Media

FAIRWAY, KS -- Texas and Missouri no longer square off as Big 12 opponents, but governors Rick Perry and Jay Nixon--with some help from Missouri's media--have ignited a new interstate rivalry. Perry, a Republican, has recently taken his ongoing job-poaching tour to the Show-Me State, running radio and TV ads in Missouri markets, and making an appearance in Chesterfield, MO,...

Scientific American has been on a food spree recently. Its September issue is food-themed, with pieces ranging from the conflicting science of GMOs to a Gary Taubes feature on obesity, and its website has been running food-themed content all week. And this food focus is continuing with an ongoing blog. Launched on Tuesday, "Food Matters" aims to cover the topic...

by Jeff Larson, ProPublica, Nicole Perlroth, The New York Times, and Scott Shane, The New York Times

.commons-link-inactive { display: none !important; }

Note: This story is not subject to our Creative Commons license.

Closer Look: Why We Published the Decryption Story

Sept. 6: This story has been updated with a response from the Office of the Director of National Intelligence.

The National Security Agency is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age, according to newly disclosed documents.

This story has been reported in partnership between The New York Times, the Guardian and ProPublica based on documents obtained by The Guardian.

For the Guardian: James Ball, Julian Borger, Glenn Greenwald
For the New York Times: Nicole Perlroth, Scott Shane
For ProPublica: Jeff Larson

The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show.

Many users assume — or have been assured by Internet companies — that their data is safe from prying eyes, including those of the government, and the N.S.A. wants to keep it that way. The agency treats its recent successes in deciphering protected information as among its most closely guarded secrets, restricted to those cleared for a highly classified program code-named Bullrun, according to the documents, provided by Edward J. Snowden, the former N.S.A. contractor.

.right-sidebar-media { width: 290px; float:right; margin: 0 0 12px 12px; } .right-sidebar-media h2.definition { font-size: 20px; font-weight: bold; font-family: "ff-meta-serif-web-1", "ff-meta-serif-web-2", "Georgia", serif; margin-bottom: 10px; } .right-sidebar-media ul { list-style: disc; margin-left: 1.2em; } .right-sidebar-media ul li { font-size: 13px; left: 1.2em; margin-right: 1.2em; } .right-sidebar-media p.definition .termtbd { text-transform: uppercase; font-weight: bold; } What's New Here

• The NSA has secretly and successfully worked to break many types of encryption, the widely used technology that is supposed to make it impossible to read intercepted communications.
• Referring to the NSA's efforts, a 2010 British document stated: "Vast amounts of encrypted Internet data are now exploitable." Another British memo said: "Those not already briefed were gobsmacked!"
• The NSA has worked with American and foreign tech companies to introduce weaknesses into commercial encryption products, allowing backdoor access to data that users believe is secure.
• The NSA has deliberately weakened the international encryption standards adopted by developers around the globe.

Documents

• BULLRUN Briefing Sheet from GCHQ
• SIGINT Enabling Project

Beginning in 2000, as encryption tools were gradually blanketing the Web, the N.S.A. invested billions of dollars in a clandestine campaign to preserve its ability to eavesdrop. Having lost a public battle in the 1990s to insert its own “back door” in all encryption, it set out to accomplish the same goal by stealth.

The agency, according to the documents and interviews with industry officials, deployed custom-built, superfast computers to break codes, and began collaborating with technology companies in the United States and abroad to build entry points into their products. The documents do not identify which companies have participated.

The N.S.A. hacked into target computers to snare messages before they were encrypted. And the agency used its influence as the world’s most experienced code maker to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world.

“For the past decade, N.S.A. has led an aggressive, multipronged effort to break widely used Internet encryption technologies,” said a 2010 memo describing a briefing about N.S.A. accomplishments for employees of its British counterpart, Government Communications Headquarters, or GCHQ. “Cryptanalytic capabilities are now coming online. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.”

When the British analysts, who often work side by side with N.S.A. officers, were first told about the program, another memo said, “those not already briefed were gobsmacked!”

