More about the NSA's XKEYSCORE

I've been reading through the 48 classified documents about the NSA's XKEYSCORE system released by the Intercept last week. From the article:

The NSA's XKEYSCORE program, first revealed by The Guardian, sweeps up countless people's Internet searches, emails, documents, usernames and passwords, and other private communications. XKEYSCORE is fed a constant flow of Internet traffic from fiber optic cables that make up the backbone of the world's communication network, among other sources, for processing. As of 2008, the surveillance system boasted approximately 150 field sites in the United States, Mexico, Brazil, United Kingdom, Spain, Russia, Nigeria, Somalia, Pakistan, Japan, Australia, as well as many other countries, consisting of over 700 servers.

These servers store "full-take data" at the collection sites -- meaning that they captured all of the traffic collected -- and, as of 2009, stored content for 3 to 5 days and metadata for 30 to 45 days. NSA documents indicate that tens of billions of records are stored in its database. "It is a fully distributed processing and query system that runs on machines around the world," an NSA briefing on XKEYSCORE says. "At field sites, XKEYSCORE can run on multiple computers that gives it the ability to scale in both processing power and storage."

There seems to be no access controls at all restricting how analysts can use XKEYSCORE. Standing queries -- called "workflows" -- and new fingerprints have an approval process, presumably for load issues, but individual queries are not approved beforehand but may be audited after the fact. These are things which are supposed to be low latency, and you can't have an approval process for low latency analyst queries. Since a query can get at the recorded raw data, a single query is effectively a retrospective wiretap.

All this means that the Intercept is correct when it writes:

These facts bolster one of Snowden's most controversial statements, made in his first video interview published by The Guardian on June 9, 2013. "I, sitting at my desk," said Snowden, could "wiretap anyone, from you or your accountant, to a federal judge to even the president, if I had a personal email."

You'll only get the data if it's in the NSA's databases, but if it is there you'll get it.

Honestly, there's not much in these documents that's a surprise to anyone who studied the 2013 XKEYSCORE leaks and knows what can be done with a highly customizable Intrusion Detection System. But it's always interesting to read the details.

One document -- "Intro to Context Sensitive Scanning with X-KEYSCORE Fingerprints (2010) -- talks about some of the queries an analyst can run. A sample scenario: "I want to look for people using Mojahedeen Secrets encryption from an iPhone" (page 6).

Mujahedeen Secrets is an encryption program written by al Qaeda supporters. It has been around since 2007. Last year, Stuart Baker cited its increased use as evidence that Snowden harmed America. I thought the opposite, that the NSA benefits from al Qaeda using this program. I wrote: "There's nothing that screams 'hack me' more than using specially designed al Qaeda encryption software."

And now we see how it's done. In the document, we read about the specific XKEYSCORE queries an analyst can use to search for traffic encrypted by Mujahedeen Secrets. Here are some of the program's fingerprints (page 10):

encryption/mojahaden2
encryption/mojahaden2/encodedheader
encryption/mojahaden2/hidden
encryption/mojahaden2/hidden2
encryption/mojahaden2/hidden44
encryption/mojahaden2/secure_file_cendode
encryption/mojahaden2/securefile

So if you want to search for all iPhone users of Mujahedeen Secrets (page 33):

fingerprint('demo/scenario4')=

fingerprint('encryption/mojahdeen2' and fingerprint('browser/cellphone/iphone')

Or you can search for the program's use in the encrypted text, because (page 37): "...many of the CT Targets are now smart enough not to leave the Mojahedeen Secrets header in the E-mails they send. How can we detect that the E-mail (which looks like junk) is in fact Mojahedeen Secrets encrypted text." Summary of the answer: there are lots of ways to detect the use of this program that users can't detect. And you can combine the use of Mujahedeen Secrets with other identifiers to find targets. For example, you can specifically search for the program's use in extremist forums (page 9). (Note that the NSA wrote that comment about Mujahedeen Secrets users increasing their opsec in 2010, two years before Snowden supposedly told them that the NSA was listening on their communications. Honestly, I would not be surprised if the program turned out to have been a US operation to get Islamic radicals to make their traffic stand out more easily.)

It's not just Mujahedeen Secrets. Nicholas Weaver explains how you can use XKEYSCORE to identify co-conspirators who are all using PGP.

And these searches are just one example. Other examples from the documents include:

  • "Targets using mail.ru from a behind a large Iranian proxy" (here, page 7).

  • Usernames and passwords of people visiting gov.ir (here, page 26 and following).

  • People in Pakistan visiting certain German-language message boards (here, page 1).

  • HTTP POST traffic from Russia in the middle of the night -- useful for finding people trying to steal our data (here, page 16).

  • People doing web searches on jihadist topics from Kabul (here).

E-mails, chats, web-browsing traffic, pictures, documents, voice calls, webcam photos, web searches, advertising analytics traffic, social media traffic, botnet traffic, logged keystrokes, file uploads to online services, Skype sessions and more: if you can figure out how to form the query, you can ask XKEYSCORE for it. For an example of how complex the searches can be, look at this XKEYSCORE query published in March, showing how New Zealand used the system to spy on the World Trade Organization: automatically track any email body with any particular WTO-related content for the upcoming election. (Good new documents to read include this, this, and this.)

I always read these NSA documents with an assumption that other countries are doing the same thing. The NSA is not made of magic, and XKEYSCORE is not some super-advanced NSA-only technology. It is the same sort of thing that every other country would use with its surveillance data. For example, Russia explicitly requires ISPs to install similar monitors as part of its SORM Internet surveillance system. As a home user, you can build your own XKEYSCORE using the public-domain Bro Security Monitor and the related Network Time Machine attached to a back-end data-storage system. (Lawrence Berkeley National Laboratory uses this system to store three months' worth of Internet traffic for retrospective surveillance -- it used the data to study Heartbleed.) The primary advantage the NSA has is that it sees more of the Internet than anyone else, and spends more money to store the data it intercepts for longer than anyone else. And if these documents explain XKEYSCORE in 2009 and 2010, expect that it's much more powerful now.

Back to encryption and Mujahedeen Secrets. If you want to stay secure, whether you're trying to evade surveillance by Russia, China, the NSA, criminals intercepting large amounts of traffic, or anyone else, try not to stand out. Don't use some homemade specialized cryptography that can be easily identified by a system like this. Use reasonably strong encryption software on a reasonably secure device. If you trust Apple's claims (pages 35-6), use iMessage and FaceTime on your iPhone. I really like Moxie Marlinspike's Signal for both text and voice, but worry that it's too obvious because it's still rare. Ubiquitous encryption is the bane of listeners worldwide, and it's the best thing we can deploy to make the world safer.

Posted on July 7, 2015 at 6:38 AM • 134 Comments

Comments

ChrisJuly 7, 2015 7:21 AM

The true bane of every listener is TCP handling in regard to timers, memory usage and standard conformity. Use IPv4, fragment and reorder your packets a lot, possibly using long delays between packets (will slow down transmission, though), use different routes for packets of the same TCP connection if you can. If you have control over both endpoints, screw with the TCP(/IP) stack. E.g. accept "broken" packets, wait for resent packets and accept the duplicate instead of the original, where both packets differ. Be imaginative. Every passive listener hates things which are non standard, beacuse a passive listener must make assumptions about the state of the endpoints.

CharlesTemperJuly 7, 2015 7:22 AM

It's still unclear to me how the type of encryption used can be discerned from the message. All the time? Even without specifying in the header? What are some of the "lot's of ways?"

zucJuly 7, 2015 7:28 AM

This reminds me a lot of the movie Brazil. Lots of actual terrorism going on (bombs going off, and people dying) and vast amounts of money being spent on surveillance and counter-terrorism but at no point is there any sign that the people spending that money have any clue whatsoever who the 'actual terrorists' really are. Instead, the authorities end up circling around, trapped in their own paranoia, and the people they arrest (and often torture to death) are essentially harmless, and not connected to any real terrorism. Who really uses the word 'jihad' in a serious communication?

Nathan BuuckJuly 7, 2015 7:52 AM

@CharlesTemper I suspect the author of that statement was alluding to the use of statistical analysis of the cipher text to identify the algorithm or family of algorithms used to generate it. With the awesome computing power available to the NSA, they can perform exceptionally deep analysis of the cipher text that may allow them to perceive, say, a pattern that is unique to how a block cipher pads the end of the plain text to achieve a fixed block size. This padding may produce a repetition in the cipher text that is statistically distinct from anomalies created by other block ciphers, allowing XKEYSCORE to reasonably identify the algorithm in use. Depending on the algorithm in question, they may have a high rate of success in fingerprinting based on cipher text patterns whereas they may still be applying their substantial R&D power to achieve better confidence intervals when fingerprinting other ciphers.

Larry WeatJuly 7, 2015 7:58 AM

iPhone may not have needed an exploit? Hacking Team apparently has an enterprise developer cert from Apple, so targeted users may have been tricked into installing some malware.

Via @esizkur:

https://twitter.com/esizkur/status/618067109214580736

Hacking Team had an iOS enterprise developer cert:
Subject: UID=DE9J4B8GTF, CN=iPhone Distribution: HT srl, OU=DE9J4B8GTF, O=HT srl, C=IT

jrandomJuly 7, 2015 8:25 AM

Textsecure/Signal network is big enough now to get lost in the noise they have millions of users, plus WhatsApp is using their network adding another few million since not every WhatsApp install uses it by default yet (last time I heard, could have changed).

Can also tunnel it through a VPN to prevent local ISPs seeing your encrypted chat traffic though NSA has a master overview of all backbones and is likely not even slowed down by VPNs. The derka chat program must be a gold mine for them.

Rolf WeberJuly 7, 2015 8:39 AM

You'll only get the data if it's in the NSA's databases, but if it is there you'll get it.

This is the most important thing when you want to assess The Intercept's scandalizing reporting, claiming XKEYSCORE was a mass surveillance tool.
From what we know about the NSA's acquisition and collection process, it is much more likely that the database mostly contains pre-selected and targeted data.
Explained it here more in detail:

https://plus.google.com/+RolfWeber/posts/GutmwDaUqBr

AndrewJuly 7, 2015 8:39 AM

"I always read these NSA documents with an assumption that other countries are doing the same thing. "

As a non-american, my problem is not that NSA is getting into my computer, my problem is that I pay for a vulnerable operating system that allows them on to spy on me, for a HDD or USB with preinstalled spyware, for a cloud that scans my emails and so on.

As soon as I can avoid this, I will do it, for example by buying Chinese stuff. The logic is that if the enemy spies on you, your country should defend you, but if your country spies on you, you have nothing left to do.

These guys, who were supposed to make the world safer, basically turned it into a huge digital mess by making everything open and vulnerable. Also, the people are not aware that every new discovery or research probably ends up in some carefully selected private companies close to them, even before being published.

fajensenJuly 7, 2015 9:10 AM

As a non-american, my main concern is that my own government is spying on me on behalf of the NSA. Which makes them traitors and one does wonder about the legitimacy of a state who will not protect it's own citizens.

Russian or Chinese equipment is actually safer from a personal perspective; Neither Russia nor China have no-flight-list, special-attention-lists, signature-strikes, et cetera - that one can get entangled in and never get out off.

Spaceman SpiffJuly 7, 2015 9:16 AM

Just because you can, doesn't mean you should...

Yes, the NSA has the ability to monitor everyone and all communications, world-wide. Should they?

CharlesTemperJuly 7, 2015 9:19 AM

@Nathan Buuck - cipher text is supposed to be indistinguishable from random data. What statistics? Any padding takes the same path as plaintext. And how could the length of ciphertext be used to determine which algorithm was used exactly? A lot of block ciphers do that. And besides, so what if they can surmise some other way which block cipher is being used? How does this allow them to obtain the plaintext? Are we dependent on security by obscurity now? Because that's what it sounds like to me.

Bruce SchneierJuly 7, 2015 9:32 AM

"It's still unclear to me how the type of encryption used can be discerned from the message. All the time? Even without specifying in the header? What are some of the 'lot's of ways?'"

It's explained in the document I linked to. Basically, the program has some hidden fingerprints that XKEYSCORE can search for.

Bruce SchneierJuly 7, 2015 9:33 AM

"I suspect the author of that statement was alluding to the use of statistical analysis of the cipher text to identify the algorithm or family of algorithms used to generate it."

No. Not at all. It's headers and other standard stuff that the encryption programs put into the files around the ciphertext.

Nathan BuuckJuly 7, 2015 9:35 AM

@CharlesTemper Whoa, a lot of questions there! There are both academic works and practical examples of attacks on block ciphers; for example, here's one published by Cisco. Others are readily available online.

Regarding length, I didn't actually assert that the specific length of the block made it susceptible to identification. The point was, rather, that any block cipher must pad the input in order to achieve a fixed size and that this padding, if done improperly, could be revealing or compromising. It's also important to note that block ciphers are a single and easy example of how the NSA might be fingerprinting cipher text to identify ciphers in use by targets of interest; there may be similar techniques applicable to other cipher modes.

As to the value of identifying the cipher in use, that is effectively a mandatory first step in attempting to compromise an encrypted payload if that's your/the NSA's goal. That said, I don't assume (nor did I assert) that the goal is to obtain the plain text. Mr. Schneier's article points out that it may just be interesting that you are encrypting and how you're encrypting it.

Thanks for the engaging dialog!

JaysonJuly 7, 2015 9:41 AM

And the most actively used queries?

fingerprint('girlfriend/phonelogs')=

fingerprint('exwife/email') and fingerprint('girlatbar/cellphone/pictures')

Nathan BuuckJuly 7, 2015 9:46 AM

No. Not at all. It's headers and other standard stuff that the encryption programs put into the files around the ciphertext.

@Bruce Schneier I agree, that's what they were fingerprinting on at first, but as you noted in your article, Slide 37 of "Intro to Context Sensitive Scanning With XKS Fingerprints" indicates they're leveraging other methods to identify the cipher in use if that header/wrapper information has been stripped by the sender. Am I interpreting this part of your article incorrectly?

Or you can search for the program's use in the encrypted text, because (page 37): "...many of the CT Targets are now smart enough not to leave the Mojahedeen Secrets header in the E-mails they send. How can we detect that the E-mail (which looks like junk) is in fact Mojahedeen Secrets encrypted text." Summary of the answer: there are lots of ways to detect the use of this program that users can't detect.

C RavnJuly 7, 2015 9:58 AM

@Bruce


It's explained in the document I linked to. Basically, the program has some hidden fingerprints that XKEYSCORE can search for.

and

I wrote: "There's nothing that screams 'hack me' more than using specially designed al Qaeda encryption software."


From these we could draw the conclusion that selecting a user as hacking target comes after the fingerprints have been found.

But the fingerprints referred to in the document ("encryption/mojahaden2...") do not look like something that should be in the users web traffic. They look like listings of directories/binaries on the users device.

Because of this the fingerprinting process does not seem to be an analysis of web traffic but rather something that in the configuration management consulting business is referred to as "discovery". The act of discovery consists of scanning devices (laptops/servers/etc) on a network and collecting lists of directories/binaries from the devices.

