine that encryption. But private information still escapes from Apple products under some circumstances.

The latest involves the company’s online syncing service iCloud. Russian digital forensics firm Elcomsoft has found that Apple’s mobile devices automatically send a user’s call history to the company’s servers if iCloud is enabled — but the data gets uploaded in many instances without user choice or notification. “You only need to have iCloud itself enabled” for the data to be sent, said Vladimir Katalov, CEO of Elcomsoft. The logs surreptitiously uploaded to Apple contain a list of all calls made and received on an iOS device, complete with phone numbers, dates and times, and duration. They also include missed and bypassed calls. Elcomsoft said Apple retains the data in a user’s iCloud account for up to four months, providing a boon to law enforcement, who may not be able to obtain the data either from the user’s carrier, who may retain the data for only a short period, or from the user’s device, if it’s encrypted with an unbreakable passcode.