National Academies Report on Bulk Intelligence Collection

In January, the National Academies of Science (NAS) released a report on the bulk collection of signals intelligence. Basically, a year previously President Obama tasked the Director of National Intelligence with assessing "the feasibility of creating software that would allow the Intelligence Community more easily to conduct target information acquisition rather than bulk collection." The DNI asked the NAS to answer the question, and the result is this report.

The conclusion is about what you'd expect. From the NAS press release:

No software-based technique can fully replace the bulk collection of signals intelligence, but methods can be developed to more effectively conduct targeted collection and to control the usage of collected data, says a new report from the National Research Council. Automated systems for isolating collected data, restricting queries that can be made against those data, and auditing usage of the data can help to enforce privacy protections and allay some civil liberty concerns, the unclassified report says.

[...]

A key value of bulk collection is its record of past signals intelligence that may be relevant to subsequent investigations, the report notes. The committee was not asked to and did not consider whether the loss of effectiveness from reducing bulk collection would be too great, or whether the potential gain in privacy from adopting an alternative collection method is worth the potential loss of intelligence information. It did observe that other sources of information -- for example, data held by third parties such as communications providers -- might provide a partial substitute for bulk collection in some circumstances.

Right. The singular value of spying on everyone and saving all the data is that you can go back in time and use individual pieces of that data. There's nothing that can substitute for that.

And what the report committee didn't look at is very important. Here's Herb Lin, cyber policy and security researcher and a staffer on this report:

...perhaps the most important point of the report is what it does not say. It concludes that giving up bulk surveillance entirely will entail some costs to national security, but it does not say that we should keep or abandon bulk surveillance. National security is an important national priority and so are civil liberties. We don't do EVERYTHING we could do for national security -- we accept some national security risks. And we don't do everything we could do for civil liberties -- we accept some reductions in civil liberties. Where, when, and under what circumstances we accept either -- that's the most important policy choice that the American people can make.

Just because something can be done does not mean that 1) it is effective, or 2) it should be done. There's a lot of evidence that bulk collection is not valuable.

Here's an overview of the report. And a news article. And the DNI press release.

Posted on February 9, 2015 at 6:16 AM • 42 Comments

Comments

Rufo Guerreschi February 9, 2015 7:50 AM

If Herb Lin is right, which I think she is than we should all be looking for win win solutions whereby both rights and requirements are protected and enacted. Almost noone on the mainstream civil liberties side is doibg that.

WinterFebruary 9, 2015 8:09 AM

The main problems with the bulk collection are not addressed (or only partially):
1) Transparency
2) Accountability

We, as the observed, should be able to know at some time and at some level what has been collected and, even more important, how it has been accessed and used. Until that is achieved, we can never ever trust that the data is used to our benefit, and not to our detriment.

And we should be able to hold anyone and everyone accountable for their use of our data. An agent or employee who has abused his access, say, by sharing some of my photos or data for private use, should be put on trial and I should have a way to know my data have been abused and a way to get redress.

Dr. I. Needtob AtheFebruary 9, 2015 9:59 AM

"... that's the most important policy choice that the American people can make."

Hey, I'm an American person! I'm a bit skeptical that I have any say in this policy choice though.

ONPIFebruary 9, 2015 10:50 AM

The NSA report will be a useful template for future ODNI reports on other handy but illegal methods.

The committee was not asked to and did not consider whether the loss of effectiveness from reducing sexual exploitation of children would be too great, or whether the potential gain in child welfare from adopting an alternative blackmail method is worth the potential loss of intelligence information. It did observe that other sources of information -- for example, bestiality -- might provide a partial substitute for sexual exploitation of children in some circumstances...

The committee was not asked to and did not consider whether the loss of effectiveness from reducing the practice of slitting your penis open would be too great...

etc., etc., etc.

x0017AFebruary 9, 2015 11:10 AM

This definitely seems like it falls in the "ask a stupid question, get a stupid answer" department - which I'm sure is intentional. I suppose it's possible that it's necessary to formalize these sorts of thing as a pre-requisite to discussing the potential benefits, but I doubt that'll be how this sort of thing is used.

I heard a debate recently where the question was, "Is bulk suspicionless surveillance constitutional?" where the pro-surveillance point of view was basically, "It would be very dangerous to jettison this project" - which doesn't actually address whether or not it's constitutional, just whether or not it's a good idea. There may be things that are constitutional that are a bad idea things that are a good idea that are unconstitutional, but they are two different questions; the constitutional amendment process was designed specifically to allow for unconstitutional things that are a good idea to become constitutional.

paulFebruary 9, 2015 11:38 AM

Sometimes new tech enables great leaps in capability. Sometime lack of new tech enables great leaps in capability. This discussion is beginning to remind me of hype that surrounded simulated annealing for integrated circuit design in the early 1980s. By using ridiculous amounts of computing (which IBM just happened to have)and a halfway decent scoring algorithm, you could get results that were an order of magnitude better than what other people were doing. Until other people got slightly more computing power and started applying specialized tweaks and hacks and heuristics and all the expertise that people had gained over decades of designing circuits. One of the researchers once summarized it as "simulated annealing is a great method to use if you don't know what you're doing.