Some documentation refers to these lists as "fingerprints" because they are used to determine what software is running on the discovered machines. The process of determining the software that the binaries correspond to is sometimes referred to as enrichment.

The problem is that running discovery requires a specific network access to users machines. Not necessarily an admin access, but at least an access that gets the host OS to allow read-only enumeration of files and directories on the HD. So maybe that is then baked into the modern OS, who knows.

Anyway this would mean that NSA is running discovery tools on the networks to get the lay of the land ahead of more targeted hacking. All in all that would make sense anyway.

Nicholas WeaverJuly 7, 2015 10:02 AM

Chris: Good IDSs have a reasonable shot at reassembling properly. There are evasion tricks you can attempt, but the NSA's DEEPDIVE system keeps the raw packets, so those are detectable.

Larry: Actually, iOS is really hard for Hacking Team. Unless the phone is jailbroken you are generally out of luck. Even with an enterprise cert, you have to get the user to install it (by spearphishing) or by compromising their host (and loading it through iTunes) and even then, without an additional root exploit, the malicious app is run in the sandbox, so it really can't access anything particularly sensitive without requiring a prompt to the user.

Of all the devices out there, iPads/iPod touches are probably the toughest (as they lack the cellphone tracking design), IF you don't use iCloud.


Rolf: Sorry. XKS is very clearly collect it ALL, record it ALL (after dropping heavy-flow ignore-stuff like Netflix and BitTorrent), and enable full search of it all. It is bulk.

There are many "fingerprints" (detectors for specific behavior) where analysts are instructed that it is straight up illegal to query on.

EG, one fingerprint is "UA == iPhone", namely every iPhone on the planet which has a single web request which crosses one of these wiretaps (and there are hundred+ such taps). Analysts are specifically instructed that they can only search such fingerprints in concert with other fingerprints that make it legal.

Another known fingerprint is "email on the topic of the WTO election with these keywords".

As a result, "all iPhones in Iran" is a legal query, even though XKS knows "all iPhones period" and there is no enforcement on the legality of queries, only audit trails.

Likewise, there hasn't been too much published on it, but a lot of the tracking metadata (e.g. Yahoo user logged in at time T/IP I) end up in MARINA, which is a centralized, world wide database designed to track everyone across the Internet.


Perhaps the best way to explain how this all fits together is go through an example.

EG, as an NSA analyst, lets say I wanted to target "Rolf Weber" of Infoserve GMBH. You're not a US/UK citizen, so I can go to town. For purposes of this example, lets assume it is 2 years ago before LinkedIn started encrypting things. Now its a bit more annoying, but not TOO bad...

I start with a little OSINT (aka "Google Fu") and get your LinkedIn profile:
https://www.linkedin.com/pub/rolf-weber/94/77/531

I now use a query XKEYSCORE to find your login history for LinkedIn (since there is undoubtedly a plugin that is 'pull out LinkedIn login from login pages', and if not, I'll write one and get it deployed).

Now using that, I've got your pageviews to LinkedIn. I can look up the other side of those flows (which may be captured on a different XKS instance) to get your LinkedIn login cookie.

Using that login cookie, I can now query MARINA to get associated cookies through "cookie chaining" (if it sees two requests to different domains, such as doubleclick and linkedin with the same UA/referrer/IP in a short period of time, the cookies are the same person.) I can then also use user activity for ALL those cookies to get your history: what IPs you used at what time. Feeding that into my GeoIP lookup service, I now have good insight into your movements. Queries to DEEPDIVE gets all your network traffic over the past 5 days captured by the taps.

And now, I say "I wanna pwn Rolf". Its just a matter of taking those identified LinkedIn, doubleclick, and other cookies, filling out a web form, and now your computer is tasked for QUANTUM targeting: if you do a web fetch with one of those cookies, passing a QUANTUM enabled wiretap, it "shoots" an exploit at you taking over your computer.

This is how the NSA systems work. The NSA has been remarkably non-abusive in how it uses this mass data, but it really is mass surveillance on a global scale.

AlfredJuly 7, 2015 10:04 AM

The more paranoid folks around here might want to be vary of clicking on Rolf Weber's document links. Esp. if you are otherwise a Google user...that GUID will likely be noted when you access Google Docs;-)

Rolf WeberJuly 7, 2015 10:25 AM

@Nicholas Weaver

Rolf: Sorry. XKS is very clearly collect it ALL, record it ALL (after dropping heavy-flow ignore-stuff like Netflix and BitTorrent), and enable full search of it all. It is bulk.

It is, in some sense, bulk, yes.
But it is also clearly targeted. It is not indiscriminate. And it is far, far away from "collect it all". That are the plain facts. I explained in my link.

JTRIG and proudJuly 7, 2015 10:45 AM

Nicholas Weaver - excellent comment. More please!

This is exactly what the non-technical users need to understand; how all these programs work together on a basic, user level so they can begin to understand how they are thoroughly pwned by cookies, internet infrastructure, Stasi tools and so on.

With the recent pwning of Hacking Team, can we soon expect tools to identify the presence of advanced malware if we live in one of the oppressed countries?

This is a good start, but until the hardware/firmware/BIOS/CPU trust issues are addressed by engineers, hopes for privacy are fading fast in the Orwellian and dystopian landscape we now inhabit.

Since 'Hacking Team' was 'hacked', can I say I am also 'skeptical of Skeptical' who seems thoroughly JTRIG, and proud. LOL

BallyJuly 7, 2015 10:48 AM

@jrandom
> "Can also tunnel it through a VPN"

VPN is broken and leaks data (see the last squid post). It should NOT be used.

Nicholas weaverJuly 7, 2015 11:03 AM

Rolf: you are flat up wrong: it is indeed collecting it all.

I'm an IDS person, and I actually built my own hobby version of XKEYSCORE+QUANTUM a year and a half ago. These systems work and work so well because they DO collect it all, and they ARE collecting it all. Its how I understand how to use them, because the technology to defend a network and the technology of bulk surveillance is the same thing.

The NSA is remarkably restrained in searching the data they collect, but that doesn't change the fact that they are indiscriminately collecting the data in the first place, because, hey, they MAY want to target Rolf Weber sometime in the future. The number of references to "don't search on this fingerprint because..." alone testify to the indiscriminate nature of fingerprint applications.

You're basically arguing something like the Stasi didn't conduct mass surveillance, because they only used 1% of the files they generated to arrest or intimidate people.

CharlesTemperJuly 7, 2015 11:12 AM

There are 2^5 links and few refer to crypto weaknesses. I don't care about push-button automation. Someone said the NSA can turn their Jupiter-sized super computer array onto my cipher text and so unravel my messages. That's what I'm trying to get to the bottom of. A myriad of unique issues are all being jumbled together here like a speedy sales presentation that it is hoped you won't look too closely at. I already understand the PGP problem - keys are all over the place and if you can hack "all over the place" that Jupiter-sized super computer array I keep hearing about might be able to fish out the key. Most everything else I am reading here is subjective and consists only of assertions. Why can't I get to the bottom of this? I want to know how use of a (private key) block cipher can be subverted by the NSA. Please don't bring up keyloggers, as if all laptops are shipped from the factory with them installed.
Now, The Cisco document is interesting because it's not just another "here's what can happen if you use ECB" bulletin. And some are telling me they can just read the headers and do some analysis. For example, in a link to previous entry the custom jihadist cipher is referred to as "snake oil", but here it is attacked for another reason - not because it's junk. Because it's different. And if it's different then the NSA can get you because you stand out, and it stands out because it's different, and if it's different then they can just decipher your stuff. WTF.

gordoJuly 7, 2015 12:00 PM

Re: Bulk Collection

See the last bullet point, below, from Slide 17 of the XKS INTRO document:

• Show me all the VPN startups in country X, and give me the data so I can and discover the users
• These events are easily browsable in XKEYSCORE
• No strong-selector

• XKEYSCORE extracts and stores authoring
information for many major document types can
perform a retrospective survey to trace the
document origin since metadata is typically kept for
up to 30 days

• No other system performs this on raw unselected
bulk traffic, data volumes prohibit forwarding


Peter A.July 7, 2015 12:03 PM

@fajensen:

As you are non-American, American no-fly list should not bother you much as long as you don't fly to America... maybe unless you live in one of the Five Eyes states, I don't know.

Russia also has a no-fly-list of its kind. China probably has one as well, but I am not that interested in Chinese affairs to notice. However, there are many examples of foreign people having legitimate, long-standing business in Russia (in the professional and/or private sense) that suddenly get turned back at airports or are simply deported, have their visas cancelled for no reason etc. - on a political whim. This happens to more fortunate individuals, less fortunate ones are charged with fabricated crimes.

The "my government is spying on me on behalf of another" is a treason indeed - one of many committed daily on their citizens by today's governments.

BrookeJuly 7, 2015 12:15 PM

First: I am against what the NSA does no matter how they try to spin/sell it.

Having said that, I think they've missed the PR boat on this one. The NSA has taps of everything coming and going in North America! The people do not all like this and they get a TON of bad PR and are having to now fight a little harder than usual to keep their programs that have been leaked. They're missing the boat in that if they offered what they do as a service to US companies who are being attacked by enemies throughout the world and started alerting them to the fact that they were compromised, leaking data or an attack had taken hold, you might find a huge shift in their image. As a security professional I look at all of the companies that offer to do this for a fee and the ones with the most data and ability to alert me to the fact that someone is attacking (and taken hold) of something in my network is the NSA. Again, I don't like what they're doing but a little PR spin to offer something like this as a service to US companies would probably go a long way.

It is already part of your taxes! We pay the NSA billions a year, to protect us. They're not doing it in my opinion. The examples of times they have actually thwarted something are commical in my opinion. What if the NSA told Sony, Home Depot, Target, the OPM or any one of those. To me, that's a terror attack thwarted and awesome publicity. It might even justify their actions.

JTRIGlodytesJuly 7, 2015 12:22 PM

Government-issue persona Rolf Weber harps furiously on the meaningless and irrelevant notion that NSA searches are 'pre-selected' and 'pre-targeted.' But this, from the post above, is all that matters: "no access controls at all restricting how analysts can use XKEYSCORE." No individual judicial review. Arbitrary government interference with your privacy subject not to law but to potential retrospective notice up the NSA chain of command. That makes NSA surveillance illegal.

Government-issue fake kraut Rolf Weber can yammer till the cows come home but he cannot polish this turd. NSA surveillance is illegal.

Bruce SchneierJuly 7, 2015 12:45 PM

"Am I interpreting this part of your article incorrectly?"

Yes. Read the source documents.

Rolf WeberJuly 7, 2015 1:27 PM

@Nicolas Weaver

You confuse your hobby and your imaginations with reality.
Again, read the Snowden Docs, read the PCLOB 702 report, and read the ISC report. Then you should have a better idea about how the collection process actually is. Not like your home IDS.

J LundgrenJuly 7, 2015 1:30 PM

Re: Nicholas weaver
hmm yea, if he works for Infoserve then no wonder he cares to that emotional level.

JeffJuly 7, 2015 2:20 PM

@C Ravn "But the fingerprints referred to in the document ("encryption/mojahaden2...") do not look like something that should be in the users web traffic. They look like listings of directories/binaries on the users device."

Those slash-separated words are formed after the data has been collected. Those fingerprints are based on the source and characteristics data stream and defined post-collection. They are not related to the device or the directories on the device.

SteveJuly 7, 2015 4:00 PM

Seems to me the best way to guarantee that the NSA is reading your mail is to use encryption.

Of course, the other best way is not to.

Heads, I win, tail, you lose.

Bob S.July 7, 2015 5:02 PM

Re: "I, sitting at my desk," said Snowden, could "wiretap anyone, from you or your accountant, to a federal judge to even the president, if I had a personal email."

I wonder if the world wide lawlessness and self-serving rejection of constitutionally prescribed and human rights in the seemingly clean, bloodless and mostly invisible arena of electronics will spread to other forms of communication or behavior?

From this discussion, it appears low level government employees in the USA and likely in many governments can and do ransack the electronic communication data of the entire world at will and with the most minimal controls from without or within.

In short, will the people decide since world governments have exempted themselves from the rule of law, commonly accepted ethics and foundational human rights, the people will do the same?

Or, is it the vast majority of people simply don't know or care about any of this?

rgaffJuly 7, 2015 5:02 PM

@Steve

Using general encryption still makes you blend in more, so they still have to figure out they want to target you through some other means (like, say, posting here!), hack your individual computer and steal your key first.... But using Al Qaeda's version of encryption will make them notice you and want to hack you to steal those keys, just from using the encryption alone, that's the main difference.

rgaffJuly 7, 2015 5:05 PM

@Bob S.

Vast majority only care that they have a job, house, etc, and only care about "human rights" when it interferes with that.... it hasn't for most people yet, so.... pfff...

DracoJuly 7, 2015 5:16 PM

During the hackingteam breach and dump it was discovered that hackingteam was able to infiltrate jailbroken iphones. Does software such as Moxxie's Signal, or Mojahedeen Secrets really stand a chance at preventing the NSA, a better funded operation, from doing the same?

AnonJuly 7, 2015 6:55 PM

The President comment still seems over the top. If the President is communicating anything over an unencrypted channel that he wouldn't want on CNN the next day, he really needs to fire whoever runs his tech/IT.

Mike AmlingJuly 7, 2015 7:38 PM

"search for traffic encrypted by Mujahedeen Secrets"

One of the things I like in an encryption protocol is that all transmitted data be indistinguishable from random data.

Dirk PraetJuly 7, 2015 8:28 PM

@ Rolf Weber

You confuse your hobby and your imaginations with reality.

Rolf, did you actually bother to read @Nicholas Weaver's analysis of XKS (the one @Bruce referred to) or Google the man's credentials for that matter?

Any which way you turn it, it IS bulk collection. That's the reality, those are the facts. If anyone is being in denial here or confusing his own narrative with reality, then that's you.

Clive RobinsonJuly 7, 2015 8:59 PM

@ Mike Amling,

One of the things I like in an encryption protocol is that all transmitted data be indistinguishable from random data.

First pick your definition of "random data"...

Let's just say that your definition of random is almost certainly not somebody elses definition of random.

Real random data such as pixel noise is often sufficiently distinguishable from encrypted data that when used for simple stego it can be readily spotted, even though the message is still unobtainable.

As Einstein pointed out "God does not play dice", thus few distributions in life are truely flat ot uncorrelated. A fact that forensic accountants have been familiar with for over half a century. Likewise engineers know that "white noise" is usually in practice "pink noise at the bottom" and measurements adjusted accordingly.

P/KJuly 7, 2015 10:01 PM

@ Nicholas Weaver:

Maybe it is useful to determine what is meant by "all"? You provided a nice detailed example on how XKS might work, but then please also specify what you mean by saying "collect it all".

