The Office of the Director of National Intelligence Defends NSA Surveillance Programs

Here’s a transcript of a panel discussion about NSA surveillance. There’s a lot worth reading here, but I want to quote Bob Litt’s opening remarks. He’s the General Counsel for ODNI, and he has a lot to say about the programs revealed so far in the Snowden documents.

I’m reminded a little bit of a quote that, like many quotes, is attributed to Mark Twain but in fact is not Mark Twain’s, which is that a lie can get halfway around the world before the truth gets its boots on. And unfortunately, there’s been a lot of misinformation that’s come out about these programs. And what I would like to do in the next couple of minutes is actually go through and explain what the programs are and what they aren’t.

I particularly want to emphasize that I hope you come away from this with the understanding that neither of the programs that have been leaked to the press recently are indiscriminate sweeping up of information without regard to privacy or constitutional rights or any kind of controls. In fact, from my boss, the director of national intelligence, on down through the entire intelligence community, we are in fact sensitive to privacy and constitutional rights. After all, we are citizens of the United States. These are our rights too.

So as I said, we’re talking about two types of intelligence collection programs. I want to start discussing them by making the point that in order to target the emails or the phone calls or the communications of a United States citizen or a lawful permanent resident of the United States, wherever that person is located, or of any person within the United States, we need to go to court, and we need to get an individual order based on probable cause, the equivalent of an electronic surveillance warrant.

That does not mean and nobody has ever said that that means we never acquire the contents of an email or telephone call to which a United States person is a party. Whenever you’re doing any collection of information, you’re going to—you can’t avoid some incidental acquisition of information about nontargeted persons. Think of a wiretap in a criminal case. You’re wiretapping somebody, and you intercept conversations that are innocent as well as conversations that are inculpatory. If we seize somebody’s computer, there’s going to be information about innocent people on that. This is just a necessary incident.

What we do is we impose controls on the use of that information. But what we cannot do—and I’m repeating this—is go out and target the communications of Americans for collection without an individual court order.

So the first of the programs that I want to talk about that was leaked to the press is what’s been called Section 215, or business record collection. It’s called Section 215 because that was the section of the Patriot Act that put the current version of that statute into place. And under that ­ this statute, we collect telephone metadata, using a court order which is authorized by the Foreign Intelligence Surveillance Act, under a provision which allows a government to obtain business records for intelligence and counterterrorism purposes. Now, by metadata, in this context, I mean data that describes the phone calls, such as the telephone number making the call, the telephone number dialed, the data and time the call was made and the length of the call. These are business records of the telephone companies in question, which is why they can be collected under this provision.

Despite what you may have read about this program, we do not collect the content of any communications under this program. We do not collect the identity of any participant to any communication under this program. And while there seems to have been some confusion about this as recently as today, I want to make perfectly clear we do not collect cellphone location information under this program, either GPS information or cell site tower information. I’m not sure why it’s been so hard to get people to understand that because it’s been said repeatedly.

When the court approves collection under this statute, it issues two orders. One order, which is the one that was leaked, is an order to providers directing them to turn the relevant information over to the government. The other order, which was not leaked, is the order that spells out the limitations on what we can do with the information after it’s been collected, who has access, what purposes they can access it for and how long it can be retained.

Some people have expressed concern, which is quite a valid concern in the abstract, that if you collect large quantities of metadata about telephone calls, you could subject it to sophisticated analysis, and using those kind of analytical tools, you can derive a lot of information about people that would otherwise not be discoverable.

The fact is, we are specifically not allowed to do that kind of analysis of this data, and we don’t do it. The metadata that is acquired and kept under this program can only be queried when there is reasonable suspicion, based on specific, articulable facts, that a particular telephone number is associated with specified foreign terrorist organizations. And the only purpose for which we can make that query is to identify contacts. All that we get under this program, all that we collect, is metadata. So all that we get back from one of these queries is metadata.

Each determination of a reasonable suspicion under this program must be documented and approved, and only a small portion of the data that is collected is ever actually reviewed, because the vast majority of that data is never going to be responsive to one of these terrorism-related queries.

In 2012 fewer than 300 identifiers were approved for searching this data. Nevertheless, we collect all the data because if you want to find a needle in the haystack, you need to have the haystack, especially in the case of a terrorism-related emergency, which is—and remember that this database is only used for terrorism-related purposes.

And if we want to pursue any further investigation as a result of a number that pops up as a result of one of these queries, we have to do, pursuant to other authorities and in particular if we want to conduct electronic surveillance of any number within the United States, as I said before, we have to go to court, we have to get an individual order based on probable cause.

That’s one of the two programs.

The other program is very different. This is a program that’s sometimes referred to as PRISM, which is a misnomer. PRISM is actually the name of a database. The program is collection under Section 702 of the Foreign Intelligence Surveillance Act, which is a public statute that is widely known to everybody. There’s really no secret about this kind of collection.

This permits the government to target a non-U.S. person, somebody who’s not a citizen or a permanent resident alien, located outside of the United States, for foreign intelligence purposes without obtaining a specific warrant for each target, under the programmatic supervision of the FISA Court.

And it’s important here to step back and note that historically and at the time FISA was originally passed in 1978, this particular kind of collection, targeting non-U.S. persons outside of the United States for foreign intelligence purposes, was not intended to be covered by FISA as ­ at all. It was totally outside of the supervision of the FISA Court and totally within the prerogative of the executive branch. So in that respect, Section 702 is properly viewed as an expansion of FISA Court authority, rather than a contraction of that authority.

So Section 702, as I—as I said, it’s—is limited to targeting foreigners outside the United States to acquire foreign intelligence information. And there is a specific provision in this statute that prohibits us from making an end run about this, about—on this requirement, because we are expressly prohibited from targeting somebody outside of the United States in order to obtain some information about somebody inside the United States. That is to say, if we know that somebody outside of the United States is communicating with Spike Bowman, and we really want to get Spike Bowman’s communications, we’ve got to get an electronic surveillance order on Spike Bowman. We cannot target the out ­ the person outside of the United States to collect on Spike.

In order to use Section 702, the government has to obtain approval from the FISA Court for the plan it intends to use to conduct the collection. This plan includes, first of all, identification of the foreign intelligence purposes of the collection; second, the plan and the procedures for ensuring that the individuals targeted for collection are in fact non-U.S. persons who are located outside of the United States. These are referred to as targeting procedures. And in addition, we have to get approval of the government’s procedures for what it will do with information about a U.S. person or someone inside the United States if we get that information through this collection. These procedures, which are called minimization procedures, determine what we can keep and what we can disseminate to other government agencies and impose limitations on that. And in particular, dissemination of information about U.S. persons is expressly prohibited unless that information is necessary to understand foreign intelligence or to assess its importance or is evidence of a crime or indicates a—an imminent threat of death or serious bodily harm.

And again, these procedures, the targeting and minimization procedures, have to be approved by the FISA court as consistent with the statute and consistent with the Fourth Amendment. And that’s what the Section 702 collection is.

The last thing I want to talk about a little bit is the myth that this is sort of unchecked authority, because we have extensive oversight and control over the collection, which involves all three branches of government. First, NSA has extensive technological processes, including segregated databases, limited access and audit trails, and they have extensive internal oversight, including their own compliance officer, who oversees compliance with the rules.

