Schneier on Security
A blog covering security and security technology.
« LOUDAUTO: NSA Exploit of the Day |
| Refrigerator Sending Spam Messages? »
January 22, 2014
Questioning the Efficacy of NSA's Bulk-Collection Programs
Two reports have recently been published questioning the efficacy of the NSA's bulk-collection programs. The first one is from the left-leaning New American Foundation (report here, and one-page tabular summary here).
However, our review of the government’s claims about the role that NSA “bulk” surveillance of phone and email communications records has had in keeping the United States safe from terrorism shows that these claims are overblown and even misleading. An in-depth analysis of 225 individuals recruited by al-Qaeda or a like-minded group or inspired by al-Qaeda’s ideology, and charged in the United States with an act of terrorism since 9/11, demonstrates that traditional investigative methods, such as the use of informants, tips from local communities, and targeted intelligence operations, provided the initial impetus for investigations in the majority of cases, while the contribution of NSA's bulk surveillance programs to these cases was minimal. Indeed, the controversial bulk collection of American telephone metadata, which includes the telephone numbers that originate and receive calls, as well as the time and date of those calls but not their content, under Section 215 of the USA PATRIOT Act, appears to have played an identifiable role in initiating, at most, 1.8 percent of these cases. NSA programs involving the surveillance of non-U.S. persons outside of the United States under Section 702 of the FISA Amendments Act played a role in 4.4 percent of the terrorism cases we examined, and NSA surveillance under an unidentified authority played a role in 1.3 percent of the cases we examined.
The second is from Marshall Erwin of the right-leaning Hoover Institute (report here, and summary here).
My conclusion is simple: neither of these cases demonstrates that bulk phone records collection is effective. Those records did not make a significant contribution to success against the 2009 plot because at the point at which the NSA searched the bulk records database, the FBI already had sufficient information to disrupt the plot. It is also unlikely that bulk collection would have helped disrupt the 9/11 attacks, given critical barriers to information sharing and as demonstrated by the wealth of information already available to the intelligence community about al-Mihdhar.
Posted on January 22, 2014 at 6:41 AM
• 47 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Oridinarily I'd say "Where the cost of the control exceeds the Annualised Loss Expectancy then terminate the control."
But instead I'm going with "wow, thats dumb; remind me again how big the US national debt is?"
Bulk-collection programs are highly effective if the desired effect is expansion of the Military-Industrial-Complex money pit.
how do we know the bulk collection was responsible when an "anonymous informant" is cited? Wasn't there info released about the tactic of parallel construction. I don't trust these guys to report how they actually found the people they've charged with terrorism
Argumenting on the efficiency/efficiacy is a battle that nobody should go for.
Human rights are not for sale!
Ask yourself: Are you willing to argue that the surveillance of the NSA were okay if it produced enougth results?
If the argument being made by people who support bulk surveillance is that it is keeping us safe, yet in reality it is not, then it's very important to show the point being made is invalid. Continue to argue that this level of surveillance is a violation of our rights and prone to abuse (especially given a history of the government using TLAs to crack down on dissidents).
This collecting anything way seems to be a relict of our time as caveman, we think having as much information gives the illusion of complete control ... in this case for ruling the world and to protect against terrorists.
It's also the psychological problem of thinking, that being successfull from time to time, this illusion is proven reality ... like playing roulette and always putting the money on black. Considering the big data maybe it's more like always making the bet on green.
I think they are effective at sniffing data and analyzing this to get detailed profiles of almost any person in the 'modern' world (=being part of this high technology society directly or indirectly).
But I also think, that they don't have the right tools to match the complexity of modern data-transfer to see the big picture or (and I don't know if this would be worse) they arn't willing to use these informations to avoid many attacks to protect their source for information (in the last case they would have anything to avoid attacks like 9/11 but only to have the option to interfere without the need to interfere for some reason).
Our high technology world is (on hard-, software-and manufacturing-level) much too complex to selfprotect our privacy by personal activity. If some privacy has left, it's because the sniffers aren't good enough or the imperfection of data-analyzing.
If we would have/use less complex technology we would be able to analyze it completely to be sure it's as secure as possible. In combination with modern cryptography the efficacy of global surveillance would do a big jump downwards and would be so expensive, that the intelligence would have to focus on really important facts and targets.
I hope this wasn't too off-topic, but I feel better now and that was it worth.
