Update:
A senior federal law enforcement official tells ABC News the government is tracking the phone numbers we call in an effort to root out confidential sources.
What actually more disturbing than the actual content of the article, are the comments by some of the comments posted by people. I have to add these, because they are so choice:
Just as NYTimes' Frank Rich warned in his OpEd this past Sunday:
"...this program may have more to do with monitoring "traitors" like reporters and leakers than with tracking terrorists."
And i bet we could add political opponents and candidates to that list too."
--
"I believe that it is a great idea to maintain telephone surveilance over news organizations who disclose classified and sensitive secret information. Lets nail the government employees who knowingly break their oath to not divulge classified information."
--
"GOOD! I hope they find out who is reporting all of these leaks. And I hope you are tried and perhaps spend some time in jail for it.
KEEP CALLING and I hope they track your every word!"
So now we've heard from the people. God Save the Republic.
In spite of what some of my readers may think (all 2 of you), I really do try to keep to a minimum the number of civil liberties and security related posts I write. For instance, after my two most recent posts, I'd resolved not to write any more on the matter for a few weeks and focus on poetry, music reviews, et cet. Unfortunately, revelations about the scope of the American government's secret domestic spying activities just keep coming, further, so I decided to synthesize everything and write a complete review.
As I posted about yesterday, USA Today just went to print with some alarming new details on the NSA's citizen surveillance activities, and I've put together a few more pieces that show more revelations will probably come out. What USA Today has uncovered is, it appears, one piece of a larger program that's identical to the infamous Total Information Awareness (TIA) program that Congress has tried to nix multiple times over the years and that lives on under the codename Topsail. The program was transferred from its original home at DARPA to the NSA, and has been active for years.
Metadata, Communication Networks and REALLY BIG databases.The new USA Today article reveals that the NSA has been collecting and archiving "transactional information" on all domestic calls made within the US—who called whom, when, from where, etc. The transactional data is acquired from cooperating telcos (AT&T, Verizon, BellSouth, but not Qwest) and fed it into a massive database so that the NSA can analyze the collected calling patterns for clues as to possible terrorist activity. Contrary to what the government has publicly claimed about the NSA's massive signals intelligence (SIGINT) vacuum, there is no requirement here that one end of the call be located in a foreign country; we're talking about calls between me and my grandmother, and in fact about every call I've ever made over the past few years.
The NSA's domestic program began soon after the Sept. 11 attacks, according to the sources. Right around that time, they said, NSA representatives approached the nation's biggest telecommunications companies. The agency made an urgent pitch: National security is at risk, and we need your help to protect the country from attacks.
The agency told the companies that it wanted them to turn over their "call-detail records," a complete listing of the calling histories of their millions of customers. In addition, the NSA wanted the carriers to provide updates, which would enable the agency to keep tabs on the nation's calling habits.
The sources said the NSA made clear that it was willing to pay for the cooperation. AT&T, which at the time was headed by C. Michael Armstrong, agreed to help the NSA. So did BellSouth, headed by F. Duane Ackerman; SBC, headed by Ed Whitacre; and Verizon, headed by Ivan Seidenberg.
With that, the NSA's domestic program began in earnest.
USA Today notes that the telcos are only providing phone numbers and transactional data to the NSA, and not personally identifying information on the callers themselves. This is cold comfort, though, because my complete call history can be linked to me and to most of the relevant data about me (name, SSN, address history, credit rating, etc.) through my phone number(s) using an array of commercial databases, giving the government a complete picture of who I am and who I'm connected to. In other words, this transactional data is easily integrated into the Big Database in the Sky that for years the government has been trying to build in various departments and under various codenames. But more on that in a moment.
Probable causeGovernment access to phone call transactional data is regulated by 18 USC 2703, which stipulates that the government doesn't need to show "probable cause" when petitioning for a court order to obtain this information on a customer. The standard that the government must meet is set at a lower threshold than probable cause, but it's not set at zero.
Crucially, the NSA's data-mining program not only dispenses with probable cause, but it dispenses entirely with the court order and thus with the lowered standard of evidence.
Think about that for a moment: the program is secret, and there is no judicial or congressional oversight (as of today, there's not even any executive branch oversight from the Justice Department), so the national security establishment has arrogated to itself carte blanche to snoop your phone activity and possibly to detain you indefinitely without a warrant based on what they find.
More to comeThe original revelations about the NSA's SIGINT vacuum were just the tip of the iceberg, and the new revelations show us just a little bit more of the beast. Based on a few fairly recent stories, it appears there's probably more that we've yet to see. Much more.
Exhibit A is the story I linked above, about the feds getting a judicial ruling that extends the definition of "transactional information" to the data about your physical location that cell phone records contain. Law enforcement can now track your physical location via your cell phone without showing probable cause, so the precedent here is that, in the absence of clear laws governing this specific type of data (i.e., cell phone location data) the definition of "transactional data" is being stretched to fit new types of communications "metadata."
