Pre-Snowden Debate About NSA Call-Records Collection Program

AP is reporting that in 2009, several senior NSA officials objected to the NSA call-records collection program.

The now-retired NSA official, a longtime code-breaker who rose to top management, had just learned in 2009 about the top secret program that was created shortly after the Sept. 11, 2001, attacks. He says he argued to then-NSA Director Keith Alexander that storing the calling records of nearly every American fundamentally changed the character of the agency, which is supposed to eavesdrop on foreigners, not Americans.

Hacker News thread.

Posted on November 20, 2014 at 2:42 PM • 32 Comments

Comments

Bauke Jan DoumaNovember 20, 2014 4:22 PM

Very nice to see spotlight on individuals, like crook-by-any-standard Keith Alexander.
Maybe, just maybe some day these lowlife thugs are brought in front of a grand jury.

AnonNovember 20, 2014 10:36 PM

I would think having NSA store the data could actually improve privacy. If you asked the average person, who wasn't engaged in criminal activity, why they want privacy, you'ld probably get the following answers:

1) protection against credit card fraud/identity theft.
2) making sure the wife/SO doesn't know I'm having or had an affair
3) avoiding corporate espionage and theft of trade secrets
4) What's NSA again?

If you're going to store archival data somewhere and want to protect against threats 1-3, it really becomes a question of whether you trust the phone companies or NSA to implement better computer security and vetting of their employees. Even with the Snowden debacle, I would put my trust in NSA over the phone companies.

Bruce MangeeNovember 21, 2014 7:00 AM

I was watching a Chaos Computer Congress video years ago, where one of the NSA whistleblowers gave his speech.
But my only thought was: "See, now you get surveilled too. Told you so."

There is a saying from a judge at a constitutional court in Germany: "Wo ein Trog ist, kommen die Schweine"

durakiNovember 21, 2014 7:14 AM

OFF-TOPIC:
Wow, the Tor guys sure are covering themselves in glory. Now they've gone and made their metrics page java-only. Er, that's going to go down well...

Clive Robinson November 21, 2014 7:37 AM

@ duraki,

Wow, the Tor guys sure are covering themselves in glory...

Maybe it's their idea of a subtle "Warrant Cannery" singing from the depths of their project ;-)

Frank WilhoitNovember 21, 2014 7:44 AM

Every discussion of the history of this program must focus exclusively on the Qwest discovery, which shows that it began in mid-February 2001. It was therefore literally the first action of the incoming Republican administration and was therefore motivated exclusively by domestic politics. Start there and end there, every time.

jonesNovember 21, 2014 8:43 AM

The debate goes even further back.

FBI Director James Comey (who has recently been discussed on this blog in connection with the re-instituting of crypto export restrictions) was acting Attorney General when John Ashcroft was hospitalized.

Alberto Gonzales tried to get Comey to re-authorize the NSA program, and Comey refused:

http://www.nytimes.com/2007/05/16/washington/16nsa.html?_r=0

The NYT article is from May of 2007. The event in question was in 2004.

AlanSNovember 21, 2014 10:13 AM

@Jones

Makes for a dramatic story but like the intervention posted by Bruce above had no significant impact on the NSA's activities.

Here's Margo Schlanger on the Comey-Gonzales face-off at Ashcroft's hospital bedside:

This was a group of lawyers who stood up to extreme pressure to tell their client—the President—“no,” loudly (if in secret), and backed by threat of group resignation. In a speech several years later to Intelligence Community lawyers, Comey talked about the need for his listeners to “stand in front of the freight train” when pushed by their clients to sign off on a collection technique or target they believe to be unlawful. The hospital bed incident, live in audience members’ memories, gave Comey credibility.

But what did this incident actually accomplish? Recent disclosures underscore that the dramatics were entirely out of scale to the actual, limited result, which was a pause—not a stop—to the challenged collection. What had previously been an entirely executive initiative was pushed into the FISA Court’s tent by a massive expansion of FISA’s pen register provision. The authority under which the collection proceeded, four months later, was new, but the program was the same. Comey and his colleagues’ actions were less standing down a freight train, and more the ordinary lawyers’ task of assisting a client to make adjustments in order to accomplish operational goals using different methods. This was a compliance improvement—and it served rule-of-law values. But as far as the civil liberties impact, the change was all but symbolic.