P.S.: I know that my english isn't so well as of Bruce (I love your style of wording) but I think it's ok to understand the idea I had in mind.
That's true, but if anything, you'd expect these guys to overstate the degree to which mass surveillance contributes to counterterrorism efforts in order to justify the massive expense (not to mention eroding privacy rights, trashing the trust basis of the public internet, and undermining the trust between the NSA and private security researchers and analysts). So, if anything, we should take their figures as an upper bound - the real value may turn out to be even lower.
I am of two minds on this. On one hand, you're right, many if not most of us would say that the law and its agents must have a greater bias for individual privacy over government projects - but not everyone values privacy in the same way. Some people say "If you've got nothing to hide then you've got nothing to fear" entirely without irony.
The reason I think these studies are useful is that, regardless of individual preferences for the privacy/security tradeoff, the NSA's bulk data collection does not even succeed according to its own internal justification. Even a person who was willing to give up his privacy rights to prevent terrorist attacks should be opposed to untargeted data collection because it does not prevent terrorist attacks.
It's the same thing with CIA enhanced interrogation techniques. Most people find them barbaric and unacceptable in any situation, but even someone for whom human rights had little intrinsic worth shouldn't employ those methods because they've been shown to be ineffective at producing actionable information.
Effectiveness at detecting/preventing terrorist acts = 0
Effectiveness at detecting/preventing any popular or government attempts to change the NSA's funding/behavior/power/role = 100%
@Cristian: Human rights are not for sale!
Unfortunately, they are. There are already sold, too, and for cheap.
I would argue that if one would be so daring to put a cost on human rights, it would be even more obvious that the NSA is wasting money.
The same goes for the cost of a human life: however hard it is to name a number, any way of computing it will show that institutions like the Bill and Melinda Gates foundation are among the most cost efficient that exist; the NSA is all the way on the other end of the scale.
The TERRORISM excuse is a hoax and a useful ruse.
For example, Snowden said the NSA collects more data on Americans than Russians.
If you read NSA statements closely you find they are using the data collected to support DOMESTIC intelligence for the military ("force protection") and general law enforcement, i.e. collecting pre-emptive (no prerequisite reasonable suspicion) evidence for the FBI, DEA, IRS, DHS and so forth.
The more power they take, the less we have. They aren't going to give it back, either.
It seems to me very obvious that one can make the case that particular investigations did not require bulk surveillance data in order to succeed, and also that actual contributions of bulk surveillance may be less than particular individuals or agencies have claimed.
Neither of these cases is the same thing as saying bulk surveillance is not useful, or that the contributions made by bulk surveillance data can not be improved.
To me the potential power of the bulk surveillance data seems like a no-brainer compared with traditional methods alone. To be able to go back in time and examine histories of suspects gathered years in advance of the time they were initially suspected or connected to known criminals or terrorists seems to have obvious utility. I'll bet that any police detective or FBI investigator could run off a list of cases that could only have been solved with access to phone records from months or years before the time the person became a suspect. And the way this extends to the ability to uncover sleeper cells should also be obvious. To uncover networks or networks of networks one must be able to find the links between individuals and/or nets of individuals.
To try to argue that these technologies are not useful seems to be a losing proposition. At best one can make the case that the technologies are not fully developed, or that in specific cases they are not absolutely required to meet goals. But to argue that they are simply ineffective in general seems completely misguided.
The only real argument against them should be that our democratic checks and balances and constitutional protections make them too dangerous or actually illegal. But trying to make them out to be technological losers seems pointless.
I would go so far as to say that Snowden's revelations are making us safer, as they disrupt the communications of terrorist groups. They know they can't use phones, email, internet, etc., so they have to rely on couriers and face-to-face communication. That leaves open a lot of room for HUMINT gathering and slows down their operations significantly.
Perversely, this is kind of a way the surveillance is "working" but only because it's now out in the open. No, that doesn't mean I support it.
The 9/11 plot went undetected because of a lack of intelligence, but not the kind of "intelligence" that NSA/CIA/FBI provide.
"Bin Laden determined to strike in US"
An alternate view on the lack of effectiveness may be simply that it is similar to other cases where it has been revealed that the snooping may be the primary trigger but the case is built backwards to hide the programme. It could go as far as agencies showing the committees and POTUS that it does work but requiring the ruse that it isn't effective be continued. Disinformation?