Second, the Department of Justice and my office, the Office of the Director of National Intelligence, are specifically charged with overseeing NSA’s activities to make sure that there are no compliance problems. And we report to the Congress twice a year on the use of these collection authorities and compliance problems. And if we find a problem, we correct it. Inspectors general, independent inspectors general, who, as you all know, also have an independent reporting responsibility to Congress, also are charged with undertaking a review of how these surveillance programs are carried out.

Any time that information is collected in violation of the rules, it’s reported immediately to the FISA court and is also reported to the relevant congressional oversight committees. It doesn’t matter how small the—or technical the violation is. And information that’s collected in violation of the rules has to be purged, with very limited exceptions.

Both the FISA court and the congressional oversight committees, which are Intelligence and Judiciary, take a very active role in overseeing this program and ensuring that we adhere to the requirements of the statutes and the court orders. And let me just stop and say that the suggestion that the FISA court is a rubber stamp is a complete canard, as anybody who’s ever had the privilege of appearing before Judge Bates or Judge Walton can attest.

Now, this is a complex system, and like any complex system, it’s not error free. But as I said before, every time we have found a mistake, we’ve fixed it. And the mistakes are self-reported. We find them ourselves in the exercise of our oversight. No one has ever found that there has ever been—and by no one, I mean the people at NSA, the people at the Department of Justice, the people at the Office of the Director of National Intelligence, the inspectors general, the FISA court and the congressional oversight committees, all of whom have visibility into this—nobody has ever found that there has ever been any intentional effort to violate the law or any intentional misuse of these tools.

As always, the fundamental issue is trust. If you believe Litt, this is all very comforting. If you don’t, it’s more lies and misdirection. Taken at face value, it explains why so many tech executives were able to say they had never heard of PRISM: it’s the internal NSA name for the database, and not the name of the program. I also note that Litt uses the word “collect” to mean what it actually means, and not the way his boss, Director of National Intelligence James Clapper, Jr., used it to deliberately lie to Congress.

Tags: , , , , , , , , , , ,

Posted on July 4, 2013 at 7:07 AM72 Comments

Comments

Alan Kaminsky July 4, 2013 7:46 AM

@Bruce: “As always, the fundamental issue is trust.”

Word. Why should we believe anything they say? How do we know they are abiding by the rules? How much goes on in the deep, dark bowels of Fort Meade that is never reported to the FISA Court or Congress, let alone the public?

Anyone remember J. Edgar Hoover?

Arthur de Jong July 4, 2013 7:59 AM

Interesting to note that “under this program” is used often which could suggest that there are other programmes where this does happen.

Phil July 4, 2013 8:01 AM

“This is just a necessary incident.” is probably the line that scares me the most in this address.

They seem to be trying to convince everyone that this kind of trawling is required and so over-fishing is inevitable. We all know trawling = over fishing, i would rather hear an educated answer to the question (to extend the analogy) ‘why aren’t we line fishing instead?’

Equally am i the only one who is less interested in hearing the UK/USA govs denying they collected residents information and more interested in what kind of information sharing was/is in place between NSA and GCHQ (and others)? Neither country needs to monitor its citizens if they are monitoring each others.

John F. Fay July 4, 2013 8:04 AM

Bob Litt: “I’m not sure why it’s been so hard to get people to understand that because it’s been said repeatedly.”

Bruce Schneier: “As always, the fundamental issue is trust.”

You have hit the nail on the head. It’s “so hard to get people to understand that” because the government has lied to us so often we are tired of it. Regaining the public trust will require a fundamental change in thinking on the part of people in public office.

Danny Moules July 4, 2013 8:08 AM

“I want to make perfectly clear we do not collect cellphone location information under this program, either GPS information or cell site tower information. I’m not sure why it’s been so hard to get people to understand that because it’s been said repeatedly.”

Because we don’t distinguish between data collected “under this program” and data collected under another program which can be correlated with data collected under this one. We don’t care about the procedure of how you go about correlating the data, only that you end up with it in the end.

Or do you think we’re dumb enough to think you just put the qualifier “under this program” in there for a laugh?

officerX July 4, 2013 8:09 AM

So “meta”-data “only” for US citizens and all/more for non-US citizens is OK it seems, just to pick out two points.

Funny that in the net age a state or nationality is a reasonable boundary for any activity. It is a very disturbing dinosaur ethic in a global world, actually. We only do unethical things to other people…

Spaceman Spiff July 4, 2013 8:11 AM

Job interview at the NSA:

Interviewer: Have you ever lied?
Interviewee 1: No, never!
Interviewee 2: Yes, occasionally.
Interviewer: #1, you are just the person for this job! #2, you just aren’t qualified for a job at the NSA.

Note: set irony levels to “absurd” before you parse this! 🙂

Danny Moules July 4, 2013 8:17 AM

“The last thing I want to talk about a little bit is the myth that this is sort of unchecked authority”

Having spend the last three paragraphs talking about a secret court which is the sole gatekeeper to this authority.

“Any time that information is collected in violation of the rules, it’s reported immediately to the FISA court and is also reported to the relevant congressional oversight committees.”

So if the FISA court violates these rules when issuing these broad powers, it reports itself to itself to punish itself? Oh and an oversight committee. HA.

“And information that’s collected in violation of the rules has to be purged, with very limited exceptions.”

I thought these rules were enshrined in law and specifically intended to ensure compliance with the Fourth Amendment. What the fuck, then, are these exceptions?

speculant July 4, 2013 8:26 AM

We need to be realists here: if it is technologically possible (as it clearly is) for wider data to be collected and analyzed, then it is being.

Furthermore, while this statement might be – if you believe it – at face value of some comfort to citizens of the US or persons lawfully there, this implies that the rest of the world is ‘fair game’, and no such bars on the collection , analysis or use of more extensive data exist.

In view of the track record of this US Administration in so many areas of foreign activity, that is indeed a forbidding and unsettling thought.

Larry Sanderson July 4, 2013 8:27 AM

“We’re all good boy scouts here, but pay no attention to the man behind the curtain…”

I can only say the when the big guys have been caught flat out lying to congress, trust really isn’t an issue. Sekrit courts, sekrit orders, sekrit! It’s just like high school.

Kevin Lyda July 4, 2013 8:30 AM

“As always, the fundamental issue is trust. If you believe Litt, this is all very comforting. If you don’t, it’s more lies and misdirection.”

Well, there are other views. I do trust / hope he’s being truthful, but I’m not hugely comforted. I’ll give an example:

“Now, this is a complex system, and like any complex system, it’s not error free. But as I said before, every time we have found a mistake, we’ve fixed it. And the mistakes are self-reported.”

Worrisome. The first part is healthy and good, but self-reported is worrisome. Why not external audits? Why the highly negative reaction to whistleblowers?

In general my concern is with what he’s not saying here. He says there’s FISA oversight – expanded FISA oversight. But FISA is a rubber-stamp as far as anyone can tell. Calling it a court is a rather massive stretch. He says they want to learn from mistakes, but whistleblowers are being prosecuted at an increasing rate.

Throughout all of this is a massive authoritarian thread. The resistance to any oversight – real oversight – is a symptom of that. I honestly think the Obama administration is trying to rein in the intelligence agencies and put them under a legal framework. But it’s being done in a way that can be rolled back in an instance and via processes that are overly deferential to the executive.

The flip side to this comes from critics. I worked at Google during the street view data collection debacle. This was a self-reported mistake and the data wasn’t used internally. I got no impression that it was used and that the mistake was really done in good faith. And Google is hardly the only company to try and map wifi hotspots. In fact it was rather late to that party.