An intelligence budget document makes clear that the effort is still going strong. “We are investing in groundbreaking cryptanalytic capabilities to defeat adversarial cryptography and exploit Internet traffic,” the director of national intelligence, James R. Clapper Jr., wrote in his budget request for the current year.

In recent months, the documents disclosed by Mr. Snowden have described the N.S.A.’s broad reach in scooping up vast amounts of communications around the world. The encryption documents now show, in striking detail, how the agency works to ensure that it is actually able to read the information it collects.

The agency’s success in defeating many of the privacy protections offered by encryption does not change the rules that prohibit the deliberate targeting of Americans’ e-mails or phone calls without a warrant. But it shows that the agency, which was sharply rebuked by a federal judge in 2011 for violating the rules and misleading the Foreign Intelligence Surveillance Court, cannot necessarily be restrained by privacy technology. N.S.A. rules permit the agency to store any encrypted communication, domestic or foreign, for as long as the agency is trying to decrypt it or analyze its technical features.

The N.S.A., which has specialized in code-breaking since its creation in 1952, sees that task as essential to its mission. If it cannot decipher the messages of terrorists, foreign spies and other adversaries, the United States will be at serious risk, agency officials say.

Just in recent weeks, the Obama administration has called on the intelligence agencies for details of communications by Qaeda leaders about a terrorist plot and of Syrian officials’ messages about the chemical weapons attack outside Damascus. If such communications can be hidden by unbreakable encryption, N.S.A. officials say, the agency cannot do its work.

But some experts say the N.S.A.’s campaign to bypass and weaken communications security may have serious unintended consequences. They say the agency is working at cross-purposes with its other major mission, apart from eavesdropping: ensuring the security of American communications.

Some of the agency’s most intensive efforts have focused on the encryption in universal use in the United States, including Secure Sockets Layer, or SSL, virtual private networks, or VPNs, and the protection used on fourth generation, or 4G, smartphones. Many Americans, often without realizing it, rely on such protection every time they send an e-mail, buy something online, consult with colleagues via their company’s computer network, or use a phone or a tablet on a 4G network.

For at least three years, one document says, GCHQ, almost certainly in close collaboration with the N.S.A., has been looking for ways into protected traffic of the most popular Internet companies: Google, Yahoo, Facebook and Microsoft’s Hotmail. By 2012, GCHQ had developed “new access opportunities” into Google’s systems, according to the document.

“The risk is that when you build a back door into systems, you’re not the only one to exploit it,” said Matthew D. Green, a cryptography researcher at Johns Hopkins University. “Those back doors could work against U.S. communications, too.”

Paul Kocher, a leading cryptographer who helped design the SSL protocol, recalled how the N.S.A. lost the heated national debate in the 1990s about inserting into all encryption a government back door called the Clipper Chip.

“And they went and did it anyway, without telling anyone,” Mr. Kocher said. He said he understood the agency’s mission but was concerned about the danger of allowing it unbridled access to private information.

“The intelligence community has worried about ‘going dark’ forever, but today they are conducting instant, total invasion of privacy with limited effort,” he said. “This is the golden age of spying.”

A Vital Capability

The documents are among more than 50,000 shared by The Guardian with The New York Times and ProPublica, the nonprofit news organization. They focus primarily on GCHQ but include thousands either from or about the N.S.A.

Intelligence officials asked The Times and ProPublica not to publish this article, saying that it might prompt foreign targets to switch to new forms of encryption or communications that would be harder to collect or read. The news organizations removed some specific facts but decided to publish the article because of the value of a public debate about government actions that weaken the most powerful tools for protecting the privacy of Americans and others.

The files show that the agency is still stymied by some encryption, as Mr. Snowden suggested in a question-and-answer session on The Guardian’s Web site in June.

“Properly implemented strong crypto systems are one of the few things that you can rely on,” he said, though cautioning that the N.S.A. often bypasses the encryption altogether by targeting the computers at one end or the other and grabbing text before it is encrypted or after it is decrypted.

