More on NSA Data Collection

There's an article from Wednesday's Wall Street Journal that gives more details about the NSA's data collection efforts.

The system has the capacity to reach roughly 75% of all U.S. Internet traffic in the hunt for foreign intelligence, including a wide array of communications by foreigners and Americans. In some cases, it retains the written content of emails sent between citizens within the U.S. and also filters domestic phone calls made with Internet technology, these people say.

[...]

The programs, code-named Blarney, Fairview, Oakstar, Lithium and Stormbrew, among others, filter and gather information at major telecommunications companies. Blarney, for instance, was established with AT&T Inc....

This filtering takes place at more than a dozen locations at major Internet junctions in the U.S., officials say. Previously, any NSA filtering of this kind was largely believed to be happening near points where undersea or other foreign cables enter the country.

[...]

The systems operate like this: The NSA asks telecom companies to send it various streams of Internet traffic it believes most likely to contain foreign intelligence. This is the first cut of the data. These requests don't ask for all Internet traffic. Rather, they focus on certain areas of interest, according to a person familiar with the legal process. "It's still a large amount of data, but not everything in the world," this person says.

The second cut is done by NSA. It briefly copies the traffic and decides which communications to keep based on what it calls "strong selectors"—say, an email address, or a large block of computer addresses that correspond to an organization it is interested in. In making these decisions, the NSA can look at content of communications as well as information about who is sending the data. One U.S. official says the agency doesn't itself "access" all the traffic within the surveillance system. The agency defines access as "things we actually touch," this person says, pointing out that the telecom companies do the first stage of filtering.

The surveillance system is built on relationships with telecommunications carriers that together cover about 75% of U.S. Internet communications. They must hand over what the NSA asks for under orders from the secret Foreign Intelligence Surveillance Court. The firms search Internet traffic based on the NSA's criteria, current and former officials say.

The NSA seems to have finally found a PR agency with a TS/SI clearance, since there was a response to this story. They've also had a conference call with the press, and the Director of National Intelligence is on Twitter and Tumblr.

I am completely croggled by the fact that the NSA apparently had absolutely no contingency plans for this sort of thing.

Posted on August 27, 2013 at 1:19 PM • 38 Comments

Comments

AlanSAugust 27, 2013 1:41 PM

Why are you croggled given everything you've written post 9/11? The government clearly stinks at risk management.

NobodySpecialAugust 27, 2013 2:57 PM

We now assume that the contents of all traffic is monitored by the NSA as the drip feed of justifications continue (we only see the headers, well except for foreigners, OK except for Americans who have ever talked to foreigners, OK except for Americans who .... )

The interesting stories are going to come from who gets the data.
The CIA obviously - but unless you were involved in the JFK assination you probably don't care. The INS, DEA, the IRS? do you want them to have all your emails to your brokerage account?

AlteregoAugust 27, 2013 3:40 PM

Blarney, for instance, was established with AT&T Inc....

This filtering takes place at more than a dozen locations at major Internet junctions in the U.S., officials say.

Blarney sounds like it is related to that secret room in AT&T’s San Francisco office and other AT&T locations (including Seattle, San Jose, Los Angeles and San Diego), that whistle-blower Mark Klein brought to light back in 2006.

See e.g. this article:
http://www.wired.com/threatlevel/2013/06/...

For some reason the Mark Klein revelations never became a very big deal. Maybe they were considered too unbelievable at that time, and subsequently forgotten?

Kevin an AuditorAugust 27, 2013 3:59 PM

I'd begun to suspect the hiring of a PR firm over the last week or so. The symptoms have become overwhelming. We are now getting stories of "wrong-doing" at the NSA that are not coming from Snowden. And for that matter, the conduct isn't all that damning.

"National Security Agency declassified three secret U.S. court opinions Wednesday showing how it scooped up as many
as 56,000 emails and other communications by Americans with no connection to terrorism annually over three years.." "the NSA realized that when it was gathering up bundled Internet communications from fiber optic cables, with the cooperation of telecommunications providers like AT&T, that it was often collecting thousands of emails or other Internet transactions by Americans who had no connection to the intended terror target being tracked...." "NSA reported that to the court in 2011, the court ordered the NSA to find ways to limit what it collects and how long it keeps it."
See: Small problem found, problem fixed.
http://www.cbsnews.com/8301-201_162-57599579/...

