NSA Given More Ability to Share Raw Intelligence Data

President Obama has changed the rules regarding raw intelligence, allowing the NSA to share raw data with the US's other 16 intelligence agencies.

The new rules significantly relax longstanding limits on what the N.S.A. may do with the information gathered by its most powerful surveillance operations, which are largely unregulated by American wiretapping laws. These include collecting satellite transmissions, phone calls and emails that cross network switches abroad, and messages between people abroad that cross domestic network switches.

The change means that far more officials will be searching through raw data. Essentially, the government is reducing the risk that the N.S.A. will fail to recognize that a piece of information would be valuable to another agency, but increasing the risk that officials will see private information about innocent people.

Here are the new procedures.

This rule change has been in the works for a while. Here are two blog posts from April discussing the then-proposed changes.

From a privacy perspective, this feels like a really bad idea to me.

Posted on January 12, 2017 at 12:07 PM • 29 Comments

Comments

Ross SniderJanuary 12, 2017 12:58 PM

Let's count the number of laws passed before Trump gets into office:

- Expansion of executive authorities to perform special operations in overseas wars

- Expansion of domestic propaganda authorities

- Expansion of the proceedures regarding surveillance consumption

- Expansion of the executive authority to negotiate trade legislation without involving the legislature (leaving them only a 30 day window to produce a yes/no vote)

- Expansion of the legal authority to detain and hold any person deemed a threat to national security without a warrant

The Administration's PR has highlighted with pride its conciliatory hand-off to the next administration.

keinerJanuary 12, 2017 1:08 PM

Don't think so negative! Maybe you can stream the US drone murder live in international TV in the future. Embedded "War against terror" at its very best! Maybe only in pay-TV, of course. And the law-and-order faction in the glorious "Western world" get's some bang for the bug. Win-win-win...

AJWMJanuary 12, 2017 1:19 PM

This lame duck president has sure being throwing a lot of spanners in the works lately. Sore loser?

cphinxJanuary 12, 2017 2:27 PM

The biggest problem with this is the sheer quantity of "raw data" that is available...

Although I am in many ways and will remain so a strong privacy advocate, and am not siding with this crap, I will also point to the truth of the (lack of) usefulness this provides.

So fifty gazillion packets have been captured which obscurely link billions of people together through "raw data". The actual privacy impact of this is fractional.

In defining "more officials", I would assume that most wouldn't have the technical capabilities (at this point) to clearly determine or maximize the usefulness of this data.

If it became targeted (such as requesting specific IP addresses and third or fourth tier relations) it would be no bueno in my opinion, which is where the major privacy breach would occur.

Lastly, it is my general opinion that the media is partially at blame for the misrepresentations of what "raw data" is. Simply put, when you have gazillions of packets, they mean nothing as raw data (in terms of privacy). It's when targeted searches occur that privacy is breached.

Sad ManJanuary 12, 2017 4:15 PM

This reform is being sold as intelligence analysts sharing data with other intelligence analysts but that is much too facile. The fact is that it weakens the wall between intelligence and criminal justice. It weakens the wall because before the FBI had to go the NSA to get this data; now the FBI has to go to the FBI to get the data. And when you are working in the same agency it is a lot harder to say no.

This is especially important because the incoming head of Homeland Security has stated that he's dubious that the distinction between criminal justice and military intelligence can be maintained: everything is the home front in cyberspace.

The cynical part of me thinks that it is now much more likely that Obama will pardon Manning. it would be the perfect foil to make privacy advocates forget all about the way that Obama--and the Democratic party--has consistently labeled Trump an autocrat and yet consistently sought to make sure he has more power.

AJWMJanuary 12, 2017 4:16 PM

@cphinx
Simply put, when you have gazillions of packets, they mean nothing as raw data (in terms of privacy). It's when targeted searches occur that privacy is breached.

You can't search what you don't have.

Searching gazillions of packets turns out to be relatively simple, the Big Data folks have been doing it for years. (Our logging system at work generates something over 8 TB/day (over 3 billion messages/day, and that number is from months ago), and we have monitor screens that display summaries of it in near real time. Searches are easy. And we use a tiny fraction of what would be available in any NSA data center.)

Privacy is breached when the data is collected.

Now Even Sadder ManJanuary 12, 2017 4:22 PM

Simply put, when you have gazillions of packets, they mean nothing as raw data (in terms of privacy). It's when targeted searches occur that privacy is breached.

This is like claiming that when the tree falls in the forest and no one is there to hear it, it didn't fall. It completely ignores the chilling effect that surveillance has on human activity. Simply knowing one can be searched, with no effective recourse, is in and of itself a harm. The privacy breach happens when the data is collected.

Now A Slightly Happier ManJanuary 12, 2017 4:24 PM

@AJWM

Dear Lord we said almost the exact same sentence in a cross post! Well at least there is one other person out there who is not completely stupid. Thanks for lightening my somber mood.

Ross SniderJanuary 12, 2017 4:25 PM

@ Now Even Sadder Man

"This is like claiming that when the tree falls in the forest and no one is there to hear it, it didn't fall. It completely ignores the chilling effect that surveillance has on human activity. Simply knowing one can be searched, with no effective recourse, is in and of itself a harm. The privacy breach happens when the data is collected."

Eloquently put.

The only edit I would make is to use the term freedom or civil rights instead of 'privacy'.

RasJanuary 12, 2017 5:03 PM

@cphinx

What do you think the agencies the NSA will share the info with will do with it? Just store local copies of it for the fun of it?