At least it is not all data that travels through a cable: the bulk of peer to peer, file sharing and similar data are thrown away. That leaves the communications data. But one step before, they also select which cables (and/or channels within those cables) are connected to the XKS filter. So it's "all" communications data from specific cables.

GCHQ uses XKS too under its TEMPORA program, and that only had a Deep Dive capacity 46 channels of 10 Gbit/s, which is not very much compared to what submarine fiber-optic cables can handle.

Nick PJuly 7, 2015 10:32 PM

The XKEYSCORE presentation tells us plenty and their internal docs are more trustworthy than whatever they talk about in reports. Remember that they used to say they only collected metadata. Lol... Anyway, here's what their presentation says it does:

""Rolling Buffer" of 3 days of ALL unfiltered data seen by XKEYSCORE" (p2)

"500 servers distributed around the world" (p4)

"why do shallow" (p9) slide implies they're collecting all this simultaneously and running whatever analysts want against it with tradeoffs of their choice

"no other system performs this on raw unselected bulk traffick [except XKEYSCORE]" (p17)

Bam! It's bulk collection, allows use of selectors, and allows "retrospective" use of selectors via the buffer. QED.

bkd69July 8, 2015 12:05 AM

Remember, when you use encryption, the NSA assumes you are a foreign national, and therefor your traffic is fair game.

CuriousJuly 8, 2015 1:45 AM

Somewhat off topic: (heystack related)

The heystack is people! (Inspired from the movie "Soylent Green")

"Why keep adding hey to the heystack to find a needle?" Someone wrote recently somewhere.

Rolf WeberJuly 8, 2015 1:57 AM

@Dirk Praet

Neither I deny Nicholas Weaver's technical experience nor the technical capabilities of XKEYSCORE. But this is not what I discuss here. I discuss the underlying database, where Weaver, The Intercept and a lot of more people simply assume that this is indiscriminate, "collect it all" data -- without any evidence for this broad assumption.

And as I said before, I don't mind about the naming as "bulk". You can call it bulk. But on the other side, it is also targeted, it is not indiscriminate, and it is far away from "collect it all". This is quite good explained in the British ISC report.


@Nick P

You want to derive from wording in PowerPoint presentations that they do a full-take from the cable? Is this your serious? Nobody knows what the author meant when he wrote "full-take". You interpret it as full-take from the cable, I think it is rather meant full-take of communications, not just metadata. And you don't know what the word "unselected" refers to. Let alone that the wording in PowerPoint slides could be inaccurate.

"Full-take from the cable" is *impossible*. We know that a lot of collection points are cooperations with other countries, where at least the data of citizens are filtered out.

And it is impossible from the numbers we know. I quote myself:

20 terabytes per day, this sounds impressing. But we should keep in mind that if it was NSA's goal to collect as much as possible internet data, they had to go to the big internet exchange points. Let's take for example the German DECIX. Back in 2009, it had an average throughput of 400 GBit/s[1]. This equals to more than 4 petabytes per day. So while 20 terabytes of data may sound quite impressive for some, a number of much less than 1% certainly doesn't.

And that's what we know from the U.S. PCLOB report, the Britisch ISC report and the German "NSA-Untersuchungsausschuss" (I quote myself again):

It starts with an order from their government. The government wants foreign intelligence on some specific topics. Then they look what they could gain from internet taps to carry out their task. Then they look which internet cables are accessible (either because carriers can be compelled or there is cooperation). Then they look which from this cables seem to fit best for their mission. These are the cables that are actually tapped (in one of the published documents you can clearly see that the cable selection is an important analyzing task (*)). And not everything from these cables is collected, only data that fits to specific selectors, and filters are applied to filter out citizens of participating countries.

So the reality is: The internet consists of hundreds of thousands of cables. Only a fraction of these cables are accessible to the NSA. Out of the accessible cables, only a fraction is chosen to be actually tapped. And the data of the selected cables are further filtered with selectors and filters. Only the remaining rest is stored and analyzed. It is simply not true that there is a decent chance that data from average westerners is collected and analyzed with XKEYSCORE -- at least there is no evidence for this claim so far.

(*) https://s3.amazonaws.com/s3.documentcloud.org/documents/2116010/dni101.pdf
(See second page, “help you analyze” -> “Best Collection Points”)

Markus OttelaJuly 8, 2015 10:42 AM

@ Bruce Schneier:

For once I have to disagree with you. I see absolutely no point in trusting a proprietary software such as iMessage. Additionally, I have strong reservations about Apple using 1280-bit RSA keys when the current recommendation is 2048-4906 bits. The iMessage came out with iOS 5, 10 years after SHA2 was published (and standardized?), why would they still use the older SHA-1 standard?

I think it's the absolute minimum requirement to be able to verify the hash of public key / public DH value / public signing key -- or whatever it is, manually. iMessage doesn't have the feature, neither does Whatsapp despite the claimed "end-to-end encryption". The existence of the feature is mandatory to ensure DH key exchange was made with correct person. Without it any MITM attack is completely transparent.

Keys subpoenad from Apple can be used in MITM attacks, where Mallory pretends it is the Apple Push Notifications Service. Mallory can then send self-generated public keys to recipient and decrypt messages in transit without the target knowing it. If the cert authenticating DH public value is not pre-installed by Apple and relies on CA, even Apple might not know if the NSA is attacking.

--

Additionally, I really think the public discussion on using strong encryption is lacking behind technical skills of intelligence agencies. Now that messaging with forward secrecy is becoming the norm, Bulk CNE is becoming the future of mass surveillance.

We don't know if we live in that future already. All I can say about exploitation is what I've seen: The MS03_026 (Buffer Overrun In RPC Interface) of Windows XP-SP0 shows zero signs of compromise; Injection of meterpreter as payload gives the attacker the equivalent toolset that of the Regin/WarriorPride. There's nothing preventing anyone scripting metasploit to run the attack against whole IPv4 range. Like you said, FoxAcid is similar to metasploit but, the budget allows polishing the edges of each exploit prior to use; I would't be suprised if they check exploits against AV products, IDS software etc. So exfiltration of private PGP/RSA keys is a huge problem today, and exfiltration of DSA keys and MITM of OTR is another one we have to face in the near future.

ERJuly 8, 2015 2:48 PM

Snowden's absolutely harmed America, but not b/c Mujahedeen Secrets is used more, rather because he's stripped we freedom-loving Americans of our legal protection -- i.e., the "expectation of privacy." The administration couldn't have paid for better help in consolidating control.

Mike AmlingJuly 8, 2015 5:44 PM

@Clive Robinson
"Let's just say that your definition of random is almost certainly not somebody else's definition of random.

"Real random data such as pixel noise is often sufficiently distinguishable from encrypted data that when used for simple stego it can be readily spotted, even though the message is still unobtainable."

I'm not following you here. Admittedly, all I know about Mujahedeen Secrets is what it says in the Wikipedia article, where it sounds like it's just straight cryptography, with no steganographic aspect.

By "indistinguishable from random data" I mean (computationally) indistinguishable from a distribution where every bit is independently and uniformly distributed over {0, 1}. While one would expect to find such indistinguishabilily in symmetric cryptography (e.g. AES in counter mode), it's uncommon for public-key (e.g. a DH key exchange).

While I wasn't meaning to talk about stego, as long as you've mentioned it, I'll repeat a proposal I made on sci.crypt some years ago for low-bit-rate steganography.
A. Accumulate a large number of files (e.g., jpg files).
B. Establish a secret MAC key with a recipient.
C. Divide a message into n-bit parts, where the number of files from (A) is several times as large as 2**n. [E.g. n=12 or 13 for 100,000 files]
D. For each n-bit part of the message, send a file whose MAC's least significant bits match the message. Note: This is a lot of work for the sender, who has to try about 2**n files for each message segment to find a match.
E. The recipient takes the n least significant bits of the MACs of the received files to reconstruct the message.

Clearly no amount of examination of the files by a passive observer will be able to determine how the files have been modified to contain the message, since they haven't.

Nick PJuly 8, 2015 5:53 PM

@ Mike Amling

It's a neat scheme. The problem is that people spamming that many images doesn't happen in most circles. That it stands out makes them look harder. If there's a connection, then they're already looking at them closely. This might make them go ahead with an endpoint attack which uncovers the scheme. Alternatively, they might see a pattern where this happens between people who also have certain connections. That would arouse suspicion.

So, I doubt I'd try the direct implementation of it. Perhaps an alternative with text, voice, or streaming data that blends in with the crowds while using similar mechanism?

Dirk PraetJuly 8, 2015 7:37 PM

@ Markus Ottela

For once I have to disagree with you. I see absolutely no point in trusting a proprietary software such as iMessage.

Excellent analysis. iMessage/iOS may perhaps qualify as the least insecure mobile messenging combination for the average layman, but given a choice I'll go with Signal and Chatsecure every time. Ever since PRISM was revealed I just don't trust any (proprietary) software coming from its partners any more.

Rolf Weber July 9, 2015 1:07 AM

@Dirk Praet

PRISM is no more than that companies are compelled to hand over specific user data. Something like PRISM exists in virtually any country of the world.

No company did more than they are obliged by law. "partners" is and always was just another lie.

Clive RobinsonJuly 9, 2015 4:54 AM

@ Mike Amling,

I'm not following you here.

Yes, after going back and reading what I wrote I'm not surprised, so my bad.

So... as you probably know block ciphers are substitution ciphers, which means some or all of the plaintext statistics are still visable in the ciphertext. There are three basic ways of reducing this problem,

1, Flaten the statistics in the plaintext.
2, Increase the block size.
3, Use the block cipher in some kind of mode (usually chaining).

The latter two have their own problems which can create identifing statistics in the cipher text, the most obvious is the "block size" often becomes apparent.

However, there is another issue, which is the resulting ciphertext statistics are so flat that next to nothing in nature produces such flat statistics. This alone makes ciphertext of any moderate length fairly obvious to even minimal examination.

Thus you need to hide this unnaturalness in some believable way.

The usuall trick most think of is some kind of simple stego where you just hide the ciphertext in amongst existing plaintext.

Unfortunatly this usually changes the statistics of the result in a fairly easily identifiable way, hence the likes of GCHQ, NSA, et al can spot stego almost as easily as they can straight ciphertext.

Thus the usuall mantra of "Compress then Encrypt" is insufficient these days. It needs to be "Compress, Encrypt then Inflate". Where the encrypt is actually cipher+mode, the compress function should be plaintext specific and the inflate process changes the flat statistics of the ciphertext into the statistics of a standard file format.

This issue has been known in the IC world going back atleast as far as prior to WWI, when the "block size" was the same as the plaintext alphabet size, for some reason as the cipher block size increased, this third stage got forgotten outside of the IC community. Which is unfortunate because in the mean time computing power has reached a point where checking the statistics of a file against it's "advertised type" whilst not trivial can be done as a filtering stage, to flag up files for further examination.

I've mentioned this before when talking about hand ciphers and mentioned that the output of an OTP was clearly different to a breakable double transposition cipher such as a Poem Code. It occured to more than one person in the IC that changing the output stats of an OTP to look like a breakable cipher would tie down quite rare resources in the enemy. In most cases however it was decided not to do it for a couple of reasons. The first being the "failings of operators, and signals" to do an extra encryption step and get it correctly from the sender to the recipient. The second was the fear factor of "if we do it to them then they will do it to us".

Neither of those reasons apply today. Firstly modern data comms is "all or nothing" and computers can be trusted to encipher/decipher correctly. But secondly, "the enemy has changed" this is the consequence of Govt's treating the citizens as "the enemy", it's the world of asymmetric warfare these days. Thus the citizens don't capture and cryptoanalyse Govt comms, so logicaly we shouldn't care if they do or do not add the third stage to their comms. Thus it should not hold us back from making their work more expensive and unproductive, especially as the extra cost to our comms is minimal.

Dirk PraetJuly 9, 2015 7:45 AM

@ Rolf Weber

PRISM is no more than that companies are compelled to hand over specific user data.

Rolf, you have made your point: Snowden is a lying sack of sh*t, his documents Soviet Union-era like desinformation and the only people able to correctly interpret them you and other NSA-apologists maintaining that everything that has been brought to light is really hunky dory, perfectly legal and in no way incompatible with a democratic society. Authorative arbiters of what is really going on are companies under gag order, government officials and figleaf committees such as PCLOB and ISC. Everyone else is a bunch of ignorant leftist hippy conspiracy theorists talking through their *sses.

However much you are entitled to your opinion, your obsessive regurgitating of certain topics is not contributing in any way to the informed and intelligent debate most of us are trying to have here. Quite a few folks on this forum - including myself - have come to appreciate @Skeptical because his generally well-articulated comments force us to think harder and dig deeper. Yours on the other hand are irritating at best, bordering on trolling, and most of the time based on unsubstantiated personal beliefs and assumptions that filter out any information that is not in line with your view of the world.

I'm not gonna get myself lured into a pointless PRISM or "direct access" discussion with you again. Believe what you want, but please be so kind as to no longer interfere with conversations between other folks who have moved on and, quite frankly, are fed up with your futile attempts to derail threads and revive past discussions.

Rolf WeberJuly 9, 2015 9:01 AM

@Dirk Praet

The Snowden documents deliver no evidence for a "partnership". Period.

To call PCLOB and ISC "figleaf committees" is deeply ridiculous and simply proves your bias.
Their reports are the most reliable we have so far. Of course they do not say everything in the unclassified reports, but to assume they would plainly lie is nothing but absurd.
At least are these reports much more reliable than *PowerPoint* slides. It is ridiculous how you and others rely on PowerPoint slides, which can almost always be interpreted in different ways and the context is often completely unclear.

If you want to call my very few posts here "obsessive", ok, then it be. But I will not be "so kind". If I read here factual untrue claims, than I will -- as long as my mood allows -- comment on it. Both the "direct access" and the "partnership" is such a baseless shit. And a defamation of the companies.

rgaffJuly 9, 2015 1:40 PM

lol... of course... our glorious righteous perfect god-like government would NEVER lie to us..... just say the "least untruthful" thing it can get away with. Clapper knows all.

Mike AmlingJuly 9, 2015 4:22 PM

@Nick P
"spamming that many images doesn't happen in most circles."

I wouldn't suggest sending the files in e-mail directly to the intended recipient. A better idea would be to have the members of your cabal each set up a blog read mostly by innocent strangers.

The "files" don't have to be jpgs. A selection from a large set of famous quotations would do. Or a paragraph could be used as a "file", although in that case you'd probably want to automate the process of coming up with thousands of variants on the paragraph.

I admit it's more practical when the messages are short, e.g. key material, or prearranged signals.

Mike AmlingJuly 9, 2015 5:43 PM

@Clive
"it should not hold us back from making their work more expensive and unproductive, especially as the extra cost to our comms is minimal."

Yes, that sentiment is one I'm sure Bruce would agree with.

"3.Use ... mode (usually chaining)"

I have never understood why CBC is so popular. CTR needs no padding and, AFAIK, you could even let the adversary choose the IV. I agree that use of a mode is pretty basic.