I think the same is likely true (except for the "great method to use" part, because, y'know, really not that many successful results) for universal collection, and the NSA is now approaching the regret stage of "Be careful what you wish for."

GweihirFebruary 9, 2015 11:47 AM

Bulk collection is extremely valuable if you want to control individuals later. If somebody raises to a high position, just look in your data-pool for what juvenile or stupid things that person may have done and you own them! Think of what happens when the NSA finds some really juicy bits about a new president in their collection. Or if some opponent of snooping manages to acquire a larger group of followers.

Other than that, the only value of bulk collection I see is that it allows misdirection when some terrorist action has happened by speeding up identification of the perpetrators. That this has zero prevention value is something the average person is apparently not equipped to understand. Hence it allows those in power to create the illusion that they are actually fully in control.

Bob S.February 9, 2015 12:03 PM

Government mass surveillance is effective at suppressing free speech and communication.

It is effective in making the people fear government. It is an effective way for government to gain power over the people and thus to control them.

If I was the government I would spy on everyone, too, just like the olden days kings did. It's a way to get and keep power by taking power away from the people.

From the government view, there is no downside to mass surveillance at all.

Indeed, the ruling class would be foolish not to expand their surveillance powers. They would be wise to brand anyone who complains about mass surveillance as a traitor and criminal.

In a way that can make us safer: People who don't complain can feel safe from government oppression and punishment.

This has all happened before, many times. Only the technology is different.

albertFebruary 9, 2015 1:19 PM

Seems to me I've heard that song before....Oh, yeah, torture doesn't work, but we'll keep doing it anyway.

We don't have transparency in gov't, but we do have 'transparency' in gov't 'studies' and 'reports'; we know exactly what the results will be.

Spying has never been effective in preventing terrorism, only in punishing the perps after the fact. This is why Gitmo is still open for business. What is this fetish for punishment all about?

Actually, a little terrorism is helpful in keep the public in line and those TLA budgets bloated. FUD is a very effective control technique.

From the 'report': "...Automated systems for isolating collected data,...". That's supposed to make us feel better? "Automated systems" are never going to be effective for that. Does anyone believe this will work? I'll bet the NSA doesn't.
Over-reliance on computers has gone from being a nuisance, to being downright dangerous. I'm not even talking about computer security, though it's obviously a serious issue as well.

@Dr. I. Needtob Athe,
"...I'm a bit skeptical that I have any say in this policy choice though. ..."
You have my vote for understatement of the year, so far. As individuals, there is NOTHING we can do about policy. Anyone who doesn't believe this is a Pollyanna living on Sesame Street. OTH, as a group, a very large group, we do. Large groups require accurate information and organization. What's the best way to control those things? By controlling communication! Monitoring communication is the first step. Y'all know the next one.
.
I gotta go...
.
P.S. Everyone is pretty much 'dead on' in their comments....so far...

BystanderFebruary 9, 2015 1:41 PM

@Gweihir: Amen! Keeps me thinking of the famous citation attributed to Richelieu...

XofisFebruary 9, 2015 4:00 PM

Framing mass spying as whether useful for nat sec is wrong. In a power system it's useful for the exec branch to amass domestic and intl power, that's its primary use.

Clive RobinsonFebruary 9, 2015 4:20 PM

One question that has not been asked and should be is "What are going to be the likely results from the IC if the citizens of the US decide to cut back on these 'make work' systems?".

For those of you old enough and with sufficiently long memories, may remember that come the fall of the Berlin Wall and the subsiquent collapse of the Cold War, we did ask the question before and some even talked of a peace dividend where the tax money saved would be used for building the US economy and make it fit for the 21st Century...

The results were not as the many had hoped, and we now find ourselves in the position that the most intrusive surveillance on our personal lives has crossed a tipping point, where the surveillance is now nolonger a "huge sunk cost without economic benifit" but a highly profitable --on paper-- business that has become a major tax avoider, and that what was the preserve of the IC is now the bread and butter of the global corporates.

We have moved by technology from having a real "hot war" enemy, through a "cold war" with an enemy creating a real existential threat, to condition our own governments paid and trained have become the enemy that we are told we should fear our every waking moment as well as in our sleep, George Orwell would nod knowingly at where we are, and wonder if Room 101 was in Gitmo.

I have been told --but not checked-- that more people have died in the US from insect bites this decade and a half of the 21st Century than have died from terrorism. The point is the US has a population in excess of 310,000,000 so you would expect between four and five million deaths each year from various causes with about a third being needless as they are preventable often at quite low cost. So to focus so many resources on terrorism is not just stupid it's also insulting to the relatives of those million or so who have died relativly easily preventable deaths.

Thus when we talk of the spending involved with surveillance we need to include the money involved not just with the waste in the IC but also the surveillance corporates like Google, Facebook, etc, etc, and what we get in return as individuals for the sums involved. I would not be surprised to find it was actually negative, that is it costs us disproportionately to any possible return.

I think we will find after due consideration that the "chilling effect" this surveillance has, is in fact the number one human created "existential threat" to our lives. Whilst it will probably not cause the death of humanity, it will almost certainly be the death of society as we have known it, and may very likely put us socialy back a thousand years, where we become the "surfs to m'lords".