And yet the public reaction was ridiculous. Data protection groups actually delayed destruction of the data because they wanted it kept as evidence. Any company watching these proceedings learned a valuable lesson: never disclose mistakes, avoid disclosing any information about the data you collect if at all possible.

Companies and gov’t agencies must have reasonable oversight. It cannot be rubber-stamp oversight and it cannot be manic, over-the-top oversight. We don’t seem to be doing well on either side.

Geoffrey Kidd July 4, 2013 8:47 AM

“As always, the fundamental issue is trust.”

There is a precondition for granting and maintaining trust: you MUST be able to verify the results of trusting. Verification requires that information be openly and freely available to the person or persons who must give the trust.

The entire point of these programs is that they are “top secret,” and the information necessary to validate trust is not and never will be made available by the people running these programs.

“Trust me.” == “F*** you.” if there is no validation.

ramriot July 4, 2013 9:09 AM

There are two points which I think is much more important than what is being said here (assuming we trust the content):-

1/ There is no mention as to the disposition of information collected over time. Meaning that, assuming FISA and the Executive are presently upholding constitutional rights, there is no protection of the data where future body or person who gains access within a legal framework or otherwise to any records kept. And thus no protection if they abuse those same present rights.

2/ In the case of IP communications like VOIP, or even POP telecom connectors. It may not be possible to confirm that any party is or is-Not actually outside of the US, therefore in this case collection is always a probable violation. Yet no mention is made of this.

From this I believe there are additional rights that needs to be enshrined in law:

1/ The right to be forgotten: In that after as short a period as is evidentially feasible data must be expunged to prevent future leaks or missuses. (No Exa-byte server farms)

2/ The assumption of boundaries: In that all collected data where positive national boundary conditions cannot be proved are assumed to be inside those boundaries and thus protected by constitutional rights. (If you are using TOR you are assumed to be in the US unless proved otherwise)

Paul July 4, 2013 9:14 AM

Thought-provoking stuff, as always.

By the way, “General Council”? Do you perhaps mean “General Counsel”?

Clark and Son July 4, 2013 9:22 AM

A top lawyer mediating programs for improving the way the US conducts or organizes intelligence operations related to terrorism (ODNI – 2005) is pleased with the NSA programs. No surprises there. It’s not that I don’t believe what he says it’s just there really isn’t anything nearly detailed enough to be of value. It’s more PR than oversight IMHO – what is your evidence that what you say is what happens? It’s a secret program that is secretly overseen.

What I do believe is that ODNI and the Justice department can’t even remotely handle the job of oversight of huge complex data systems. They can say what is legal and what is not legal and that to me is the problem. What should and should not be legal. However, the answer to that question should reside with the citizens of the country in question.

It bothers me that Section 215 exists as part of the Patriot Act. Apparently a court order was received to collect the metadata of every US Verizon customer to build a haystack. Does this do anything for increasing the security of the average citizen? How long did it take to get a judge to sign off on this? Thankfully they aren’t listening to content just the business records of Verizon servers. It doesn’t really take a genius to figure out the likely identity of the caller. So there is a technical line not crossed but hey all within the law. Why does NSA need to collect a telephone number anyway? Now that would be a haystack!

Stephen July 4, 2013 9:39 AM

I got a kick out them trying to sell us the BS idea of FISA having serious oversight.
I will paraphrase a statement out of Jams Bamford’s book
“The Shadow Factory”. THe NSA knows how to FISA judge shop.

Just like on tv shows(crime novels) they go for the judge to sign the search warrant that is “easy”. I have no real experience on cops but you can bet they do it.

There is always at least 1 or 2 judges who are so pro search them all mindset, because of the terrorists. That they just wait to get the judge they know is easy.

Congress can barely read, more less have any kind of oversight. The only time they care is when it effects them, or its some big deal in news.

We need a citizen review board period.

The biggest problem is this stuff is over-classified. I seen safes full of old junk that was still labeled secret 50 years later. Funny thing they trusted the US mail to send this “secret” microfiche. I used to get updates every week. I used to laugh that I had to have a top secret clearance to be the “custodian” of this safe.

To many secrets……

stevelaudig July 4, 2013 9:47 AM

I practiced criminal law for a long time. I’ve heard a lot of stories. The longer the explanation, the more likely it is to be deception, either lies, or misdirections, or half-truths, or the other games. Credibility is always an issue. His story isn’t under oath so I won’t believe it. How can one believe a ‘non-oath’ story when just a few weeks ago, an under oath story was, inarguably, a lie.

Doc Hanson July 4, 2013 10:01 AM

The U.S. government has clear definitions of what constitutes intelligence ‘collection’ under different circumstances. The intelligence community is required to know the legal definition of collection in order to comply with the law. Any inquiry performed during a senate hearing would refer to collection by its legal definition. It’s a mistake to say that James Clapper, Jr. lied to Congress simply because a popular blogger or the population at large doesn’t know the legal definition of collection.

Similarly, it is inaccurate to say there is no government oversight of intelligence collection simply because FISA court proceedings and Senate Intelligence Committee hearings aren’t open to the public.

Somebody July 4, 2013 10:11 AM

Legally redefining words to have meanings incompatible with common usage is lying.

Jim July 4, 2013 10:13 AM

Breakdown… is he lying… is he telling the truth… is this something people should take as gospel truth?

He states, “Some people have expressed concern, which is quite a valid concern in the abstract, that if you collect large quantities of metadata about telephone calls, you could subject it to sophisticated analysis, and using those kind of analytical tools, you can derive a lot of information about people that would otherwise not be discoverable.
The fact is, we are specifically not allowed to do that kind of analysis of this data, and we don’t do it. ”

But, they do do this kind of analysis, and admit doing it on at the least terrorist suspects or people who have been in contact with terrorist suspects.

A more truthful – accurate – answer… would be, “yes we do this kind of analysis, but only when there is a genuine reason to do it”.

This manner of language, a flat no, is designed to be deceptive.

It is not the way people naturally speak, it is something that has to be carefully worded and thought out before being put into a speech.

There are, at least, five issues here in terms of “should you have confidence in what he is saying”:
1. Does he know, technically, the details of the controls and truly understand them and how they are secure or not?
2. Is he told everything about the usage of these systems? Compartmentalization. An especially serious subject in intelligence agencies. Your upper management may not be the upper management. Best way to avoid their meddling is to keep them out of the loop. Same strategy used for congress.
3. There is no way to verify what he is saying from truly independent sources.
4. He may be speaking under duress. If he is intensely spied on, and he is made aware of this, they could ruin his life and the lives of everyone he knows.
5. He is in the position here of a lawyer, a spy, and a politician. He may see it as perfectly moral in these situations to lie. There is a massive PR problem that has the potential to disturb the basic foundation of the US. While I do not believe it is moral for either lawyers or politicians to lie, many would argue otherwise. Spies, however, are forced to lie by the nature of the job, and there is not a good argument to say such lying is immoral. It is what they have to do to do their job.

So, he could be a perfectly normal, non-sociopathic, well intentioned person truly considering his job as one of service to the American people. And his statements could be entirely wrong.

Most of the above arguments I made are common sense. I think, where someone could have doubts is the compartmentalization issue. They might believe that is “tinfoil hat” territory.

Is it? Would it make sense for an intelligence agency to let their bosses know – over the decades – every program they are working on as that program really is, if they do not have to do this? And worse, you are not talking about “just the NSA” here. There is a multiple agency job. Something else which is not often made clear in the press.

Do you think the NSA has jurisdiction in the US? They have some, as does the CIA, but these are very limited. These programs also require extensive covert backup and analysis, human intelligence factors.