Vesselin BontchevJuly 9, 2015 5:56 PM

XKEYSCORE, by itself, isn't that impressive. It's just a somewhat user-friendly database browser. The database is certainly impressive, but given NSA's funding and goals, that's not surprising.

However, the "facepalm" moment for me was when I read that all database admins logged in using one and the same acount ("oper"), so their activities couldn't be audited (in the sense of who did what) and also they could query the database directly via SQL (which was also not logged and not audited, unlike the XKEYSCORE requests). This smacks more of a two-bit crypto-currency exchange than of a professional security establishment. No wonder Snowden could sweep so much and to this day nobody can figure out exactly what he got. With all due respect, NSA's internal computer security sucked.

ZenzeroJuly 9, 2015 7:52 PM

@Rolf Weber

"yawn"

If it's so boring for you may I humbly suggest popping back to reddit as it's more befitting of your input.

@Vesselin Bontchev

It's amazing that a multi billion organisation, charged with protecting a country would use a communal password. Worst practise and considering what they do, frankly criminal as they also parade their non repudiation values.

Rolf WeberJuly 10, 2015 1:42 AM

@Vesselin Bontchev

Even if there are "shortcommings" with the protection of the XKEYSCORE database, it is no more than nitpickery.
The database contains raw internet data, kind of data that thousands of countries, companies and technicians could also collect. Maybe some of the experts here remember that the internet was considered a public media from the very beginning?


@Zenzero

Thanks for your advise, but I really think much more people here need a reality check badly. I mean, some commentators here, on the one side, declare everything from official reports like from PCLOB or ISC that doesn't fit into their ideology as a lie. But on the other side, they have a religious-alike believe in *PowerPoint* slides. Yes, in *PowerPoint* slides. This is so incredible funny.

WaelJuly 10, 2015 2:00 AM

@Rolf Weber,

it is no more than nitpickery [...] Thanks for your advise ...

Strange! I just gave a minor advice ;)

Maybe some of the experts here remember that the internet was considered a public media from the very beginning?

Maybe the rest of the experts remember that the very beginning was for non public military use.

Rolf WeberJuly 10, 2015 2:42 AM

@Wael

Nice try. But backfires, like with every smattering.

In 1983, the U.S. military portion of the ARPANET was broken off as a separate network, the MILNET. MILNET subsequently became the unclassified but military-only NIPRNET, in parallel with the SECRET-level SIPRNET and JWICS for TOP SECRET and above. NIPRNET does have controlled security gateways to the public Internet.

https://en.wikipedia.org/wiki/History_of_the_Internet

HTH.

Rolf WeberJuly 10, 2015 4:38 AM

@Wael

Do you really want to discuss with me whether the internet is a public medium or not? That's the important thing when we want to assess the XKEYSCORE database.

I tell you something: I donate you the "from the very beginning". This doesn't mean you are right, but it just doesn't matter here.

WaelJuly 10, 2015 4:48 AM

@Rolf Weber,

Do you really want to discuss with me whether the internet is a public medium or not?

Not really. That's a moot discussion!

Rolf WeberJuly 10, 2015 4:58 AM

@Wael

OK, then back to where we started:
There is only raw internet data in the XKEYSCORE database. Data, that thousands of countries, companies and technicians worldwide could also collect. It would be an unreasonable overkill to protect this data like crown jewels.

Dirk PraetJuly 10, 2015 5:11 AM

@ Rolf Weber

Thanks for your advise, but I really think much more people here need a reality check badly.

That pretty much sums up the general consensus about your comments on this forum. I have cross-posted an extensive reply to Usenet's alt.snowden.must.die and alt.gov.obsessive.sycophants as to no longer annoy other folks with our private squabbling. See you there!

@ Wael

Do you really want to discuss with me whether the internet is a public medium or not? That's the important thing when we want to assess the XKEYSCORE database.

One cannot but appreciate the irony of this statement coming from a person who seizes every opportunity to derail threads by endlessly reiterating his personal beliefs on topics everyone else has put to rest for quite a while.

WaelJuly 10, 2015 5:18 AM

@Rolf Weber,

One protects the data based on it's classification. You are arguing that since the (raw) data can be collected by many entities, it needs no "unreasonable level of overkill protection". That's flawed at the concept level.

In your view, what's a reasonable level of protection?

WaelJuly 10, 2015 5:40 AM

@Dirk Praet,

endlessly reiterating his personal beliefs on topics everyone else has put to rest for quite a while.

I was somewhat puzzled myself. I wanted to give him the benefit of the doubt and understand what he's thinking. Was going to write a long reply and disect every word he said, but I am getting tired (unfortunately not sleepy) so I was going to punt the reply when my mind is a little more fresh, not because I need a fresh mind for the reply. It's just I'm tired ;)

Clive RobinsonJuly 10, 2015 6:48 AM

@ Dirk Praet, Wael,

What some people fail to realise is that what is claimed is "public" and what the reality and perception of it are.

Most if not all of the Internet that is relevant is actually owned by private corporations who just like the "Plain Old Telephone Service" suppliers of the past rent out "connectivity" and "usage/capacity".

However the difference is that POTS service was "circuit switched" and heavily regulated by Govt, which made both privacy and the ephemeral nature of conversation fairly easy to maintain untill the advent of "full digital". Although the Internet is at best only lightly regulated and packet switched many users perceive it to be as secure and ephemeral as the POTS service had been, and there are absolutly no technical reasons why it can not be.

Thus something can be "publicaly available" but "privately owned" and fully support both "private and ephemeral" communications.

Thus arguing "It's public, no expectatuon of privacy" is not actually a rational position to take historicaly. Because just about as long as man has communicated both privacy and the ephemeral nature of it has been very much the norm, it's only the technology of this current century that this has changed much for the worse of society in general.

It's a shame that people are not learning from the lessons history teaches us.

Rolf WeberJuly 10, 2015 6:57 AM

@Wael

I don't know how NSA classifies raw data from public internet. Neither is any related security policy leaked so far.
I just say that we are speaking about raw data from public internet, and that the taunting comments about NSA's alleged missing paranoia about this kind of data are nothing but ridiculous.

The only reason why I could imagine this data deserves strong protection is because a hostile intelligence agency could reverse-engineer (to some extent) the selectors used while the cable tap. But you guys here deny anyway that no selectors would be used, that it's a "collect it all", so for you even that should not count as a reason.

Dirk PraetJuly 10, 2015 7:14 AM

@ Clive Robinson, @ Wael

Thus arguing "It's public, no expectation of privacy" is not actually a rational position to take historicaly.

It also raises the question under which authority it would be legal for any non-state actor (company or private person alike) to tap into and hover up from internet backbones massive amounts of raw communication data for private or commercial exploitation.

Rolf WeberJuly 10, 2015 9:21 AM

@Clive Robinson

Thus arguing "It's public, no expectation of privacy" is not actually a rational position to take historicaly.

ssh, HTTPS, IPsec and so on were invented because nobody expected privacy over the public internet. And encryption was widely used, even back in 2009.

The only big problem was Email, but every responsible person should have been aware that it's transported in plaintext over the public internet. In the meantime, this is almost fixed now by the wide deployment of STARTTLS (one of the very few good Snowden effects).

But this has all little to do with the fact that the XKEYSCORE database only contained raw data from public internet. Absolutely no reason for NSA to built a Fort Knox around it.

CarlJuly 10, 2015 5:18 PM

@ Steve, "Seems to me the best way to guarantee that the NSA is reading your mail is to use encryption."

Seems so. The best way to guarantee that they read your posts is to use TOR.

CarlJuly 10, 2015 5:24 PM

@ Clive Robinson, "Most if not all of the Internet that is relevant is actually owned by private corporations who just like the "Plain Old Telephone Service" suppliers of the past rent out "connectivity" and "usage/capacity"."

Let's look at it this way.

If you rented a house from someone, does the landlord have the right to install surveillance camera in your property to watch your daily activities? The answer is no. Can LEOs install a surveilance cam in your house? The answer is conditional of a warrant. Thus, it is established that your home is your private space even though you don't own it.

Furthermore, if "connectivity" and "usage/capacity" are rented utilities then each packet sent from your computer is a rented packet, for which you who paid a service fee/rent. There is reasonable expectation of privacy, in my opinion.

WaelJuly 11, 2015 1:42 AM

@Rolf Weber,

I'll keep it short and simple. Looking at the three main premises you built your argument on:

  1. Raw data
  2. Availability to multitude of interceptors
  3. Public infrastructure

First of all: Raw data is a comprehensive collection of everything that goes on the wire, and can be analyzed real time or within the 3 - 5 days it remains in storage. Certain classes of data will be filtered out and saved for longer times is the rational expectation. So the raw data premise doesn't really support your conclusion; it goes against your argument.

Second: Availability to many interceptors: You ignore the capabilities, power, and reach (both technical and legal) of the interceptor. This is truly dreadful security workmanship.

Third: The fact the Internet is public means the infrastructure is available to the public. The content that moves across the public internet is far from being public! Usernames, passwords, bank account information, medical records (you have HIPPA regulations in Germany?), PII (tier 0,1,2) etc... aren't supposed to be "public".

Then you need to protect against "insider threats" which include confidentiality and integrity of the collected data (framing an innocent person for personal reasons.) Access control is important as well! I would say, in your words, that if "unreasonable over kill protection" isn't applied, then this is an epic security failure on the grandest of scales. What Snowden was able to do is a manifestation of this failure. "Overkill protection" is really "fundamental due diligence".

Still, something tells me we are talking about two different things probably because you didn't describe your argument clearly.

Alright, Gangesta ... Want to retract your claims now, or do you wish to continue? I haven't slept much this week, but I had my triple shot Turkish coffee for your eyes only ;) I'm still not sure I'll be able to stay awake much longer ...

Rolf WeberJuly 11, 2015 4:39 PM

@Wael

1. With raw I mean it is big, with lots of junk, unsorted, maybe encoded, and maybe encrypted with weak encryption (that maybe other NSA departments could break). So on the one side it is very hard to find useful information in this bulk data (what do you think why many analysts with a powerful tool like XKEYSCORE search in it?). And there is only 3-5 days time until the data is erased. And on the other side it is much too big to steal the data out of the NSA (a database admin first had to copy the data from the collection point to the NSA and than manage to take it out of NSA).

2. Yes, NSA has more capabilities, reach and power than others. But on the other site they are limited by legal restraints. But my main point was that each XKEYSCORE dataset could be accessed by numerous other people or organisations as well. Because it is from the public internet.

3. If somebody transports passwords, bank accounts, credit card numbers, medical records and so on unencrypted over the public internet, then he did something seriously wrong. This was always a well known fact that sensitive data should be carried over the public internet only with strong encryption. And as I said before, HTTPS, VPN & Co. were in wide use even back in 2009.

Of course I do not retract my claims. And since you mentioned Snowden, of course here NSA's internal data protection failed completely. I would even say it is hard to understand why not some people were fired because of this awkward failure. But there is absolutely no evidence that they didn't protect the XKEYSCORE database good enough.

Rolf WeberJuly 11, 2015 4:43 PM

@Dirk Praet

It also raises the question under which authority it would be legal for any non-state actor (company or private person alike) to tap into and hover up from internet backbones massive amounts of raw communication data for private or commercial exploitation.

Of course this would be illegal. As well as it is illegal for an NSA database administrator to abuse the XKEYSCORE database.

WaelJuly 12, 2015 1:45 AM

@Rolf Weber,

As well as it is illegal for an NSA database administrator to abuse the XKEYSCORE database

So you believe a legal "control" is a sufficient protection mechanism. What if I said let's not encrypt anything, abandon technical security mechanisms and just trust the "law" is an insurmountable and sufficient deterrent! Do you see anything wrong with the previous statement?

WaelJuly 12, 2015 2:11 AM

@Rolf Weber,

And this excerpt is quoted from your blog piece:

if they are able to read your private communications or see your private pictures, you probably did something wrong. Serious wrong.

I think there is something lost in translation (German to English) which maybe causing some confusion, at least to me.

Do you mean: If they decide to look further into your private communications, then they have reason to do so? Because the statement you wrote, as is, is obviously invalid! Do I need to explain why?

WaelJuly 12, 2015 2:14 AM

@Clive Robinson, @Dirk Praet,

Thus something can be "publicaly available" but "privately owned" and fully support both "private and ephemeral" communications.

True, right on!

rgaffJuly 12, 2015 8:49 AM

Wait a minute... could @Rolf Weber possibly be for encryption when his glorious always-right leaders are all against it??

Rolf WeberJuly 12, 2015 2:53 PM

@Wael

So you believe a legal "control" is a sufficient protection mechanism.

No, of course not. It is not sufficient to only rely on legal protection in global and public internet.
It was just an answer on Dirk Praet who argued that technicians of carriers are bound to law. And to this I answer: NSA database administrators are bound to law too. So if on the one side you argue that law offers *some* protection, you cannot deny the same when we are speaking about NSA employees.

I think there is something lost in translation (German to English) which maybe causing some confusion, at least to me.

I know that my English is not the best, but I read my post again, and still cannot see my mistake. Maybe our misunderstanding is related to what @rgaff said.
With "you did something wrong", I didn't mean "you are involved in terrorism or crime or so". I just meant that you failed to encrypt your private communications if the NSA was able to read them in the first place.


@rgaff

I don't like the terms "for" or "against" encryption, but for sure I think strong crypto is a necessity on public internet. And I believed this was consensus here. :-)
And further I think that -- with the exception email -- encryption was always used for most sensitive communications on the public internet. And this is one reason why the XKEYSCORE database must not be protected like Fort Knox.

WaelJuly 12, 2015 5:44 PM

@Rolf Weber,

I know that my English is not the best, but I read my post again, and still cannot see my mistake.

I wasn't pointing out a mistake in the words. I wanted to make sure what I understood from reading is what you meant. Worry not! Deine Englisch ist hundertmal besser als mein Deutsch (not sure if it's Deine or Ihr, but as you see...) So you're ahead of me.

I didn't mean "you are involved in terrorism or crime or so

In that case, the statement isn't "invalid"!

I just meant that you failed to encrypt your private communications if the NSA was able to read them in the first place.

I considered that is what you meant as well. There are two factors: the level of defense, and the capability of the "attacker". Even with formidable defenses, an exceptionally powerful attacker can ... watch the movie or private pictures with you ;) And in that case, your statement is an unsubstantiated claim. Better than logically invalid, but likely false, nonetheless :)

WaelJuly 12, 2015 5:47 PM

@Rolf Weber,

It was just an answer on Dirk Praet who argued that technicians of carriers are bound to law. And to this I answer: NSA database administrators are bound to law too.

Makes sense, I would have argued the same as well.

Dirk PraetJuly 12, 2015 8:25 PM

@ Wael

Makes sense, I would have argued the same as well.

I guess I have to elaborate on my statement. @Rolf Weber's view seems to be that there is no problem whatsoever with XKS and hovering up massive amounts of internet communication data because everybody can do it and there is no expectation of privacy on the internet anyway. Which is why it is up to the user to encrypt his/her communications.