The documents make clear that the N.S.A. considers its ability to decrypt information a vital capability, one in which it competes with China, Russia and other intelligence powers.

“In the future, superpowers will be made or broken based on the strength of their cryptanalytic programs,” a 2007 document said. “It is the price of admission for the U.S. to maintain unrestricted access to and use of cyberspace.”

The full extent of the N.S.A.’s decoding capabilities is known only to a limited group of top analysts from the so-called Five Eyes: the N.S.A. and its counterparts in Britain, Canada, Australia and New Zealand. Only they are cleared for the Bullrun program, the successor to one called Manassas — both names of American Civil War battles. A parallel GCHQ counterencryption program is called Edgehill, named for the first battle of the English Civil War of the 17th century.

Unlike some classified information that can be parceled out on a strict “need to know” basis, one document makes clear that with Bullrun, “there will be NO ‘need to know.’ ”

Only a small cadre of trusted contractors were allowed to join Bullrun. It does not appear that Mr. Snowden was among them, but he nonetheless managed to obtain dozens of classified documents referring to the program’s capabilities, methods and sources.

Ties to Internet Companies

When the N.S.A. was founded, encryption was an obscure technology used mainly by diplomats and military officers. Over the last 20 years, with the rise of the Internet, it has become ubiquitous. Even novices can tell that their exchanges are being automatically encrypted when a tiny padlock appears next to the Web address on their computer screen.

Because strong encryption can be so effective, classified N.S.A. documents make clear, the agency’s success depends on working with Internet companies — by getting their voluntary collaboration, forcing their cooperation with court orders or surreptitiously stealing their encryption keys or altering their software or hardware.

According to an intelligence budget document leaked by Mr. Snowden, the N.S.A. spends more than $250 million a year on its Sigint Enabling Project, which “actively engages the U.S. and foreign IT industries to covertly influence and/or overtly leverage their commercial products’ designs” to make them “exploitable.” Sigint is the abbreviation for signals intelligence, the technical term for electronic eavesdropping.

By this year, the Sigint Enabling Project had found ways inside some of the encryption chips that scramble information for businesses and governments, either by working with chipmakers to insert back doors or by surreptitiously exploiting existing security flaws, according to the documents. The agency also expected to gain full unencrypted access to an unnamed major Internet phone call and text service; to a Middle Eastern Internet service; and to the communications of three foreign governments.

In one case, after the government learned that a foreign intelligence target had ordered new computer hardware, the American manufacturer agreed to insert a back door into the product before it was shipped, someone familiar with the request told The Times.

The 2013 N.S.A. budget request highlights “partnerships with major telecommunications carriers to shape the global network to benefit other collection accesses” — that is, to allow more eavesdropping.

At Microsoft, as The Guardian has reported, the N.S.A. worked with company officials to get pre-encryption access to Microsoft’s most popular services, including Outlook e-mail, Skype Internet phone calls and chats, and SkyDrive, the company’s cloud storage service.

Microsoft asserted that it had merely complied with “lawful demands” of the government, and in some cases, the collaboration was clearly coerced. Executives who refuse to comply with secret court orders can face fines or jail time.

N.S.A. documents show that the agency maintains an internal database of encryption keys for specific commercial products, called a Key Provisioning Service, which can automatically decode many messages. If the necessary key is not in the collection, a request goes to the separate Key Recovery Service, which tries to obtain it.

How keys are acquired is shrouded in secrecy, but independent cryptographers say many are probably collected by hacking into companies’ computer servers, where they are stored. To keep such methods secret, the N.S.A. shares decrypted messages with other agencies only if the keys could have been acquired through legal means. “Approval to release to non-Sigint agencies,” a GCHQ document says, “will depend on there being a proven non-Sigint method of acquiring keys.”

Simultaneously, the N.S.A. has been deliberately weakening the international encryption standards adopted by developers. One goal in the agency’s 2013 budget request was to “influence policies, standards and specifications for commercial public key technologies,” the most common encryption method.