The sole purpose of sharing this data with other agencies is for other agencies to look through said info and make queries. That is the *exclusive* use of the info. The NSA doesn't need help mapping structured metadata. It needs help with analyzing unstructured content.

Ross SniderJanuary 12, 2017 5:14 PM

@Bruce Schneier

Mass surveillance is not a privacy issue. It's a freedom issue.

It's difficult to hear you say "from a privacy perspective, this seems like a bad idea."

There are much more accurate ways so say it:

1. "from a civil society perspective, this seems like a bad idea."
2. "from a public law perspective, this seems like a bad idea."
3. "from a civil rights perspective, this seems like a bad idea."
4. "from a rule of law perspective, this seems like a bad idea."
5. "from a freedom from unreasonable search and seizure perspective, this seems like a bad idea."
6. "from a constitutional perspective, this seems like a bad idea."

I don't care about privacy.

I do however, care about civil rights, personal freedoms and civil society.

rJanuary 12, 2017 6:23 PM

Ras makes a dangerous point, I hope their access is well-structured - like N said above.

Tor stinks but it could be worstJanuary 12, 2017 8:09 PM

Regarding the last and "final" Shawdowbrokers buzz :

Wouldn't it be, by any mean : Showdowbrokers = NSA ? It would bring us to a unprecedent geopolitical chess game.

RatioJanuary 12, 2017 9:25 PM

@Ross Snider,

I don't care about privacy.

I do however, care about civil rights, personal freedoms and civil society.

Try having those without privacy.

DroneJanuary 13, 2017 1:54 AM

At this late stage of the game, and given what's been happening since the November election (blaming Russian Govt. for Hillary hacks without proof, fake nasty Trump news leaks, Inspector General appointed to attack Comey, Obama yanking Cuban immigration rights because most Cubans vote Republican, etc., etc.), you have to ask yourself why is Obama in such a rush to do this? How will it harm Trump in the end?

de La BoetieJanuary 13, 2017 10:07 AM

The UK government also tried the canard regarding how your privacy ain't invaded until it's looked at by a person, and how inter-agency sharing (for serious crime, honest) is perfectly fine.

To add to @AJWM's observations, the whole notion of "targeted" searches not breaching privacy is like Russian Roulette with lots of bullets and lots of suspects. The point is that even with a tiny false positive rate, when your suspect list is 200M people or more, then the innocent have a great deal to fear, because it's not real life people that will be assessing your security credit score, it'll be algorithms; and then it'll also be algorithms adding you to no-fly, no-employment lists with no redress.

In practice, targeted searches are anything but; they have to be vague enough to avoid false negatives (otherwise they're pointless), but that automatically means they have sometimes quite high false positives.

The next huge issue is that anytime you add loads of users who care less and who will never go to jail for carelessness or breach, and add multiple sites and crossing-of-security-boundaries (as between organisations with different security policies and practices and expertise), you hugely increase the risk of negligence, loss and theft. This is security 101 stuff. The loss and theft is nothing to do with targeted search, and will happen because the data is valuable.

SpellucciJanuary 13, 2017 10:54 AM

I still say the patriotic thing for Americans to do is to print out and mail their call detail records to the NSA each month. I doubt their procedures would let them simply throw away postal mail before doing something with it. Let's say 100 million Americans times 10 pages of calls per American gives our good friends in Utah 1 BEELION pages of call data to scan monthly. Should take about 200 commercial grade scanners each running at full capacity 24x7 just to keep up.

albertJanuary 13, 2017 12:27 PM

This is a bad idea.

It's one thing, and bad enough, to have your data in the hands of one agency. The NSA has control of the data it collects. Once it's out, it might as well be posted in the WAPO. The NSA is a toothless dragon; its power lies in the data itself. The FBI, DEA, DO'J', etc. can be dangerous to innocent individuals. Their metric for job performance is -convictions-, hardly a motivation for finding the truth.

@Drone,
It's a last gasp for a do-nothing-good President. Trump can undo Presidential Directives. I see it as a win/win for Trump. He can say: 'Look what they did' and throw it in their face. He can be hero and cancel them. The Dems are down for the count and grasping at straws. Having pissed all over their base, they are totally marginalized. Even the MSM will have been forced to admit it. If the MSM is as 'liberal' as everyone says, they would do well to consider forcing a reconstruction of the Democratic Party. Karma's a bitch.

@Sad Man,
Don't be sad. How about a big hug? "...much more likely that Obama will pardon Manning...". Obama is a right-of-center neo-lib. It's not in his bones to do something that might require balls. Of course, I'd do a little dance (in public) if he did:) Ironic, isn't it, that such a move would enhance his standing with the most active base possible: gays, progressives, and liberal Democrats. Desirable, but too little, too late.

. .. . .. --- ....

Dragan MargaritoniJanuary 13, 2017 11:48 PM

Maybe we are going about this wrong way. NSA as well as the others need email to function. Since most of us do not have anything to hide, why not send our emails directly to them with cc or bcc to intended recipient. If this was globally accepted practice, surely it would make their job easier? I hope they have capacity to handle it.

JDJanuary 14, 2017 6:41 PM

Australia is a member of 5 eyes and collects and shares data with the US. We have a data retention policy where ISPs are required to hold metadata for two years. This is supposed to be up and running by April. There is currently a move here to make this material available to civil courts.
We are now looking at a universal surveillance system with all levels of policing, from dog catchers to drone assassins, able to gain extrajudicial access to our activities from anywhere in the world, and act on anything compromising.

Next StepJanuary 19, 2017 11:41 PM

sounds like something that needs a constitutional amendment to override conflicts with the 4th amendment. Or perhaps I've misunderstood what is going on.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.