Another argument could be that due to the bulk collection illegality if any case was to hinge on an unconstitutional trigger then all those cases would be thrown out, subject to appeal, etc. More motivation for disinformation? It is a real can of worms.
Easy argument to an elected official: if you declare the programme illegal then all these child molesters, drug dealers, terrorists, kidnappers, murders that we've caught using this system will walk? Do you want to allow that to happen?
The programme has to be seen to be ineffective. They have no choice.
To me, @Jeff Johnson hits the nail on the head when he comments, "To me the potential power of the bulk surveillance data seems like a no-brainer..."
Obama's speech makes more sense if the system is actually effective but illegal. The goal is then to make it legal using Geoffery Stone's arguments regarding the Fourth Amendments reasonable search element.
On balance though, the old saying that you should never put down to conspiracy what you can put down to incompetence, perhaps ring true here too. But just perhaps, the NSA isn't quite so incompetent?
I notified a cross section of IEEE members that my membership will not be renewed this year. The lack of of social responsibility by a "professional" organization is inexcusable. Just on technical grounds, the efficacy of law and the progulmation of standards in support of facistic institutions (like Ford with Germany in the 30's and Cisco and China) represents a real risk to the citizenry. When will people stand up, dust of the malaise and make a difference. The President's speech was so depressing, even the inflection give hint to the paternalism that we are subjects/subjected to that is of most concern. Members of congress, the press, and the intelligentsia all profess to know better--or know what's better for us. To my way of thinking, a fool in new clothes just looks better.
With that I can assume the traitors, oh I mean spies, can determine my identity. Time to power down all the signal generators and camp in my faraday cage for a few days. Um, lots of SPAM from my bomb shelter to live off of.
@Jeff Johnson: It seems that it's far more effective at assembling a case post hoc, once the damage has already been done. Which makes it quite useful for prosecution/punishment (assuming the perpetrator(s) are still alive), but as far as we can see currently next-to-useless for prevention. AFAIK, identification and prevention of threats *in advance* of their occurrence is supposed to be the raison d'être for the NSA's bulk collection programme, not after-the-fact punishment. So at the very least the agency is grossly overstepping or misrepresenting its stated mission. At the worst, it's infringing on human rights of US and non-US citizens alike on a grand scale for almost zero benefit at enormous cost. Either way, it doesn't seem like a sensible thing to support.
>NSA collects more data on Americans than Russians.
Why would you spy on the Russians (or at least the USSR)?
Except in a war, your enemy's actions have very little effect on you.
However your own citizens/allies/friends have an effect every time there is an election or a treaty to negotiate or a contract to bid on.
The only reason for spying on the Russians today would be if Anatov competes with Boeing or Gasprom with Exxon
Wenn das die Lösung ist, hätte ich gerne mein Problem zurück
If I order a toaster, alarm clock, electric cork remover, or any such thing from Amazon, can the NSA turn these into listening devices before FEDEX drops them at my door? My new golf clubs? My wife's new treadmill? Our new upscale pressure cooker? Could my latest eBook be an implant, turning my iPad into a listening device, injecting poison throughout my house? Is there a limit? Any limit? Any limit at all?
@Interested but Hitherto Uninformed
LOUDAUTO is a small bug that could go anywhere including your new treadmill or alarm clock. In 2007 NSA claimed 100% success against remote subversion of iOS, so your iPad is on the possible list. No, there is no real limit. If you are targeted you will be successfully breached almost inevitably.
The real thought to have is how to make sure you are targeted and not just caught in an Orwellian sweep of all communications. At present all your communications are been monitored to some extent because you are a person on planet Earth with US citizens particularly under the thumb.
The only way to limit the agencies is to ensure there is a cost to breaching a target. They have budget / manpower restrictions that would limit surveillance if you could remove the mass surveillance techniques. Mass surveillance has a marginal cost of virtually zero. Without mass surveillance, you could choose your security such that you could determine how much budget they'll need to expend to target an activity of yours. Whilst LOUDAUTO is a listening device that costs $30, you need expensive gear to listen to it and resources to collect and monitor it. They could target your iPhone or iPad microphone for little cost and be always listening.
Today everyone is being watched. This needs to change so only those subject to a properly specific subpoena issued by a judge are being watched.