Thus befor we cut one snake like head off of a gorgon we should consider what would grow to replace it, and how we stop it being worse than before. Or perhaps how like Persius with Medusa we cut off the real head, from which the snakes come forth.

Either way, we know a vacuum will be created, and it would be far better for us if we know how to fill it with what we want, than allow others to fill it for us. However we know from experiance that the Founding Fathers thought they had done this, however history has taught us that given the oportunity the creatures of the night will poison the minds and souls of those tasked with protecting the founding ideals. As has been observed in the past "sun light is the cure for many ills", thus there must be no shadow in which the creatures of the night can hide unobserved. History via the Church Commission has taught us that there should be no half measures where accountability is concerned, there have to be no secret no go areas, otherwise the poison seeps in.

There are counter arguments about why there are no go areas, however the one thing those arguments never address is how to stop the lack of real accountability becoming the route used to destroy society. Untill they can answer that question then society will like the ageian stables become full of corruption which will require a Herculean task every generation to wash away.

albertFebruary 9, 2015 5:41 PM

@Camp Williams requirements: 1 КАБ-1500ЛГ-ОД-Э • (!)
.
That's UN stuff. We don't read that stuff, and we marginalize it if someone has the audacity to bring it up. How do you like those APPLES?
...
@Clive Robinson
Those who flout accountability, also control accountability.
In the words of late, great George Carlin: "...It's a big CLUB. And YOU AIN'T IN IT. You and I are NOT IN the big club....",.... "...Because the owners of this country know the truth -- it's called the American Dream ... 'cuz you have to be asleep to believe it."
...
https://www.youtube.com/watch?v=rsL6mKxtOlQ

I rest my case...

Sancho_PFebruary 9, 2015 6:36 PM

I think Herb Lin adds insult to injury:

“-- that's the most important policy choice that the American people can make.”

There’s no such choice for the American people, as he knows.

Follow the money.
Who payed whom to answer a stupid question by a friendly report?

***

Before any “choice” there would be some points to publicly discuss and agree on, because there are too many ideas out in the wild regarding the meaning of bulk, collecting, search, data, metadata, content for phone and internet connections, and what is important for our privacy [1], personal security and national security, to name a few.

How could any layperson decide when there is no simple agreement between the experts on the used terms, without tongue in cheek?

How could we proceed to the more delicate points, e.g.:

1) Secret bulk collection is unethical and a crime, regardless who commits or orders it.
2) What was bulk collected in the past has to be deleted.
3) Bulk collection is wrong for a couple of reasons: a, b, c, d, …
4) Limited bulk collection may be acceptable in a very limited scope, e.g. if necessary for targeted collection (?).
If 4):
5) Limited bulk collection is collecting / accessing data of multiple entities/ accounts/ user connections.
6) Limited bulk collection is extremely dangerous to our liberal society.
7) To mitigate that risk limited bulk collection needs strict rules, control + accountability.
8) To mitigate further risk bulk collected data can not be transported.
9) To mitigate further risk bulk collected data can not survive more than 10 minutes, no back up.
10) Whoever collects bulk data is liable for processing, loss and abuse.

Next would be targeted surveillance / collection, the really hard part.
But (most of) our society has to come up to the status quo first.

[1]
For privacy and “legitimate expectation of privacy”, the famous “Smith v. Maryland” is an excellent case to discuss the meaning of bulk collection: There was a severe suspicion against one individual, and it was metadata “only”.
It was not a “search”, that is correct, but not the point:
To protect customer’s privacy the phone company can not simply “sell” the dialed number to a third party for advertisement or give it away without a warrant, nor could it allow bulk collection.
For phone metadata see also: https://en.wikipedia.org/wiki/Klayman_v._Obama

Dirk PraetFebruary 9, 2015 7:19 PM

The study was sponsored by the Office of the Director for National Intelligence. ...The National Academy of Sciences, National Academy of Engineering, Institute of Medicine, and National Research Council make up the National Academies. They are private, independent nonprofit institutions that provide science, technology, and health policy advice under a congressional charter granted to National Academy of Sciences in 1863.

Sounds like POTUS ordering a study on global warning from the Koch Brothers in their turn subcontracting it to a non-profit institution sponsored by ExxonMobil.
Did anyone, I mean anyone, *really* believe any report coming from the ODNI, an organisation lead by the guy who lied before Congress on the matter, would contain *any* critical content whatsoever? Even believing in Santa Claus makes more sense.

@ Camp Williams requirements (something)

From the UN Special Rapporteur on Counter-Terrorism & Human Rights Issues report: In it Emmerson condemns mass electronic surveillance as a clear violation of core privacy rights guaranteed by multiple treaties and conventions.

The second report is just as damning and takes a clear position that mass surveillance violates Article 12 of the Universal Declaration of Human Rights
as well as article 17 of the International Covenant on Civil and Political Rights. The ICCPR is ratified by 167 states, including the US.

Unless my reading of both reports is incorrect or the people who wrote them have no clue whatsoever what they are talking about, I believe our man @Skeptical may need to tweak his vision on the matter.