That's just plain false, even in the US. PA Section 215 drew from Smith v. Maryland that there is no reasonable expectation of privacy for communication's metadata like addressing and routing information. It was found to be illegal anyway, and is now expired and replaced by new provisions in the US Freedom Act. With respect to the content of such communications, the user generally does have a legitimate expectation of privacy while it is in transmission over the internet. This has been upheld more than once, e.g. in United States v. Maxwell, and which is the very reason why there are legal constraints on (bulk) collection of US citizen's communications data.

Although these restrictions do not apply to us foreigners (UPSTREAM, FISA 702), my position remains that this practice goes against Article 12 of the UDHR stating that

"No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks."

In short: in a perfect world, we wouldn't have to bother with encryption because our communications - at least their content - are protected under law and international covenants. If they get intercepted, it's not because we are doing something wrong, but because (absent a warrant) someone else is.

Since for XKS administrators it appears to be just as easy to do direct SQL queries on the database as it is for the NSA to intercept all these data in the first place, I have little reason to believe that enforcement of applicable constraints is any better in the latter than it is in the former.

ughJuly 12, 2015 9:28 PM

@Rolf Weber


I know that my English is not the best

yea...if I look at the linguistic quality of the "Rolf Weber" posts since 2013, most of them are written in a level of English that's rather atypical to a person who claims to have difficulties with the language

...with of course a typo or grammatical mishap here and there, but those could as well be intentional...


WaelJuly 12, 2015 10:02 PM

@Dirk Praet,

I guess I have to elaborate on my statement

I know your position. What I was telling @Rolf Weber is I would use the same tactic. So I understand what he says, but I don't necessarily agree with him.

AnonJuly 12, 2015 11:20 PM

@Dirk

The most relevant case law for the NSA's activities would be the FISA and FISA appellate courts, which have jurisdiction. Appellate courts can't create binding precedents in case law on other appellate courts. Only the US Supreme Court can do that.

Rolf WeberJuly 13, 2015 2:26 AM

@Wael

Deine Englisch ist hundertmal besser als mein Deutsch (not sure if it's Deine or Ihr, but as you see...)

Oh, thanks. And you can say you to me. :-)
Means I would prefer "Dein".

Even with formidable defenses, an exceptionally powerful attacker can ... watch the movie or private pictures with you ;) And in that case, your statement is an unsubstantiated claim. Better than logically invalid, but likely false, nonetheless :)

I would not object, however we were talking about an undisciplined NSA database administrator, and that is certainly not an "exceptionally powerful attacker".


@Dirk Praet

@Rolf Weber's view seems to be that there is no problem whatsoever with XKS and hovering up massive amounts of internet communication data because everybody can do it and there is no expectation of privacy on the internet anyway. Which is why it is up to the user to encrypt his/her communications.

But that's not what I said. Basically I said only 2 things:

1. The XKEYSCORE database consists of targeted, pre-selected, not indiscriminate data.

2. There is no need for a special protection against insider attacks for the XKEYSCORE database.

I largely agree to what you said. I don't think we disagree much on our legal interpretations. We differ on what we assume as proven facts. For example:

- You say there is a "PRISM partnership" between the NSA and companies. I would agree that this would be a scandal, but it is not proven at all, it is at best a conspiracy theory.

- You say there is a "direct access" under PRISM. I would agree that this would be a wrongdoing, but it is not proven at all, it is at best a conspiracy theory.

- And in our discussion here you say that XKEYSCORE data is indiscriminate "collect it all". I would agree that this would be mass surveillance and would most likely violate UDHR, but it is simply not true that there is evidence for such a "collect it all". Quite the opposite, the known facts so far indicate that the NSA taps very few cables, and out of the tapped cables they store and analyze only targeted data based on specific selectors.

WaelJuly 13, 2015 4:17 AM

@Rolf a Weber,

we were talking about an undisciplined NSA database administrator, and that is certainly not an "exceptionally powerful attacker".

What makes an attacker "exceptionally powerful"? It's not just the power from within; group powers that they inherit, ramifications of their actions relative to an outsider, etc... need to be factored in as a multiplier of their "inherent powers". That's why "insiders" require special attention in threat modeling -- a discussion for another day ...

WaelJuly 13, 2015 4:21 AM

@Rolf Weber,

we were talking about an undisciplined NSA database administrator, and that is certainly not an "exceptionally powerful attacker".

What makes an attacker "exceptionally powerful"? It's not just the powers from within; group powers that they inherit, ramifications of their actions relative to an outsider, etc... need to be factored in as a multiplier of their "inherent powers". That's why "insiders" require special attention in threat modeling -- a discussion for another day ...

Thanks for the reminder of "Deine vs Dein"! Forgot about genders. It's been a while.

WaelJuly 13, 2015 4:25 AM

Crap! A double post! Tried to cancel after discovering some mistakes, but I didn't click fast enough. Some things are meant to happen!

okayJuly 13, 2015 4:55 AM

Does anyone else find this discussion odd ? A few posters are arguing zealously over an apparatus, as described by a couple of pdf documents, called 'XKS' whose technical merits & capabilities described therein is still quite questionable. The apparatus may be real, but described details are quite murky and some may be illogically conscrued. Arguments based on unverifiable specs is a tad heresay?

Dirk PraetJuly 13, 2015 7:14 AM

@ Anon

The most relevant case law for the NSA's activities would be the FISA and FISA appellate courts, which have jurisdiction.

Most definitely so. Unfortunately, the FISC is a secretive court and not very transparent in its rulings and interpretations.

Appellate courts can't create binding precedents in case law on other appellate courts. Only the US Supreme Court can do that.

Indeed. As in the FISC - at the governments demand - temporarily reinstating the phone metadata collection after it had been ruled illegal by the Second Circuit Court of Appeals. But which is not to say that they can safely ignore existing legislation other than FISA(A).

Dirk PraetJuly 13, 2015 8:56 PM

@ Rolf Weber

Since I'm having trouble falling asleep, I thought I'd give you some more food for thought.

... Quite the opposite, the known facts so far indicate that the NSA taps very few cables, and out of the tapped cables they store and analyze only targeted data based on specific selectors ...

Let's have a closer look at this. You may remember the NSA MYSTIC and SOMALGET programs and their related NUCLEON database. MYSTIC hovers up ALL phone metadata for Kenya, Mexico, the Philippines and probably some more countries. SOMALGET goes even further and collects contents too for the Bahamas and at least one additional country. If that's not a full take and perhaps somewhat questionable under the UDHR, my name is Cleopatra.

One may argue that it is not a "full take" because not every country is being subjected to MYSTIC, but that's probably not how the people in the affected countries see it, and for all practical purposes limited not by intent, but rather by budgets, technology and suitable "peering agreements" with local governments and telco's.

Now let's extrapolate to XKS. The NSA "taps very few cables". Is that because they're just not interested in the others, or - more realistically - because they haven't/hadn't been able to access them just yet? Is there "a full take" going on in the sense that each and every fibre cable is being tapped and every bit of raw data stored? Of course not. Because that wouldn't make sense, not only because of the technological limitations to efficiently store and query zwickabytes of raw data, but just as much because there is little point in storing people's "Game of Thrones" torrents.

So the "full take" is first run through programs like ASPHALT and ASPHALT PLUS to make the raw data usable, and subsequently subjected to a massive volume reduction (MVR) to get rid of all the trash. Simple analysis of selectors and fingerprints makes it obvious that after MVR, XKS can still be used to query and further process almost anything about anyone whose communications have been hovered up, and with few technical constraints in place.

In conclusion, a system like XKS can only be considered targeted surveillance when it is used to store, query and access information about legitimate suspects/targets, but it is mass surveillance in the sense that its database also stores massive amounts of private data about countless perfectly innocent people whose only crimes are that they have been using Tor, using PGP, making searches about TAILS, posting on this blog, visiting German fora from Pakistan, or whatever else the NSA or its partners find interesting.

And that, mate, for me is as close to full take as full take can get.

Rolf WeberJuly 14, 2015 2:46 AM

@Wael

I think your German is better than you confess, since you know the difference between "Deine" and "Ihre". And the genders really suck in German ...

And I absolutely agree that insider threat are really serious. Snowden is a perfect example. We just don't agree about the value of raw XKEYSCORE data.


@Dirk Praet

Let's have a closer look at this. You may remember the NSA MYSTIC and SOMALGET programs and their related NUCLEON database.

Yes, and I think I already said here that I consider these programs as mass surveillance too.

However you mentioned this important point:

and suitable "peering agreements" with local governments and telco's.

So these programs seem (at least I'm sure for Afghanistan, Irak and Bahamas[*]) to run with knowledge, help and consent from local authorities. It is hardly imaginable that it is possible without this help.
So the concerned people should rather blame their own government than the NSA. But my guess is that these countries are facing much bigger probleme than mass surveillance.

[*] The Bahamas didn't know about the NSA, but they cooperated willingly with DEA.

The NSA "taps very few cables". Is that because they're just not interested in the others, or - more realistically - because they haven't/hadn't been able to access them just yet?

The NSA has possible access to all cables on American soil under FISA 702, but they actually tap only few, selected ones. The same is true for GCHQ and UK. So limited access cannot be the only explanation.

Is there "a full take" going on in the sense that each and every fibre cable is being tapped and every bit of raw data stored? Of course not. Because that wouldn't make sense, not only because of the technological limitations to efficiently store and query zwickabytes of raw data, but just as much because there is little point in storing people's "Game of Thrones" torrents.

Yes, they remove high volume / low value traffic with MVR, and they filter data of citizens (sometime they seem to filter, sometimes to "minimize"). But that are not the only filters. They store and analyze only selected traffic based on specific selectors. And yes, I really think they do this because they are not interested in the rest. They only want data that likely contains foreign intelligence, that likely fits to their missions. They don't want to be flooded with data, that would just be waste of resources.

I agree that even the targeted, selected traffic is still bulk. That it very likely contains data of absolutely innocent people. And of course we can discuss whether this is justified or not. But first we should agree that the collected data is targeted, selected and not indiscriminate. Because we had no common base for this discussion if you assume that XKEYSCORE data is "collect it all", just MVR'd.

WaelJuly 14, 2015 3:30 AM

@Rolf Weber,

We just don't agree about the value of raw XKEYSCORE data.

Nothing wrong with that! We can't agree on everything!

Different backgrounds, different sources we take to be "true", different way of thinking, different environments, different cultures, ... It's a surprise we agree on anything. Lol

Dirk PraetJuly 14, 2015 6:59 AM

@ Rolf Weber

So the concerned people should rather blame their own government than the NSA.

No, they should blame both. Like in bribery: the party giving the bribe is as much at fault as the party taking it. Aiding and abetting foreign espionage agencies in quite some countries is illegal, even against the constitution. IIRC, in Germany too. And there's at least one country we know of that refused to cooperate, i.e. Japan.

But my guess is that these countries are facing much bigger problems than mass surveillance.

As in not caring about mice when you're house is already infested with cockroaches ?

So limited access cannot be the only explanation.

So what is? The only logical answer is budgetary constraints.

But first we should agree that the collected data is targeted, selected and not indiscriminate.

That just depends on where you're sitting. It might be from an NSA perspective, but for someone who believes that acquiring and collecting private information about people requires either consent or probable cause accompanied by a warrant, it really isn't targeted or selected at all. I repeat: it's not a "full take" in the sense that they collect all raw data from all fiber cables in the world, it is a full take of everything of 5Eyes interest (resources, technology and peering agreements permitting). Which, from all we've seen and with all limitations you quote, is still gargantuan in scope, and probably the largest operation of mass surveillance in the history of mankind.

Even under PA, USA Freedom Act, FISA(A) et al, my position is and has always been that within the US this goes directly against the spirit of the 4th Amendment, and for the rest of the world against Article 12 of the UDHR and other international covenants and treaties the US is signatory to.

name.withheld.for.obvious.reasonsJuly 14, 2015 11:04 AM

@ Dirk Praet,

...acquiring and collecting private information about people requires either consent or probable cause accompanied by a warrant, it really isn't targeted or selected at all. I repeat: it's not a "full take" in the sense that they collect all raw data...

This may suggest a reason the U.S. could not hold the ground in Iraq, as part of the "SURGE" the IC was busy with country-wide surveillance. One of the issues that might have presented itself was the U.S. being unable to hand over the keys to the new Iraqi car...

I speculate that this issue has been resolved, a compartmentalized version is probably available for shipment to countries even on the TAR list (or as W would say, "The evil doers")

Rolf WeberJuly 14, 2015 4:19 PM

@Dirk Praet

Aiding and abetting foreign espionage agencies in quite some countries is illegal, even against the constitution. IIRC, in Germany too. And there's at least one country we know of that refused to cooperate, i.e. Japan.

Germany cooperated, but painfully filtered out all data from German citizens. So I see no big deal here.

As in not caring about mice when you're house is already infested with cockroaches ?

I rather think the people in crisis areas like Afghanistan or Iraq are much more worried about daily terror plots than about their privacy. I would not be surprised if they think that mass surveillance makes them more secure.

So what is? The only logical answer is budgetary constraints.

No, as I said before they only want data that likely fits to their missions. Emails or chats from average westerners is nothing but useless junk for them.

It might be from an NSA perspective, but for someone who believes that acquiring and collecting private information about people requires either consent or probable cause accompanied by a warrant, it really isn't targeted or selected at all.

Probable cause only applies within a democratic nation state. And it is not only the US or 5-eyes, I doubt that any country grants privacy rights to foreigners abroad. Germany eg doesn't. So first you have to face this reality.

Foreign SIGINT has to be broader than traditional surveillance. First, because of digital realities, valid targets and uninvolved innocents share the same cables. Second, because it is so easy to change identifiers (like phone numbers, email addresses, IP addresses, handles and so on). And third because the help of local authorities is usually very limited. So if you demand to apply the same rules on foreigners abroad as you apply to citizens, you do nothing more than disable foreign intelligence. Maybe this is your goal anyway, but it is no more than an illusion that this will happen in any nation state of the world. At least not in our lifetime.

So the answer will certainly not be that intelligence will be abolished. The answer is strict oversight to minimize the risks of abuse. And here backfired the Snowden revelations, because his documents show that the NSA is under a very strict oversight. It is no coincidence that Snowden and the journalists with access to the documents could not reveal a single wrongdoing so far.

SkepticalJuly 14, 2015 8:02 PM


@Rolf: It is no coincidence that Snowden and the journalists with access to the documents could not reveal a single wrongdoing so far.

Yes - easily one of the most interesting aspects of the Snowden documents is what ISN'T in them. That's not to say that some of the policy objections to certain practices are wholly without merit. But the lack of corruption and malfeasance is extraordinary and heartening.

In this respect, the Snowden leak is similar to Manning's leak. She believed that she was exposing widespread wrong-doing and corruption (or claimed to believe that, at any rate). Leaving aside the video of the helicopter engagement, most of the material, and especially the State Department cables, showed US foreign policy in a very positive and straightforward light. They showed the US actually applying pressure to oppressive governments to allow greater freedoms, and they showed the US willing to make concessions in order to achieve progress.