The trouble with the reforms promised are that you will still be watched but they promise, pinky swear, that they'll only comb through all your historical and future records and communications they continue to collect _IF_ you get caught in a mini-dragnet focused around an issue, perhaps as designated by a judge, but perhaps by just being on the same bus as an analyst's girlfriend (LOVEINT).
Watching for terrorists is a version of pre-crime. Kiddy fiddlers would be another reasonable pre-crime target. Murderers... Kidnappers... Potential shoplifters...Loiterers.... Protesters within 35 feet of an abortion clinic... It's a thin edge of a wedge that results in easy justification for monitoring it all which is just evil.
In my country the citizens have no such rights and the laws carve out rights for the intelligence community to do whatever they pretty much like. Mass collection is not illegal here and, surprisingly, the vast majority of the good citizens of Australia don't seem to care too much about the issue. The NSA should outsource their work to the ASD but that may be a US crime so perhaps not standing in the way of the ASD collecting may be a solution?
In Australia Snowden would be a criminal whereas in the US he is a whistle-blower.
Stands to reason the NSA's bulk collection methods are ... what a bull leaves behind: very very highly processed foodstuffs - prime tucker for certain beetles.
There's the matter of the sheer amount of material to be processed. To do that one needs to know prior to processing, just what needs to be processed. And then one needs to know various "secular" ways of expressing certain ways of thinking, besides the "religious" in-crowd ways of expressing those ways of thinking; then you need to be able to follow the methods of concealment to the extent you could actually be one of the target group: and that contains its own trap: what happens if following their lines of argument leads to empathy, then conversion?
It would hardly be the first time that sort of thing happens.
To say it's a waste of time and money's obvious. The ultimate reward for such a gratuitous waste is to find you have caused the very thing you have tried to prevent. Cases in point: the American War of Independence, the Russian Revolution. I think you could argue the Boston Bombings are one such case, as indeed the various clashes with Al Qaeda up to and including the strike on 9/11.
I've been hearing various commentators say things like: the current situation in East Asia between China and Japan's not dissimilar to that between the UK and Germany in the 1910s before the First World War; well, from where I'm standing, the US looks like Tsarist Russia.
@ Matt Hurd
In Australia Snowden would be a criminal whereas in the US he is a whistle-blower.
What is the difference between both? In US (I suppose) Snowden would go to jail, too ... or he would have a deadly accident before reaching US territory.
@Christian: That's called an "internal argument" and is the only way you can hope to have a productive discussion with people who don't share your premises/values. Otherwise your discussion will boil down to "Liberty is more important than Security!" "No, Security is more important!" "Liberty is!" "Is not!" "Is, too!".
I find it sad that so many people seem to value security over liberty, but when that's the case you can't just oppose it directly and expect to win.
The Boston Bombers broke my trust in the NSA.
“Even after Russian intelligence asked the FBI to investigate Tsarnaev, the huge databases our intelligence services maintain in the name of our national security failed to alert the agents to Tsarnaev’s interest in building the pressure cooker bombs he would use to devastating effect at the Boston Marathon… This lapse seems to include those who visit Inspire. They should have become a priority back in 2010, when it became known that Faisal Shahzad, the would-be Times Square car bomber, had used the pressure cooker recipe for his device. Shahzad also happened to use the same New Hampshire fireworks store as Tsarnaev to obtain crucial bomb materials, but he added other items for more punch... In the case of Tsarnaev, the databases also failed to uncover the online communications that Tsarnaev had with a known Muslim extremist in Dagestan. These online contacts were apparently the prime reason the Russians took an interest in Tsarnaev. The Russians developed their information by questioning the extremist, who reportedly listed Tsarnaev among his cyber pals… As the NSA conducted surveillance on a global scale that seemed to confirm we are in an age where there is little or no privacy, Tsarnaev did just fine and was left to his own murderous devices.”
The NSA can monitor everyone’s, email, text messages, phone conversations, travel plans, photo-copy posts office mail, look at financial transactions – but can’t be bothered to check on a Russian tip on terrorists in the USA, travel records, fireworks sales or bombing making internet posts!
The NSA failed – and then lied to Congress. The trust is gone. I don’t trust the NSA!
Another report critical of bulk collection:
The Privacy and Civil Liberties Oversight Board ( http://www.pclob.gov/ ) is to release a report later today.
