Last month an FBI agent admitted on CNN that the contents of phone calls are being collected[1]. It was written up by none other than...Glenn Greenwald(GG).
One thing that has really bothered me since I become a hardcore HN regular is that GG articles almost never come to the front page, even when they are entirely on topic. I recall, on multiple occasions, finding links to places like Ars or a similar site which are basically just doing a summary of GG's latest article.
I really hope after the latest NSA revelations that HN will begin to take GG seriously, get his articles to the front page, and give him the respect he more than deserves.
Wow. I hadn't read that article. One thing that really stood out was the "Information Awareness" office and it's ultra creepy logo that looks like something straight off an underground conspiracy website.
"The agency which Poindexter will run is called the Information Awareness Office. You want to know what that is? Think, Big Brother is Watching You. IAO will supply federal officials with "instant" analysis on what is being written on email and said on phones all over the US. Domestic espionage."
"In the Defense Department budget submitted in September 2003, the Information Awareness office had mysteriously disappeared. As if belatedly realizing that it's better not to tell people when you're preparing an oppressive evil computer system designed to crush their individual privacy, the office's functions were shuffled into an unknown number of "black bag" budget items — intelligence appropriations which do not have to be explained to the public or justified to legislators.
So be grateful that the Bush Administration was stupid enough to let you have a glimpse of Big Brother before he slinks off to the shadows. The next time you see him, he'll be kicking in your door."
This hinges on the same re-definition of "collect" that Clapper tried to make, equating "go into the world and gather" with "go to the secret library of everything and retrieve."
The essential implication is that we're constructing a mirror of the world (or at least, as much of it as can be reduced to information). Unnervingly, we're operating as though law and language which developed in the original world will map directly to this new realm, even though it's obviously and radically different.
We really need to start talking about the Mirror World as such. Security and surveillance is just one (hugely problematic) aspect of what could easily be the 21st century's defining development. I suspect we're not going to reach a suitable détente on police and military surveillance until we've developed a commonly accepted sense of what the Mirror World entails for a constellation of considerations, from energy, economy and ecology to culture and education.
Clapper just made up a new definition of "collect" to excuse his brazen lie. I don't understand why Clapper still has a job.
But there's nothing in this article that indicates that either Senator Feinstein or Senator Nelson was using the word in anything but the ordinary sense.
After the FBI or NSA get a court order, they can look at the content of emails and listen in on phone calls going forward, and they can also get past communications that are still stored on the server--or the target's own computer, if they have access.
Local police also get warrants to look at past emails and they sure don't use a database of everyone's emails.
> But there's nothing in this article that indicates that either Senator Feinstein or Senator Nelson was using the word in anything but the ordinary sense.
Supporting implication is in the video in the article. Listen all the way through the video.
Stewart Baker, former general counsel of the NSA, posted about this "collection-first model" last week on the Volokh conspiracy. To his credit, he did describe the gathering of the data as collection; but his underlying point was that the government is taking the approach of collecting it all and putting restrictions on use. Of course, he thinks that's on balance a good thing ...
It also enrages me how they dismiss the metadata as a "nothing burger".
Does it occur to anyone how much leverage you can exert with that information alone in such areas as finance, divorce proceedings, opposition research, leak investigations, and good old fashioned blackmail?
To add to it, they don't even need a court order or oversight to do the metadata searches per Feinstein (today).
What matters me is that most even forget to mention part of the metadata is the location of the device. With that data they can basically track everyone's location, almost as accurately as with GPS.
And such GPS tracking was just considered unconstitutional in a 9-0 decision by the Supreme Court. I really hope all this stuff gets to the Supreme Court. Even if not all of it is unconstitutional, I could see at least 80% of the policies comprised in Patriot Act and FISA Amendments Act being unconstitutional.
What blows my mind is the conservatives worried about the government taking their guns - but not at all worried about the government knowing they called the gun store yesterday or paid $300 there last Friday.
There are plenty of conservatives that are worried about both, why does this have to be such a partisan thing for you? Why are not people from both sides of the aisle trying to stop the destruction of the constitution rather than just blaming the other side for whatever?
I know there are plenty of conservatives worried about both - they're not the ones blowing my mind. Why does this have to be such a partisan thing for you?
But in answer to your second question, it's not progressive liberals who passed the Patriot Act in the first place. We don't really have any representation in Congress at all, any more than libertarians do. Why do you persist in talking about an aisle when both sides of the aisle are wholly owned subsidiaries of corporate America?