Now let's look at Exhibit B, which is an article on an AT&T whistleblower (I posted about this earlier) who spilled the beans on the NSA's secret surveillance rooms at major telco hubs. Inside these surveillance rooms is NSA network traffic analysis equipment, which is hooked into the fiber optic feeds of the main network via splitters that can siphon off signal for the NSA to snoop. The NSA then passes this siphoned signal through some heavy-duty traffic analysis equipment from a company called Narus. Here are just a few things that one of the Narus products can do, according to the product web page:
- Universal data collection from links, routers, soft switches, IDS/IPS, databases, etc. provides total network view across the world's largest IP networks.
- Normalization, Correlation, Aggregation and Analysis provide a comprehensive and detailed model of user, element, protocol, application and network behaviors, in real time.
- Unparalleled extensibility - NarusInsight's functionality can easily be configured to feed a particular activity or IP service such as security, lawful intercept or even Skype detection and blocking.
And here's what the "intercept suite" add-on module lets you do with this device:
- CALEA- and ETSI-compliant modules for lawful intercept featuring a robust warrant management system. Capabilities include playback of streaming media (for example, VoIP), rendering of Web pages, examination of e-mails and the ability to analyze the payload/attachments of e-mail or file transfer protocols.
- Proprietary directed analysis monitoring and surveillance module offering seamless integration with the NSS or other DDoS, intrusion or anomaly detection systems, securely providing analysts with real-time, surgical targeting of suspect information (from flow to application to full packets).
You can probably see where I'm going with this by now.
USA, meet TIALet's recap:
- Law enforcement has shown that they consider any transactional data arising from voice communications—either POTS (plain old telephone system), cellular, or VoIP—to be fair game and to be covered by a much lower threshold than "probable cause."
- In the absence of up-to-date laws, the POTS-based definition of "transactional information" is being stretched to fit new forms of data arising from new forms of communication (e.g. location data arising from cell phone calls).
- The NSA, for its part, has gone further and demonstrated that they consider such transactional data to be theirs to snoop, aggregate, and mine without any kind of court order at all.
- This transactional data can be correlated to specific end users by indexing their phone number(s) into a wide array of commercially available databases that cover many other aspects of our financial and private lives.
- The NSA also has in place the ability to collect "transactional information" for IP-based communications, like Web sessions, email, FTP, VoIP, and more.
Now, does anyone seriously think that the NSA is not collecting transactional data (at a minimum) for Web, email, FTP and other IP-based communications, and/or that they're not tying all of this data to individual users?
Just in case you're not convinced that the NSA is, right now—not at some unspecified point in the future, but at this very moment—compiling a complete and customized voice and data communications profile of every US citizen and mining all of those profiles for "terrorist activity," take a look at these paragraphs from a 2002 Wired article.
It's a system which, it hopes, will ferret out terrorists' information signatures -- clues available before an attack, but usually not correctly interpreted until afterwards -- and decode them prior to an assault...
According to the IAO's blueprint, TIA's five-year goal is the "total reinvention of technologies for storing and accessing information ... although database size will no longer be measured in the traditional sense, the amounts of data that will need to be stored and accessed will be unprecedented, measured in petabytes."
Here is a quote from the now-defunct DARPA page for TIA:
According to DARPA, such data collection "increases information coverage by an order of magnitude," and ultimately "requires keeping track of individuals and understanding how they fit into models."
The USA Today report, in conjunction with other reports on the nature and scope of the NSA's communications surveillance activities, paints a picture of a massive data collection program that is in operation right now and is essentially an implementation of the very same TIA initiative that Congress has repeatedly tried to stop. Contrary to what DARPA claimed when they publicly started taking bids from companies to get involved with TIA, this program apparently does not require some "revolutionary" technology that's years in the future. It is being done now, with today's technology.
This should come as no surprise to anyone who's been paying attention. Earlier this year, many of us read a Newsweek article that reported that TIA was still around in the form of a program called Topsail. Late last month, Technology Review reported that this program had at some point been moved from DARPA to the NSA, and magazine asked the question:
"Has the NSA been employing those TIA technologies in its surveillance within the United States? And what exactly is the agency doing, anyway?"
Well, now we know that the answer to the former question is a definitive "yes," and we have parts of the answer to the latter question.
If you're gonna sin, then sin bigDefenseTech and others have reported on the post-9/11 shift in culture at the NSA, where spying on Americans suddenly went from being the Agency's number one taboo to being an operational directive.
"It's drilled into you from minute one that you should not ever, ever, ever, under any ----ing circumstances turn this massive apparatus on an American citizen," one source says. "You do a lot of weird sh--. But at least you don't ---- with your own people."
Nobody crosses a major line like that just to dip their toe gingerly in the waters of perdition. I think it's a near certainty that the NSA did not content themselves with a few half-hearted attempts at monitoring American citizens, because they looked at the likely size of the blowback that even a few minor civil liberties incursions would bring on and decided that they may as well go the full monty. If you're gonna sin, you might as well sin big, and given the agency's formidable intelligence gather capabilities it's not at all a stretch to imagine that they're guilty of sins of Miltonian proportions.
The NSA has the tools and the will to compile a shockingly thorough profile of the communications and habits of every American citizen, not at some point in the future, but right now. Go back and read everything you can on Poindexter's TIA, and know that it is now a reality and has been for some time.