From the NYT, which has already obtained a copy:
[The bulk collection program] “lacks a viable legal foundation under Section 215, implicates constitutional concerns under the First and Fourth Amendments, raises serious threats to privacy and civil liberties as a policy matter, and has shown only limited value,” the report said. “As a result, the board recommends that the government end the program.”
More from the NYT on forthcoming PCLOB report:
"It contains the first official acknowledgment that the Foreign Intelligence Surveillance Court produced no judicial opinion detailing its legal rationale for the program until last August, even though it had been issuing orders to phone companies for the records and to the N.S.A. for how it could handle them since May 2006."
The majority of PCLOB members say it is illegal.
Elsewhere in the NYT this morning is a discussion of the Smith v. Maryland (1979) case which provides the basis of "third-part doctrine" and the legal rationale for bulk collection programs.
It is a "no brainer" that bulk data collection of American citizens (to start with) has zero value for preventing terrorism.
And it has zero value in any other sort of legitimate criminal case.
Enormous value for extortion. Enormous value for tracking back people according to religious and political affiliations.
These reports reiterate the obvious: they spent enormous sums and time on these programs and they are extremely dangerous to the stability of democracies.
They have zero to do with terrorism.
@ Bruce Schneier
I would have issued a hypocrisy alert but don't have one for the President's office--yet. But the complete lack of efficacy in response to known problems is unquestionable demonstrated by PPD-28.
A summary analysis of PPD 28, the Signal Intelligence Activities response to the Snowden revelations suggests the following:
- Reuse of "propaganda" or "political" language to express specific adhoc characteristics of mission, purpose, and respect for constitutional aegis.
- Language that either in part, or whole, changes nothing substantively regarding "programs" and bulk collection or restates objectives, oversight, and program parameters to "sound" less onerous/unlawful.
- None of the restrictions that were expressed by the speech of 17 Jan 2014 seem to have been expressed in the PPD.
- The classified annex, not even the subject of the detail is mentioned and allows for almost anything...
- Psychologically suggestive language--"legitimate privacy concerns"--determination as to what constitutes "legitimate privacy" is ever codified/formalized/defined or annotated.
THIS IS A PILE OF FECAL MATTER THAT MUST NOT BE ENTERTAINED BY ANY SERIOUS POLICY PROFESSIONAL, BUT MORE IMPORTANTLY CITIZENS SHOULD CALL FOR THE IMMEDIATE SECESSION OF UN-REVIEWED/UN-AUDITED NSA ACTIVITY--NOW!!!
Obama's own Advisory Panel agrees there is zero value to bulk data collection:
“We have not identified a single instance involving a threat to the United States in which the telephone records program made a concrete difference in the outcome of a counterterrorism investigation,” the report said. “Moreover, we are aware of no instance in which the program directly contributed to the discovery of a previously unknown terrorist plot or the disruption of a terrorist attack.”
I agree the data is useful for prosecution after the fact, but disagree that it can't be used for more than that. Detection and prevention should be the areas where mass surveillance is most useful because after all it is the conjunction of all that data that enables pattern detection.
I feel pretty certain that the potential use of this technology is great, even if it hasn't been fully realized.
But like any technology it is a double edged sword, and it can excel at enabling the oppressive exercise of state power, which is obviously what drives people's fear of it.
So the truly important question is not whether this technology is or can be effective. The real question is whether our democratic institutions can be effective at harnessing such power in a way that prevents abuse. Those who answer this question pessimistically are busy trying to attack the efficacy of such technologies, which is avoiding the harder questions, confusing the issue, and risking throwing the baby out with the bathwater. This is taking the easy approach, which isn't necessarily the best approach.
Ultimately it comes down to whether you fear terrorism or your own government more. I think there are strong arguments to be made that we should fear terrorism less than we seem to. But I don't think that the only way to reign in the government is to deny them access to technologies. If that were true, we would also have to prevent the government from possessing so much powerful military weaponry.
Given a choice between completely blocking government ability to perform mass surveillance, or substantially strengthening our democratic institutions, I would happily opt for the latter. What we must not do is leave current surveillance powers intact without taking extraordinary measures to improve government transparency, strengthening judicial powers to prosecute government officials, and bolstering citizen power to legally challenge and punish government for the abuse of surveillance data. By abuse of surveillance data I mean using it for purposes of blackmail or defamation, or unjustly applying such information in service of the powers of arrest, detention, and confiscation.