Jim July 4, 2013 10:28 AM

@Phil
“Equally am i the only one who is less interested in hearing the UK/USA govs denying they collected residents information and more interested in what kind of information sharing was/is in place between NSA and GCHQ (and others)?”

The rumor I have heard there for over thirteen years is the Brits spy on Americans for the Americans, and the Americans spy on the Brits for the Brits. This keeps things legal.

Canada is somewhere in that mix.

That is just from privacy activists, as far as I know, however.

It kind of jives with the recent disclosure that telecoms have given intel agencies access to offshore facilities for the purpose of spying on Americans “legally”.

Jim July 4, 2013 10:34 AM

the telephone number making the call, the telephone number dialed, the data and time the call was made and the length of the call

In 2012 fewer than 300 identifiers were approved for searching this data.

You only collect phone numbers and call times, and yet you have 300 “identifiers” you can look for. That makes no sense.

Jim July 4, 2013 10:48 AM

@speculant
“We need to be realists here: if it is technologically possible (as it clearly is) for wider data to be collected and analyzed, then it is being.”

Or, will be.

Has the potential to be.

Five years from now. Ten years. Fifteen years. Twenty years.

Even if everyone who has access to This System is a boy scout and girl scout, what about the next administration, and the ones following it? This system is up and it would be tough to bring down. Especially as these systems were spoken of ten and more years ago. They were shot down. They clearly were brought back up again under different contexts.

Is there any guarantee this system can not be used by a future administration or shadowy group in intelligence in the future — be it near future or further out?

No.

In the future, it could be effectively used for hunting down people based on politics and religion. Maybe what you said twenty years before in private emails will be used against you.

In the 50s, the US did this against Communists or even people who had remote associations with Communists. From what they did in the 1920s.

Maybe, tomorrow, it will be about what church or synagogue or temple you attended twenty years before. Or what political party you supported in private emails as a young person.

It happened, it happens, and it can happen here.

It was highly irresponsible of the people behind and supporting these programs to preclude that manner of thinking.

This manner of forward thinking legality is deeply inherent in the US Constitution. Which is now just a piece of paper.

Watch List Kid July 4, 2013 11:21 AM

neither of the programs that have been leaked to the press recently are indiscriminate sweeping up of information without regard to privacy or constitutional rights or any kind of controls

Here are the weasel words. “…indiscriminate sweeping up of information without regard to privacy…” so, in short, the information is hoovered up and stored wholesale but they have some internal controls to define who can see that information. Many can bypass the controls (as Snowden could being an admin) and if the government of the day or the NSA decided to abandon the controls the volume of information is at their complete disposal.

Making the (huge) assumption that there are effective controls, I think that storing such volumes of data on people who are nearly all innocent and not even suspected of any criminal activity is probably unconstitutional, and is without any doubt disproportionate. If you don’t make that assumption, of course the system is beneath contempt.

Duncan Kinder July 4, 2013 11:32 AM

If all of this is just some simple misunderstanding, then why was the airplane of the president of Bolivia diverted apparently upon the unfounded rumor that Sowden might be on board?

You don’t need a Ph.D. from MIT – indeed a high school diploma should suffice – to figure out that something odd, very odd, is going on.

David Sucher July 4, 2013 11:58 AM

“Trust but verify.”

President Ronald Reagan

Good then, still good now.

CallMeLateForSupper July 4, 2013 12:45 PM

@Jim
“You only collect phone numbers and call times, and yet you have 300 “identifiers” you can look for. That makes no sense.”

It makes sense when you understand what is meant by “identifier”. It does not mean “search term”. You can think of it as “case file” or “trail we are following”. The original statement you call into question thus becomes, “In 2012 fewer than 300 cases were approved for searching this data.”

One of the two leaked documents makes clear the meaning of “identifier” as used here.

Nick P July 4, 2013 1:00 PM

“I’m not sure why it’s been so hard to get people to understand that because it’s been said repeatedly.”

Others have mentioned one angle of this. Upon reading it, I immediately recalled Hitler’s concept of The Big Lie and others expounding on it. The Big Lie description is below. The usage (not in that link) is to constantly tell the lie to the people and make them see it everywhere. If enough time passes, they’ll believe it and maybe even be telling it to each other.

http://www.jewishvirtuallibrary.org/jsource/Holocaust/hitlerlie.html

Perhaps, Litt should have done some research on how liars operate before he made this statement. However, other commenters have shown that he’s quite familiar with it and shows some signs of deception himself.

@ Jim

Re points 1-5.

Good points and summary. Particularly well-said here:

“He is in the position here of a lawyer, a spy, and a politician.”

I mean, who wouldn’t trust such an individual? When has even one of those been dishonest? 😉

” I think, where someone could have doubts is the compartmentalization issue. They might believe that is “tinfoil hat” territory.”

It might actually be simpler here to quote requirements and specific examples if one is worried about looking tin hat. I give some at this link in the section “special consideration secrecy laws.” The statements apply in whole to huge swaths of congress, courts and oversight groups. Far as minimum cleared to know, they will be left in the dark about many details too. It’s been common for a long time now.

http://www.schneier.com/blog/archives/2013/06/pre-911_nsa_thi.html#c1546243

George July 4, 2013 1:29 PM

Yes indeed, “the fundamental issue is trust.”

And how appropriate to discuss this on Independence Day, which reminds us that our nation was founded on the conviction that government cannot be trusted. The men who wrote the Constitution recognized– from their own experience– that tyranny is the natural “default” of rulers. The way to keep this tendency manageable (as it can’t be eliminated) is with checks and balances that provide oversight and transparency. So they built that into the foundation of our system of government.

Given that historical foundation, and in the absence of transparency, we have to assume that officials who speak about controversial secrets cannot be trusted. Officials like Litt understandably have a paramount obligation to protect the secrecy of the organizations they represent. As James Clapper inadvertently showed us, the duty to protect secrets takes precedence over the lesser duty to tell the truth. I would not be surprised if Clapper sincerely believed that he did not commit perjury when he lied to Congress, but was proudly living his commitment to Duty, Honor, and Country. (He felt compelled to apologize only because he recognized that most Americans lack that commitment, and therefore are incapable of comprehending that lying was not merely right, but honorable and patriotic.)

So in the absence of any ability to corroborate his statements, it is reasonable to assume that whatever truth there might be in those statements reflects his Duty to protect secrets rather than what is actually going on. He can count on getting in trouble for revealing what officials don’t want us to know, but nobody will hold him accountable for lying to the public about things that are secret. Indeed, he may even get accolades behind locked doors for protecting secrets.

The secret surveillance programs may indeed include checks and balances and oversight. But without transparency, it’s effectively no oversight at all. And, for that matter, even if current programs do include highly effective restrictions on the use of the massive data hoard, what prevents future secret programs from secretly expanding the use of the data without oversight or review? When programs like this are shrouded in secrecy, one unfortunately must assume the worst.

Secret oversight, checks, and balances is indistinguishable from absent oversight, checks, and balances. And assurances that secret checks, balances, and oversight exist and are effective at protecting our privacy must be viewed with extreme skepticism. To paraphrase Ronald Reagan, you can’t trust something you can’t verify.

If Obama and Intelligence officials want our unquestioning trust, they have to earn it.

stiller July 4, 2013 1:43 PM

As a german it saddens me to hear that only US citizens are humans and worthy of some decency and privacy. Our rights are worthless to the US government. We are not people or friends, no we are a threat and possible terrorists.