Cryptographers have long suspected that the agency planted vulnerabilities in a standard adopted in 2006 by the National Institute of Standards and Technology, the United States’ encryption standards body, and later by the International Organization for Standardization, which has 163 countries as members.

Classified N.S.A. memos appear to confirm that the fatal weakness, discovered by two Microsoft cryptographers in 2007, was engineered by the agency. The N.S.A. wrote the standard and aggressively pushed it on the international group, privately calling the effort “a challenge in finesse.”

“Eventually, N.S.A. became the sole editor,” the memo says.

Even agency programs ostensibly intended to guard American communications are sometimes used to weaken protections. The N.S.A.’s Commercial Solutions Center, for instance, invites the makers of encryption technologies to present their products and services to the agency with the goal of improving American cybersecurity. But a top-secret N.S.A. document suggests that the agency’s hacking division uses that same program to develop and “leverage sensitive, cooperative relationships with specific industry partners” to insert vulnerabilities into Internet security products.

A Way Around

By introducing such back doors, the N.S.A. has surreptitiously accomplished what it had failed to do in the open. Two decades ago, officials grew concerned about the spread of strong encryption software like Pretty Good Privacy, or P.G.P., designed by a programmer named Phil Zimmermann. The Clinton administration fought back by proposing the Clipper Chip, which would have effectively neutered digital encryption by ensuring that the N.S.A. always had the key.

That proposal met a broad backlash from an unlikely coalition that included political opposites like Senator John Ashcroft, the Missouri Republican, and Senator John Kerry, the Massachusetts Democrat, as well as the televangelist Pat Robertson, Silicon Valley executives and the American Civil Liberties Union. All argued that the Clipper would kill not only the Fourth Amendment, but also America’s global edge in technology.

By 1996, the White House backed down. But soon the N.S.A. began trying to anticipate and thwart encryption tools before they became mainstream.

“Every new technology required new expertise in exploiting it, as soon as possible,” one classified document says.

Each novel encryption effort generated anxiety. When Mr. Zimmermann introduced the Zfone, an encrypted phone technology, N.S.A. analysts circulated the announcement in an e-mail titled “This can’t be good.”

But by 2006, an N.S.A. document notes, the agency had broken into communications for three foreign airlines, one travel reservation system, one foreign government’s nuclear department and another’s Internet service by cracking the virtual private networks that protected them.

By 2010, the Edgehill program, the British counterencryption effort, was unscrambling VPN traffic for 30 targets and had set a goal of an additional 300.

But the agencies’ goal was to move away from decrypting targets’ tools one by one and instead decode, in real time, all of the information flying over the world’s fiber optic cables and through its Internet hubs, only afterward searching the decrypted material for valuable intelligence.

A 2010 document calls for “a new approach for opportunistic decryption, rather than targeted.” By that year, a Bullrun briefing document claims that the agency had developed “groundbreaking capabilities” against encrypted Web chats and phone calls. Its successes against Secure Sockets Layer and virtual private networks were gaining momentum.

But the agency was concerned that it could lose the advantage it had worked so long to gain, if the mere “fact of” decryption became widely known. “These capabilities are among the Sigint community’s most fragile, and the inadvertent disclosure of the simple ‘fact of’ could alert the adversary and result in immediate loss of the capability,” a GCHQ document outlining the Bullrun program warned.

Corporate Pushback

Since Mr. Snowden’s disclosures ignited criticism of overreach and privacy infringements by the N.S.A., American technology companies have faced scrutiny from customers and the public over what some see as too cozy a relationship with the government. In response, some companies have begun to push back against what they describe as government bullying.

Google, Yahoo and Facebook have pressed for permission to reveal more about the government’s secret requests for cooperation. One small e-mail encryption company, Lavabit, shut down rather than comply with the agency’s demands for what it considered confidential customer information; another, Silent Circle, ended its e-mail service rather than face similar demands.