What is the difference between both? In US (I suppose) Snowden would go to jail, too ... or he would have a deadly accident before reaching US territory.
In Australia the NSA's activities would not be illegal. There is no constitutional protection and the laws carve out the intelligence community to give them pretty much free reign. So a leaker would have no grounds to break confidence in Australia. Such a leaker would just be a criminal as Australians have limited civil rights. Australians don't have free speech rights either, just a limited form of free political speech.
Now there are UN rights assigned by agreements and I'm not sure how they stack-up but I'm ignoring those to keep things simple.
In the US, the mass surveillance is illegal under the Fourth Amendment. The founders wanted to protect a future Paul Revere and all other citizens from oppression. Even Prof Geoffery R Stone has "evolved" his mind on this and now agrees with that. So Snowden is a classic whistle-blower, though, as an intelligence community member, he has no formal whistle-blower protection. Revealing the TAO gadgets, Quantum computing, etc wouldn't all fall under that category but some, such as the router exploits enable, or threaten to improve, mass surveillance, so it becomes a balance on which Snowden relies on his picked journalists.
It is a little hard to argue that Snowden didn't blow the whistle and start a significant debate. Bruce is intimately involved in the debate as even Congress doesn't know and understand what is going on and asked for some guidance. Eisenhower asked for Snowden to come forward as a vigilant citizen in his 1961 farewell address.
The good staff at the NSA seem to be carrying out excellent service to execute faithfully their orders but it is the brief from management and the politicians/executive that is wrong. There have been plenty of people leave the intelligence community disillusioned but have chosen to remain silent. There is honour in that path of silent conscientious objection. A few such, as the ThinThread group, have spoken out some. Snowden realised that it was illegal and decided to be one of "a few good men."
In Russia, Brazil, US, he would be a whistle-blower due to their constitutional protections. Goodluck getting a fair trial in Russia as protections in name and reality may be quite different as the US is now showing. In China & Australia, he would be just a criminal as there are no reasonable protections.
In terms of assassination, there have been precedents for even US-based assassinations of sleeping political activists (COINTELPRO), which is the kind of facing of danger that potentially makes a whistle-blower a hero.
@ Jeff Johnson
...my internal troll alert triggered reading your last post...but that's assumptive of me and basically unfair to you. Now I've identified a weakness in my assessment, what institutions are nefarious at is admitting weakness. Corporations, governments, and organizations put much more energy in mitigation than what I would term planning. What's the difference, planning includes space for events that present failure of some component. To some degree it is a more organic approach to institutional operation. Organizations focused on mitigation are more susceptible to catastrophic failure.
Your statements are an affirmation of that tendency in a anecdotal way, by stating that the fear is based on the technology is bogus--I call you on it. Fear regarding these issues applies to use, people no little of operable theory about these systems let alone their application in socio-economic or socio-political systems.
Your embracing of democratic principles over fascism is reassuring...
I find your thesis/hypothesis/supposition seriously flawed.
What we must not do is leave current surveillance powers intact without taking extraordinary measures to improve government transparency, strengthening judicial powers to prosecute government officials, and bolstering citizen power to legally challenge and punish government for the abuse of surveillance data.
There is zero capacity for this to happen.
They had no business grabbing all of that data in the first place.
There is no way to guarantee safety with such powers. Have another major attack, especially, and it will be abused.
Detection and prevention should be the areas where mass surveillance is most useful because after all it is the conjunction of all that data that enables pattern detection.
Even theoretically, how could this be used for detection and prevention? Sort through all SMS messages for key words?
Terrorists have loose connections typically even with chokepoints, such as known terrorist advocating groups, mosques, training centers. There are few terrorist attacks which have happened where simply watching those choke points and watching those engaged there could not have brought up suspects.
Bizarre exceptions include lone wolf situations, though even they tend to have had some kind of contact with a major terrorist advocating center.
There is no legitimate reason to surveil **Everyone**.
There are an enormous number of illegitimate reasons to surveil everyone.
Round up all Japanese. Round up all Atheists or Christians. Round up all homosexuals. Sell the data to marketers. Round up all Democrats or Republicans. Who went to a radical conference twenty years ago? Maybe tomorrow, Democrats or Republicans will be as banned as Communists were in the fifties.
Meanwhile, we have severe crime rates continuing and obvious terrorist suspects like the boston bombers are not watched.