Why, even the President agrees: "Obama: NSA Oversight Worked"
http://politicalticker.blogs.cnn.com/2013/08/23/...

But we can get put out something cute can't we?
"LOVEINT"
"there have been “very rare” instances of willful violations of agency protocols by agency officers. The Wall Street Journal reports that some of those willful violations involved officials turning their private eyes on love interests"
http://www.washingtonpost.com/blogs/the-switch/...

Aside that until now, our society considered stalking creepy, we are not even to think of a politician being spied on. Not at all.

From Reuters:
http://www.reuters.com/article/2013/08/17/...
"We're working on the release of more documents soon," DeLong (NSA director of compliance) said, without elaborating. (don't bother, Mr. DeLong - we see the pattern.)

This establishment is not changing anything or going anywhere:
"These are not willful violations, they are not malicious, these are not people trying to break the law," John DeLong, NSA director of compliance, told reporters.

NSA cheerleaders in congress are not wavering:

"The committee has never identified an instance in which the NSA has intentionally abused its authority to conduct surveillance for inappropriate purposes," Senate Intelligence Committee Chairwoman Dianne Feinstein, a Democrat, said.

Representative Mike Rogers, a Republican and chairman of the House Intelligence Committee, described errors reported in the Post story as "human and technical," which he said were "unfortunately inevitable in any organization and especially in a highly technical and complicated system like NSA."

The only thing getting done is a PR counter-offensive.

There is a political technique for handling scandal: The first step is to break the story in pieces, and try to disjoin them in the public eye (dissemble). The next is to select a few items, pretend to investigate them, and declare that some minor issues were corrected. Other bits are denied outright. Still other parts suffer defenestration in the memory hole of history. If anyone latter brings them up, sigh loudly and whine, "WE'VE DEALT WITH THAT..."

The technique is common enough that one reporter has had his name made into a verb, and that verb means to employee this technique.

I would hope that the EFF might try an FOIA for the PR firm, but it might be a hard search. They might have been hired directly by the DOD, it might have been an extension to an existing contract, or even arranged through a sub-contractor. Whoever got the job is high level politically as well clearance wise.

TimHAugust 27, 2013 4:03 PM

The NSA 'just the facts' document's 2nd para states "The NSA does not sift through and have unfettered access to...".

Yet another qualifier rendering the statement worthless.

KoskenkorvaAugust 27, 2013 4:21 PM

NSA probably figured out long ago that they cannot clearly differentiate which comment/post/email was actually sent by a US citizen, and which was not.

Thus they gather and process it all.

unimportantAugust 27, 2013 5:08 PM

NSA officially claims that it aims for 1 yottabyte storage -- this is more than 125 TB per human being. This is also a very costly and demanding project which has nothing to do with protecting people but to aggressively control them. A global totallitarian surveillance state with 500 bn chipped human robots whose every transactions are forever recorded, analyzed and strongly sanctioned by artificial intelligence from the UN (= global bankers) who tax everyone for breathing due to climate change. Kurzweil may be correct that technology grows exponentially (due to fraudulent interest money). But Earth's resources are limited and so we will see a reduction of disposable containers in the not so distant future.

tbensonAugust 27, 2013 7:24 PM

When things get this bad, a good laugh helps.

I was talking with a friend about the NSA data collection horror, and he had the wits to say
"Hey, I view it as Free Backups".

So, anyone want to work with me on a backup add-on app that creates and places an automatic FOIA request?

You gotta laugh when it gets this bad, and then you have to take cover or do something.
sigh

Bruce BannerAugust 27, 2013 8:41 PM

Good night youngsters. Sleep tight and remember you are never alone. The Government is watching you...

GodelAugust 27, 2013 9:04 PM

tbenson:

'I was talking with a friend about the NSA data collection horror, and he had the wits to say
"Hey, I view it as Free Backups".'

Good luck doing a restore.

AdrianAugust 27, 2013 9:20 PM

"This filtering takes place at more than a dozen locations at major Internet junctions in the U.S., officials say. Previously, any NSA filtering of this kind was largely believed to be happening near points where undersea or other foreign cables enter the country."

