Schneier on Security
A blog covering security and security technology.
« SIERRAMONTANA: NSA Exploit of the Day |
| NSA-O-Matic »
January 17, 2014
NSA Collects Hundreds of Millions of Text Messages Daily
No surprise here. Although we learned some new codenames:
- DISHFIRE: The NSA's program to collect text messages and text-message metadata.
- PREFER: The NSA's program to perform automatic analysis on the text-message data and metadata.
The documents talk about not just collecting chatty text messages, but vCards, SIM card changes, missed calls, roaming information indicating border crossings, travel itineraries, and financial transactions.
Posted on January 17, 2014 at 5:32 AM
• 23 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
However, there is a great new term: "Content Derived Metadata".
Almost everything they do on the Internet "metadata" is really content derived metadata: a network device wouldn't care, as its all above layer 3.
Does it seem weird to anyone that the media is still only talking about phone call metadata? Even after all of the revelations that make call detail record collection look silly in comparison...that's really it. It occurred to me this morning while listening to Slate's Political Gabfest on the ride to work.
It's like the media has decided that call detail metadata is all the scandal that we care to think about, thank you. I'm kind of reminded of Chomsky's idea that the professional "left" media serves to set the boundaries of discussion. "This far and no further."
Great, now I sound like one of those Slashdot or HN a**hats...I guess I'll start a blog about writing web services in GO and put a little round picture of myself on it. "I'm on Ubuntu and it's Linux, suck it NSA!"...
"How about this for Tommy Gun? OK - SO LET'S AGREE ABOUT THE PRICE AND MAKE IT ONE JET AIRLINER AND TEN PRISONERS"
That was the clash lyric that one member of a tribute band texted to his fellow ban member in 2004 and got him arrested in the UK
This should have been one of the first things that was leaked. Because collecting text messages isn't as "wow" as the rest of the stuff leaked. It's almost one of those "duh" moments.
However, there is a great new term: "Content Derived Metadata".
To make matters more confusing?
The content-metadata distinction, what was originally a content-address distinction, may have made sense for postal mail and might have made a sense for POTS, makes no sense for modern communications. It is this distinction along with the "third-party doctrine" that has allowed government to claim that it can collect so-called metadata without violating the 4th Amendment.
Earlier this week Michael Morell, a member of the Presidential Review Group, told the Senate Judiciary Committee:
“I’ll say one of the things that I learned in this process, that I came to realize in this process, Mr. Chairman, is that there is quite a bit of content in metadata. When you have the records of phone calls that a particular individual made, you can learn an awful lot about that person. And that’s one of the things that struck me. There is not, in my mind, a sharp distinction between metadata and content. It’s more of a continuum.”
If the courts continue to adopt the "Mosaic Theory" then bulk collection of so-called metadata by government may come under 4th Amendment protections.
See: Bulk Data Collection and the Mosaic Theory: A More Balanced Approach to Information
The author points out that the government itself uses the Mosaic Theory to block FOIA requests.
"Keep the change you filthy animal."
Anyone remember about a year ago when we were all openly speculating about the NSA's Utah data centre? We were even attempting to calculate bitrates, bandwidth, etc. It seems like we were mostly right on much of it.
The interesting part to me (besides the media not flogging it like the Polar Vortex or other useless buzzword) is that the NSA is collecting all of this yet seems to have absolutely NO idea what to do with it other than spy on their past girlfriends' escapades.
Last week I was watching "That Was the GDR", an early-90s documentary done by Deutche Welle on what life was like in the GDR. The economic policies and spying very closely parallel where the USA is today. The ultimate conclusion, even by people who were in favour of the GDR was that it wasn't sustainable. What resonated with my most is how much "for the protection of the State" was pushed. I see the same thing today when "National Security" gets flogged by both the politicos and media. Now, National Security appears to refer to protecting the State, not the population.
Not to minimize this, but given the number of cellphones on the planet (the UN says "billions"), 200 million text messages seem like a small fraction. Forrester Research says that there are 6 billion SMS messages sent each day in the US alone: http://blogs.forrester.com/michael_ogrady/...
So, 200 million sounds like a really big number, but only until you put a denominator under it.
For fun, I'd urge people to go take a look over at Russia Today's (RT.com) coverage of this... Nice to see a different perspective on it. Even if it is biased...which sadly, in this case, the piece they did on what Clapper & Obama have said publicly vs. what has been revealed was very straight.