Indited for security theater
The only principals with residual relevance on the Federal side is the PCLOB board. The only reason they have residual relevance is the drunk on power audience is at step 1 in a 12 step program.
So when they sober up, they will realize a next president can use the PCLOB's findings as legit cover to wreck the legacy of the King in Chief. Sounds like the board knew they would be personally at risk for not joining the choir on the Kings nakedness.
Love a FED demonstrating hot to speak truth to power. Wow 5 of them in a row must feel like a black hole to the big-O+nsa.
Would it be wrong to wonder (aloud) how long until we see character assassination attempts on their family, their business partners and associates justified by the same logic used to justify the NSA trumping the constitution?
I think it would be profoundly short sighted to conclude the administration would see the (5) as less of a risk to the administration then Iran an existentially threat to Israel.
"The ... bulk telephone records program lacks a viable legal foundation," the board's report said, adding that it raises "serious threats to privacy and civil liberties" and has "only limited value." The report, further, said the NSA should "purge" the files.
"The connections revealed by the extensive database of telephone records gathered under the program will necessarily include relationships established among individuals and groups for political, religious, and other expressive purposes," it said. "Compelled disclosure to the government of information revealing these associations can have a chilling effect on the exercise of First Amendment rights."
The panel added that the program "implicates constitutional concerns under the First and Fourth Amendments."
The report also rejected claims that the program was necessary to cover up a gap in intelligence arising from a failure to detect Al Qaeda members in the United States prior to the Sept. 11, 2001 terror attacks. U.S. officials had claimed that the phone data collection program would have made clear that terrorist Khalid al-Mihdhar was calling a safehouse in Yemen from a San Diego address.
"The failure to identify Mihdhar's presence in the United States stemmed primarily from a lack of information sharing among federal agencies, not of a lack of surveillance capabilities," the report said. "This was a failure to connect the dots, not a failure to connect enough dots."
Along with its call for ending bulk phone surveillance, the oversight board report outlined 11 other recommendations on surveillance policy,
Bruce, I'm sure your all over this, do you know / or can post the link or the final report? :)
"When the government collects all of a person's telephone records, storing them for five years in a government database that is subjected to high-speed digital searching and analysis, the privacy implications go far beyond what can be revealed by the metadata of a single telephone call," the majority wrote."
Let hope the voters reconcile this before the harm to business degrades public trust in companies that are internet connected. The current debate on where to house data was about as adept and tactful as an embalmer floating an idea to prepare the dead in public at the location they passed on at, as if to imply the companies of course should implicitly allow whatever the govt wants and use the data where its confidentiality died.
What a pathetic state the country is in. Were way beyond trying to stuff cats back into the bag phase. Somewhere in the making of the sausage observation that it is truly horrifying and daddy is mean when hes drunk stage of our 12 step.
I posted a link to the Privacy Board's report above.
For me the issue is simple
1) Surveillance Electronics are practically free and will only get cheaper as volumes increase
2) Data storage costs are also close to zero, especially if most of the information stored is metadata
3) Data transportation costs are minimal and halving every 5 years (or so dont have the latest figures)
4) There is no shortage of exploits, and if a situation ever develops where exploits demand exceeds supply we can easily produce more exploits.
5) Oh btw we dont much care is other governments piggy-back on this as long as they dont do so within the US. maybe we'll even share...
6)Oh yea in case I forgot to mention it we do have judicial oversight of something similar...so it's all good
The problem is that enacting new laws / enforcing existing laws or just recognizing the validity of the US constitution only effects item 6) which is way way out weighed by the benefits of items 1) through 5).
@Jeff Johnson: "Those who answer this question pessimistically are busy trying to attack the efficacy of such technologies, which is avoiding the harder questions, confusing the issue, and risking throwing the baby out with the bathwater. This is taking the easy approach, which isn't necessarily the best approach."
Some, perhaps. It's interesting that you seem to have assumed that I'm only attacking the technology (or want to curtail government use of it), and not ALSO advocating "substantially strengthening our democratic institutions". It's not an either/or - we can walk and chew gum at the same time, no?
It's quite clear that the NSA's use of the technology to which is has access is indiscriminate, at best. Also not cost-effective. Possibly (depending on which legal opinion you believe) illegal. So right now, I'd rather they don't play with toys they've proven they can't use responsibly.