If the NSA cares only about foreign communications (or, at least, those with a foreign component), why do they need to tap into "major internet junctions" inside the US? Wouldn't tapping international channels suffice?

bad JimAugust 27, 2013 9:41 PM

I thought it was reported that the NSA archived all encrypted emails, which suggests a possible prank: a hitherto unknown group lets it be known that it will switch to a totally new, unbreakable form of encryption, and generates a considerable volume of communication, which is actually just the dressed-up output of a suitable pseudo-random number generator.

Surely it ought not to be possible to determine in general that an ostensibly encrypted message doesn't actually have any content.

Joe in AustraliaAugust 27, 2013 10:41 PM

I am completely croggled by the fact that the NSA apparently had absolutely no contingency plans for this sort of thing.

I am completely croggled by the fact that the NSA uses contract labor for systems administration; that their employees use generic computers and not, e.g., dumb terminals or locked-down OSs; and that computers and media can be removed from secure premises.

Furthermore, if Snowden actually did hide in Russia's Hong Kong embassy then I am further croggled by the fact that nobody in the USA knew this until it was leaked by a Russian minister. All those petabytes of phone intercepts, all the bugging, all the data collection, and they couldn't track a blonde, blue-eyed Westerner walking around a largely-Asian city.

NargunomicsAugust 27, 2013 10:45 PM

@Joe in Australia - good lord, you'll be expecting "Intelligence" to show some intelligence, soon!

Chilling EffectAugust 27, 2013 10:49 PM

There's one thing I can't understand. Maybe someone who does understand can explain it for someone with a simple little mind like me: Just how do these very expensive programs (expensive in dollars, liberty, and privacy) keep us safe?

Oh.. and Mr Clapper, because my little mind is so very very simple, "That's classified, so you'll have to trust us" doesn't answer the question. Could you possibly try again?

funmasterAugust 28, 2013 3:25 AM

@ Adrian

If the NSA cares only about foreign communications (or, at least, those with a foreign component), why do they need to tap into "major internet junctions" inside the US? Wouldn't tapping international channels suffice?

They can't risk to let a chance unused to filter any traffic possible to get the whole picture. Think of foreign persons who use TOR with an exit node on american territory or bad guys (a new definition of bad guy would be great) who use networks of international companies or vpn of other institutions with exits inside US.

Most of the modern technology used to neutralize privacy (like os for smartphones, funny (=needless) apps, browser features, ...) has invented of american companies or within foreign locations of american companies, so american agencies can easily get a hand on this. These informations are routed through american nodes and so it's easy to capture and filter them "at home".
Sure there are other manufacturer on the world, but the big players are under american control and for the rest they can ask their ally.

AndyAugust 28, 2013 3:28 AM

The systems operate like this: The NSA asks telecom companies to send it various streams of Internet traffic it believes most likely to contain foreign intelligence. This is the first cut of the data. These requests don't ask for all Internet traffic. Rather, they focus on certain areas of interest,

So, what does this statement break down from a technical point of view? They do deep traffic analysis and skim off all comms protocols (like various IM services, eMail, Skype, VoIP, etc.) and other interesting bits by TCP/IP port and / or packet header and drop the rest that looks like a run-of-the-mill BitTorrent porn download? Or is it more implicated than that?

At times, during all those Snowden revelations, I was having trouble believing that they could indeed sniff through the majority of the traffic, because that would in practice basically mean duplicating the majority of the infrastructure used by providers. Essentially building a second internet alongside the actual one. My mind reeled at the concept / thought that this extreme (financially, logistically, technically) approach was actually taken.

Clive RobinsonAugust 28, 2013 4:38 AM

I occasionaly mention a biweekly UK publication "Private Eye" as being a worthwhile read.

Well I hope the editor will not see me posting a snipt relevent to this page as "theft" of the estimed organs IP.

Any way on the lead page is the following,

    The US National Security Agency is trying to reassure the world that it is realy only snooping on us a little bit. In a widely-reported paper published earlier this month, it claims that its monitoring of user data such as emails and search history amounts to just 1.6 percent of the 1,826 petabytes of information carried by the internet each day. Doesn't sound too bad, does it? Well, up to a point. It's worth bearing in mind that cat pictures, porn and pirated movies make up an awful lot of internet traffic. Indeed, according to a calculation earlier this year from networking company Sandvine, communications such as email account for just 2.9 percent of the total. Add to this the fact that most email is spam --more than 70 percent, says Kaspersky Labs-- and it starts to look as if the NSA is monitoring everything that lacks Viagra or lottery wins in the subject line.