From today Obama's speech:
"Let me repeat what I said when this story first broke – this program does not involve the content of phone calls, or the names of people making calls. Instead, it provides a record of phone numbers and the times and lengths of calls – metadata that can be queried if and when we have a reasonable suspicion that a particular number is linked to a terrorist organization."
...ok, I guess we all agree Obama should have updated the text on this speech in the last twelve hours, right?
Note the weasel words "this program".
Ah, indeed, he was talking about the old phone metadata collection program instead of yesterday's DISHFIRE program. Same ambiguity used by NSA when they deny certain activities under a given secret program because these activities are done in other one.
@alex: Thanks for the perspective. From the current Russia Today story, I got this: "seven months after it was first exposed." That's pretty fast, in some sense. Almost "with all deliberate speed."
("Politico" is a technical term. I think you meant politician or punter.)
The scarry thing is, that today, simple text messages can lead to arrest:
Allami was a sales manager for a telecommunications firm when he sent out a text message to staff urging them to "blow away" the competition at a New York City convention.
He alleges that, three days later, he was arrested without warning by Quebec provincial police
What scares me a bit is that these new nsa slides also say the sms collection is used for localization.
The localization feature may, in some countries like somalia, lead to imminent death around you, if you are involved in terrorism, see this (unfortunately german article)
The wife of terrorist Bilal Berjawi made her mistake in england:
After giving birth to a child in an english hospital, she made one phone call to her husband in somalia. A few hours later, her husband Bilal Berjawi was death by a hellfire rocket sent by a drone.
Hellfire rockets were originally designed for use in helicopters against tanks. Therefore they have a large impact radius.
The article linked above mentiones, that when they killed a terrorist friend of Bilal Berjawi, namely Mohamed Sakr, there was, unfortunately an innocent goatherder a few yards next to him.
The goatherder was just seaching for food for his goaths. The rocket made no difference between a goatherder and a terrorist and killed him too.
For such actions, nsa must locate a target. And this is what the sms collection may be used to, according to the new snowden documents.
Well, as expected, the NSA will now have to delete all the useless information and only keep the useful stuff. Basically, the prez ordered the NSA to do a better job, which is rather different from how it is spun in the media.
Having only collected 200 million messages a year, shows why the NSA needs a much bigger data centre - they are missing the bulk of it...
@b3nt0 "I'm on Ubuntu and it's Linux, suck it NSA!"
I'm pretty sure you're just making a funny comment, but just in case other readers don't realise this, there's been a couple of programs reported on this blog that were aimed at subverting Juniper Networks routers which are run by Junos, a modified FreeBSD. IIRC, at least one of these modified the kernel at load time.
Given the relative market shares of FreeBSD & Linux, I'd be amazed if there weren't programs that specifically target Linux.
"The scarry thing is, that today, simple text messages can lead to arrest:"
Google: Targeted Individual
"NSA Collects Hundreds of Millions of Text Messages Daily"
This *totally* is anti-terrorism. :P
(I am being sarcastic. Unfortunately, that people regale these many moves as being "against terrorists" means that I have to actually say something like "I am being sarcastic" because it seems they have been born missing a large portion of their brains. Who knows that some of these real life zombies may not be reading this thread.)
I am patiently waiting for the day The Supremes will hear arguments, and Justice Roberts' gay pillow talk will be leaked by NSA' whistleblower.
"Not wittingly", of course.
I wonder how can anyone in their sane mind can take any seriously, any longer, anything that comes out of this man's mouth:
How come nobody among those "supermen" (that he is archetypical of), has been able to come forward yet, to answer this very simple question:
Oh wait. My bad, I forgot that their most basic working assumption is that the American people is THAT stupid.
Has anyone considered the other side to this massive interception?
Consider all of the sexting teens out there...
When your teen-ager comes home after a day, talk to them about this and how any nude photos might be getting shared with Congress... then, of course, there's the possibility of comments from, say, Bill Clinton... "You know, you're doing that wrong..."
(All right, while discussing this w/ a co-worker, she made the Bill Clinton remark which, fortunately, arrived when I was NOT taking a drink, so I didn't kitten (a/k/a "spit-take") all over my laptop.)
On another note, I suspect that there were all kinds of statistical programs looking at the flow looking for "paranoia" which would usually be connected with "wrong doing" (it is, perhaps, funny, that "wrong" can be relative to so many things) that will now get swamped with false positives.
It probably does not help that some folks have SMS banking features that they'd prefer the government NOT be able to monitor...
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.