What, by mentioning that there is a group of people who blow my mind, I'm being partisan? What is the matter with you? Did a liberal frighten your mother?
Did I say "all conservatives" are inconsistent? No. I said there are people who simultaneously believe Obama is after their guns, but the NSA is just peachy keen, and I find this astonishing, and you think I'm being unfair to the poor little snowflakes.
Political parties are a brilliant way to dilute the power of a populous. Not only do they split the power of a group in-half, but they also serve to redirect both positive and negative energy towards the opposing party rather than towards the entrenched government.
Indeed, it increasingly seems 'content' is a consciously-chosen term, which is intentionally time-tense-ambiguous, to obscure the fact that calls and other communications have slready been recorded to NSA systems. They're not tslking about a warrant to truly start 'collection' of future communications (in the normal senses of English).
Getting a warrant just sets the read-access bit on already ingested 'content': "Oh, the secret court approved the warrant? OK, let me run `chmod a+r /calls/by-person-id/us-gz-74916949/*` - now you're in!"
This might also explain the growing pursuit of mandatory-total-traffic-retention policies in other countries. Their security establishment has a hint of how nifty this has been for the NSA, but might not be able to pull off — legslly or financially — the same broad ingest feeds and giant datacenters as in the US... so they try to offload the obligation to regulated private entities, and still have the arbitrary lookback when they need it.
I think while some may view this as speculation, it's extremely fair reasoning given a) the people we're dealing with and b) how carefully they're choosing very specific words. They got caught with their hand in the cookie jar and are now dancing around the issues.
It's upsetting that using a word like "collect" can give any sort of plausible deniability. "Oh, I didn't mean 'collect' in the traditional sense, lol!"
This is all just one big lie on top of another on top of another. I think we'd all be ridiculously stupid to not acknowledge that.
this isn't 'everything' - the article 'only' mentions phone calls and emails. that's the easy stuff NSA can access from ISPs like AT&T, Verizon, etc.
that's important because it doesn't contradict respected people at Google, or require magic crypto cracking.
i'm repeating myself here, so sorry, but there are two separate issues:
1 - nsa is getting a lot of data from the people routing traffic. likely all metadata. and perhaps some (significant) subset of unencrypted traffic.
2 - despite the misleading prism slide, they don't seem to be getting complete, direct access to the web companies' data.
the uproar about the slides put the initial emphasis on the web companies and has confused discussion since.
but the consistent story that seems to be emerging is that it's the ISPs, who have much more of a tradition of collaborating with NSA, who are providing a lot more data than people expected. and that data is being stored without legal approval, relying on the idea that "no-one looks at it" without a warrant.
at least, that's the most consistent view i can find.
what worries me most at the moment is how much hardware would be needed to store and process all that data, and whether that is feasible.
As a result of this “expanding array of theater airborne and other sensor networks,” as a 2007 Department of Defense report puts it, the Pentagon is attempting to expand its worldwide communications network, known as the Global Information Grid, to handle yottabytes (1024 bytes) of data. (A yottabyte is a septillion bytes—so large that no one has yet coined a term for the next higher magnitude.)
It needs that capacity because, according to a recent report by Cisco, global Internet traffic will quadruple from 2010 to 2015, reaching 966 exabytes per year. (A million exabytes equal a yottabyte.
No. Titan is not fast enough to brute force AES128. All of the computers in the world put together are not fast enough.
If you assume:
Every person on the planet owns 10 computers.
There are 7 billion people on the planet.
Each of these computers can test 1 billion key combinations per second.
On average, you can crack the key after testing 50% of the possibilities.
Then the earth's population can crack one encryption key in 77,000,000,000,000,000,000,000,000 years!
If you want to decode AES, you either need the key or find a weakness in the algo.
Well, if they are storing all internet traffic, then they would have a pretty large sample of documents/packets encrypted using the same private keys. I don't think it's unreasonable to think that Titan could be leveraging this when trying to decode.
Also, I didn't say "brute force", I said "decode".
I doubt that they are decoding AES, except perhaps for the highest-value targets. I would guess that that computing power is a shared resource, not something that can be dedicated to a single task like that. They are probably using it for numerous data mining applications, probably a lot of traffic analysis, some signal processing, etc. Even if the NSA has the resources needed to crack AES128, those resources would almost certainly be better used on other tasks.
I agree. There is no known attack on AES-128 which comes anywhere close to the capability of any known supercomputer within any reasonable time period.