** Note to Private Eye subs/editor, the "Internet" is generaly treated as an entity hence the accepted practice of capitalising it's initial char. It also helps distinquish it from lesser "internets" where the initial char is not capitalised.

Clive RobinsonAugust 28, 2013 6:08 AM

@ bad jim,

    possible prank: a hitherto unknown group lets it be known that it will switch to a totally new, unbreakable form of encryption, and generates a considerable volume of communication, which is actually just the dressed-up output of a suitable pseudo-random number generator.

It would need to be a bit more than just a PRNG output to work for more than a very short while.

You would need a very long sequence PRNG (ARC1024/8) which aproximates very nearly uniform probability bytes.

The output of the PRNG then goes through a filter that makes adjustments to the probability such that it now matches plaintext / word doc content etc.

This is then fed into a genuine encryption system which is designed to look complex but actually has weakneses. I would sugest a striped down stream generator such as SNOW 1.0 with a change to the feedback taps, this is used to drive say four rounds of AES and four rounds of one of Bruce's block ciphers, It also has whitening of output from RC4 (ARC256/8) with either little or no initial S-array warmup. This is all used in simple "code book" mode.

Each of the above is individualy breakable thus the NSA could walk it back till they get to the output of the filter, the stats of which should convince them they "are close" but still not getting the desired cigar. Oh and you should also encrypt quite a few "cat" clips/movies or other Utube rubbish (such as the once 15sec famed "Barbie Bondage" pics to add the supposed risk element that requires the ultra-secure encryption ;-)

This way they will get to see some (usless) stuff that will hopefully keep them looking to get the random junk to make sense.

HOWEVER there is a warning to think about, at some point somebody is going to meet either the "meat" or the "meat holding rubber hose" who will try to make you part with what they want to know as hurtfully as possible. And these types are not known to have a sense of humour, thus you need a backup plan to show not just the use of the PRNG and filter, but the seed & settings used thus providing coroboration of your "prank".

Jenny JunoAugust 28, 2013 9:54 AM

re: Croggled

Based on interviews, General Alexander clearly believes that the NSA's mission is a righteous one. In recent weeks he's been quoted as literally saying, "Never Again" with respect to 9/11.

From that perspective it is impossible to conceive that someone would blow the whistle on what the NSA is doing. That is a major blindspot and coupled with normal beuacratic overhead it is seems quite believable that they had no contingency plans for whistle blowing and that their internal security was lax.

The threat they are protecting against is a bunch of third-world cave-dwellers, there is not a chance in hell that those guys would ever get physical access to the NSA's systems and everybody else can clearly see the righteousness of the NSA's mission so they aren't a threat. So it is not a big deal to put all that preparation on the back-burner.

Of course much of the rest of the world does not view the NSA's mission as particularly righteous. And coming to grips with that is taking the NSA some time. Alexander himself may never be convinced, if he were to change his mind that would be a tacit admission that he's personally responsible for building the most efficient civilian control system ever known to man, even he has no intention of every using it that way himself.

JeffAugust 28, 2013 11:50 AM

@AvayaMaster:

The door to the "secret room" (shown in a photo in that article) has no door handles. How were they expected to ever open that door?

That same photo shows a ladder and a hole in the ceiling. Do you suppose...

PeterAugust 28, 2013 11:59 AM

What surprised me most, is the fact that the Wall Street Journal article also says that NSA has arrangements with FOREIGN internet providers too. As they are apparently assisting a foreign intelligence agency, that's even more tricky than American companies doing so. Also surprising that this got hardly any attention.

If you look somewhat more closely, it makes good sense NSA is cooperating with foreign providers, and if we combine this with some other recent stories, it seems there's a global NSA-GCHQ internet surveillance network, just like Echelon once was. More here:
http://electrospaces.blogspot.com/2013/08/...