Snowden's leak has revealed - regardless of what one might think of the policy merits of certain programs - a NSA that seems, as an organization, deeply invested in complying with the law and genuinely driven to accomplish its missions in a legal and ethical manner. What Rolf says about the NSA not being interested in the conversations and interests of ordinary persons is precisely correct: that data is an obstacle, a hindrance, the stuff that an analyst needs NOT to see in order to be able to work with information relevant to his mission.

Many have made the point that the NSA likely has better capabilities than are represented in documents from 2008 or 2009. Probably true. But few seem to note a point equally evident from the documents: that the NSA likely has better compliance and audit mechanisms in place today than in 2008 or 2009, as well as better filtering to reduce the amount of irrelevant data before more time-consuming processing (by either computer or human) occurs.

These people don't want to serve every internet user with targeted advertising; unless you're a foreign leader or someone engaged in international terrorist movements, they don't care if you're having an affair or what porn you're watching; they're interested in capturing a much, much narrower subset of information than any large internet company.

Leaving aside automated responses to cyber-attacks and the like, remember that ultimately information must be viewed, understood, and packaged by human beings before it can become relevant intelligence. Every powerpoint slide needs to be placed in that context. If you lose that context, if you forget that ultimate purpose of any collection, then whatever context your mind substitutes in order to make sense of the slide has a high probability of misleading you.

Dirk PraetJuly 14, 2015 9:20 PM

@ Rolf Weber

Germany cooperated, but painfully filtered out all data from German citizens.

Oh, come on. You seem to have forgotten about BOUNDLESS INFORMANT. Some documents say the NSA saves data from around half a billion communications connections from Germany each month. And how is Angela Merkel not a German citizen? It's all out in the open. Germany for all practical purposes is among the countries that are a focus of NSA surveillance, and the BND - with the knowledge of the government - is/has been cooperating with them in exchange for SIGINT they have good use for but can't collect themselves. Like in data on German citizens. That's how the 5Eyes and n-tier partnerships work: we spy on your citizens because you're not allowed to do so. In exchange, you spy on ours and then we share our data.

As much as this may be Realpolitik, it goes against your own laws. In February last year, the CCC and the ILMR filed a criminal complaint with the Federal Prosecutor General's office, directed against the German federal government, the presidents of the BND, Militärischer Abschirmdienst, BfV and others claiming NSA activities in Germany and cooperation of German authorities were felonies persuant to German federal laws, specifically 99 StGB (illegal activity as a foreign spy), §§ 201 ff. StGB (violation of privacy) and § 258 StGB (obstruction of justice).

Unsurprisingly, no investigation has been opened or justification given for not doing so. The investigation into Merkel's phone tapping was closed "for lack of proof", and even though recent revelations have shown that she wasn't the only one being wiretapped, nothing is being done. So if all of this is no big deal, why is the Federal Prosecutor not just dismissing the case as unfounded or granting the plaintiffs their day in court for the government to show that everything is really perfectly legal and no laws are being broken?

I would not be surprised if they think that mass surveillance makes them more secure.

More secure against what ? American drone strikes ? And why should the Bahamian people possibly feel more secure by having their phone conversations sucked up by a foreign spy agency?

Emails or chats from average westerners is nothing but useless junk for them.

You're not listening. They will still be sucking up anything that triggers their criteria, even if it's just ordinary people involved in stuff they don't like (e.g. activists) or folks trying to preserve some privacy and anonimity on the internet by using Tor or PGP. Who, of course, are all potential criminals and threats to national security.

I doubt that any country grants privacy rights to foreigners abroad... So first you have to face this reality.

You're wrong.

I don't know about Germany, but the US in fact DOES seem to grant privacy rights to foreigners. Among the "significant steps" put forward in a report to POTUS on NSA reform, the authors urged to protect the privacy of foreigners in the sense that surveillance of non-Americans should be directed exclusively at protecting national security, shouldn't attempt to secure commercial gain and should be subject to careful oversight and the highest degree of transparency consistent with protecting national security. They concluded that absent a specific, compelling showing, the Privacy Act of 1974 applies to foreigners too.

Which is in-line with Article 12 of the UDHR, which you seem to be interpreting as applicable to the citizens of one's own country only.

And here backfired the Snowden revelations, because his documents show that the NSA is under a very strict oversight.

For most people, the conclusion is that they're a total out-of-control agency operating with very little oversight, and under secret orders by secret courts issuing secret opinions based on secret interpretations of the law. For its foreign operations, there is even less oversight and constraints.

It is no coincidence that Snowden and the journalists with access to the documents could not reveal a single wrongdoing so far.

It has been said before that the NSA's activities are probably legal under US law, and which only got a minor dent when the Second Circuit Court of Appeals recently ruled that the phone metadata program under PA 215 "exceeded the scope of what Congress had authorized." So stricto sensu there is indeed no wrongdoing. To which extent the legal framework under which they are operating is also constitutional is subject of several ongoing cases in different courts.

You might also remember from the history of your own country (and that of others) that the most vicious crimes and atrocities committed by then regimes and under then law were perfectly legal too.

JDJuly 14, 2015 9:32 PM

@ DP

If XKS takes datalink packets then it should store your torrents for 15 3o days. No?

@ Wael

Its like asking blind wo/men to describe an elephant in the room. some of who might have seen it?.

WaelJuly 15, 2015 1:18 AM

@JD,

Its like asking blind wo/men to describe an elephant ...

A context would help (are you referencing the "spell checker" or my last reply to @Rolf Weber?) I'm aware of two meanings. I like this one:

experience is inherently limited by its failure to account for other truths or a totality of truth. At various times the parable has provided insight into the relativism, opaqueness or inexpressible nature of truth, the behavior of experts in fields where there is a deficit or inaccessibility of information, the need for communication, and respect for different perspectives. -- Wikipedia

Rolf WeberJuly 15, 2015 5:15 AM

You seem to have forgotten about BOUNDLESS INFORMANT. Some documents say the NSA saves data from around half a billion communications connections from Germany each month.

Is this your serious? You didn't realize so far that Snowden, Greenwald and Der SPIEGEL heavily misinterpreted the BOUNDLESSINFORMANT slides?
The data is not about Germany or Germans, it's actually what BND collected about crisis areas (mostly Afghanistan) and shared with the NSA.
The misrepresentation of BOUNDLESSINFORMANT slides is point 2 in my wrong and misleading Snowden revelations.

And how is Angela Merkel not a German citizen?

That's how the game is played. Foreign leaders simply are valid intelligence targets. I wouldn't even blame Russia if they spy on Merkel. I'm sure they do.

That's how the 5Eyes and n-tier partnerships work: we spy on your citizens because you're not allowed to do so. In exchange, you spy on ours and then we share our data.

There is not a single evidence so far for this so-called "Ringtausch". Quite the opposite, there are some contradictions. You can find them under claim 21 in my list of wrong and misleading snowden revelations.

So if all of this is no big deal, why is the Federal Prosecutor not just dismissing the case as unfounded or granting the plaintiffs their day in court for the government to show that everything is really perfectly legal and no laws are being broken?

Maybe because (German) law was obviously broken, but there is no realistic chance to investigate evidence that would stand in court? Because it is unrealistic to even investigate people to charge?
For example, the Merkel intercept which Wikileaks published was a call while she was in Vietnam. For the prosecutor, this is just useless crap.

More secure against what ? American drone strikes ?

Maybe even this. The more precise the data is, the less likely are civilian casualties. But in any case, all these affected countries are no democracies, so it is hard to say if the people agree or not. This is one of the reason I rather want to limit the mass surveillance claims on western democracies.
And the Bahamas were an exception. For the NSA, it was no more than a playground to test the program.

You're not listening. They will still be sucking up anything that triggers their criteria, even if it's just ordinary people involved in stuff they don't like (e.g. activists) or folks trying to preserve some privacy and anonimity on the internet by using Tor or PGP. Who, of course, are all potential criminals and threats to national security.

I think we should end this part of the discussion. You cannot prove your claims, and I cannot either, because the tapped cables and the used selectors are (fortunately) not in the public. I absolutely agree with what @Skeptical said.

but the U.S. in fact DOES seem to grant privacy rights to foreigners.

OK, I should have said "not the same privacy rights than citizens".
And I think most of what was recommended in your referenced report was applied with PPD-28.

Which is in-line with Article 12 of the UDHR, which you seem to be interpreting as applicable to the citizens of one's own country only.

I think there is too little related case law so far to answer this question for sure. But yes, I think that UDHR declares the rights that nation states have to grant all people under thei jurisdiction. But I think it's imageable that it would apply too if a nation state surveils foreigners indiscriminately and harass them based on this surveillance (no evidence that NSA does this kind of stuff).
But I'm not a lawyer.

For most people, the conclusion is that they're a total out-of-control agency operating with very little oversight, and under secret orders by secret courts issuing secret opinions based on secret interpretations of the law. For its foreign operations, there is even less oversight and constraints.

Most people didn't read the published documents, but only scandalizing media reports, often only the headlines. And I told you before, most of the Snowden revelations so far were wrong and misleading.

And since you mention "secret orders by secret courts": I doubt that the U.S. oversight regime is here worse than that of other western democracies.
Let's take the German "G10-Kommission", which is comparable with the American FISC. It is in no way more open or transparent than FISC. It issues secret orders, and its interpretations are not published either.
But there is on difference: The German G10-Kommission is part of the legislative branch, while FISC is judiciary.
What does this mean? You have to know that Germany has no real separation of power, because the executive and legislative is almost always under the same political control. The only real independant branch is the judiciary, which in turn is not part of the oversight. The U.S. intelligence agencies have oversight from all 3 branches of the government, and there is a real separation of power in the U.S.

You could almost conclude that the U.S. oversight is much better than the German.

You might also remember from the history of your own country (and that of others) that the most vicious crimes and atrocities committed by then regimes and under then law were perfectly legal too.

Maybe. I rather think most regimes care little about adopting the law to their misbehavior. But anyway, my definition of "wrongdoing" goes beyond that what's "perfectly legal". I would count mass surveillance (in peaceful democracies), industrial espionage or COINTELPRO always as wrongdoing, even if they are permitted by law. Snowden could reveal nothing of that.

Dirk PraetJuly 15, 2015 3:15 PM

@ Rolf Weber

You didn't realize so far that Snowden, Greenwald and Der SPIEGEL heavily misinterpreted the BOUNDLESSINFORMANT slides?

I am aware of the controversy regarding BOUNDLESSINFORMANT. BND and several other agencies claimed that these records were SIGINT collected from operations zones. in the case of Germany those were alledgedly Africa and Afghanistan. Assuming - for argument's sake - that for once they actually spoke the truth, in doing so they also formally acknowledged the high degree of cooperation between them and the NSA.

Whether you like it or not, and especially in light of the wiretapping of German politicians and other persons of interest, this does raise serious legal and constitutional questions about joint NSA/BND operations in your country. And which is the actual point I was trying to make.

There is not a single evidence so far for this so-called "Ringtausch"

In February this year, the Investigatory Powers Tribunal in the UK ruled that British intelligence services acted unlawfully in accessing millions of people’s personal communications collected by the NSA. It doesn't happen a lot that the IPT rules in favour of plaintifs, so unless there was at least some credible evidence, I doubt it would ever have come that far.

I think we should end this part of the discussion. You cannot prove your claims, and I cannot either

I agree on the first part. But are you seriously claiming that the NSA is not hovering up and storing Tor and PGP communications of perfectly innocent people? Or monitoring Amnesty International and other activist organisations? The evidence to the contrary is quite overwhelming.

Maybe because (German) law was obviously broken,

Rolf, in which nation under the rule of law is the executive above the law? And what kind of judiciary system refuses a plaintiff his day in court or a formal, substantiated dismissal because you cannot just investigate or sue anyone ? As a German, doesn't that kind of remind you of very unsavory past ?

But in any case, all these affected countries are no democracies, so it is hard to say if the people agree or not.

I fail to see what one has to do with the other, or the rather peculiar logic that people living in an authoritarian country probably don't have a problem with mass surveillance because they have other cats to skin. So its back to the mice and cockroach analogy again.

But yes, I think that UDHR declares the rights that nation states have to grant all people under their jurisdiction.

You're embarassing yourself. What part of the word "Universal" don't you understand?

And I told you before, most of the Snowden revelations so far were wrong and misleading.

You seem to be having a particularly hard time coming to terms with the fact that a lot of other smart people have read and analysed the Snowden documents too, and that they have come to entirely different conclusions than you have. And among this group, yours really is a minority opinion.

I would count mass surveillance (in peaceful democracies), industrial espionage or COINTELPRO always as wrongdoing

As long as you keep denying that 5Eyes mass surveillance - including econmic espionage - is the essence of what Snowden has brought to the surface, it will for most of us remain very hard to discuss with you, and for yourself impossible to interpret any new or even existing elements in another light than that of the prison of your own reality.

name.withheld.for.obvious.reasonsJuly 16, 2015 12:02 AM

@ Dirk Praet

You seem to be having a particularly hard time coming to terms with the fact that a lot of other smart people have read and analysed the Snowden documents too, and that they have come to entirely different conclusions than you have. And among this group, yours really is a minority opinion.

Well said, I'd argue that the "facts", the August 2011 opinion from the FISA court itself, represent damning EVIDENCE, not speculation or supposition, concerning the behavior of the IC members. The EVIDENCE presented in the OPINION (this is a court opinion not public) is so significant that I cannot believe it is all but ignored by the press, politicians, and the technocratic elite. The opinion to my mind says something like this:

1. The FISA court cannot trust the NSA
2. The NSA uses technical details to skew/obscure its behavior
3. The NSA is willfully engaged in ignoring the court and dragging its feet

Add this with the second circuit court of appeals opinion, people in the administration should be facing time for perjury, civil rights violations (discriminatory behavior--predisposed as to the guilt, not innocence, of individuals; the presumption of guilt), destruction of evidence, TREASON, and contempt of court. I believe there are nearly 250 million counts of civil rights violations of the highest order/degree--that's my OPINION.

The second circuit court of appeals opinion looks something like this:

1. The collection of all data (not surveillence) under a general warrant is illegal (no statue or authority to support this action).

Can you imagine a subpoena for a divorce proceeding where I am allowed to seize all bank account information (just name and address--the equivalent of bank metadata) in which my estranged shared access? The rational for this subpoena, my ex-wife may remarry and we need the info for the haystack of potential future husbands (male or female).

I believe (again, OPINION) that it is time to stop pussy-footing around and call these cowards to account--persons involved need to be held responsible. Authority without accountability is the implicit definition of tyranny.

Rolf WeberJuly 16, 2015 4:40 AM

@Dirk Praet

Whether you like it or not, and especially in light of the wiretapping of German politicians and other persons of interest, this does raise serious legal and constitutional questions about joint NSA/BND operations in your country. And which is the actual point I was trying to make.