Bruce EdigerNovember 21, 2014 10:33 AM

Before analyzing this article, please check authorship. It's by Ken Dilanian, the ex-LA Times writer who used to run his drafts past the CIA: http://www.politico.com/blogs/media/2014/09/ken-dilanian-sent-cia-drafts-of-stories-194906.html

With that info in hand, we can read this article two ways:

1. Supposing Dilanian is still in cahoots with the CIA, this article is a CIA shot across the bows of the NSA in some turf war. If so, it's probably true, but doesn't really matter.

2. Dilanian is now tight with the NSA, which means this article isn't necessarily true, and it's part of some NSA media manipulation, perhaps to make old management look bad now that they're gone. That would be consistent with the NSA throwing Keith Alexander sort of under the bus with the financial disclosures.

There is the very slim chance that Dilanian isn't running drafts past anyone except his editors, but all that does is reinforce Snowden's point that there were no effective internal channels for raising concerns, like 4th Amendment over reach. The US government, and apparently most of the USA citizenship, only care about 2nd Amendment over reach.

65535November 21, 2014 10:43 AM

“By 2009, several former officials said, concern about the "215 program,…had grown inside NSA's Fort Meade… to the point that the program's intelligence value was being questioned. [partly]…true because, for technical and other reasons, the NSA was not capturing most mobile calling records… But the government ultimately decided against changing what most officials still view as a necessary bulwark against domestic terror plots, Alexander and other former officials said. The program collects and stores so-called metadata on every landline phone call made in America — the phone number called from, the phone number called and the duration of the call. Some estimates have said the program collects records on up to 3 billion calls a day.” -AP

1] We now know that all American’s landline telephone meta-data, and some mobile phone meta-data was scooped up by the NSA. That would include Doctors, Lawyers, Judges, Journalist, Politicians, Insurance companies, High Tech companies, suicide hotlines, small business, probably Federal Employees, State employees, Teachers, Government Protestors, People in political PAC's, speed dial list, Fax contracts, contacts chaining and an unknown portion of people in mobile telephone sector, and on and on. The playing board is tilted against us. This must stop now.

2] This dragnet of telephone spying continues at a larger rate including mobile phone users and Voice over IP calls [3 billion per day or about 94 calls per day of each and every American resident].

This is a huge amount of personal data. The mass surveillance must stop. I suspect it only goes on to keep those in power – firmly in power.

[3,000,000,000/319,123,000 USA residences]
https://en.wikipedia.org/wiki/Demographics_of_the_United_States

Here is where the reporting gets papered over. “…the government ultimately decided against changing…” As the AP glosses put it.

Further down the AP blandly states, “Justice Department lawyers” who are unnamed. “By the end of 2009, Justice Department lawyers had concluded there was no way short of a change in law to make the program work…” -AP

Which Justice Department Lawyers?

I can only assume these programs were not only endorsed by our new President but expanded [much to my dismay and many others on progressive side of the political spectrum – which is somewhat inexplicable.]

The AP notes that: “Only 30 intelligence employees are permitted to access the database, officials have said, and it is done about 300 times a year.” – AP

I would like that statement clarified. Does, this include “contractors” such as Snowden? Does this include Air force drone units, Army units, Navy units, Marine units, Cost guard units, Agents of ICE, Agents of the DEA, Agents of the Secret Service, and so on. I suspect it does.

Some people have stated the final legal/political solution is a “Constitutional Showdown” between the Courts and the President’s authority. I don’t see that in the near future.

I suspect a number of players are benefiting the Dragnet surveillance system. Until those you benefit are exposed this Dragnet Surveillance will continue [including all who benefit financially].

WaelNovember 21, 2014 10:54 AM

@Keiner,

63 oversea-cables tapped...
The article says:
So liste der Geheimdienst GCHQ in einem Dokument 2009 insgesamt 63 Untersee-Internetkabel auf, die er anzapfen konnte – bei 29 davon sei das fragliche Unternehmen als Abhörhelfer gelistet
I have never seen a communication cable over sea :). Under-sea or sub-sea/ocean is a better translation ;)
Gerontic, what a funny name for a company! Are they selling Wheelchairs or nappies for pensioners?
The word means: "Of or pertaining to the last phase in the life cycle of an organism or in the life history of a species" -- a dreadful name choice! Seems they are planning on selling bodybags and graves for the end of the world (or whatever species they are after.) Then again, maybe you and I are just "organisms", and we are not aware of it!