@ Sancho_P

Have you read these reports ? They're answering most of your 10 points.

NathanaelFebruary 9, 2015 7:57 PM

"Right. The singular value of spying on everyone and saving all the data is that you can go back in time and use individual pieces of that data. There's nothing that can substitute for that."

The value of doing that is almost entirely in the ability to commit blackmail and run smear campaigns. Spying on everyone and storing all the data is *very valuable* for commiting blackmail and running smear campaigns.

It has no value for actual "intelligence" (such as the state department and defense department used to do) or for real investigations.

In short, the value of bulk data collection for doing malicious and undesirable things is extremely high. It therefore needs to be banned outright, regardless of whether it might occasionally be used for something positive.

It's similar to banning bulk, untraced sales of deadly poisons, or making it illegal to murder people. The rare instance where such a thing would be useful for good purposes is far outweighed by their extremely high value for very bad purposes.

NathanaelFebruary 9, 2015 8:08 PM

"I heard a debate recently where the question was, "Is bulk suspicionless surveillance constitutional?" where the pro-surveillance point of view was basically, "It would be very dangerous to jettison this project" - which doesn't actually address whether or not it's constitutional, just whether or not it's a good idea..."

The pro-surveillance people are the dumbest sort of fools. It would actually be spectacularly dangerous NOT to jettison this project. It is spectacularly dangerous. I'll explain why....

"If I was the government I would spy on everyone, too, just like the olden days kings did. It's a way to get and keep power by taking power away from the people.

From the government view, there is no downside to mass surveillance at all. "

...unless you realize that the power of government derives primarily from the consent of the governed. This isn't a airy-fairy theory. This is just cold geoopolitical fact.

Earl Grey, a supporter of the nobility in England, recognized this in the 1820s; he told his fellow noblemen that the rising industrial middle classes felt that the existing government offered them nothing, and that the middle classes had to be "cut in" on the deal the nobility had in order to stabilize the country. He pointed to the (then quite recent) French Revolution as the alternative.

I have not read such blunt words from a person in power within a governmental system since then.

Without the consent of the governed, you need to have the consent of about 10% of the population and use them as merciless slave overseers, like the South did before the US Civil War. Less than 10% and you can't do it at all. Overseers who are half-hearted or not loyal to the regime, and you can't do it at all. Even then, you have a deeply unstable regime. It can also be done with an outside occupying military army, but the principle is roughly the same, you need the occupiers to be about 10% of the population, or you need most of the population to actually support the government.

Illegal mass surveillance massively erodes people's trust in the government and erodes their willingness to consent to it. When consent to the government falls apart, you get revolutions, peaceful or otherwise. We are much much closer to that than many people think. The government's enforcement people are defecting repeatedly, due to the illegality and totalitarianism of government policies -- Snowden is the most famous example -- so it'll be very hard to build a 10% military "overclass" to oppress the rest of the population.

If you were a smart government leader, your first priority would be preventing the government from being repudiated by the population. This seems not to even be a consideration by the dangerous clowns in the national "security" establishment, who are creating massive insecurity.

Just nuke itFebruary 9, 2015 9:55 PM

I want a report on what our lives could be like if we weren't obliged to pay for all this shit: a stupid brutal military to blow the arms and legs off noncombatant kids and keep us well supplied with enemies; pigs who kill black guys for sport; secret police to find simpletons or malcontents (and who isn't one or the other?) and goad them to blow something up in understandable frustration; and to suppress all this manufactured grievance, blanket surveillance of every verbal burp and fart by NSA creeps.

If we weren't forced to pay for all this shit we could have a basic income, and sit on our asses and think about whatever we consider most important; and we could have a guaranteed job to work at something that we collectively actually want, when we're so inclined. Instead of being on a treadmill of profit and drudgery, selling stupid crap, we would put the state on a treadmill, laboring without rest to give us more and more development, more and more rights, and more and more peace.

NSA, CIA, FBI, DHS, DoD, they're hookworms sucking the life out of this country. America needs a big dose of Vermox to eradicate these worms. If it takes Putin nuking DC and the cities that CIA's infested, hey, it's got to be done. Knock over this bullshit regime, we'll greet you with strewn flowers.

NobodySpecialFebruary 9, 2015 10:34 PM

@Just nuke it - you could do a controlled experiment.
Take one side (call them the losers) - ban them from having a serious army, building nuclear arsenals, fighting foreign wars.
Take the other side (call them the winners) - allow them to pretend they still have a world conquering empire, or have them build a new one.

See how their economy, standards or living, levels of happiness etc compare.

Nick PFebruary 9, 2015 11:29 PM

@ NobodySpecial

Along the same vein, we could note countries level of foreign interference, military spending rate, and spending rate on domestic improvements. Then, compare that to their economic stability, standards of living, happiness, etc. That sounds like such great TV talking point potential that I'd be surprised if it wasn't already done and on the Web somewhere.

OMGFebruary 10, 2015 12:59 AM

"Thus befor we cut one snake like head off of a gorgon we should consider what would grow to replace it, and how we stop it being worse than before. Or perhaps how like Persius with Medusa we cut off the real head, from which the snakes come forth."_Clive Robinson

That really touched home.