I don't see any constitutional questions, because the data of German citizens are filtered out. It is an entirely political descission whether to continue joint NSA/BND operations or not. Since we benefit more than the U.S. we Germans would be stupid if we stop it.

In February this year, the Investigatory Powers Tribunal in the UK ruled that British intelligence services acted unlawfully in accessing millions of people’s personal communications collected by the NSA. It doesn't happen a lot that the IPT rules in favour of plaintifs, so unless there was at least some credible evidence, I doubt it would ever have come that far.

Which rulings did you read? There is a short and a long version. I cannot find a reference to "acted unlawfully in accessing millions of people’s personal communications"? What do you mean?

What I find are formulations like that:

Save in one possible (and to date hypothetical) respect, [...] the current regime, both in relation to Prism and Upstream [...], when conducted in accordance with the requirements which we have considered, is lawful and human rights compliant.

"Hypothetical" sounds a little bit otherwise than your broad claims, doesn't it?

What the court ruled was that GCHQ didn't follow the same internal rules while accessing PRISM data that they have to regarding their own interceptions. Not a single case is known where they actually abused it to illegaly gather British data. Let alone your "millions".

But are you seriously claiming that the NSA is not hovering up and storing Tor and PGP communications of perfectly innocent people? Or monitoring Amnesty International and other activist organisations? The evidence to the contrary is quite overwhelming.

They do not collect Tor and PGP communications only because it's Tor and PGP. And there may be valid reasons to monitor Amnesty or other activist organisations. It is much more interesting to know why someone is monitored, not who. So far there is no single evidence the U.S. used intelligence to harass political dissidents.

Rolf, in which nation under the rule of law is the executive above the law? And what kind of judiciary system refuses a plaintiff his day in court or a formal, substantiated dismissal because you cannot just investigate or sue anyone ? As a German, doesn't that kind of remind you of very unsavory past ?

No, it doesn't remind me. And the executive is not above the law. I can do no more than to refer to my previous post where I explained it.

So its back to the mice and cockroach analogy again.

No. Again, the people of countries like Iraq or Afghanistan might think the mass surveillance is helpful to prevent terrorist plots. At least their government seems to think this because otherwise they would hardly help the NSA.

You're embarassing yourself. What part of the word "Universal" don't you understand?

"Universal" fits perfectly to my explanation. And again, as long as there is no related case law it is idle to discuss.

You seem to be having a particularly hard time coming to terms with the fact that a lot of other smart people have read and analysed the Snowden documents too, and that they have come to entirely different conclusions than you have. And among this group, yours really is a minority opinion.

I know that a lot of "smart people" think there is evidence for a "direct access" or a "PRISM partnership" in the Snowden documents. Some seem to believe it until today. ;-)
Maybe I'm in the minority today, at least here on this site. But I'm a patient guy. I'm sure my views will overcome todays wrong and scandalizing interpretations on the long run.


@ name.withheld

Well said, I'd argue that the "facts", the August 2011 opinion from the FISA court itself, represent damning EVIDENCE, not speculation or supposition, concerning the behavior of the IC members.

You guys should decide whether you consider the FISC to be a tough court compelling NSA to comply with its rulings or as a rubber stamp.

Don't you realize how inconsistent your argumentation is?

1. The collection of all data (not surveillence) under a general warrant is illegal (no statue or authority to support this action).

Yes, domestically.

name.withheld.for.obvious.reasonsJuly 16, 2015 5:13 AM

@ Rolf Weber

I have advocated for the rights of individuals, not just citizens of the United States, to be free of unfettered and ill-conceived dictates that resemble the tools of totalitarian states. I don't consider U.S. citizenry as some sort of magic ticket I received from Willy Wonka that give me access to candy land. My concern is that the lack of humility combined with our outrageous hubris must seem completely neurotic (my sense of it is pathological) to the rest of the world. What happens when an 800 pound gorilla gets drunk and has been told that they are in charge of security?

With respect to this "inconsistency", it is not mine...it is the governing class that embraces this dictum (the legitimacy of what I would call a kangaroo court and out of control and unaccountable agencies of the government) of shot first and ask questions later. What is ironic about your observation is that it gives more weight to my argument, if the kangaroo court is having issues with its own brethren (kind of "its all in the family") then there really must be a problem.

dittybopperJuly 16, 2015 8:47 AM

I think a lot of you are missing the point: It's nigh on impossible to absolutely secure a computer from intrusion. If you are being targeted by an organization like the NSA, it really doesn't matter what kind of encryption your device uses, they'll go after the device itself and try to compromise it so they can read the plaintext before it is encrypted, or after it's decrypted. You can "air gap" the device you use to do that, of course, but that's not that much of a help: You have to transfer the encrypted files to and from that device somehow, and that opens up a window of vulnerability.

Ironically, a good manual pen-and-paper system is actually more secure in that kind of environment, if a lot less convenient. Sure, you can't use such a system to send pictures, video, or long winded e-mails, but that's actually an advantage: It forces you to be terse and to the point, and that limits the amount of traffic they can analyze.

Data remanence is much easier to control: You simply burn any paper with the plaintext. If you must keep them for some reason, there is still greater security than electronic forms of storage. For an adversary to read the plaintext of what was sent and received, absent a cryptanalytical break, requires physical access to the documents themselves which is much harder to do without being detected. In some cases, it may well be impossible given time and access limitations.

Security is also enhanced by not using the Internet or cell networks to carry the traffic, if at all possible. In fact, the use of a radio is more secure than you can possibly make any kind of traffic through the normal channels of communication. Yes, you can be DF'ed when you transmit, but you can't be DF'ed when you are just receiving, and you aren't constantly beaconing your location with a radio like you are with a cell phone or even a computer accessing the internet. You can travel to a remote area, send your message, and immediately leave before any surveillance assets can identify you. Receiving messages doesn't require that level of care. In fact, you can automate it using a stand-alone computer without WiFi/Bluetooth to receive the encrypted message sent via radio by using the soundcard and a simple cable between the computer and the radio. You copy the ciphertext manually to paper for decryption.

Or you can simply pass the messages manually through couriers or the mail. Couriers can be waylaid or betray you, of course, and snail-mail can be opened, but neither lends itself to automated collection and analysis of the encrypted data, and there are some relatively simple and low-tech ways to help you detect if the messages are being opened by someone other than the intended recipient.

None of this is actually practical for our day-to-day lives, of course. You're not going to protect the privacy of your online banking or purchases from Amazon this way. But if you are doing something that a powerful government does not approve of, then I think that a good general principle for absolute security in that kind of situation would be this: Never allow plaintext on any electronic device, and when possible, avoid sending ciphertext using any kind of computerized network.

Dirk PraetJuly 16, 2015 9:03 AM

@ Rolf Weber

I don't see any constitutional questions, because the data of German citizens are filtered out. ...

Quite some people, who contrary to you are subject matter experts, do. Hence the complaint to the Federal Prosecutor. And what you're saying doesn't hold any ground. It has been established that the NSA is spying on German and French "persons of interest". You're not even denying it. Which makes your entire argument void. From a political and national security vantage, what do you think weighs in more: spying on ordinary citizens or politicians and economic targets? Why do you think countries have strict laws against being spied upon in the first place ?

I cannot find a reference to "acted unlawfully in accessing millions of people’s personal communications"? What do you mean?

The bottom-line of the ruling was that the sharing of data between NSA and GCQ was unlawful. I know of no courts or tribunals that rule on hypothetical cases.

They do not collect Tor and PGP communications only because it's Tor and PGP.

So now you are claiming that they do it in targeted way, thus implying that they actually have ways to filter/decipher this sort of traffic ? Which would be rather inconsistent with the documents in which they admit themselves that Tor and PGP are a problem.

And there may be valid reasons to monitor Amnesty or other activist organisations.

Like what ? Are they considered terrorists or a threat to national security in some way? They're being spied upon because they are political activists.

But let's just put this subject to rest. The NSA IS collecting, storing and retaining data (chats, pictures) of countless numbers of ordinary, perfectly innocent citizens. Re-read these last year's articles in The Atlantic and the Washington Post.

Again, the people of countries like Iraq or Afghanistan might think the mass surveillance is helpful to prevent terrorist plots.

A completely ludicrous assertion. Have you ever talked to an Iraqi or Afghani ? I have never met any ordinary citizen who actually believed that the US invasion and occupation of, and meddling in their countries had made their lives better in any way. And I've got quite a few Iraqi and Afghani immigrants in my neighbourhood here.

"Universal" fits perfectly to my explanation.

Can you please point out even one (1) other person who shares that view ?

I know that a lot of "smart people" think there is evidence for a "direct access" or a "PRISM partnership" in the Snowden documents.

Stop obsessing, Rolf. It's not healthy.

Rolf WeberJuly 16, 2015 4:09 PM

@name.withheld

It is not important that you are an American citizen. The key word is citizen. Democracies should not spy on citizens without probable cause, because otherwise democracy and the rule of law is at stage. This is not the case when democracies spy on foreigners abroad.

And regarding FISC, is it a rubber stamp or not? Just answer with yes or no.


@Dirk Praet

From a political and national security vantage, what do you think weighs in more: spying on ordinary citizens or politicians and economic targets?

Political and "economical" spying is what I expect from intelligence agencies. That's part of their missions. What I oppose are Snowden's claims that the NSA would engage in mass surveillance (of peaceful democracies) and industrial espionage. These claims are and always have been absurd, and there is no single evidence for it.

The bottom-line of the ruling was that the sharing of data between NSA and GCQ was unlawful.

Even if we take it that way, the ruling didn't say that GCHQ unlawfully gathered British data. The ruling is just no evidence for the so-called "Ringtausch".

So now you are claiming that they do it in targeted way, thus implying that they actually have ways to filter/decipher this sort of traffic ?

PGP doesn't encrypt metadata.

Can you please point out even one (1) other person who shares that view ?

For example the German and American government.

Dirk PraetJuly 16, 2015 8:48 PM

@ Rolf Weber

Political and "economical" spying is what I expect from intelligence agencies.

It's the very reason of their existence and that's what every country expects from its IC. But we also have very strict laws about being spied upon. As in the US Espionage Act under which Snowden has been charged. If it's being done by one of your own, it may even lead to treason charges. So it's a shady game every nation participates in. There's only one golden rule: don't get caught. The moment you do, you face the music, whether you are just a field agent or a government executive. If the German government and IC are really convinced that no laws have been violated by the extensive NSA/BND cooperation, surely there can be no problem explaining that to any judge or plaintiff, not to mention the general public. In a democracy, those are simple concepts known as "transparency" and "accountability".

the ruling didn't say that GCHQ unlawfully gathered British data

Of course it didn't. Because that was not what the case was about. It was about data sharing between NSA and GCHQ. Fine with me if you want to believe that the 5Eyes somehow share info about everything but their own citizens, but from an IC vantage, that makes no sense whatsoever. In practice such an agreement would basically end up all parties with information about everything that's happening everywhere except in their own backyard.

PGP doesn't encrypt metadata.

You're stating the obvious. More to the point, the published FISC document outlining the minimisation rules to be observed by the NSA clearly says: "In the context of a cryptanalytic effort, maintenance of technical data bases requires retention of all communications that are enciphered or reasonably believed to contain secret meaning, and sufficient duration may consist of any period of time during which encrypted material is subject to, or of use in, cryptanalysis." This applies to all communications collected incidental to collecting data on foreign individuals. And that's for communications of US citizens only. We can safely assume that there is even more leeway for those of foreigners.

For example the German and American government.

I'm quite sure that all over the world and in the dark rooms of politics and diplomacy, there are plenty of people that would like to think of it that way, but I very much doubt that you'll ever find even one to say that on record. It's the kind of career limiting move that even morons like Donald Trump or Rick Santorum wouldn't fall for.

WaelJuly 16, 2015 11:19 PM

@Dirk Praet,

In a democracy, those are simple concepts known as "transparency" and "accountability".

We can't handle transparency. And we're only too familiar what Accountability means ...We live in a world where those two words are abstract concepts.

Rolf WeberJuly 17, 2015 3:11 AM

@Dirk Praet

So it's a shady game every nation participates in. There's only one golden rule: don't get caught.

Absolutely.

If the German government and IC are really convinced that no laws have been violated by the extensive NSA/BND cooperation, surely there can be no problem explaining that to any judge or plaintiff, not to mention the general public.

Neither the German government nor the German IC "got caught". The German government always said that no German law was broken while the cooperation. They even supported the German parliamentarian inquiry ("NSA-Untersuchungsausschuss") with handing over secret documents and allowing BND staff to testify in public and closed sessions. So far, no evidence of any violation of law was revealed here.
What do you expect more?

Fine with me if you want to believe that the 5Eyes somehow share info about everything but their own citizens, but from an IC vantage, that makes no sense whatsoever. In practice such an agreement would basically end up all parties with information about everything that's happening everywhere except in their own backyard.

Of course this makes sense, because they are foreign intelligence agencies, not domestic. They would violate the law if they would deliberately spy on their own people.
The difference between us is that you just assumes that western intelligence agencies break the laws of their own countries, while I demand clear evidence that a legitimate agency of a democratic country violated the law.

More to the point, the published FISC document outlining the minimisation rules to be observed by the NSA clearly says: "In the context of a cryptanalytic effort, maintenance of technical data bases requires retention of all communications that are enciphered or reasonably believed to contain secret meaning, and sufficient duration may consist of any period of time during which encrypted material is subject to, or of use in, cryptanalysis." This applies to all communications collected incidental to collecting data on foreign individuals.

First, what you quote doesn't mean "we collect all PGP communications indiscriminately". It just means "if we have a PGP communication, we may keep it until we can decrypt it".

Second, you should consider the context of your quote. The section your quote is from is actually about this:

"A communication identified as a domestic communication will be promptly destroyed upon recognition unless the Director of NSA specifically determines, in written, that [...] the communication is reasonably believed to contain technical data base information or information necessary to understand or assess a communications security vulnerability."

So again, it's not only just because it's PGP, there must be another reason to store and analyze it.

Clive RobinsonJuly 17, 2015 3:27 AM

@ Dittybopper, Figureitout and "all the usuall suspects",

You have to transfer the encrypted files to and from that device somehow, and that opens up a window of vulnerability.

Your comment coincided with another about the launch of a "retro" version of the Sinclair Spectrum. The original of which was launched in 1982.

It reminded me that fourty years ago (1975) home computers first became available based on the early 8bit chip "sets" (single chip CPUs were a few years away back then). And Bill Gate's had not yet "thrown his toys out of the pram" over code being "shared" (he was actually "sharing" himself back then).

One of the problems was "how to store data and code" when comercial storage units cost several times the "average annual income".

The community that started up around these computers included more than a few Amateur / Ham radio enthusiasts and was the "genuine hacker ethos" of build clever hacks to solve problems.

Amateurs through RTTY new how to convert binary signals to narrow band audio that would work well in "noisy environments". Thus in short order both RTTY programes and sending RTTY signals to "audio tape" became the way to store and load onto computers.