Sniveling ratfaced gitNovember 21, 2014 11:00 AM

Good for skeptical, sloughing off the original nym, which had long since become a laughingstock. Anon is hip, now, Wow! - evoking shadowy anarcho-syndicalist cybernauts instead of dim-witted beltway asskissers. Nice work there, too, trying to moderate the telltale pomposity of the government tax parasite sucking federal tit. Naturally, any hint of vestigial integrity among civil servants would bring him back to save the day. So here he is with the new government propaganda line.

Step 1: characterize the American public as morons.
Step 2: Put on your pointy moron hat and swear fealty to NSA. Very convincing, for your moron audience. Especially convincing if you use the word "trust" (but not, if you can help it, the words "far as I can throw them.")

The basic idea here is to make privacy a quotidian utilitarian calculation instead of a protection for humans against this criminal state. This has been one of skeptical's axiomatic lies all along.

Bob S,November 21, 2014 12:25 PM

Re: AP quote... "only 30 intelligence employees are permitted to access the database, officials have said, and it is done about 300 times a year."

Translation: "We have 30 full time employees accessing data 300 8+ hours per day out of 365 days per year. (We don't ransack data on weekends and some holidays, ((unless we feel like it)))." ~STASI-Я-U.S.

It would take mass protests by millions of Americans (ala' Viet Nam War) to bring about the slightest change in the way they work. I honestly don't see that happening soon. They may slip up badly some day and burn some fat cat or mega-corporation that would raise a ruckus. Even that is unlikely since most of the major data corps are on the payroll to the mob one way or another.

I could see some genius or small group creating leap frog technology that would shut them down. I wish I had the smarts to do it.

Anon2November 21, 2014 1:26 PM

@Anon:
And none of those reasons are why the NSA shouldn't have the records.

The real reasons citizens should not want the government have their records are:
1) It's their records - the government is not entitled to them without cause.
2) The possibilities of government corruption is too large. This includes:
a) vote rigging by blackmail (house/senate/SCOTUS etc)
b) election fraud by targeted get out the vote (and stay home) vote campaigns
c) destruction of political opponents in elections (via anonymous leaks to media)
d) glass ceilings on government employees due to private matters
e) usurpation of representative government with secret courts producing secret laws
3) The policy is bad for US businesses. You expects foreigners to use Facebook now?
4) Blanket surveillance costs a fortune and it's ineffective for catching bad guys.

And most importantly, just because the NSA has the records doesn't mean the phone companies suddenly do not - they will both have the records. Thinking that the records will disappear from the people who actually need them because a copy is given to the government is silly - thus any point about increased security is also laughable.

AnonNovember 21, 2014 2:05 PM

@Anon2

It's not silly to think that the phone companies won't have the records, because some of them don't have that data now. FCC regulations only require phone companies to maintain call records for 18 months and some phone companies don't store the data much longer than that. Some of the data older than 18 months only resides on government databases.

NobodySpecialNovember 21, 2014 2:18 PM

5, extra security costs for business
I already have to secure my network against criminals, cyber-terrorists (apparently) and the entire state security apparatus of unfriendly countries.
But now the zero day exploits that make all that possible aren't being fixed because my own government wants to spy on me as well.

jonesNovember 21, 2014 5:03 PM

@Alan S

I agree these "interventions" have little impact; I think the non-technical solution is for people to use the Internet a lot less. I understand that might be difficult for certain businesses, but most people don't need to post everything they do every day on FaceBook.

That said, what I find interesting about the NYT link is how Comey came off looking like a civil liberties hero during the First Bush Administration, and now he's using his FBI bully pulpit to attack crypto -- which is the technical solution to the problem he took action against in 2004.

So what has changed since 2004? Is it the media coverage of these and related events, has Comey decided to stop fighting a losing battle, or does somebody have something on him?

The blackmail implications of this type of surveillance can have policy impacts too:

I.e., Jane Harman:

http://voices.washingtonpost.com/washingtonpostinvestigations/2009/04/jane_harmans_mysterious_conver.html

Rep. Jane Harman is asking the Justice Department to release its transcripts of wiretapped telephone conversations she reportedly had with a suspected Israeli agent in 2005 or 2006, according to the Wall Street Journal.

It had been reported several years ago that federal investigators looked into the California Democrat's discussions with the suspected Israeli agent. But yesterday, Congressional Quarterly's Jeff Stein published significant new details, including the allegation that the conversations secretly captured by NSA wiretaps were "directed at alleged Israel covert action operations in Washington."