In effect, facing the N.S.A.’s relentless advance, the companies surrendered.

Ladar Levison, the founder of Lavabit, wrote a public letter to his disappointed customers, offering an ominous warning. “Without Congressional action or a strong judicial precedent,” he wrote, “I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States.”

Update (9/6): Statement from the Office of the Director of National Intelligence:

It should hardly be surprising that our intelligence agencies seek ways to counteract our adversaries’ use of encryption. Throughout history, nations have used encryption to protect their secrets, and today, terrorists, cybercriminals, human traffickers and others also use code to hide their activities. Our intelligence community would not be doing its job if we did not try to counter that.

While the specifics of how our intelligence agencies carry out this cryptanalytic mission have been kept secret, the fact that NSA’s mission includes deciphering enciphered communications is not a secret, and is not news. Indeed, NSA’s public website states that its mission includes leading “the U.S. Government in cryptology … in order to gain a decision advantage for the Nation and our allies.”

The stories published yesterday, however, reveal specific and classified details about how we conduct this critical intelligence activity. Anything that yesterday’s disclosures add to the ongoing public debate is outweighed by the road map they give to our adversaries about the specific techniques we are using to try to intercept their communications in our attempts to keep America and our allies safe and to provide our leaders with the information they need to make difficult and critical national security decisions.

John Markoff contributed reporting for The New York Times.

by Stephen Engelberg and Richard Tofel

Sept. 6: This Closer Look has been updated with a response from the Office of the Director of National Intelligence.

ProPublica is today publishing a story in partnership with the Guardian and The New York Times about U.S. and U.K. government efforts to decode enormous amounts of Internet traffic previously thought to have been safe from prying eyes. This story is based on documents provided by Edward Snowden, the former intelligence community employee and contractor. We want to explain why we are taking this step, and why we believe it is in the public interest.

The story, we believe, is an important one. It shows that the expectations of millions of Internet users regarding the privacy of their electronic communications are mistaken. These expectations guide the practices of private individuals and businesses, most of them innocent of any wrongdoing. The potential for abuse of such extraordinary capabilities for surveillance, including for political purposes, is considerable. The government insists it has put in place checks and balances to limit misuses of this technology. But the question of whether they are effective is far from resolved and is an issue that can only be debated by the people and their elected representatives if the basic facts are revealed.

It’s certainly true that some number of bad actors (possibly including would-be terrorists) have been exchanging messages through means they assumed to be safe from interception by law enforcement or intelligence agencies. Some of these bad actors may now change their behavior in response to our story.

In weighing this reality, we have not only taken our own counsel and that of our publishing partners, but have also conferred with the government of the United States, a country whose freedoms give us remarkable opportunities as journalists and citizens.

Two possible analogies may help to illuminate our thinking here.

First, a historical event: In 1942, shortly after the World War II Battle of Midway, the Chicago Tribune published an article suggesting, in part, that the U.S. had broken the Japanese naval code (which it had). Nearly all responsible journalists we know would now say that the Tribune’s decision to publish this information was a mistake. But today’s story bears no resemblance to what the Tribune did. For one thing, the U.S. wartime code-breaking was confined to military communications. It did not involve eavesdropping on civilians.

The second analogy, while admittedly science fiction, seems to us to offer a clearer parallel. Suppose for a moment that the U.S. government had secretly developed and deployed an ability to read individuals’ minds. Such a capability would present the greatest possible invasion of personal privacy. And just as surely, it would be an enormously valuable weapon in the fight against terrorism.

Continuing with this analogy, some might say that because of its value as an intelligence tool, the existence of the mind-reading program should never be revealed. We do not agree. In our view, such a capability in the hands of the government would pose an overwhelming threat to civil liberties. The capability would not necessarily have to be banned in all circumstances. But we believe it would need to be discussed, and safeguards developed for its use. For that to happen, it would have to be known.