IF strong oversight and safeguards are introduced that can ensure that intel agencies can only use the technologies in responsible ways (targeted use, probable cause, judicial oversight), THEN I'd be more comfortable with them continuing operations. Given that that's 1) much harder, and 2) seemingly unlikely in the current political climate in the US, I'd like to see their toys taken away immediately.
Of course, verifying that they no longer have access to their toys is possibly as difficult as bringing about an environment in which they can only use them responsibly anyway. That doesn't mean we shouldn't do it.
Someone recently on January 18th at noon said he, "ordered that the transition away from the existing program will proceed in two steps," Effective immediately, we will only pursue phone calls that are two steps removed from a number associated with a terrorist organization instead of the current three.”
If that is not classic privileged escalation con, I dont know what is. It presumes entitlement and while failing to justify or present an authority or grant under which he is authorized to escalate to decision conclusioning executive martial law mode, he never back tracks to show or point to where by Law he was ever authorized or entitled to violate or tamper with the Law in the first place.
Next he says in step two of his master plan to take over the world (yes I was thinking Pinky and the Brain), he will rely on the authority of a direct subordinate, the AG and a community of unelected spys he funds for a new authority to meet or exceed his current authority which was never granted. And he just escalated again and effectively told the AG if you want to keep your Job and the spys if you like your current toys step 2 is give yourself new ones and don't have another Snowdon!
In summary, next time some one says to you "if you don't do bad why should you care about domestic spying ?"or who say both parties are two halves of the same coin and are all bad, so why care when the elected righteously nullify the 1st and 4th constitutional amendments, please consider thoes January 18th carefully chosen words
And realize the who, can be you who is 2 steps from a bad actor, ponder the definition you think he will stop at of what a "step" is.
Any good operator knows it only takes 3 steps to take your next target down.
Previewing and not submitting.
Clicking close on the browser and running bleach bit..
@ Matt Hurd
Thank you for this interesting and helpful answer!
Barry Friedman's (NYU Law School Professor) provides a nice summary of the Privacy Board's Report (I added the breaks and numbers):
Section 215 Telephone Metadata Collection: The Privacy and Civil Liberties Oversight Board Trashes Pretty Much Everyone
"Here’s what the majority had to say:
1. the data collection we all have been focused on obsessively since the Snowden leaks began long before the government sought legal authority;
2. the supposed authority, Section 215 of the Patriot Act, doesn’t remotely authorize what is going on;
3. that provision applies to FBI investigations not the NSA anyway;
4. as a matter of law congressional actions delaying the expiration of Section 215 authority could not possibly have approved the bulk telephone data collection program;
5. even if Section 215 did permit this data collection, there is reason to doubt – it’s a tough question – whether such authorization would be constitutional;
6. the telephone companies violated federal law in turning over the information in response to the Section 215 order;
7. the Foreign Intelligence Surveillance Court is hobbled by its lack of adversary proceedings or readily-available appeals;
8. the telephone metadata program was pretty much useless in catching terrorists or stopping terrorist events;
9. and the whole thing is a tremendous threat to liberty.
10. It should be shut down. It should not be authorized formally.
11. We should all come to our senses and remember American values."
@ Bruce Schneier
Forgot to mention that there is a clause in section 2 authorities (self designated authorities, "So how did you become King?") of PPD-28 that references EO 12333--which has on glaring exception to surveillance restrictions--that is collection/surveillance from overhead. Literally the language (as I don't recognize it as a valid statue), doesn't recognize property rights to the area near or about your head.
For example, if zoning laws allow whatever structural feature that reaches into the sky, a drone flying at that altitude is an act of trespass. And I argue it is criminal trespass, as you cannot post a sign in the air and licensed operations of flying/space vehicles require strict adherence to domestic law--i.e. when flying over France you are liable or prosecutable under French law. Which makes requirements of those operating in the air subject to local jurist prudence--including my right to hold private my property.
Maybe I can borrow one of Google's blimps and fly a sign over my facility and flash warnings:
"Trespass, of any kind or type, will be considered criminal in nature. This forewarning respecting the breach to boundaries of this [put your address here] registered land recorded in the [county name here] will be met with force."
Got a fresh flack jacket and a turreted AA gun at the ready.
As far as anything the U.S. Government says, I have taken the rule that says whenever anyone from the Government says something "If their lips are moving, They are lying". It seems to work for me most of the time.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..