When IBM launched it's first PC the ability to store to "cassette tape" was built in.

Thus maybe it's time we took a leaf out of the likes of those who built BadBIOS "audio transmission" and go "retro" to "audio" storage... with the current digital audio devices about the size of a large postage stamp and not much thicker, data rates comparable to high speed POTS Modems should be readily achievable.

Further the "code" to do simple "two tone" FSK is very small even in assembler thus easy to audit, and freely available in old books and magazines lurking in various "dead tree caves". Further as all modern SoC microcontrolers can just as easily do FSK (and way better) building a small device to "audit the audio on the wire" to check for "side channels" etc is no more difficult than I currently do with "Serial line Guards and Data Diodes"...

Sometimes "going retro" gets you rather more than "respect" / "street cred" (or "sick" / whatever is vogue with the "PFY's of today"). Just a thought to think on...

Rolf WeberJuly 17, 2015 4:48 AM

Another point, that a lot of you guys who believe in a "total surveillance" or "collect it all" obviously fail to realize:

You for sure all remember the "TOR stinks" presentation. The bottom line was that NSA is unable to de-anonymize TOR users.
However, it is a known fact that TOR cannot prevent from a "global adversary". Any entity able to collect big parts of TOR nodes traffic is able to de-anonymize the users. NSA obviously isn't (for whatever reason).

Another perfect example where stories and claims about NSA capabilities are contradicting.

Clive RobinsonJuly 17, 2015 5:59 AM

@ Rolf Weber,

You for sure all remember the "TOR stinks" presentation. The bottom line was that NSA is unable to de-anonymize TOR users. However, it is a known fact that TOR cannot prevent a"global adversary". Any entity able to collect big parts of TOR nodes traffic is able to de-anonymize the users. NSA obviously isn't (for whatever reason).

Two problems with your argument.

Firstly to an external observer there is no difference between "can not, and do not". The NSA certainly has the capabilities to de-anonymize TOR users if they wished, and other people / organisations with one heck of a lot less resources have done (unless it's the FiveEyes in disguise, which I don't rule out).

Secondly, we know that the NSA, GCHQ etc tell very different lies about capabilities depending on what level you have been "read into". I find it difficult to believe that at the higher levels they make what in effect are "general distribution" powerpoint presentations.

Thus your conclusion of "NSA obviously isn't" is very far from "Another perfect example".

As far as being evidence of action or inaction "it does not pass the sniff test" or "hold water.

Dirk PraetJuly 17, 2015 7:33 AM

@ Rolf Weber

So far, no evidence of any violation of law was revealed here.

That, Rolf, is again your very own personal opinion. Beginning of May this year, your government actually agreed to restrict BND co-operation with the NSA, in what appeared to be at least at tacid admission that rules had been broken. And it has been established that the BND actively co-operated with the NSA to spy on European politicians and companies from the joint listening post in Bad Aibling. Which seriously puts into question Germany's leading role in Europe.

To the best of my knowledge, we are also still waiting for the selector list of targets provided to the BND by the NSA, for which according to Frau Merkel apparently US approval is required. Leaving the German public and the Parliamentary inquiry "without the ability to understand what their own secret services are up to".

And let me quote Heribert Prantl (Richter und Staatsanwalt a. D.) on Operation Eikonal: „In keinem Fall darf ein Grundrecht in seinem Wesensgehalt angetastet werden. So steht es im Grundgesetz. Das gilt auch für die Geheimdienste, das gilt auch für das Kanzleramt, das die Geheimdienste zu beaufsichtigen hat. Der Wesensgehalt des Fernmeldegeheimnisses nach Artikel 10 Grundgesetz ist offensichtlich nicht nur angetastet, er ist schon ziemlich zerstört.

Of course this makes sense, because they are foreign intelligence agencies, not domestic.

Err, it thought it was by now reasonably well-documented that at least the NSA has no problem whatsoever with domestic spying programs in the US.

what you quote doesn't mean "we collect all PGP communications indiscriminately"

It means what it says: collection and retaining of all encrypted communications caught in surveillance operations, even when they are a result of incidental collection and belonging to perfectly innocent folks. I never said the NSA collects ALL encrypted traffic. But "targeted collection" only ? Most definitely not.

So again, it's not only just because it's PGP, there must be another reason to store and analyze it

Isn't that clear from the context? At least "officially", it's for cryptanalysis purposes.

WaelJuly 17, 2015 7:54 AM

@Clive Robinson, @US (Usual Suspects),

This magazine was one of my favorites in the 80's. There were a couple of issues with an RF/Digital projects -- can't locate them at the moment (have to remember some keywords to search for.) Speaking of "audio", how about using MP3 players instead of an audio tape? Could be a good stego project too!

AnuraJuly 17, 2015 8:55 AM

@Clive Robinson, @Rolf Weber

The Tor slide is here:

http://www.theguardian.com/world/interactive/2013/oct/04/tor-stinks-nsa-presentation-document

"We will never be able to de-anonymize all Tor users all the time" is a far cry from "NSA is unable to de-anonymize TOR users."

However, we also know they use targeted attacks that can de-anonymize users by exploiting web browsers, for example. We also know that through manual analysis, i.e. by looking at the data that they have collected, they can de-anonymize some Tor users regardless, but that it is a more costly process. However, if they want to get dirt on a specific person, that manual analysis might justify the cost to them - this is where "collect it all" comes in. Furthermore, collecting everything allows them to go back and analyze traffic using future breakthroughs in traffic analysis. It's entirely possibly that in the last five years or so since that slide was mady they have developed capabilities to automatically de-anonymize a significant portion of Tor users.

name.withheld.for.obvious.reasonsJuly 17, 2015 6:30 PM

@ Rolf Weber

And regarding FISC, is it a rubber stamp or not? Just answer with yes or no.

Per your request:

"Yes or no."

Both or your queries regarding my statements requires much of you; Rolf, the reader, a respondent, and public speaker has to make an effort to do just that READ.

My statements are clear, not concise, as to my thinking and my effort is to the subject matter and providing flavor, substance, and nutrients sufficient enough to feed "public discourse". I'm afraid Rolf you leave others wanting...

Translation:
Subject matter debate (not the grammatical, adverbs and adjectives of the day) must be given SOME importance, respect. Debate can tolerate diverse opinions but will suffer if what occurs resembles a diaper-wearing, sandbox sniffling, three year-old (oh, wait, that's Sumo) wrestling match in the school yard.

Rather than ask me to answer your question, engage in the conversation and ask for clarification or follow-up. Requesting sources for specific questions, understanding the language of the argument, and the general tenor lend much to the quality, substantive value, and contribution to a/the debate/discussion.

I far as I am concerned, THERE IS NO DEBATE. Senior administrative officials and high level employees are responsible for caring out acts of well violation of the law under the guise of "Trust us, we're the good guys so don't get so bent out of shape." My response:

Reach down into your scrotum/fallopian tube and have some balls/eggs. Are the challenges so great that you are willing to engage in activity, that if this were 70+ years ago it is certain we'd be speaking German and praising the Fatherland...

The government's hubris, ignorance, and shear stupidity is a huge problem. People in positions of responsibility seem unaware of their responsibility to the future or even how to model/measure it...

Is what you/we did improve the situation/environment/thinking concerning the issues we are charged with answering?

Rolf WeberJuly 18, 2015 9:18 AM

@Dirk Praet

Beginning of May this year, your government actually agreed to restrict BND co-operation with the NSA, in what appeared to be at least at tacid admission that rules had been broken.

It is not clear so far who restricted cooperation, Germany or the U.S. And yes, there is the suspicion that rules had been broken, the rules of the Memorandum of Agreement. But this doesn't mean it would be a violation of German law.

And it has been established that the BND actively co-operated with the NSA to spy on European politicians and companies from the joint listening post in Bad Aibling.

Even if this is the case (in Bad Aibling, only satellite data from crisis areas is collected; hard to imagine you can monitor European politicians with that), it is still no violation of German law. There is no law in Germany outlawing the espionage of European countries, companies or people.

And let me quote Heribert Prantl (Richter und Staatsanwalt a. D.) on Operation Eikonal:

Prantl is known for exaggerative rants, not as a source for reliable facts. Your quote was a perfect example.

Err, it thought it was by now reasonably well-documented that at least the NSA has no problem whatsoever with domestic spying programs in the US.

The 215 program is not used to spy on Americans. This is very clear from the PCLOB 215 report. Although the PCLOB makes it clear that they conclude that the 215 program violates the constitution, they explicitely say that the program is only used for counter terrorism purposes, that the queries are under strict oversight and there was no single hint it was ever abused.

I never said the NSA collects ALL encrypted traffic. But "targeted collection" only ? Most definitely not.

And I never said it is targeted in the traditional meaning. But it is not indiscriminate. They have some reason to collect data for specific selectors.

Isn't that clear from the context? At least "officially", it's for cryptanalysis purposes.

Yes, but only when there is probable cause it contains valuable data.


@Anura, @Clive Robinson

The Tor slide is here:

http://www.theguardian.com/world/interactive/2013/oct/04/tor-stinks-nsa-presentation-document

"We will never be able to de-anonymize all Tor users all the time" is a far cry from "NSA is unable to de-anonymize TOR users."

Why did you stop the quote here? It continued:
but 'with manual analysis we can de-anonymize a very small fraction of Tor users'

So you guys seem to believe that the NSA is able to de-anonymize TOR users on a big scale now. OK, but it's just a believe. No hard fact, not even a hint.


@name.withheld

I just insist on my point that it is impossible that the FISC is both:
- a tough court compelling the NSA to comply with its rulings
- a rubber stamp
This is not possible. Simple logic. One of it must be wrong.

Dirk PraetJuly 19, 2015 1:18 PM

@ Rolf Weber

It is not clear so far who restricted cooperation, Germany or the U.S ...

I believe the German word for this sort of reasoning is "Hineininterpretierung". On one hand, NSA is seeking to extend its German operations - e.g. by trying to tap into the main internet exchange - , but on the other hand they would be restricting cooperation with the BND. That makes perfect sense.

The mere fact that there IS a parliamentary inquiry shows that there is at least reasonable and articulate suspicion that German laws have been broken. The previously mentioned NSA selector list of German targets is a crucial element in this determination. Julian Assange has recently said in an interview that he has this list and would be prepared to hand it over to German investigators if asked for. I bet Merkel and her US friends would not like that.

The 215 program is not used to spy on Americans. This is very clear from the PCLOB 215 report.

And according to the Warren Commission, Lee Harvey Oswald acted alone. What is not to understand about the original FISC order that directs Verizon to provide “on an ongoing daily basis” all call records for any call “wholly within the United States, including local telephone calls” and any call made “between the United States and abroad.” ?

Whether or not American citizens are targeted, is immaterial to the fact that everyone's call records are being sucked in. If a hunter is after a couple of wolves, he uses a gun. If he's torching the entire forrest instead, then he's going to have a hard time explaining to the local community that all other animals were merely "collateral damage", that they were not targeted in any way but that the roasted deer and rabbits were actually quite tasty too.

And I never said it is targeted in the traditional meaning. But it is not indiscriminate.

So we have established that there is bulk collection and that it is not targeted "in the traditional sense of the word". The NSA and its apologists can try to redefine the meaning of the words acquisition and collection as much as they want, but for most people the essence of what they are doing is called "mass surveillance".

Anyway, it's been an interesting week. Thanks for your time, but I've had enough for now. You can only lead a horse to water, but you can't make it drink.

Rolf WeberJuly 19, 2015 3:45 PM

@Dirk Praet

On one hand, NSA is seeking to extend its German operations - e.g. by trying to tap into the main internet exchange - , but on the other hand they would be restricting cooperation with the BND. That makes perfect sense.

You try to pretend that only the Americans benefit from this cooperation. That's simply not true. It's obvious that we Germans benefit much more. And the Americans fear that we Germans leak their secrets to the public. So it would make sense too if the Americans restricted the cooperation.
I just don't know if we Germans restricted, the Americans restricted, or if it is just "a show".

Julian Assange has recently said in an interview that he has this list and would be prepared to hand it over to German investigators if asked for. I bet Merkel and her US friends would not like that.

AFAIK he didn't say he has the selector list from Bad Aibling. He of course has selectors, because he already published some. But nobody knows how much. Nobody knows how much is in the Snowden trove, and how much of it is in possession of Wikileaks. We only know that somebody in the possession of the Snowden trove is feeding Wikileaks.

I hope Merkel would not like it. But not for the reasons you pretend. Assange is an Antisemit and accused rapists. It would be an irresponsible act if the German NSA-Untersuchungsausschuss would make a pilgrimage to this asshole and provide him a propaganda platform. And I'm confident the responsible people in Germany see it similiar. If Assange has some important documents and if he is really interested in a clearing, he can just send them.

What is not to understand about the original FISC order that directs Verizon to provide “on an ongoing daily basis” all call records for any call “wholly within the United States, including local telephone calls” and any call made “between the United States and abroad.” ?

As I said, that this data must only be used to prevent terrorist plots, that there is strict oversight, and there is not a single hint so far that the data was ever abused for other purposes.

Anyway, it's been an interesting week. Thanks for your time, but I've had enough for now.

You are welcome. ;-)

Dirk PraetJuly 19, 2015 5:42 PM

@ Rolf Weber

Since you're insisting:

You try to pretend that only the Americans benefit from this cooperation.

No I don't.

And the Americans fear that we Germans leak their secrets to the public ...

Do they have anything to hide then? Aren't they just looking for terrorists? Surely the German public and parliament alike would welcome such a recommendable joint effort. But for all practical purposes: under your own "spying doctrine", the US only faces some more embarassment if sordid details come out. But which is an entirely different story for German government and IC officials if anything illegal would surface.

Assange is an Antisemit and accused rapists.

Kindly note that Assange has never been officially charged with either. If the NSA-Untersuchungsausschuss is serious about its job, paying him a visit in London or organising a teleconference is the logical course of action. Being an asshole doesn't prevent him from being an expert witness on the subject matter.

As I said, that this data must only be used to prevent terrorist plots

But of course. Parallel reconstruction , anyone?

gordoJuly 20, 2015 1:30 PM

Documents related to subject matter addressed previously in this thread:

New Report Says No Technological Replacement Exists for Bulk Data Collection;
Software Can Enhance Targeted Collection and Automate Control of Data Usage to Protect Privacy
Press Release | National Academy of Sciences | January 15, 2015

The report defines “collection” as the process of extracting data from a source, filtering it according to some criteria, and storing the results. If a significant portion of the collected data is not associated with current targets or subjects of interest in an investigation, it is considered bulk; otherwise, it is targeted.

http://www8.nationalacademies.org/onpinews/newsitem.aspx?RecordID=19414

See also:

The Latest Rules on How Long NSA Can Keep Americans’ Encrypted Data Look Too Familiar
Marshall Erwin | Just Security | January 22, 2015

http://justsecurity.org/19308/congress-latest-rules-long-spies-hold-encrypted-data-familiar/

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.