There are those who, in good faith, believe that we should leave the balance between civil liberty and security entirely to our elected leaders, and to those they place in positions of executive responsibility. Again, we do not agree. The American system, as we understand it, is premised on the idea -- championed by such men as Thomas Jefferson and James Madison -- that government run amok poses the greatest potential threat to the people’s liberty, and that an informed citizenry is the necessary check on this threat. The sort of work ProPublica does -- watchdog journalism -- is a key element in helping the public play this role.

American history is replete with examples of the dangers of unchecked power operating in secret. Richard Nixon, for instance, was twice elected president of this country. He tried to subvert law enforcement, intelligence and other agencies for political purposes, and was more than willing to violate laws in the process. Such a person could come to power again. We need a system that can withstand such challenges. That system requires public knowledge of the power the government possesses. Today’s story is a step in that direction.

Update (9/6): Statement from the Office of the Director of National Intelligence:

It should hardly be surprising that our intelligence agencies seek ways to counteract our adversaries’ use of encryption. Throughout history, nations have used encryption to protect their secrets, and today, terrorists, cybercriminals, human traffickers and others also use code to hide their activities. Our intelligence community would not be doing its job if we did not try to counter that.

While the specifics of how our intelligence agencies carry out this cryptanalytic mission have been kept secret, the fact that NSA’s mission includes deciphering enciphered communications is not a secret, and is not news. Indeed, NSA’s public website states that its mission includes leading “the U.S. Government in cryptology … in order to gain a decision advantage for the Nation and our allies.”

The stories published yesterday, however, reveal specific and classified details about how we conduct this critical intelligence activity. Anything that yesterday’s disclosures add to the ongoing public debate is outweighed by the road map they give to our adversaries about the specific techniques we are using to try to intercept their communications in our attempts to keep America and our allies safe and to provide our leaders with the information they need to make difficult and critical national security decisions.

I confess that I've been watching all the coverage of Amanda Lindhout's book with a bit of chagrin. Lindhout, who traveled to Somalia as an aspiring journalist in 2008, was kidnapped along with her photographer companion and their guides. She spent 15 months in captivity before her family finally hired a private security firm and raised the ransom money. Later...

by Minhee Cho

Drones, or “unmanned aerial vehicles” as the military prefers to call them, have been used to strike al Qaeda targets in Yemen, Pakistan and Somalia as a centerpiece of the Obama administration’s national security protocol. But as ProPublica fellow Cora Currier has detailed in her reporting, much of the drone war remains shrouded in secrecy.

She joins ProPublica editor-in-chief Steve Engelberg in the Storage Closet Studio this week to discuss how drone targets are selected, what exactly a “signature” is (and how it can get you killed), and how officials often frame the conflict in Yemen and Pakistan as the “least bad war” in terms of civilian casualties but public blowback might soon change that calculation.

You can read more of ProPublica’s reporting on drones on our series page. You can also listen to this podcast on iTunes and Stitcher.

The Los Angeles Times drops into the debate over whether or how much prices would have to rise at fast-food restaurants for their employees to get $15 an hour. Actually, this is the first time I've seen the question of whether prices would rise treated seriously. Even the bad-math types we've seen in the last few weeks have always assumed...

Yesterday, the board of Washington's insurance exchange, called the Washington Healthplanfinder, finally certified plans the exchange will sell beginning Oct. 1. The board had been trying to make this certification for several weeks now, but a question arose that is relevant to all the state exchanges. Specifically: How many plans must an exchange offer to insure robust competition and give...

Journalists threw the public for a loss last week when reporting on the tentative settlement of a lawsuit brought by former professional football players with concussive brain injuries against the National Football League. As reported, the story was about a minority of retired players, a story of interest mostly to the minority of Americans who are football fans. The story...

The Revolutionary War split the colonies from England, and with it, American English began to split from British English. We dropped letters (colour/color, humour/humor) or transposed them (theatre/theater, centre/center). We replaced their words with our own (lorry/truck, chemist/drugstore), and we added a lot more (aerobics, wannabe). We've got our own language now. Or, we've gotten our own language now. You...