Except maaaybe the aggregate computing power of the entire PlayStation Network for a long long time. I haven't run the numbers for AES.
EDIT: Yeah, no way without an algorithmic breakthrough.
There is no publicly known attack, it is possible that there are undisclosed vulnerabilities in AES-128 that the NSA is aware of today. Is there any precedent for a weakness like that where an agency like the NSA was already aware of a weakness before it became public?
A couple of cases come to mind where the NSA is seemed to demonstrate superior awareness of cryptanalytic attacks. But note that in neither case did the NSA recommend the use of a cipher that was weaker than the number of bits on the label.
This general technique was invented and quickly broke 31 out of 32 rounds of Skipjack.
Schneier wrote in 1998 "I can't imagine that the NSA would field an algorithm with 32 rounds when they could break 31, so I believe that the NSA did not know about this attack. And the cryptanalysts are still working on improving their attack, so it is possible that they will get to 32 rounds."
On the other hand, you're talking about ciphers that had short enough keys that they could be brute forced by the NSA. What's more, DES was invented back in the Cold War era back when the US's main opponent, the USSR, had better mathematicians but worse computing hardware, so making sure it was as secure as thwe number of bits gave the NSA an advantage. (Skipjack was just a fiasco full stop.)
I don't have sources handy, but I think I remember reading about several such cases from the 60's or so. They didn't really make use of the discoveries back then.
The telcos are a bigger problem if you are living in the USA. If you are a non-US-citizen outside the USA, the web companies are a bigger problem, because a) you're probably well out of the reach of Verizon (though also within reach of your domestic phone snooping) and b) unlike an American or US resident, you have no legal protection if the NSA decides it would like to look at your web-company data for any reason, though it still has to issue an individualised order to make you one of the few thousand people or groups it's following on Facebook (as 'twere).
I know hunches don't count for anything on HN, and we still don't have enough information, and may never. But I think this is right, they're storing all major forms of communication. If so, it's incredibly dangerous.
I think it's absolutely thrilling. Just imagine, all it takes is one disgruntled, lucky cypherpunk to crack into the NSA content database and reveal its content to all.
Unencrypted emails, text messages, phone calls between you and your mum. Let's be honest, leaking that database is probably what it's going to take to see any kind of real attention/change on this issue.
This is outrageous. And much more upsetting. I don't think it is all that speculative. Everyone with access to classified information keeps saying there is much much more they are doing, which we don't know about. Well, what else would it be? Cameras in my house? What would MUCH MORE be?
Over here in Asia, where there can be fear of maids kidnapping children, a big trend is CCTV in the home. This is then sent out over the internet to the CCTV collection company and visible via the internet if you have a username or password.
For those who have watched the movie "So Close" (I recommend it-- sexy, tragic, thrilling, thought provoking), the idea of global surveillance of cameras in houses and businesses is something well within the possibility over here, though perhaps not to the same extent in the US.
There are stories. I doubt it is as common as the fear is. Certainly not a threat that I would give anyone with the influence cameras in my house to solve.
They could be using idle phones as microphones, for example. They certainly have that capability, through researched and purchased 0-day vulnerabilities in iOS and Android.
It's certainly speculation with a linkbait title, but the apparent consistency between Clemente and Feinstein makes it not-completely-woolly speculation. It's certainly more than possible that that Feinstein's statement should be interpreted straightforwardly while Clemente was just largeing it up for TV though.
The article conducts a fairly scrupulous analysis of what politicians and officials are saying, and likely is correct in its assertions. However, it doesn't mention (within the same post) that the NSA has been operating DPI gear at the carrier level for a long time now. Mainstream media has overlooked this fact more often than not recently.
DPI sitting on carrier pipes is what the Room 641A scandal in 2006 was about. Its disclosure helped kick off the warrantless wiretap debate we're currently having. Virtually every NSA whistleblower since has mentioned the operation of Narus devices.
Consider the following:
A) NSA is confirmed to be operating Deep Packet Inspection (DPI) devices on internet backbone fiber-optic cables within the United States, with telecom cooperation.
B) The recent revelation that Verizon has been providing NSA call metadata and routing information (but not content) on a massive scale. Obviously not just Verizon, but every major telco.
C) Construction of NSA's Bluffdale, Utah data storage facility is almost complete. The storage capacity varies depending on who you ask, but most conservative estimates put it at a scale such that it can hold the entirety of the world's communications well into the foreseeable future.