Stein's account, and follow-up articles today, raised questions about the conversations' links to at least two ongoing Washington scandals: the espionage case against two officials of the main Israel lobbying group and the NSA's secret domestic surveillance wiretap program.

See also:

Eliot Spitzer

http://www.washingtonpost.com/wp-dyn/content/article/2008/03/10/AR2008031001482.html

Anon2November 21, 2014 5:13 PM

@Anon:

So data that is one and a half years old is essential for national security?! What on earth for? If the NSA only just notices a terrorist website that's been up for 2+ years, then they're a) doing it wrong, and b) going after people who have not visited the site in over 1.5 years is probably a waste of time. If the NSA has been monitoring a particular site/phone/whatever for a long time, nothing is stopping them from storing THAT information pretty much indefinitely internally. Storing EVERYONE's data pretty much indefinitely without suspicion so they can do fishing expeditions later is the problem.

The only thing such indefinite retention of bulk data would be useful for is precisely the reasons I outlined in my original response to you - things like blackmailing representatives and judges with the fact they called an escort service or dope dealer 5 years ago, or used to destroy opposition candidates once the keepers of the data get into a tough campaign race.

I'm curious, why do you think there is a need for this old data? Is there a legitimate national security use case for 18+ month old data (one that could not be achieved by other means which do not violate the constitution)? How long do you think you think everyone's data should be stored then?

AlanSNovember 21, 2014 5:37 PM

@jones

I think the explanation is that Comey is a lawyer. He was behaving like a lawyer in 2004 and he is still behaving like one in 2014. This is Schlanger's argument. She goes on to write:

Yet it is no coincidence that that incident did not catalyze a civil liberties advance. In fact, this Article’s core argument is that intelligence legalism, though useful, gives systematically insufficient weight to individual liberty. Legalism legitimates liberty-infringing programs. And its relentless focus on rights and compliance and law (with a definition of law that includes regulation, executive orders, court orders, etc.) has obscured the absence of what should be an additional focus on interests, or balancing, or policy....The NSA and the IC more generally have thought of civil liberties and privacy only in compliance terms. That is, they have asked only “Can we (legally) do X?” and not “Should we do X?” This preference for can over should is part and parcel, I argue, of intelligence legalism.

Also worth reading is Jennifer Granick's critique of Schlanger's argument. She takes in a step further. She argues that the the IC isn't just asking "can we legally do X?" but "how do we manipulate words to make it appear like we can legally do X?" As such the army of IC lawyers are actually abetting a culture of lawlessness.

LavBNovember 22, 2014 9:11 AM

Very true AlanS. In most US municipal (that is domestic) law, bad faith doesn't apply to criminal law, only contract law. But treaty bodies have explicitly pointed out that US government policy is based on bad-faith perversion of supreme law. To make the point, they push government legal hacks into a corner until they're reduced to robotically repeating humiliating absurdities. It's very entertaining to watch.

Take suspicionless border searches. DHS demands a government prerogative to search on the basis of hunches or notions or whims with no rationale whatever. That is arbitrary interference, and it's illegal. You can't write that into law, it's the negation of law. But the government pays thousands of drones to make up word salad to conceal it and the binding law it breaks.

AlanSNovember 23, 2014 2:10 PM

@jones

What I found interesting in the link you provided was the secrecy.

I think the issue isn't so much that language of rules and regulations are manipulated. Meaning always emerges and evolves as part of changing practices and often that change involves conflict. But in this instance the new meanings (and practices) are created and foisted on us in secret. There is little public negotiation or accountability. A self-interested community negotiates meaning in secret as a political tool to satisfy its own ends.

See also George Orwell's essay Politics and the English Language. It's no surprise that language plays a key role in some of his best-known works e.g. Animal Farm and 1984.

Also see earlier discussion of Wittgenstein and ordinary language philosophy in this thread and comment here. And discussion of agnotology here.

itwasnttrendythenNovember 23, 2014 9:28 PM

American intelligence agencies don't have to do much PR work or mitigation. Any type of organized response is diluted into petty anti-socialism or credibility wars in the private sector and social media. For example one of the people who actually created the software infrastructure that Snowden speaks of exposed it over a decade earlier but nobody noticed because it was an awkward old guy who wouldn't trend on hipster security sites..

We make the superficial garbage pale we live in EVERYTHING it is.. Wahhh people who have authority are just like people they represent and govern..

I think the only reason it's big now is because fear is profit and everyone wants to sale blog content and books..

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.