We often speculate about how media coverage could make people cynical about politics and government. But new political science research suggests just how significant those effects can be, using Jack Welch's jobs report conspiracy theory and coverage of the IRS scandal as case studies. The research comes in a pair of papers by Boston University political scientists Katherine Einstein and...

Last week I disembarked in Denmark to find myself already embroiled in European intrigue—an international espionage scandal, even. Okay, not quite, but humor me. I was, however, quoted by the UK's deputy National Security Adviser, Oliver Robbins, to bolster his case in his testimony to Her Majesty's High Court of Justice why it was necessary to disrupt journalistic communications, via...

Attention Coastal Carolina University students: Readling a local altweekly might drive you to drink. Authorities at Coastal Carolina University, in South Carolina, denied on-campus distribution to altweekly newspaper The Weekly Surge on August 19 because they believe its articles and adverts promote drinking. The Surge had been distributed since its 2006 founding at CCU, albeit informally, but when its staff...

Just as I was thinking Medicaid as a legitimate topic for media exploration was dead in the water, along comes a good story in the St. Louis Post-Dispatch that takes a critical look at what's going to be a very big headache for the Affordable Care Act and those supporting its goal of more people under the insurance umbrella. The...

In 18 months spanning 2010 and 2011, Guardian editor in chief Alan Rusbridger decided to conquer Chopin's Ballade No. 1 in G Minor, a notoriously difficult, 264-measure piece. His original goal was to have the piece performance-ready in a year, but it ended up coinciding with one of the craziest news cycles of his career: Wikileaks and the British media...

In his "Stories I'd like to see" column, journalist and entrepreneur Steven Brill spotlights topics that, in his opinion, have received insufficient media attention. This article was originally published on Reuters.com. 1. Ask about the Miley Cyrus sleaze: In the wake of MTV's universally-panned decision to feature 20-year-old Miley Cyrus in a cringe-producing sex pantomime with 36-year-old Robin Thicke during...

by Paul Kiel

Alarmed by the explosion of high-cost lending in the state, cities across Texas have passed ordinances to prevent the cycle of debt that short-term, high-cost loans can create.

But some big lenders are finding clever ways around the laws – like giving away cash for free.

TitleMax promises to “make getting cash easy!” To get a loan, borrowers with “good credit, bad credit, or no credit” need only turn over the title to their car.

In Dallas, San Antonio, and Austin – which have all passed lending laws – those loans have come with zero percent interest.

What’s the catch? After 30 days, the loan is due in full. If the borrower cannot pay –TitleMax’s average loan is for $1,300 – the borrower is sent to another TitleMax location outside of the city, where he or she can receive a new, unrestricted loan. That loan, states a contract given to one borrower, could have an annual rate as high as 310 percent.

Of course, the borrower would be free to renew the loan at that location – over and over again.

“It’s a bait and switch,” said Ann Baddour of the non-profit Texas Appleseed. “The practice may not be illegal, but it’s definitely unethical and unconscionable.”

TitleMax declined to comment. Like other high-cost lenders, the company touts its products as an option for borrowers who might not qualify for other sources of credit.

An auto-title loan is similar to its better known cousin, the payday loan – but larger and with more at stake. Typically, the borrower hands over title to her car and agrees to pay off the loan after one month. If she can’t do that, she can pay only the interest due and roll over the principal to the next month.

As with payday loans, the cycle can repeat itself over and over. A study by the Consumer Federation of America and Center for Responsible Lending found that the average borrower renews a loan eight times. A borrower who defaults risks having her car seized. (Disclosure: The Center and ProPublica both get significant funding from The Sandler Foundation.) 

In six TitleMax contracts from Texas reviewed by ProPublica, the company actually charged an annual rate ranging from 145 to 182 percent.

TitleMax’s ploy is the latest example of high-cost lenders’ ingenuity when confronted by unwanted laws. In Texas, at least eight towns and cities have passed lending ordinances in the past two years.Together, the new laws cover over four million Texans.