It's not rocket science they're already intercepting and storing the content of traffic. The Verizon metadata and routing information is certainly used in conjunction with DPI for attribution and deduplication of intercepted traffic.
It's a simple matter of 1 + 1 + 1 = 3.
---
Except the number of operands is more likely in the double digits. If I may indulge in speculation and conduct some quotation analysis of my own:
OP's article cites many officials hinting that what we currently know, even in light of the recent debate, is only the tip of the iceberg. However, in my opinion the foremost quote in this regard occurred seven years ago:
In 2006, Russel Tice, NSA whistleblower, was quoted as saying:
"In my case, there's no way the programs I want to talk to Congress about should be public ever, unless maybe in 200 years they want to declassify them." [1]
OK, 200 years is probably a bit of an embellishment, especially if you listen to Singularity folks who suggest the human race won't even be the human race by then.
However, Tice explicitly mentioned this in context of a "different angle" from the warrantless intercept operations just seeing the light of day at the time. [2]
If he wasn't even talking about what's currently being debated in the media, then what was he referring to?
My guess would be something on the analysis side of the equation. Perhaps collection and subsequent analysis of mobile device geolocation data.
Imagine employing the technique of geofencing on individual citizens at a national or even global scale. Non-targeted individuals entering within a certain radius of targeted individuals at sufficiently similar velocity for a specific duration or frequency could end up drawing suspicion upon themselves. Combined with other data points, individuals who are societal outliers in terms of behavior could be detected with ease.
Or, maybe it's that and more. There's all sorts of enterprise-class big data simulation products out there where you can simulate an environment in extremely fine-grained fashion using a near-unfathomable amount of data points.
--
TL;DR - The notion that NSA isn't getting everything is laughable. Comprehensive, retroactive surveillance is already a reality.
I covered a lot of the historical stuff about carrier-level monitoring in a previous post ( http://blog.rubbingalcoholic.com/post/52361697693/a-tale-of-... ). I could literally write a book about all of this nonsense, but I wanted to take a narrow focus with this post, specifically that the government is lying, changing definitions of words, and backpedaling to cover up its shameful and unconstitutional surveillance practices.
You're absolutely right. When you connect all the dots, especially with the Utah Data Center, the big picture is really pretty scary.
I wonder why huawei isn't allowed to sell american telcos their hardware.. And I also wonder whether its because the NSA wouldn't be able to scoop its own data or whether its because china would be able to do the same.. Oh the idiosyncrasies ;)
Doesn't it feel like we're all just playing along when it comes to whether they're getting email and call contents? We all suspect they're getting everything, but the acceptable range of debate for now is just metadata.
With so many people in the know saying "tip of the iceberg" it should be pretty obvious they're AT LEAST getting calls & emails. The horrific details may be some other shit we didn't even think of like alt uses of OnStar-type systems, data over powerlines (PDSL), hidden capabilities in mobiles, hijacked root CAs, etc.
He says "No digital communication is secure" (this is obviously an embellishment; this is trivial to show unless the U.S. government has broken every major encryption scheme), "and so these communications will be found out".
He does not specifically say these phone calls will be found out. He could very well be referring simply to the ability for FISA requests to receive information about an individual that has been stored by companies like facebook, google, etc. The interviewer's question was "And you're not talking about a voicemail, right?"
It is not clear in any way that he is saying the government has recorded all phone calls and can go back and listen to them.
Additionally,
sources tell CNN the wife of Tamerlan Tsarnaev spoke with her husband on the phone after his pictures and video appeared around the country as the prime suspect.
If this was after he was already named as the prime suspect, you are telling me they didn't have a traditional wiretap on him and his relatives at that point?
It's not clear that the government has recorded all telephone calls?
This interviewee says "All digital communications are ....are..." and uncharacteristically hesitates. Evidently he doesn't want to complete that sentence. So he tries again: "There's a way to look at digital communications in the past and I can't go into details."
No need to - it's called 'recording the entire communication'.
One thing that has really bothered me since I become a hardcore HN regular is that GG articles almost never come to the front page, even when they are entirely on topic. I recall, on multiple occasions, finding links to places like Ars or a similar site which are basically just doing a summary of GG's latest article.
I really hope after the latest NSA revelations that HN will begin to take GG seriously, get his articles to the front page, and give him the respect he more than deserves.
[1] http://www.guardian.co.uk/commentisfree/2013/may/04/telephon...