The idea that only right citizens are worthy of protection and basic human rights is one we know only too good. It was a really bad idea from Adolf Hitler and his henchmans. Only arians and German were to be protected. Not non German citizens.

Bad bad idea… and that from our friends and the land of the free… what happened to the idea of privacy, friendship, thrust…

Do the US people really think all other humans worldwide are terrorists and a threat?

jimr July 4, 2013 2:28 PM

This is a well structured argument, but consider the context. If Section 215 and PRISM were the only two programs being run at NSA or elsewhere in national intelligence “community”, we could all sleep better. But Litt has carefully limited his comments to just these two programs.

Imagine what you can do with this information if you cross-reference it with other programs. For example, TSA gathers rather detailed information on domestic and international air passengers, including information on reservations, date and time of travel, etc. All strictly metadata, mind you. But cross-referenced with telephone metadata, you have an individual under fairly close surveillance.

How about credit card transactions? Aren’t these also Section 215 business records?

The Postal Inspector is scanning the front and back of envelopes passing through the mail. The primary purpose is for sorting and delivery, but what becomes of images and OCR metadata?

Without a complete picture of what is being collected within the intelligence community, Litt’s comments have no context. And without even speculating about what they might be monitoring, just consider what you could do with this data if it were cross-referenced to data sources outside the intelligence area, including Social Security, IRS, databases maintained by states (e.g., driving records), health data, credit information, etc.

I don’t expect the intelligence people to be forthcoming with more information about their horizontal capability. Litt is only comfortable discussing what has already been revealed.

Finally, Litt is careful not to reveal the timeliness of data being collected. There is a considerable difference between a system that harvests old business records and a similar system that harvests the same records in realtime.

johnny foreigner July 4, 2013 2:43 PM

Chilling. None of that was any relief to the billions of innocent internet-using citizens of other countries.

Ernst Roam July 4, 2013 3:11 PM

Newsflash: Insanely powerful government, in the thrall of gigantic organizations whose sole purpose is to make as much money as possible, doesn’t give a rat’s ass what you want.

This isn’t 1984, dummy, it’s 1934.

gmuslera July 4, 2013 3:25 PM

Not just trust. Blind trust, as anyone that want to give an independent truth is getting an international manhunt that even nazis after war didn’t had. And blind trust in not just one visible person, but potentially millons of invisible ones. If Snowden was the only honest guy that even knowing the consequences decided to come to light, how much people should be in the shadow with the same or better access? And besides individual people, what about for-profit companies with all that access too?

name.withheld.for.obvious.reasons July 4, 2013 3:45 PM

Hope this doesn’t get Bruce in trouble (I pulled this from the NSA source code control vault)

See how it works–collect means the result of SQL query. I wonder if storing
a voice call as a blob means it is metadata–it’s not storing a phone call
or collecting data until the query section is executed. It is considered
surveilled but not collected.

Here’s how it works:

COMMENT “THE FIFTY OTHER DATABASE STORAGE FUNCTIONS ARE IN THE CODE BASE”
GET-ALL-THE-PHONE-DATA:
        BEGIN
                IF OPEN(IF_YOU_MADE_A_PHONE_CALL_DB) THEN
                        CONVERT_SURVEILLED(DATA)
                        TOKENIZE(DATA)
                        ADD NSA META-TRANSLATION HASH
                        HASH/INDEX
                        STORE DATA
                        UPDATE META-TRANSLATION
                ENDIF
        END


QUERY-ALL-THE-DATA_WHILE_PRETENDING_WE_JUST_LOOK_AT_META-MEAT:
        BEGIN
                IF OPEN(ALL_THE_DATA_SETS_RELATIONAL_TABLES) THEN
                        MAKE_FUZZY_QUERY(using the following predicates
                                has phone_number EQ 555-5555
                                        or
                                e-mail EQ NSA_FISHING_TRIPS@FU-CITIZEN.ORG
                                        or
                                credit_card_no EQ 6666-6666-6666-6666
                                        or
                                purchased_from store Spy are US
                                        or
                                said something bad about someone I like
                        end predicte
                        IF PREDICATE TRUE THEN GOTO EXECUTE(DATA) THEN
                        IF no matches from predicate, try fishing_for_it
                                did anything else comeback that didn’t
                                match our morality/citizen/fatherland criteria
                        ENDIF
                        IF WE CAUGHT ONE AND DATA NOT EQ ZERO THEN
                                GOTO EXECUTE(DATA)
                        ENDIF
                        SET DATA CONSTRAINT TO LESS THAN BEFORE
                        LOOP IF NO PREDICATE
                ENDIF
        END


:EXECUTE(DATA)
        BEGIN
                IF DRONE(AVAILABLE) THEN
                        IF DRONE(ARMED) THEN
                                LAUNCH_DRONE(USING DATA)
                        ELSE
                                DISPATCH_MILITARY_POLICE(USING DATA)
                        ENDIF
                        IF DATA EQ ZER0 THEN
                                ERASE EVIDENCE
                        ELSE
                                REMOVE COUNT FROM AUDIT
                        ENDIF
                ENDIF
        ENDIF
        RETURN


    END

Bent July 4, 2013 4:33 PM

If what Litt says is true, why would these (and other) programs need to be secret?

Nick P July 4, 2013 6:11 PM

@ kingsnake

“If the NSA is using COBOL, we have nothing to worry about …”

If the NSA is using COBOL, then these programs are never going away and low caliber programmers will always have job opportunities. 😉

Alex R. July 4, 2013 6:13 PM

The fundamental issue is trust.

And who do we trust? Remember that Snowden’s actual employer was Booz-Allen, not the NSA. If you’re a Booz-Allen contractor, who gives you your orders? Who receives the data you find? Who can hire and fire you and who writes your paycheck and insures your children? I haven’t seen anyone explore this issue. Do companies like Booz-Allen work for the CIA, the FBI, the DIA or TSA? And who owns Booz-Allen? (The answer may surprise you, but it will also explain a lot about what’s happening right now.)

How much of that firehose goes through Booz-Allen servers (or someone’s servers) instead of NSA servers? Booz-Allen must have a fairly large classified footprint of their own.

And let’s consider something else. In the last twenty years, we’ve seen around 3200 terror deaths in the US, making for an average of about 160 deaths a year.

400,000 people die a year of heart failure and we don’t give up our civil rights or government transparency or programmatic oversight of the CDC for those people.

70-90,000 people die every year of diseases they became infected with while staying in the hospital and not even their doctors and nurses, who should be washing their hands much more frequently, give up their civil rights or transparency or government oversight for those people. (And this is a place where some at-work surveillance would save many, many more lives in a week than the NSA saves in a year.)

7600 people die every year because they bought the wrong kind of over-the-counter pain reliever. We don’t give up transparency, oversight, or civil rights for those people. (We could develop a cheap test so everyone would know if they were allergic to aspirin for far less than we pay the NSA every month and save thousands of people a year… talk about misguided priorities.)

But if 160 people die a year in terror attacks, we all must immediately give up transparency, oversight, and our civil rights… It’s complete bullshit.

I don’t want to be protected by the NSA. I want to be protected from the NSA.

Kevin An Auditor July 4, 2013 6:39 PM

I’m sorry, Mr. (or Ms.) Authority, your Credibility Card has been declined.

There are many great comments above , but I call special attention to that of @stevevelaudig. Litt isn’t explaining much: He is dissembling – breaking down an accusation into tiny bits so as to be able to dismiss a few, deflect others and completely ignore the bulk of the charge with a wave of the hand.