The ordinances come at a time of explosive growth for TitleMax’s parent company, TMX Finance, one of the largest title lenders in the country. The company has more than 1,200 stores across 14 states and will soon move into its 15th.

In its home state of Georgia, TMX boasts more than 300 locations – more branches than any bank. (Wells Fargo and SunTrust come closest with around 280 branches statewide each.). The company has doubled in size since 2008 and says it plans to keep up the same rate of growth.

TMX’s growth is especially evident in Texas, where it has opened more than 150 stores in the past two years. It continues to operate in cities that have passed ordinances. Under the names of TitleMax and TitleBucks, for instance, TMX operates a total of more than 80 stores in Dallas, Austin, and San Antonio.

Last December, Texas’s regulator for payday and auto-title lenders announced –  without naming TitleMax – that it was “concerned” about the practice of offering a zero percent loan to customers in those cities. The offer might prove too tempting to someone who might otherwise never take out an auto-title loan, said the regulator in a bulletin to lenders: “This business model could also be perceived as a deceptive practice because it appears calculated to bring the consumer into the store with the promise of one product, but later effectively requires the consumer to go to another location to purchase another product.”

In a statement to ProPublica, Dana Edgerton, spokeswoman for the Office of Consumer Credit Commissioner, said that the agency was not aware of any other lenders besides TitleMax offering a zero percent loan.

Despite their concerns, state regulators do not have authority to enforce the city’s ordinances, Edgerton said. It can only warn lenders of potential consequences – a warning TMX has not heeded.

High-cost lenders in and around Denton TitleMax and TitleBucks Locations Other high-cost lenders inside Denton Other high-cost lenders outside Denton

The city of Denton’s lending ordinance, which passed in March, prohibits payday and auto-title lenders from renewing borrowers’ loans more than three times. “That was the biggest thing, just having some kind of end point,” said Kayce Strader of the non-profit Serve Denton and a volunteer for the local alliance Denton for Fair Lending..

As soon as Denton’s law went into effect, according to a class action lawsuit filed in June in state court, TitleMax notified its current customers there would be a change. They would no longer be able to renew their loan in Denton. Instead, customers had a choice: They could pay off the loan in full or accept a zero percent loan. That loan, in turn, would not be renewable at the Denton location. But, the notice says, “We want you to know that we will work with you during this transition period.”

Where to go, then? TitleMax also has a location 15 miles down the highway in Flower Mound, Texas, the notice says. “[You] may want to consider doing business” there, and once you’ve switched, “you can continue transacting at that location,” it says.

According to the suit, the named plaintiffs all got caught renewing TitleMax loans over and over. One allegedly renewed her loan 23 times, paid at least $10,800 in fees, and after all that still owed $3,961. Another, the suit says, renewed her loan twelve times. By switching such customers to a location outside Denton, TitleMax would have been able to continue renewing the loans without restriction.

The suit charges TitleMax duped customers into thinking they were paying down their balance when they were in reality just paying the same fees again and again. TitleMax denies the allegations and is contesting the suit. The company’s attorney declined comment.

CNN's Peter Hamby has written a must-read retrospective on coverage of the 2012 Romney campaign. His report, "Did Twitter Kill the Boys on the Bus? Searching for a better way to cover a campaign", which weighs in at a hefty 95 pages, documents recent changes in the business models and journalistic practices of media outlets and how those have affected...

In the nine months since the massacre at Sandy Hook Elementary School, the rekindled debate over gun control has remained in the headlines. Congress failed to pass new gun-control legislation, but several states pushed through tighter restrictions, prompting gun manufacturers in some of those states to relocate; seven states made it legal for teachers and administrators to carry firearms...

In the July/August issue of CJR, Francesca Borri wrote a powerful essay about the plight of being a freelancer, and a woman, covering the Syrian civil war for Italian media. The reaction to her piece was impassioned and global. As of August 6, it had drawn 390,000 pageviews, making it the most-viewed piece ever on cjr.org. News outlets in...