PeterAugust 28, 2013 12:02 PM

What I find amazing about all this is that, despite it all, the spooks couldn't stop two kids from exploding bombs in Boston, they couldn't stop a company from illegally collecting, and then exploding, huge quantities of explosives in Texas, and on and on. They collect all this stuff, but what do they do with it?

naibanAugust 28, 2013 1:02 PM

The agency defines access as "things we actually touch,"

however a dictionary defines access as:

"The ability or right to approach, enter, exit, communicate with, or make use of"

So by having the ability to make use of that yottabyte of data, I for one would surmize that they have access to it!

Isn't it nice that the NSA is allowed to invent meanings for words like 'access' and 'collect' in order to help them with their 'compliance' efforts... I wonder how they define the word 'compliance'.

Brandioch ConnerAugust 28, 2013 1:37 PM

@Adrian

Wouldn't tapping international channels suffice?
Yes. Yes it would.

So, at some point in the future expect further revelations as to why this was necessary.

Dirk PraetAugust 28, 2013 6:26 PM

@ Chilling Effect

Just how do these very expensive programs (expensive in dollars, liberty, and privacy) keep us safe?

Dear Mr. Effect,

In order to preserve the freedoms that countless bloodthirsty terrorists want to take away from us, it was necessary to take them in protected custody. Surely, you are familiar with the ancient military wisdom that sometimes in order to save a city, you need to destroy it.

Rest assured that your freedoms are safe with us and that your tax dollars are being spent wisely on programs specifically designed to cause minor encroachments on your privacy only.

Although we appreciate your interest in matters that, frankly, are way above your head, you may wish to redirect your concern to the secret affair your wife is having with your neighbour, rather explicit imagery of which has recently caused quite a stir here at the office.

Yours truely,

James Clapper, DNI

CallMeLateForSupperAugust 29, 2013 7:05 AM

@ Naiban

I agree with your assessment of NSA's usage of the word "access".

I think the word "touch" in the quote you chose screams for similar treatment.

GadflyAugust 29, 2013 11:21 AM

@ bad jim:

[...] a possible prank: a hitherto unknown group lets it be known that it will switch to a totally new, unbreakable form of encryption, and generates a considerable volume of communication, which is actually just the dressed-up output of a suitable pseudo-random number generator.

@ Clive Robinson:

HOWEVER there is a warning to think about, at some point somebody is going to meet either the "meat" or the "meat holding rubber hose" who will try to make you part with what they want to know as hurtfully as possible.

I'd suggest each group member encrypt randomly selected chunks of the same copy of "Finnegans Wake" downloaded from the Gutenberg project, and that all members use the same (but very lengthy) AES-256 encryption password. When the "big men with guns" show up, hand over the password. You might still get the rubber hose out of spite, but what could you *legally* be charged with?

CallMeLateForSupperAugust 29, 2013 12:50 PM

@ Gadfly
"... what could you *legally* be charged with?"

Impeding a federal investigation.
And they'd wave their arms about Aiding Terrorists (TM), just for good measure.

MarkHAugust 30, 2013 12:17 PM

"I am completely croggled by the fact that the NSA apparently had absolutely no contingency plans for this sort of thing."

For most of its existence, NSA has enjoyed:

• vast rivers of cash
• minimal public visibility
• nominal "oversight" by elected officials
• technical superiority
• no real accountability (who can control or audit what is so thoroughly concealed?)
• religious zeal: they are Knights conducting a Virtuous Crusade Ordained by God

Among the toxic bacteria that have flourished in this witches' brew is an arrogance even more gorgeous than that of the autocrats of old -- they had to worry about being assassinated or overthrown, but NSA carries out its work in comfort and safety.

It's logical, then, that they had no plan for this sort of failure -- after all, the King can do no wrong! (Or, more apropos, the subterranean lizard-emperor can do no wrong.)

PJSeptember 1, 2013 10:06 PM

Croggled is a new word for me. Boggled I know. Anyway, missing from much of the commentary is how all this is going to play out with foreigners currently using US hosted information systems.

Many who regarded the US as a benign power no longer do so. I am one of them.

unimportantSeptember 6, 2013 1:24 PM

@Wesley Parish - Nice short story of yours :) Before 2008 (collapse of Lehman Brothers) I would have classified it as fiction. ;)

btw, "500 bn" should actually be "500 mn".

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..