The Washington Post

Below are stories from my time as a technical expert and security advisor at the Washington Post where I co-authored articles about the Snowden documents and other privacy news. I also appear in the occasional video segment explaining the stories.

Articles on the Snowden Files
SIGINT Tree Privacy watchdog’s next target: the least-known but biggest aspect of NSA surveillance The Privacy and Civil Liberties Oversight Board plans to review signals intelligence collection under Executive Order 12333. Read our analysis here.
Communication breakdown In NSA-intercepted data, those not targeted far outnumber the foreigners who are Barton Gellman, Julie Tate, and I break the news that the vast majority of communications intercepted by the NSA were from individuals who were not the intended surveillance target. You can read the article here and see a more detailed graphic of the communication breakdown here. Additionally, Barton wrote a behind-the-scenes look at how we report on these documents which is available here.
mystic NSA surveillance program reaches ‘into the past’ to retrieve, replay phone calls We report on the NSA’s ability to record 100% of a foreign country’s calls and review them with TiVo-like capability.
ItalianSpy Italian spyware firm relies on U.S. Internet servers The Italian company uses servers in America to hack on journalists and activists around the world. While not part of the reporting on the Snowden files, this article discusses tools of government surveillance.
NSA uses Google cookies to pinpoint targets for hacking Intelligence agencies leverage commercial tracking cookies used by Google to identify otherwise anonymous web users.
  Panel urges new curbs on surveillance by U.S. A 5-member panel appointed by President Obama prepared a 300 page report recommending significant limits on government surveillance. Read the report here.
  By cracking cellphone code, NSA has capacity for decoding private conversations The outdated encryption technology used in most cell phones is vulnerable to attacks from hackers, foreign operators, and government surveillance.
New documents show how the NSA infers relationships based on mobile location data Following a person’s cell phone as it searches for towers can reveal a lot of information about a person, including whether or not they are following an American agent abroad.
NSA tracking cellphone locations worldwide, Snowden documents show The NSA collects massive amounts of cell location records to determine if anyone, including US citizens, are co-traveling with suspected targets. 
NSA infiltrates links to Yahoo, Google data centers worldwide, Snowden documents say  The NSA taps into the private lines of connecting the data centers of email providers like Gmail, scooping up American’s information in the process. 
Related: How we know the NSA had access to internal Google and Yahoo cloud data
NSA collects millions of e-mail address books globally The NSA intercepts e-mail address books and “buddy lists” from instant messaging services, including those of Americans, to the tune of 250 million a year.

Related: Here’s everything you should know about NSA address book spying in one FAQ
Secret NSA documents show campaign against Tor encrypted network The Washington Post reports on a 49-page research paper produced by the NSA that describes tactics to unmask TOR users. Read more.

Privacy and Security News
WP Cricket Mobile ISP Cricket was thwarting encrypted emails, researchers find Some customers of popular prepaid-mobile company Cricket were unable to send or receive encrypted e-mails for many months, according to security researchers, raising concerns that consumers may find that protecting their privacy is not always in their hands.
WP T mobile T-Mobile quietly hardens part of its U.S. cellular network against snooping Wireless carrier T-Mobile US has been quietly upgrading its network in a way that makes it harder for surveillance equipment to eavesdrop on calls and monitor texts. The upgrade involves switching to a new encryption standard, called A5/3, that is harder to crack than older forms of encryption
Personal information of almost 100,000 people exposed through flaw on site for transcripts The data included names, addresses, e-mail addresses, phone numbers, dates of birth, mothers’ maiden names and the last four digits of the users’ Social Security numbers. Although there is no evidence the data were stolen, privacy advocates say the availability of such basic personal information heightens the risk of identity theft.
WP Yosemite screen Apple’s Mac computers can automatically collect your location information The function is part of Spotlight search, which was updated with last week’s launch of Apple’s latest operating system, Yosemite OS X. Once Yosemite is installed, users searching for files – even on their own hard drives — have their locations, unique identifying codes and search terms automatically sent to the company, keystroke by keystroke.
 China hacking FBI warns industry of Chinese cyber campaign The FBI has issued a private warning to industry that a group of highly skilled Chinese government hackers was in the midst of a long-running campaign to steal valuable data from U.S. companies and government agencies.
DSCF11731412553852 The ethics of Hacking 101 Professors at key universities are players in a controversial area of technology: the teaching and practice of what is loosely called “cyberoffense.” Unsurprisingly, ethics is a big issue in this field. (Photo by Ashkan Soltani)
iphone Apple’s new feature to curb phone tracking won’t work if you’re actually using your phone A highly praised privacy feature, first revealed by Apple in June, is designed to prevent unwanted retail tracking that occurs as consumers move around malls. But the feature only works on select phones, namely the iPhone 5s, when the phone is locked and location capabilities such as GPS are disabled.
ISMIcatchers Tech firm tries to pull back curtain on surveillance efforts in Washington For years, researchers have warned of the growing prevalence of ISMI equipment. We take a ride with cellphone security specialists to understand the prevalence of mobile spygear in the Washington area.
Yahoo Yahoo’s uphill battle to secure its users’ privacy After years of pressure from experts, Yahoo announced it is increasing the security of its services including securing traffic that moves between their servers and encrypting most search queries automatically.
 Microsoft Companies e-mail sensitive data to law enforcement The Syrian Electronic Army posted stolen documents online that include emails between Microsoft’s government compliance staff and various law enforcement officers. These emails indicate that Microsoft sends sensitive data without sufficient security. There are no laws requiring that information sent as part of criminal law enforcement investigations be kept secure.
  Research shows how MacBook Webcams can spy on their users without warning Researchers at Johns Hopkins University confirm statements by Marcus Thomas, former assistant director of the FBI’s Operational Technology Division in Quantico, that it is possible to turn on some MacBook cameras without the telltale light also activating. dubs ‘privacy’ their word of the year. But visiting their homepage sets 90 cookies. 
Why Apple’s claim that it can’t intercept iMessages is largely semanticsMy take on a debate over whether or not iMessages are completely safe from prying NSA eyes. Spoiler alert: I don’t think they are.
  Yahoo to make SSL encryption the default for Webmail users. Finally. As a direct response to our reporting about the NSA’s collection of user’s address books and chat buddies, Yahoo announces plans to encrypt their users’ traffic by default. Better late than never.

Video Segments
WP Yosemite screen How Apple’s OS X Yosemite tracks you Apple’s increased location tracking in its newest operating system, OS X Yosemite, has alarmed many Mac users. I explain the updated Spotlight search function and the privacy concerns.
PostTV Pulitzer Option 1 The Snowden files decoded I was on a panel with the rest of the reporting team credited with winning the 2014 Pulitzer for Public Service. We spoke about decoding the documents and took questions from the audience. Twitter recap here.
MYSTIC video NSA surveillance program reaches ‘into the past’ to retrieve, replay phone calls I discuss our reporting of the NSA’s “MYSTIC” program.
Webcams can record secretly Watch me demonstrate how to disable the light that indicates a MacBook’s camera is active.
  Reporter: For NSA, Google cookies allow ‘laser-guided’ targeting
  Reporter explains NSA collection of cellphone data