People who put you in shit aren't necessarily your enemies.

People who get you out of shit are not always your friends.

Love that parody. :^)

CelosFebruary 10, 2015 6:44 AM

@NobodySpecial:

The experiment has been done in a controlled, but small scale. Repeatedly. The ones not cooperating and suspicious of everybody usually destroy the world. The problem is the people with an authoritarian mind-set, which fear everybody they cannot control, oppress or destroy.

Very worthwhile read with a solid scientific foundation: Bob Altemeyer's - "The Authoritarians", for free here: http://home.cc.umanitoba.ca/~altemey/

If we managed to get these people under control, most serious problems would vanish. Instead, they are the rulers and mess everything up.

BoppingAroundFebruary 10, 2015 11:11 AM

Celos, have you noticed that you are writing like one of them right now.
> The problem is the people with an authoritarian mind-set, which fear everybody they cannot control, oppress or destroy.
> If we managed to get these people under control, most serious problems would vanish.

albertFebruary 10, 2015 1:15 PM

You guys are wandering into sociological areas.

Aside from personal greed, there is a certain kind of 'mob mentality' that exists among the Elite. Remember, they lead an insular existence; they live in posh communities, their kids go to private schools, they are raised as entitled, they are moral cannibals, and they run everything.
Add to this the fact that they still think of themselves as intelligent, free-thinking individuals, who can 'relate' to the Unwashed Masses. After all, don't they (in their posh way) watch the same TV shows, read the same books, see the same movies, work out, hunt, fish, play golf, and follow sports? It behooves us to answer the question, 'Are these people really mini-Hitlers?'. I don't think so. As a group, they do have fears; but they fear the loss of their fortunes most of all. In this country, they don't fear the loss of their lives, but like gated, guarded compounds and armed body guards, that day will come.

Rather than revolution, I see a slow, strangling, systemic death of the system, like a dog that dies from overeating. A system that, once it has sucked out all of the blood out of all of its victims, runs out of victims, and dies. It's taking a long time, because we have a world of victims to exploit, but rest assured, its progress is exponential, and inevitable. That's the problem for an elite that's built on the backs of the masses; their very survival depends upon those who despise them.

Other countries (you know, the ones we marginalize, exploit, destroy, or ignore) already see us for what we really are. They are not happy, but I think they see the endgame. They watch and wait, and develop their own systems. The smart ones learn from _our_ mistakes. They are not perfect, but the world does not belong to the perfect; it belongs to the 'rational' realists.
We, and our lapdogs, have create a financial system that has progressed from gold, to paper money, to plastic cards, to electrons (and photons:) that flow though cables, and it lives in servers. We have created a military system that is utterly dependent on computers, which is far more vulnerable than anyone appears to realize.

[A Samurai, upon crashing into a Buhddist temple, encounters a monk, sitting quietly, meditating.]
Samurai: "Do you not realize that I can run you through with this Mighty Sword, and kill you instantly. Why do you not fear me?"
Monk: "Do you not realize that I can allow you to run me through with that Mighty Sword, and kill me instantly?"

Our day will come, and it will make the 30's look like Nirvana.
.
I gotta go...

name.withheld.for.obvious.reasonsFebruary 10, 2015 2:16 PM

Knowing that both the government and the corporate giants cannot find their way to "enlightened self interest" I am leaving the U.S. in order to remain relavent. I cannot see providing technology industry my expertise in support of a system that I am morally, ethically, and spiritually opposed to...
Recently I have explored a career change; retail and antique sales, cashier and attendant, and other options that doesn't require me to compute the logical mask of an xor'd gate. My experience thus far demostrates how distance the reality of what our government is engaged in and the general knowledge held by the citizenry. This suggests that Jefferson's statement about and "Informed Citizenry" about the maintenance of a healhty republic stands.
So far my decision process has lead me to contact individuals in the U.K., I know GCHQ and all the problems in the U.K., there are a least a number of educated individuals as compared to the morass that is the U.S. population. In short, F' the U.S. governement and its cronies...your incapacity to entertain any logical and rational decision process will find you with your junk in your hand!

Nick PFebruary 10, 2015 2:35 PM

@ name.withheld

UK is worse than US in terms of individual freedoms, level of spying, and police authority. Might not be a great transition. Far as jobs, consider embedded engineering positions at companies whose needs mix systems and security. Being an inventor and *former* defense contractor might be an extra qualification. You could leverage your skills on safety-critical systems, smartcard solutions, and so on. In UK, Altran Praxis is one of the better firms at actually engineering software rather than throwing it together.

vas pupFebruary 10, 2015 2:45 PM

@Winter • February 9, 2015 8:09 AM. Agree 100%.

@Bob S. • February 9, 2015 12:03 PM:
"In a way that can make us safer: People who don't complain can feel safe from government oppression and punishment." Not really, during multiple Stalin's purges of the most loyal folks that was opposite. That is why I always guessing why folks on the direct pass to the gas chamber in the death concentration camps were so obedient. There were zero chance to survive. Try to kill at least one of the SS guard - sorry a little bit of the topic. No complains just generated more and wide oppression - see 'spiral of silence' on Wikipedia. History of Germany 1933-1945 and most of the history of former Soviet Union, Cambodia during Pol Pot confirmed that statement.