“Under section 702…” I suspect several of us on the thread have dealt with either government restricted information, or its civilian mirror, “non-disclosure”. There may well be a section 702 (S) or part of a (for example) Section 707 (PW-MFFLUCKER) that: 1) Supersedes all provisions of Section 702 (Paras..) and 2) requires anyone with secret knowledge to deny it, to do their very best to lie about it, and, if caught, continue lying about it right through their plea deal.

Dirk Praet July 4, 2013 8:09 PM

As always, the fundamental issue is trust

Exactly. In the wake of Snowden’s revelations, sofar we have heared nothing but denials, word games, carefully crafted obfuscations, “least untruthful statements” and even blatant lies.

So who are we going to believe ? The ODNI PR guy assigned the impossible task of reassuring the American people – we’re not even talking about the rest of the world – that everything really is hunky dory, or a lone whistleblower whom the USG is so keen on recovering that they even see fit to pressurise allied nations into refusing airspace to the plane of a South American president that was thought to have this man on board.

I’m very sorry, Mr. Litt, but I’m not buying a single word from your speech. Until such a time that you put all your cards about these classified programs, secret courts and secret court orders on the table and are permitted to speek freely about them, your credibility is as forfeit as is Edward Snowden’s career and life.

@ Nick P

The Big Lie

I think it was Lenin who said “A lie told often enough becomes the truth.”

Figureitout July 4, 2013 8:11 PM

First off, I don’t like false statements like this from Mr. Litt: We collectively as a nation made a decision some years ago that the proper way to balance public oversight and the need for intelligence secrecy is through the intelligence committees of the Congress.
–A committee in congress isn’t oversight and I don’t appreciate false statements being attributed to me.

Next, one of the panelists, Mr. Baker stated, I mean, you can guarantee the government can’t wiretap you with secure encryption.
–Again, false. Does a lot, but no guarantee.

Lastly, Mr. Brenner is already starting the smear campaign we all saw coming on Snowden, I mean, this guy has done us tremendous damage. We are now dealing with a penetration agent that is somebody who went to work for Booz Allen knowing he would get access to NSA in order to steal secrets, and we may be dealing with the first penetration agent in history on behalf of a private organization. This remains to come out. We don’t know that yet.
–Mr. Brenner may be a meth-smoking prostitute making false statements; this remains to come out. We don’t know that yet.

Jim July 4, 2013 8:12 PM

@stiller
“As a german it saddens me to hear that only US citizens are humans and worthy of some decency and privacy. Our rights are worthless to the US government. We are not people or friends, no we are a threat and possible terrorists.
..
Bad bad idea… and that from our friends and the land of the free… what happened to the idea of privacy, friendship, thrust…
Do the US people really think all other humans worldwide are terrorists and a threat?”

I wish more Europeans and others would be angry about these matters.

I was disheartened to see this:

” Bolivian President Evo Morales boarded his plane in Vienna today, hours after being stranded at the airport, as Austrian authorities, with his permission, searched the aircraft in vain for fugitive Edward Snowden.

Returning from an energy summit in Moscow last night, Morales landed in Vienna after being denied entry to Italian, French, Portuguese, and Spanish airspace, a move that enraged Bolivian authorities.”

http://www.pbs.org/newshour/bb/world/july-dec13/diplomacy1_07-03.html

If the US sinks, then we are bringing everyone else with us.

Not that I am a cynic, but things can get far worse before they get better.

This is a global situation that requires global cooperation. Right now, it appears that the global angle is aimed against forces of freedom, not for them.

Jim July 4, 2013 8:20 PM

@Figureitout

“Lastly, Mr. Brenner is already starting the smear campaign we all saw coming on Snowden, I mean, this guy has done us tremendous damage. We are now dealing with a penetration agent that is somebody who went to work for Booz Allen knowing he would get access to NSA in order to steal secrets, and we may be dealing with the first penetration agent in history on behalf of a private organization. This remains to come out. We don’t know that yet.”

They hate his guts, it is natural that they would perform a smear campaign. This is a series of interesting comments, though. What is he talking about? In the next paragraph he mentions the Guardian. He can not mean here Booz Allen.

As for “damage”, they said this about Bradley Manning.

If they were running legitimate projects instead of trashing the constitution – the basis of the free world – then these things would not be happening.

This is always the problem with highly immoral operations. There are people who have a conscience. They will talk even if it means death, torture, and imprisonment.

Nations have been mass murdering these people by the millions for millenia. Their numbers just will not stop.

Jim July 4, 2013 8:28 PM

@Alex R.

Very well said. And, looking it up, the Carlyle Group owns Booz.

I keep these figures in front of me when considering these claims, “But it is for terrorism!”.

If it wasn’t the comic book mantra of the Nazi figures in ‘V is for Vendetta’, it would still be about as reasonable as taking a dump in someone’s mailbox.

Jim July 4, 2013 8:43 PM

@Nick P

‘Points 1-5 are good’.

Thanks.

‘Secrecy laws basically require you to be forced to lie, a ‘no comment’ can be revealing.’

I would think so.

Jim July 4, 2013 8:51 PM

@Nick P

<<“I’m not sure why it’s been so hard to get people to understand that because it’s been said repeatedly.”
Others have mentioned one angle of this. Upon reading it, I immediately recalled Hitler’s concept of The Big Lie and others expounding on it. The Big Lie description is below. The usage (not in that link) is to constantly tell the lie to the people and make them see it everywhere. If enough time passes, they’ll believe it and maybe even be telling it to each other.>>

Good point, that statement of his stood out to me, as well, as a rhetorical device and red flag.

Though, we are talking about a country that entered into Iraq as if it had something to do with 9/11. As if they had WMD. For intelligence, terrorism and being wrong has paid for them, in big dividends.

The lie that stands out to me here is simply how deeply unconstitutional these systems are. These systems are complex, there is no way to guarantee security of them. Even if there was, what about the future? It was completely irresponsible to build these systems.

It undos all of the work for liberty which has been done.

Man can not be trusted with this kind of power.

That is not beyond their comprehension to understand.

Alex R. July 4, 2013 8:58 PM

We are now dealing with a penetration agent that is somebody who went to work for Booz Allen knowing he would get access to NSA

On one hand, it’s obvious that Snowden has given us the true facts of the matter, and what he’s revealed is completely and horribly disgusting. We are being massively surveilled in illegal ways and I’m not happy about it. The news has decreased my respect for our government and caused me to feel that I must take steps to increase the overall level of my privacy.

On the other hand, I tend to see Snowden as a self-aggrandizing prick, and I felt this way before the anti-Snowden propaganda ramped up. My suspicion is that he is both the agent of a foreign power and that he really is telling the horrible truth. The two ideas aren’t really that hard to reconcile.

TL:DR I’m very, very angry at our government, and feel like the Snowden issue, whoever he works for, is a sideshow.

Manic Contra Dick Cheney July 4, 2013 9:23 PM

I can’t trust anything Bob Litt might say, because he hasn’t been waterboarded 189 times, or secretly rendered to Assad-regime or Mubarak-regime secret prisons, or American-controlled Abu Ghraib prison or Bagram Air Base for a course of remedial torture.

The CIA established during the 2000s that the only way to find out whether or not someone was telling the truth was to employ those methods, and Bob Litt has not been subjected to them, ergo he must be a terrorist sympathizer unless proven otherwise.

name.withheld.for.obvious.reasons July 5, 2013 2:38 AM

@Figureitout
–Mr. Brenner may be a meth-smoking prostitute making false statements; this remains to come out. We don’t know that yet.