Update: An interesting read - a collection of legal and constitutional lawyers write a letter to congress, published in the NY Times, on why the NSA domestic wiretapping is breaking the law.
Update: DefenseTech has more on this story. DT's must-read post explains why the program is a massive waste, and points out that this story was actually broken to a substantial degree back in March, although it was lost in the shuffle.
rate
email
print
link to this page
Comments: 15
http://www.gather.com/viewArticle.jsp?articleId=281474976751347
1) This is an ongoing program that started prior to the Clinton Administration.
2) There was no "new news" in the USA TODAY article.
3) The use of commercial data far outstrips that which the NSA is doing.
Not only are there commercial databases available on phone calls but there are commercial databases available on every thing from condom purchases (by who, when and where) to data on public criminal history records.
We live in an increasingly more transparent society, a society where commercial data mining far exceeds anything imagined by government.
If there is cause for concern here, it is the blatant manipulation of the news by the media.
Will, this might be an awkward question, but isn't that same data-gathering happening effectively here on Gather where we create a content page based upon our browsing, connect to each other, etc., and at Google when we search for things or use a Gmail accoun, or even at Amazon where my book browsing creates a page based upon the books I've looked at?
Seems like fire: it has good and evil applications that we can do all these things. It's the legalities of whether we agreed to this sort of data collection, isn't it? -- plus that absence of legal recourse for actions taken against us in the name of homeland security -- plus the way the names of the accused are put into speculative media reports long before any guilt is established, so that damage is done with the first arrest or interrogation... what a mess.
1. NSA
2. GMail
3. Search Results and Google Desktop Search
4. Experian and the other credit agencies
5. Bank and Credit card transactions
Combine all of those, and you have a complete picture of a person. Does this require massively parallel computing power? Yes. Does it require huge data storage? Yes. Does the NSA have this? Yes.
So given that its all possible - how will it be used?
If the NSA action is done truly for legitimate security purposes, it's a stratigic farce. If it's done for the usual neo-con reasons, its to track political oppositon. That is far more in the Bush admins character.
Very good point - and not so far fetched, the Defense Tech article I referenced at the end of this article interviews one of the masters of terrorist social network theory, and points to many of these huge datamining projects as a waste of time and money -- the article is here:
http://www.defensetech.org/archives/002399.html
-W
Think Sam, I know it hurts but think, think beyond your hatred of Bush.
If Law Enforcement encounters a person who attempted to hijack a fuel truck or who was caught with Anthrax, or was possesion of explosives, or was found to have attended an Al Qaeda training camp, --
-- after a quick sifting of the NSA's data mine, law enforcement would know all of that persons associates and could easily detain them to avert an attack.
If the FBI had not cowered before the pressure of Liberals and contacted the NSA regarding Mr. Zacharia Moussaoui's "ring of associates", we would have most likely been able to arrest all of the 9/11 hijackers.
More to the point, as I suggested to Sam, the NSA's database is extremely powerful when used in conjuction with other law enforcement methods.
While certainly a compelling argument, derived through deductive reasoning from well established premises, firstly, if the government and prosecutors were impotent in all their prosecutorial zeal to convince most people, including the jurors, that, in fact, 9/11 would have been preventable by means of extracting information for Mr. Moussaoui, then it seems inconceivable that anyone could; and secondly, I don't think anyone doubts the power of the various interconnected and cross referenced databases, just as most don't doubt the power of a thermo-nuclear device in the hands of a madman; but this does not, nor should it, imply that such tools are either moral or perfect.
IF, you say Greg, the FBI interupts a hijack. Naive intentionally or just we just can't see far with head in sand? Consider the logic of your argument: A: The Law Enforcement catches somebody. Think these guys are that stupid or the FBI has that terrific a record? 100K a year stroll across the border with impunity. Canada is open. The coasts are open. All that Afgani opium we are currently protecting with our tax dollars and children's lives finds its way freely into America. And violating our privacy and rights will change any of this?? Are you getting this?
B: Tracks whomever he has contact. Ditto.
They don't have to be smart or clever. Terrorism is political. Create civilian scare to obtain political ends. All the current Nazi crushing of American liberties will not stop one, two or a dozen determined zealots from wreaking havoc if they thought it their political interest.
We boast so much on our technical prowess and yet our soldiers are generally confined to heavily fortified barracks because of kitchen timers, 40 year old artillery shells, bit of wire and determination. Idiotic paranoia will never see us through this. Sound, just, political policy will. THAT is the chief cause of insecurity for America. Why you keep chest thumping and devising screwy ways to defend this rightest nonsense is a mystery.
A question for you that I have not seen raised--are the telephone companies still cooperating with NSA? I've seen no criticism of them or praise of QWest for refusing to. George is right that we are living in an increasingly transparent society and it sure seems scary, but perhaps there will be an upside if the transparency finally reaches the government.
I have more information on this - just haven't posted it; but now 3 states attorneys general are filing suit against the three telcoms, and a few class action lawsuits are in the works. My bet, just as they pulled the States Secrets rabbit when the EFF sued AT&T, they will do it again.
And some people are actually starting compaigns to switch to Qwest.