@all - to be realistic, you can't totally reverse mass surveillance infrastructure. As Bruce suggested in his books, security is about managing risks. My point (as I stated on this respected blog more than once) is to mitigate risks to general folks related to mass surveillance. How? Never ever combine mass surveillance (Intel) and Law Enforcement/prosecution under the same 'roof'. If you do, then you get NKVD/Gestapo/Stasi you name it.

By the way, Mr. Hoover was in charged of FBI for so many years because he had collected many 'skeletons in the closet' of those who could make decision to remove him from the office. That could be bargain against your boss not to be fired. Absolute loyalty to anything or anybody except yourself is (sorry for being cynical) flag of low intellect.

65535February 10, 2015 7:11 PM

The comments have already covered what I had to contribute. I’ll make my contribution short.

The people in the USA have a choice of Constitutional government where the civilians control the military.

The other side is a military dictatorship style of government where the military controls the people.

That is fork in the road which we must choose!

[Good comments]

“The main problems with the bulk collection are not addressed (or only partially): 1) Transparency 2) Accountability” –Winter

Exactly! Secret courts, secret orders, and secret budgets don’t allow for Transparency or Accountability.

“…the question was, "Is bulk suspicionless surveillance constitutional?" where the pro-surveillance point of view was basically, "It would be very dangerous to jettison this project" - which doesn't actually address whether or not it's constitutional…” –x0017A

This is a classic debating trick of deflecting the real question of Constitutionality. The question is never answered.

“Bulk collection is extremely valuable if you want to control individuals later.” –Gweihir

There lies the real danger.

Currently only a upper class of the military and upper class of society can avoid that control by hiding their communications and records from the average Joe. Yet, the average Joe cannot do the same!

It is the “one-way mirror” effect. The government can watch us but we cannot watch them. I consider that repugnant at the least and dangerous at the worst.

“Government mass surveillance is effective at suppressing free speech and communication… From the government view, there is no downside to mass surveillance at all.” -Bob S

True. And, even more so when the people being under surveillance are paying for said surveillance – quite a scam.

“I want a report on what our lives could be like if we weren't obliged to pay for all this sh*t” -Just nuke it

We are forced [possibly scammed] into paying for it. The government seems to be good at picking our pockets – or piling debt obligations on us.

“Sounds like POTUS ordering a study on global warning from the Koch Brothers in their turn subcontracting it to a non-profit institution sponsored by ExxonMobil. Did anyone... *really* believe any report coming from the ODNI, an organisation lead by the guy who lied before Congress on the matter, would contain *any* critical content whatsoever?” -Dirk Praet

You hit the nail on the head. I suspect it is a Public Relations gambit. Unfortunately, we had to pay for said PR report.

“@Camp Williams requirements: 1 КАБ-1500ЛГ-ОД-Э • (!) That's UN stuff. We don't read that stuff, and we marginalize it if someone has the audacity to bring it up. How do you like those APPLES?” –albert

Yes, it is the classic PR steam-roller move.

“We have moved by technology from having a real "hot war" enemy, through a "cold war" with an enemy creating a real existential threat, to condition our own governments paid and trained have become the enemy that we are told we should fear our every waking moment as well as in our sleep, George Orwell would nod knowingly at where we are, and wonder if Room 101 was in Gitmo.” – Clive

Yes, Orwell is nodding and noting that he gave us a glimpse of the future.

“…we know from experiance that the Founding Fathers thought they had done this, however history has taught us that given the oportunity the creatures of the night will poison the minds and souls of those tasked with protecting the founding ideals. As has been observed in the past "sun light is the cure for many ills", thus there must be no shadow in which the creatures of the night can hide unobserved. History via the Church Commission has taught us that there should be no half measures where accountability is concerned, there have to be no secret no go areas, otherwise the poison seeps in.” –Clive

I agree.

I thought the American Revolutionary War and the signing of the US Constitution was to ensure the above. At least that is my marginal understanding of American history.

“Ask Slashdot: What Will It Take To End Mass Surveillance?” –HereTis

Good link.

I think de-funding of the NSA and its tentacles would be a good start. For example a 40% across the board cut in funding would be good. The savings could be put to more productive uses.

Next, would be to subject every politician to the long intrusive search lines of the TSA. Let’s, see how they like it.

And, since the long winding lines and machines are in place, or sunk costs [as Clive says], we could save money by reducing expensive private jet trips by said politicians. The money could be used on more useful things.

“The value of doing that is almost entirely in the ability to commit blackmail and run smear campaigns. Spying on everyone and storing all the data is *very valuable* for commiting blackmail and running smear campaigns.” –Nathanael

Yup, and that data in the hands of a dictator could be an ugly disaster.

“My point (as I stated on this respected blog more than once) is to mitigate risks to general folks related to mass surveillance. How? Never ever combine mass surveillance (Intel) and Law Enforcement/prosecution under the same 'roof'. If you do, then you get NKVD/Gestapo/Stasi you name it.” –vas pup

I concur.