Why are you denigrating meth smoking prosititutes, I believe you are besmirching their character with your cruel disregard for their personage. There may be same saviory types out there but the didn’t still trillions of dollars using CDO/CDS. Doubt any prostitute started any ginned up war, or had thousands of citizens killed and countless numbers of non-combatants. In fact, their professionalism is to be admired. Imagine if Bush, Cheney, and Donald Rumsfeld had been asked to pay up front before giving to the Middle East.

Jason July 5, 2013 3:32 AM

In the end, it doesn’t matter if this is constitutional or not. Legal or illegal, we the people don’t want it. We don’t want the government to have these databases in their hands, no matter how strong they say the safeguards are.

Fernando July 5, 2013 7:27 AM

Alex R,

Search YouTube for “Binney 29C3”. The first question from the Q&A at the end. Bill told people to infiltrate. Good enough for me.

Fern

winter July 5, 2013 7:28 AM

As has been remarked above, Bob Litt is very careful to explain that people outside of the USA have no rights at all. They certainly have no rights to privacy.

If I remember correctly, the taps in from the earlier ECHELON program were used for industrial espionage. More specific, Boeing got private information from ECHELON to outbid Airbus in an Saudi tender.

Nothing Litt said seems to exclude such use of data from non-USA companies or persons.

With such friends, who needs enemies?

Nick P July 5, 2013 7:34 AM

@ Dirk Praet

“I think it was Lenin who said “A lie told often enough becomes the truth.”

Ah, thanks for the correction. That Hitler and Lenin approaches to lying are entirely complementary is no surprise.

@ Jim

“Man can not be trusted with this kind of power.”

A quote that gets to the real essence of it. I also just posted a comment to put it into perspective for another reader.

http://www.schneier.com/blog/archives/2013/06/pre-911_nsa_thi.html#c1558358

Jim July 5, 2013 8:58 AM

Alex R:

“My suspicion is that he is both the agent of a foreign power and that he really is telling the horrible truth. The two ideas aren’t really that hard to reconcile.”

In context, Brenner seemed to be arguing that Snowden was working for the Guardian. That, for the Guardian, Snowden became a superspy, “penetration agent”. He mentions the Guardian right after his statement, and the person he was talking to brought this up right afterwards.

http://www.dni.gov/index.php/newsroom/speeches-and-interviews/195-speeches-interviews-2013/887-transcript-newseum-special-program-nsa-surveillance-leaks-facts-and-fiction

Brenner even defends himself, claiming, “I am not attacking the press”.

Which is a clear duplicity, they probably wiretap the Guardian, NY Times, WashPost, AP, Reuters, and everyone who works for them. Journalism is a popular cover for spies, besides that journalists are totalitarian states worst enemies.

“Give me the head of John the Baptist”.

People in power doing bad things do not like outspoken critics. Or people revealing their nakedness.

Maybe they do it making it look like China is doing it.

Frankly, China and Russia is not that good. The US Gov would know if he worked for them by now. The super sekret Russian spies were all very bad. The Chinese hackers were very bad. The US Gov has Snowden’s every phone call, mail received, and email. And who he talked to. And who they talked to. They probably have locked already at every prepaid phone used near where he has lived over the past ten years. They probably keep those records.

Which would mean Brenner could know it is China or Russia, but not wanting to say this, he may be trying to blame this on the Guardian.

That would be one of those clever mind fuck moves guys like him are capable of doing. And everyone knows it.

Which is a further reminder all of the above he said is probably complete bullshit.

Jim July 5, 2013 9:48 AM

Nick P:

“”Man can not be trusted with this kind of power.”
A quote that gets to the real essence of it. I also just posted a comment to put it into perspective for another reader.
http://www.schneier.com/blog/archives/2013/06/…”

Good post.

Right now, they are saying, like it was said of the Titanic, “Even God could not sink this ship”.

MoJo July 5, 2013 11:53 AM

I love the way non-US citizens are considered sub-human, not worthy of any rights or privacy. Fuck you America.

Ardent Glazier July 5, 2013 12:56 PM

More fundamental than ‘trust’ is the issue of what, precisely, does ‘terrorism’ mean. Without such a definition, we can’t even begin to judge whether such systems are doing any good, much less properly determine with who, the scope of, and the authority under which, such trust might be placed. We can’t design, validate, and later verify, the legal and technical ‘system’ (nationally and internationally) without clearly defining the problem we’re trying to solve, or justify the cost for benefit (as well described by other commentators).

That I’m aware of, US strategy on ‘counterterrorism’ springs directly from a US-centric interpretation the ‘counter’ part of the expression, solely reacting to threats to US interests as they arise rather than working on creating the political and analytic machinery to prevent such problems a priori, with secondary means appropriate to the inevitable events that occur anyway (as any robust system should possess). The knee-jerk definition of ‘terrorism’ and countering such is sufficiently vague as to be worthless beyond sound-bite politicrat posturing for the ill-informed; with enough handwaving in the politically defensive and self-interested echo chamber of a classified court any manner of interpretations can be concocted, and there are no means of redress or correction.

The issue of definition and the lack of ‘system’ is both dangerous and international; we already have evidence of co-partner nation agreements to surveil each others’ citizens that subvert local-nation laws, all under the guise of ‘terrorism’. It does not matter whether we trust Litt’s statements or not–it’s clear that cross-correlation of data between nations already goes on. It’s a mere stroke of a pen in the classified domain (i.e. not technical) that prevents mass cross-correlation across nation boundaries or co-location of analytic authorities (like the USCG officer who ‘takes command’ of US Navy vessels to satisfy the conditions of Posse Comitatus) as the data is already collected. It’s therefore possible for everything Litt says to be true (strictly speaking), yet still privacy as defined by the US Constitution violated for every person everywhere, including the US, when the analytic system is viewed in aggregate.

The collection of data leads to its use, regardless of the original purpose.

winkelvoss July 5, 2013 3:39 PM

Remember that Snowden worked for a 3rd party/contractor and that he’s said there are TECHNICALLY no barriers or controls to prevent abuse of the system. These are computers, and db’s, just click, just search/query, and I’ll bet the auditing (again as Snowden has said) is less than perfect, and ripe for abuse. This is the same a Police Db’s being abused, spying on ex’s, friends and family. That is the point, not that they have to go to a court and that there is oversight, it’s that no one is auditing the systems for access violations and or the NSA doesn’t care to report it to the public. What changes with a court order? Doesn’t the same guy who get’s the OK already have the “rights” to do the search w/out the court-order, it’s just a guy/girl, they can do it at any time of day whenever they want. The court order does NOTHING to prevent abuse, and once again Snowden says it’s easy to create trumped up charges even if you did want to do it the “legal” correct way… RBAC systems can still be abused, if not by the person with the proper access, then the person who can ask the person with proper access (unwittingly).

David July 5, 2013 4:20 PM

I see, so let’s see if I understand this. There’s a whole secret organization, gathering secret information, under secret processes, using secret warrants, granted by secret judges, making secret interpretations of secret laws … but all supposedly operating in exactly the same ‘law following’, ‘constitution respecting’ manner as any police force would were they using publicly published, known and judicially tested laws. policies and policies.

So, now the question is, why do we need these secret operations, courts and laws if they all follow the same rules and regulations as regular operations and courts? And what exactly is it that Snowden is being hunted down and charged with again? Revealing that the NSA is following the law?

