Menu lock

Companies

Jul 12, 2013

5 comments

Telstra

Telstra was compelled to strike a 2001 deal with the FBI and the US Department of Justice to give them surveillance access to the undersea cables owned by its subsidiary Reach, a new document released online and provided to Crikey reveals.

The document shows Telstra, at that stage majority-owned by the Howard government, and its partner Pacific Century Cyber Works (now PCCW), then controlled by Hong Kong businessman Richard Li, agreed to provide the FBI with around-the-clock access to Reach’s cables to spy on communications going into and out of the United States. It is signed by Telstra’s then-company secretary Douglas Gration, then-deputy assistant US attorney-general John G. Malcolm, Alex Arena of PCCW, Alistair Grieve of Reach and Larry R. Parkinson of the FBI.

Reach, headquartered in Hong Kong, is said to control more than 40 major telecommunications cables going into and out of the Asia-Pacific, including cables into and from China and Australia.

Claiming that “US communications systems are essential to the ability of the US government to fulfill its responsibilities to the public to preserve the national security of the United States, to enforce the laws, and to maintain the safety of the public”, the agreement places a number of requirements on Reach, Telstra and PCCW:

  • All customer billing data to be stored for two years;
  • Ability to provide to agencies any stored telecommunications or internet communications and comply with preservation requests;
  • Ability to provide any stored meta-data, billing data or subscriber information about US customers;
  • They are not to comply with any foreign privacy laws that might lead to mandatory destruction of stored data;
  • Plans and infrastructure to demonstrate other states cannot spy on US customers;
  • They are not to comply with information requests from other countries without DoJ permission;
  • A requirement to:

“… designate points of contact within the United States with the authority and responsibility for accepting and overseeing the carrying out of Lawful US Process to conduct Electronic Surveillance of or relating to Domestic Communications carried by or through Domestic Communications Infrastructure; or relating to customers or subscribers of Domestic Communications Companies. The points of contact shall be assigned to Domestic Communications Companies security office(s) in the United States, shall be available twenty-four (24) hours per day, seven (7) days per week and shall be responsible for accepting service and maintaining the security of Classified Information and any Lawful US Process for Electronic Surveillance … The Points of contact shall be resident US citizens who are eligible for US security clearances…”;

  • A requirement to keep such surveillance confidential, and to use US citizens “who meet high standards of trustworthiness for maintaining the confidentiality of Sensitive Information” to handle requests;
  • A right for the FBI and the DoJ to conduct inspection visits of the companies’ infrastructure and offices; and
  • An annual compliance report, to be protected from Freedom of Information requests.

The US is able to impose the agreements even on offshore companies because of Federal Communications Commission licensing requirements for the provision of telecommunications services into and out of the US, which can be made subject to conditions relating to national security and law enforcement.

It’s important to note that “Domestic Communications” in the agreement means the “US portion” of communications that originate or terminate in the United States, although “portion” isn’t defined and could extend to all communication on infrastructure physically located in the US, which would in practice mean all communication going into or out of or through the US. Moreover, surveillance can also be conducted “relating” to customers or subscribers, regardless of where the relevant communication is.

A Telstra spokesman told Crikey:

“This agreement, at that time 12 years ago, reflected Reach’s operating obligations in the US that require carriers to comply with US domestic law.”

The existence of such agreements with cable owners was revealed by The Washington Post last weekend in the wake of revelations about the extent of FBI, National Security Agency and other US government internet and phone surveillance. On Tuesday, a long list of such agreements, complete with the documents, was published by the Public Intelligence website, covering the period from 1999 through to 2011 and a variety of cable owners from Europe, the Americas and Asia. The web of agreements ensures agencies such as the FBI can access all internet and telephone communications going into and out of the US for surveillance purposes.

Update: The article has been amended: the agreement between the companies and US agencies was filed with the FCC and thus not “secret” as originally described.

Companies

Jan 20, 2012

5 comments

In a dramatic response to the increasingly sucessful internet campaign to halt the draconian SOPA and PIPA bills before Congress, US authorities have targeted one of the major filesharing sites in an international operation.

Overnight, the Megaupload site and related portals were taken down by the Department of Justice after a grand jury indicted the company. The charges against Megaupload are extensive and reek of overkill; they include racketeering, conspiracy, money laundering and copyright infringement, with the indictment terming it all “Mega Conspiracy”. Four people were arrested in New Zealand, including millionaire CEO Kim Schmitz (AKA “Kim Dotcom”), a convicted embezzler and inside trader. Assets worth $50 million are said to have been seized as well.

In response, the websites of the Department of Justice, the Universal Music Group, the Motion Picture Association of America and the Recording Industry Association of America were all taken down in a denial-of-service attack. At the time of writing, the Department of Justice site was still down. The attack, using a newer version of the LOIC software, appeared to have been coordinated by Anonymous, and was said to have been even bigger in user numbers than the attacks that took the Visa, Mastercard and PayPal sites down in response to the financial blockade of WikiLeaks in 2010.

A number of prosecutions are still pending in the US from those 2010 attacks. This time around, LOIC users are being told of the need to protect their IP addresses, and being offered legal services in the event they’re arrested.

Megaupload isn’t a torrent-based site like, for example, Pirate Bay (linking to which, incidentally, would be illegal in the US under SOPA) but an open file-sharing site used for uploading and downloading large files — which inevitably includes copyrighted content as well as legitimate content for corporate and personal use. The company behind it has long insisted it operates legally by complying with the requirements of the US Digital Millenium Copyright Act, but it is a major target of the copyright industry, and has also been blocked by China, Saudia Arabia and Malaysia.

US authorities insisted the takedown and arrests were unrelated to the SOPA debate, a claim made all the harder to believe given the US Department of Justice’s recent history of attacks on the internet. It is the DoJ that demanded confidential information from social media companies and Google about WikiLeaks supporters, and tried to keep it secret; it is the DoJ that brought together the parties that plotted an effort to destroy WikiLeaks and smear journalists and activists; it was the DoJ that proposed in November to criminalise breaching internet companies’ terms of service (you know, those 20,000 word screeds none of us ever read?).

The interesting thing about the raids, however, is that they demonstrate the remarkable power the copyright industry has under existing law to attack those it deems its enemies. The cartel was able to rely on the US Department of Justice and an international police operation to attack a company over what, before the internet, was a purely civil matter of copyright breach. In a world where the New Zealand police readily do the bidding of the US copyright industry, the provisions of SOPA are far beyond overkill.