We have been in a 'quasi state of war' with all of the military and spying attributes for over a decade [interment camps and secrets lists of suspected individuals].

This happened in World War II but only lasted 4-5 years. I see no justification for such spying and militarization of police officers after a decade.

Worse, the trend is increasing. This is just the state of panic the terrorists desired – including the gross miss-spending on military products used against the average Joe and the resulting damage to his person and his constitutional rights. This has to end as does the cattle search lines of the TSA.

gordoFebruary 10, 2015 8:11 PM

A two-part video interview [at German website, Netzpolitik.org] on the occasion of the Sam Adams Associates for Integrity in Intelligence (SAAII) 2014 award ceremony. The 2014 SAAII Award recipient is William Binney [interviews are in English; includes transcripts].

Part I:
"Whistleblowers are not heroes, they are people like you and me!"
Award Ceremony & Video interview
Florian Gilberg | Netzpolitik.org | 24 January 2015 | Video: 07:39
https://netzpolitik.org/2015/nsa-whistleblower-william-bill-binney-ausgezeichnet-mit-videointerview/

Part II:
"Inward Mission of failure"
On the threat to security through mass surveillance
Theresa | Netzpolitik.org | 03 February 2015 | Video: 07:45
https://netzpolitik.org/2015/eine-nach-innen-gerichtete-mission-des-scheiterns-ueber-die-gefaehrdung-der-sicherheit-durch-massenueberwachung/

Part I is also posted at SAAII awards website; other good links here, too:

Interview with NSA Whistleblowers on privacy and metadata
Sam Adams Associates for Integrity in Intelligence (SAAII)
January 22, 2015 [Video: 07:39]
http://samadamsaward.ch/2015/01/interview-william-binney-saaii-awardees/

LessThanObviousFebruary 10, 2015 8:18 PM

A key aspect of bulk collection I find troublesome is the concept that they think it's acceptable to have the ability to look back in time. It represents a great perversion of government's ability to carry out search and seizure. Even if someone is up to no good, their communications should be ephemeral if there is no current warrant and their traffic isn't matching a current approved selector. Being able to look back even with a warrant is like having a warrant on everyone all the time. Data collected without a warrant needs to disappear and be gone forever, that is the only way communication can be truly free. People should not have to wonder if some new regime will be able to look back three years from now at a conversation that they are having today.

FigureitoutFebruary 10, 2015 9:33 PM

name.withheld.for.obvious.reasons
Recently I have explored a career change; retail and antique sales, cashier and attendant, and other options that doesn't require me to compute the logical mask of an xor'd gate.
--Why? First you leave IEEE, now this. I think you're self-employed, if not and a position is opening up, mind letting me see it? That's actually interesting and being a cashier at an antique store...?--crikey I'd get bored real quick. You think it's much better in UK? You want to see truly untouchable entrenched gov't? The "class-system" is very pronounced there, "old-money". They still have a queen that does nothing for god's sake. You should go visit for a while. It's a major hassle moving to different country (move all your stuff, change currency, etc.) and then get used to drive on wrong side of road. I don't know the tax situation but I'm guessing bare minimum of half your income (US is getting closer and closer there every year). Not everyone, but a lot of people will give you mean looks b/c "you're a yank".

All countries are going down due to "globalized economy" and money being sucked to top and they don't do anything w/ the money (besides people like Elon Musk).

WaelFebruary 10, 2015 10:09 PM

@name.withheld.for.obvious.reason,

Wherever you go, you'll not be impressed. Sometimes it's best to live away from civilization, something Edward Abbey did and apparently enjoyed so much he wrote a book about it (desert solitaire.) I lived in Tucson Arizona sometime after he died, and almost took a job as a system admin at of one the observatories on top of a mountain, but they didn't pick me. Would have been fun watching the sky at night... Wherever you go, may the force be with you! Send us a post card ;)

Bob S.February 11, 2015 7:01 AM

@ Clive R.

Re:"...that more people have died in the US from insect bites this decade and a half of the 21st Century than have died from terrorism..."

A quick google suggests one million people die every year from insect bites mostly due to malaria. In the USA, about 40 people die per year from bites, likely due to allergic shock and poisonous bugs. That would be 400 folks in a decade. I think the score for terrorists is much less.

The comments here show at least some people are getting a clear picture of the problem. Also, that solutions are difficult.

I would think elegant end to end encryption would be a start. Likely governments would outlaw a system that works, however. Also, they might implant malware in all corporate software and hardware to to counteract it, if they haven't done so already. (Corporations and the government are partners now. They might be called co-conspirators.)

At least we know the governments of the world have aligned themselves against the rights of the people to have their papers and possessions secure from unreasonable search and seizure.

Yes, the Constitution is dead for electronic communication.

Long live the Constitution!

vas pupFebruary 11, 2015 9:50 AM

US National Security Strategy with extracts caught my attention:

http://www.emergencymgmt.com/safety/US-National-Security-Strategy-2015.html

"Finally, I believe that America leads best when we draw upon our hopes rather than our fears. To succeed, we must draw upon the power of our example—that means viewing our commitment to our values and the rule of law as a strength, and not an inconvenience. That is why I have worked to ensure that America has the capabilities we need to respond to threats abroad, while acting in line with our values—prohibiting the use of torture; embracing constraints on our use of new technologies like drones; and upholding our commitment to privacy and civil liberties. These actions are a part of our resilience at home and a source of our influence abroad."