Assuming their own story is true, we can safely shut down the NSA and hand their jog over to regular policing organizations with no harm done to security.

Either that or they are lying through their teeth.

Figureitout July 5, 2013 7:03 PM

What is he talking about?
Jim
–I don’t know, if I answered how I think I’d definitely be permanently banned from the blog and maybe break my keyboard aswell. In the previous paragraph he has the gall to cry about how hard it is to keep a secret…It’s what paranoia does to you, and what having opposing missions does to you. I’m sure spying on diplomats makes for good relations too; thus turning real talks into worthless rhetoric exercises.

name.withheld.for.obvious.reasons
–Not sure if joking or serious, but yeah the damage they did far outweighs; and I’m not naming specific people, merely the imagined image of someone who looks like death. Again if I started talking about that I might as well ban myself. It sounds like you know how much bs goes on too.

Yoeman of the Guard July 5, 2013 7:22 PM

So Obama sez, “won’t scramble the jets”, and a couple days later the President of Bolivia’s jet gets scrambled.

And now we are supposed to believe some patter song from this mid level flannel mouth, “Bob Litt”, if that is even his real name.

Who do you believe, Snowden and Manning or
“Bob Litt” and the other lawyer in the White House.

Jim July 5, 2013 9:25 PM

@Figureitout

“I don’t know, if I answered how I think I’d definitely be permanently banned from the blog and maybe break my keyboard aswell. ”

I just view it as a bust. A setup. A trial, of sorts.

A preparation before a feast.

Right now, all these guys are on the defensive.

They are saying a lot of things they will come to regret.

They had a pre-prepared “battleplan” already for their reactions. This day was not unexpected for them. And they are enacting that plan in concert. This is why they worded their public statements before these disclosures so carefully. This is why they are all reacting as if they are one person.

There is no real dirt here. Just a chance for them to make their big move, and then pat themselves on the back to feel they succeeded.

Fifty percent of Americans are okay with this.

Problem is men are not all that good with planning. They plan only so many steps ahead.

You know none of this is the real dirt. The real dirt is how they use these systems in really bad ways.

They are having their day in the sun right now. making themselves out to be really bigshots of the universe. But the forces actually controlling them just view them as pawns. (And so how much less do they think of those under them?)

As pawns, they are disposable.

One side has been moving pieces. Their side has been moving pieces. But, now, they are out of moves.

It is the same problem with the Titanic. People thought the Titanic was so big, “even God could not sink it”.

The thing about an iceberg is it really is hard to see. Especially at night. You really just see the tip of it, and if are not careful, the bottom of it will sink your ship.

So, that is why I do not get very worked up about these things. It is all just the tip of the iceberg and they are just sailing right past it thinking everything is okay.

You can say goodbye to Rome, but a better civilization will grow up in its’ ruins.

Anon July 5, 2013 9:30 PM

I have to disagree that NSA’s definition of collect was used to deliberately lie to Congress. NSA has used the same definition of collection for at least thirty years. DOD’s definition of collection has been in public unclassified regulations for at least thirty years. Every member of Congress who had been on either intelligence committee for more than a week should have been well aware of how NSA defines collection.

Figureitout July 6, 2013 12:03 AM

Fifty percent of Americans are okay with this.
Jim
–I don’t really trust surveys and I doubt someone actually asked ~155 million people if they agree w/ it.
They are having their day in the sun right now.
–Stay in the sun too long, you get burnt; and in some cases cancer.
an iceberg is it really is hard to see. Especially at night
–Maybe in 1912, now sonar to see icebergs and I remember one of my dad’s friend had a device that would show “fish” on an lcd screen; even at night. It worked lol.
You can say goodbye to Rome, but a better civilization will grow up in its’ ruins.
–The transition is going to be hell, pure and simple; assuming you really believe something better will take its place.

Jim July 6, 2013 11:13 AM

figureitout
I don’t really trust surveys and I doubt someone actually asked ~155 million people if they agree w/ it.

Could be. Though, if you are talking about the polls being rigged in order to persuade the public, then you are talking about there being a much bigger problem in the first place already.

Stay in the sun too long, you get burnt; and in some cases cancer.

Yep, that is what people say. Of course, what I am talking about is not light of revelation, which can be blinding to people who have lived all their lives in a cave… but rather the sort of pride and complacency that can strike a mouse when it is released from the claws of a cat.

Maybe in 1912, now sonar to see icebergs and I remember one of my dad’s friend had a device that would show “fish” on an lcd screen; even at night. It worked lol.

I can think of some iceberg’s I would love for some bad guys to discover the full size of it. It would drive them mad. Too big for their brains to handle and remain sane.

The transition is going to be hell, pure and simple;

Very strong possibility.

There are a few ways to take this down. One way does mean that the US goes full blown totalitarian for a time.

assuming you really believe something better will take its place.

It is a strong possibility that everything is wrong and has to be redone. I consider myself like someone in North Korea. Who knows what one does not know? How could you imagine a better world, if all you have known is a lie?

I like to think this world can work, if some major components are changed. But I think it is wise to consider maybe everything has to be redone.

Whatever the case, you just have to have faith.

Hannes July 7, 2013 6:57 AM

I trust in money and greed. Data collections like prism are honey pots. To not attract bears, just refrain from putting wast amounts of honey in a pot 😉

Kevin An Auditor July 7, 2013 2:51 PM

LITT:
“I want to make perfectly clear we do not collect cellphone location information under this program, either GPS information or cell site tower information. I’m not sure why it’s been so hard to get people to understand that because it’s been said repeatedly. ” (Starting in the middle of Paragraph 7 as posted by Bruce.)

From the FISA Court order to Horizon:
Telephone numbers, time of call, duration..”
“Telephony metadata includes comprehensive routing information, including but not limited to session identifying information ..IMIS..IMIE…trunk identifier….”
http://www.guardian.co.uk/world/interactive/2013/jun/06/verizon-telephone-data-court-order

Why all the routing information except to pinpoint the location of the callers? The Order further goes on to specify that the order does not authorize the disclosure of the names or addresses of those associated with the numbers – rendering the data useless crap. Unless linked to yet another secret order requiring Verizon to provide those, too.

There might be a rat hole for Litt to slip through (and that’s the only kind they use). Several posters have written that the Verizon order leaked was written for Verizon Business Services, and that division does not provide cell services. It is indeed this very thing, and the references to IMIE and IMIS numbers that proved it was “boilerplate”, a type of order issued so often that it was merely copied as a form letter, that made everyone conclude the surveillance was universal. And yes, they are collecting tower data.

The court ordered him to lie about it.

“No person shall disclose to any other person that the FBI or NSA has sought or obtained any tangible thing under this order”

Bryan July 10, 2013 2:38 AM

I’m late to this party, but…

Russell Tice, former NSA agent, has said that under White House direction, the NSA has bypassed the FISA court (from http://en.wikipedia.org/wiki/Russell_Tice):

On December 16, The New York Times revealed that the NSA was engaged in a clandestine eavesdropping program that bypassed the secret Foreign Intelligence Surveillance Act (FISA) court. Media reports on January 10, 2006, indicated Tice was a source of the Times leak, which revealed that, under the direction of the White House and without requisite court orders, the NSA has been intercepting international communications to and from points within the US.

He has also claimed that during George W Bush’s term, the NSA spied on Obama and several Generals.

See:

http://www.dailypaul.com/289879/whistleblower-russ-tice-says-senator-obama-was-spied-on-by-the-nsa-in-2004

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.