"we have to make hard choices among many competing priorities, and we must always resist the over-reach that comes when we make decisions based upon fear. Moreover, we must recognize that a smart national security strategy does not rely solely on military power. Indeed, in the long-term, our efforts to work with other countries to counter the ideology and root causes of violent extremism will be more important than our capacity to remove terrorists from the battlefield."

"the top strategic risks to our interests:
•• Catastrophic attack on the U.S. homeland or critical infrastructure;
•• Threats or attacks against U.S. citizens abroad and our allies;
•• Global economic crisis or widespread economic slowdown;
•• Proliferation and/or use of weapons of mass destruction;
•• Severe global infectious disease outbreaks;
•• Climate change;
•• Major energy market disruptions; and
•• Significant security consequences associated with weak or failing states (including mass atrocities,
regional spillover, and transnational organized crime)."

"We will lead by example. The strength of our institutions and our respect for the rule of law sets an example for democratic governance. When we uphold our values at home, we are better able to promote them in the world. This means safeguarding the civil rights and liberties of our citizens while increasing transparency and accountability. It also means holding ourselves to international norms and standards that we expect other nations to uphold, and admitting when we do not."

"The threshold for military action is higher when our interests are not directly threatened. In such cases, we will seek to mobilize allies and partners to share the burden and achieve lasting outcomes. In all cases, the decision to use force must reflect a clear mandate and feasible objectives, and we must ensure our actions are effective, just, and consistent with the rule of law. It should be based on a serious appreciation for the risk to our mission, our global responsibilities, and the opportunity costs at home and abroad."

"Globally, cybersecurity requires that long-standing norms of international behavior—to
include protection of intellectual property, online freedom, and respect for civilian infrastructure—be upheld, and the Internet be managed as a shared responsibility between states and the private sector with civil society and Internet users as key stakeholders."

"Scientific discovery and technological innovation empower American leadership with a competitive edge that secures our military advantage, propels our economy, and improves the human condition. Sustaining that edge requires robust Federal investments in basic and applied research. We must also strengthen science, technology, engineering, and mathematics (STEM) education to produce tomorrow’s discoverers, inventors, entrepreneurs, and high-skills workforce."

gordoFebruary 11, 2015 4:55 PM

Slightly off topic.

"Bulk Collection of Signals Intelligence: Technical Options"

Understanding the nature of groups, individuals, organizations, or events that may threaten national security and predicting their behavior requires complex analysis that pieces together many facts from many sources. Studying this whole system was far beyond the scope of this study. (page S-2, para. 1)

http://cryptome.org/2015/01/nap-bulk-sigint.pdf

Bulk collection of signals intelligence, need it be said, is also a basis for profiling. Though the article cited below uses current events in the UK as a foil, the issues are not theirs alone.

"Is the Bulk Interception of Data Worse than Mass Surveillance?"
Richard Stacy, Social Media Strategist | Huffington Post, UK | 10/02/2015

Where does bulk interception of data stop and mass surveillance start and in the world of Big Data and algorithmic surveillance is it even relevant to make such a distinction?


[...]

... The only identity that counts is the identity the algorithm assigns to you.

[...]

It is highly unlikely that the people charged with supervising our security services have any idea how algorithmic surveillance works. It is also highly unlikely that the people at GCHQ are going to enlighten them. But until such enlightenment takes place, we have to regard everything that GCHQ et al do as being illegal on the basis of proceeding with insufficient consent. As last week's ruling shows - knowledge of a process can confer legitimacy upon it and visa versa.

http://www.huffingtonpost.co.uk/richard-stacy/interception-of-data_b_6650494.html

Day-OFebruary 11, 2015 6:10 PM

@vas pup, thanks for the US government security Juche. It will be fun to hear Susan Rice 'outline' it. She was the spokesmodel who enlivened the Gadafy assassination with Viagra-rape tall tales (If spoils of war continue for more than four hours, consult a physician.) She also lied like a rug about the Libyans' attack on CIA's Benghazi arsenal and torture dungeon, blaming it on restless natives inflamed by that corny moooslim video. She's so full of shit, they wouldn't even let her have Hillary's old consolation job.

"The threshold for military action is higher when our interests are not directly threatened. In such cases, we will seek to mobilize allies and partners to share the burden and achieve lasting outcomes. In all cases, the decision to use force must reflect a clear mandate and feasible objectives, and we must ensure our actions are effective, just, and consistent with the rule of law. It should be based on a serious appreciation for the risk to our mission, our global responsibilities, and the opportunity costs at home and abroad."

Lookie, she gagged out rule of law. That's her biggest whopper yet. There it sits next to that gibberish about military action "when our interests are not directly threatened," that is, fuck rule of law. She thinks Chapter 7 is the popsicle part of 50 Shades of Gray.

It is very fortunate that Russia has more megatons and hypersonic delivery platforms, because somebody is going to have to hit Rice's mule face with a two-by-four in order to explain the law to her.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.